feat: 重构模型配置存储与 API Key 加密管理
主要修改点:
1. 遗留密码格式兼容 (server/src/app/core/admin_secret.py)
- 新增 legacy_admin_secret_to_password_hash(): 将旧版 admin secret 记录转换为标准 scrypt 哈希格式
2. Scrypt 密码验证增强 (server/src/app/core/security.py)
- verify_password(): 新增 scrypt$ 前缀检测,分流到专用验证函数
- 新增 verify_scrypt_password(): 解析 scrypt$ 格式哈希并验证
3. 模型配置存储重构 (server/src/app/models/system_model_setting.py)
- 新增 SystemModelSetting 模型(slot 为 PK)
- 字段: slot, provider, model_name, endpoint, capability, priority, enabled, api_key_encrypted, created_at, updated_at
4. Settings Repository 扩展 (server/src/app/repositories/settings.py)
- 新增 get_model_settings(): 获取所有模型配置
- 新增 get_model_setting(slot): 按 slot 获取单个模型配置
5. Settings Service 重构 (server/src/app/services/settings.py)
- 新增 ModelSlotConfig dataclass: 封装单个模型槽位的配置属性
- 新增 MODEL_SLOT_CONFIGS 字典: main/backup/vlm/embedding 四个槽位配置
- 重构 save_model_settings(): 批量保存模型配置到 SystemModelSetting 表
- 新增 load_model_settings(): 从 SystemModelSetting 表加载所有模型配置
- read_settings(): 整合 legacy secrets 与新的 SystemModelSetting 表数据
- write_settings(): 拆分 model secrets 到 SystemModelSetting 表
- decrypt_model_secret(): 新增从数据库读取加密的 API Key
6. 数据库模型注册 (server/src/app/db/base.py)
- 注册 SystemModelSetting 模型
7. 前端 API URL 智能解析 (web/src/services/api.js)
- 新增 isLoopbackHost(): 判断是否为回环地址
- 新增 resolveBrowserReachableApiBaseUrl(): 当后端配置为回环地址但浏览器非回环时,自动替换为浏览器 host
- 改进错误信息: "无法连接 FastAPI 后端服务,请确认后端已启动且浏览器可访问后端端口。"
8. 前端 Session 导航增强 (web/src/composables/useSystemState.js)
- installSessionNavigation(): 调用 fetchBootstrapState 后设置运行时 API Base URL
9. Settings 视图增强 (web/src/views/SettingsView.vue)
- API Key 输入框: 新增 @focus="clearModelSecretMask('xxx')" 清除遮罩
- 新增 .secret-bound-state 提示: 显示"已从数据库加密加载,测试会使用已保存密钥"
10. Settings 脚本增强 (web/src/views/scripts/SettingsView.js)
- 新增 clearModelSecretMask(slot): 清除指定槽位的 API Key 遮罩状态
11. CSS 样式 (web/src/assets/styles/views/settings-view.css)
- 新增 .secret-bound-state 样式: 显示数据库已加载密钥的提示样式
This commit is contained in:
@@ -4,18 +4,47 @@ function normalizeApiBaseUrl(value) {
|
||||
return String(value || '/api/v1').replace(/\/$/, '')
|
||||
}
|
||||
|
||||
function isLoopbackHost(hostname) {
|
||||
const normalized = String(hostname || '').trim().toLowerCase()
|
||||
return normalized === '127.0.0.1' || normalized === 'localhost' || normalized === '0.0.0.0' || normalized === '::1'
|
||||
}
|
||||
|
||||
function resolveBrowserReachableApiBaseUrl(value) {
|
||||
const normalized = normalizeApiBaseUrl(value)
|
||||
|
||||
if (typeof window === 'undefined') {
|
||||
return normalized
|
||||
}
|
||||
|
||||
try {
|
||||
const apiUrl = new URL(normalized)
|
||||
const browserHost = window.location.hostname
|
||||
|
||||
if (isLoopbackHost(apiUrl.hostname) && browserHost && !isLoopbackHost(browserHost)) {
|
||||
apiUrl.hostname = browserHost
|
||||
return normalizeApiBaseUrl(apiUrl.toString())
|
||||
}
|
||||
} catch {
|
||||
return normalized
|
||||
}
|
||||
|
||||
return normalized
|
||||
}
|
||||
|
||||
function readStoredApiBaseUrl() {
|
||||
if (typeof window === 'undefined') {
|
||||
return ''
|
||||
}
|
||||
|
||||
return window.localStorage.getItem(API_BASE_STORAGE_KEY) || ''
|
||||
return resolveBrowserReachableApiBaseUrl(window.localStorage.getItem(API_BASE_STORAGE_KEY) || '')
|
||||
}
|
||||
|
||||
let runtimeApiBaseUrl = normalizeApiBaseUrl(readStoredApiBaseUrl() || import.meta.env.VITE_API_BASE_URL || '/api/v1')
|
||||
let runtimeApiBaseUrl = resolveBrowserReachableApiBaseUrl(
|
||||
readStoredApiBaseUrl() || import.meta.env.VITE_API_BASE_URL || '/api/v1'
|
||||
)
|
||||
|
||||
export function setRuntimeApiBaseUrl(value) {
|
||||
runtimeApiBaseUrl = normalizeApiBaseUrl(value)
|
||||
runtimeApiBaseUrl = resolveBrowserReachableApiBaseUrl(value)
|
||||
|
||||
if (typeof window !== 'undefined') {
|
||||
window.localStorage.setItem(API_BASE_STORAGE_KEY, runtimeApiBaseUrl)
|
||||
@@ -46,7 +75,7 @@ export async function apiRequest(path, options = {}) {
|
||||
...options
|
||||
})
|
||||
} catch {
|
||||
throw new Error('无法连接后端员工服务,请确认 FastAPI 已启动。')
|
||||
throw new Error('无法连接 FastAPI 后端服务,请确认后端已启动且浏览器可访问后端端口。')
|
||||
}
|
||||
|
||||
let payload = null
|
||||
|
||||
Reference in New Issue
Block a user