feat: add system settings with model connectivity and encrypted storage

server/tests/test_settings_persistence.py

@@ -0,0 +1,84 @@
+from __future__ import annotations
+
+from pathlib import Path
+import tempfile
+
+from sqlalchemy import create_engine
+from sqlalchemy.orm import Session, sessionmaker
+
+from app.core import secret_box
+from app.db.base import Base
+from app.models.system_setting import SystemSetting
+from app.models.system_setting_secret import SystemSettingSecret
+from app.schemas.settings import SettingsWrite
+from app.services.settings import SettingsService
+
+
+def build_session(db_file: Path) -> Session:
+    engine = create_engine(
+        f"sqlite+pysqlite:///{db_file.as_posix()}",
+        connect_args={"check_same_thread": False},
+    )
+    SystemSetting.__table__.create(bind=engine)
+    SystemSettingSecret.__table__.create(bind=engine)
+    session_factory = sessionmaker(bind=engine, autoflush=False, autocommit=False)
+    return session_factory()
+