feat: 重构模型配置存储与 API Key 加密管理
主要修改点:
1. 遗留密码格式兼容 (server/src/app/core/admin_secret.py)
- 新增 legacy_admin_secret_to_password_hash(): 将旧版 admin secret 记录转换为标准 scrypt 哈希格式
2. Scrypt 密码验证增强 (server/src/app/core/security.py)
- verify_password(): 新增 scrypt$ 前缀检测,分流到专用验证函数
- 新增 verify_scrypt_password(): 解析 scrypt$ 格式哈希并验证
3. 模型配置存储重构 (server/src/app/models/system_model_setting.py)
- 新增 SystemModelSetting 模型(slot 为 PK)
- 字段: slot, provider, model_name, endpoint, capability, priority, enabled, api_key_encrypted, created_at, updated_at
4. Settings Repository 扩展 (server/src/app/repositories/settings.py)
- 新增 get_model_settings(): 获取所有模型配置
- 新增 get_model_setting(slot): 按 slot 获取单个模型配置
5. Settings Service 重构 (server/src/app/services/settings.py)
- 新增 ModelSlotConfig dataclass: 封装单个模型槽位的配置属性
- 新增 MODEL_SLOT_CONFIGS 字典: main/backup/vlm/embedding 四个槽位配置
- 重构 save_model_settings(): 批量保存模型配置到 SystemModelSetting 表
- 新增 load_model_settings(): 从 SystemModelSetting 表加载所有模型配置
- read_settings(): 整合 legacy secrets 与新的 SystemModelSetting 表数据
- write_settings(): 拆分 model secrets 到 SystemModelSetting 表
- decrypt_model_secret(): 新增从数据库读取加密的 API Key
6. 数据库模型注册 (server/src/app/db/base.py)
- 注册 SystemModelSetting 模型
7. 前端 API URL 智能解析 (web/src/services/api.js)
- 新增 isLoopbackHost(): 判断是否为回环地址
- 新增 resolveBrowserReachableApiBaseUrl(): 当后端配置为回环地址但浏览器非回环时,自动替换为浏览器 host
- 改进错误信息: "无法连接 FastAPI 后端服务,请确认后端已启动且浏览器可访问后端端口。"
8. 前端 Session 导航增强 (web/src/composables/useSystemState.js)
- installSessionNavigation(): 调用 fetchBootstrapState 后设置运行时 API Base URL
9. Settings 视图增强 (web/src/views/SettingsView.vue)
- API Key 输入框: 新增 @focus="clearModelSecretMask('xxx')" 清除遮罩
- 新增 .secret-bound-state 提示: 显示"已从数据库加密加载,测试会使用已保存密钥"
10. Settings 脚本增强 (web/src/views/scripts/SettingsView.js)
- 新增 clearModelSecretMask(slot): 清除指定槽位的 API Key 遮罩状态
11. CSS 样式 (web/src/assets/styles/views/settings-view.css)
- 新增 .secret-bound-state 样式: 显示数据库已加载密钥的提示样式
This commit is contained in:
@@ -7,6 +7,7 @@ import { useToast } from '../../composables/useToast.js'
|
||||
const SETTINGS_STORAGE_KEY = 'x-financial-settings-draft'
|
||||
const CURRENT_YEAR = new Date().getFullYear()
|
||||
const CUSTOM_OPENAI_PROVIDER = 'Custom OpenAI Compatible'
|
||||
const MODEL_SECRET_MASK = '********'
|
||||
|
||||
const SECTION_DEFINITIONS = [
|
||||
{
|
||||
@@ -117,6 +118,8 @@ const MODEL_TEST_CONFIGS = {
|
||||
}
|
||||
}
|
||||
|
||||
const MODEL_API_KEY_CONFIGS = Object.values(MODEL_TEST_CONFIGS)
|
||||
|
||||
function normalizeValue(value) {
|
||||
return String(value ?? '').trim()
|
||||
}
|
||||
@@ -277,6 +280,38 @@ function sanitizeForStorage(state) {
|
||||
}
|
||||
}
|
||||
|
||||
function getModelConfiguredKey(apiKeyKey) {
|
||||
return `${apiKeyKey}Configured`
|
||||
}
|
||||
|
||||
function isModelSecretMask(value) {
|
||||
return value === MODEL_SECRET_MASK
|
||||
}
|
||||
|
||||
function maskConfiguredModelSecrets(state) {
|
||||
for (const config of MODEL_API_KEY_CONFIGS) {
|
||||
const configuredKey = getModelConfiguredKey(config.apiKeyKey)
|
||||
|
||||
if (state.llmForm[configuredKey] && !normalizeValue(state.llmForm[config.apiKeyKey])) {
|
||||
state.llmForm[config.apiKeyKey] = MODEL_SECRET_MASK
|
||||
}
|
||||
}
|
||||
|
||||
return state
|
||||
}
|
||||
|
||||
function buildLlmPayload(llmForm) {
|
||||
const payload = { ...llmForm }
|
||||
|
||||
for (const config of MODEL_API_KEY_CONFIGS) {
|
||||
if (isModelSecretMask(payload[config.apiKeyKey])) {
|
||||
payload[config.apiKeyKey] = ''
|
||||
}
|
||||
}
|
||||
|
||||
return payload
|
||||
}
|
||||
|
||||
function persistSettings(state) {
|
||||
if (typeof window === 'undefined') {
|
||||
return
|
||||
@@ -390,7 +425,7 @@ export default {
|
||||
nextState.mailForm.password = currentState.mailForm.password
|
||||
}
|
||||
|
||||
pageState.value = nextState
|
||||
pageState.value = maskConfiguredModelSecrets(nextState)
|
||||
persistSettings(pageState.value)
|
||||
updateBrandPreviewFromState(pageState.value)
|
||||
}
|
||||
@@ -410,7 +445,7 @@ export default {
|
||||
return {
|
||||
companyForm: { ...pageState.value.companyForm },
|
||||
adminForm: { ...pageState.value.adminForm },
|
||||
llmForm: { ...pageState.value.llmForm },
|
||||
llmForm: buildLlmPayload(pageState.value.llmForm),
|
||||
logForm: { ...pageState.value.logForm },
|
||||
mailForm: { ...pageState.value.mailForm }
|
||||
}
|
||||
@@ -456,17 +491,26 @@ export default {
|
||||
function buildModelTestPayload(testKey) {
|
||||
const config = MODEL_TEST_CONFIGS[testKey]
|
||||
const llmForm = pageState.value.llmForm
|
||||
const apiKey = llmForm[config.apiKeyKey]
|
||||
|
||||
return {
|
||||
provider: llmForm[config.providerKey],
|
||||
model: llmForm[config.modelKey],
|
||||
endpoint: llmForm[config.endpointKey],
|
||||
api_key: llmForm[config.apiKeyKey],
|
||||
api_key: isModelSecretMask(apiKey) ? '' : apiKey,
|
||||
capability: config.capability,
|
||||
slot: testKey
|
||||
}
|
||||
}
|
||||
|
||||
function clearModelSecretMask(testKey) {
|
||||
const config = MODEL_TEST_CONFIGS[testKey]
|
||||
|
||||
if (isModelSecretMask(pageState.value.llmForm[config.apiKeyKey])) {
|
||||
pageState.value.llmForm[config.apiKeyKey] = ''
|
||||
}
|
||||
}
|
||||
|
||||
async function testModelConnection(testKey) {
|
||||
const config = MODEL_TEST_CONFIGS[testKey]
|
||||
const payload = buildModelTestPayload(testKey)
|
||||
@@ -655,6 +699,7 @@ export default {
|
||||
activeSectionConfig,
|
||||
activateSection,
|
||||
applyProviderPreset,
|
||||
clearModelSecretMask,
|
||||
completedSectionCount,
|
||||
getModelTestState,
|
||||
isModelTesting,
|
||||
|
||||
Reference in New Issue
Block a user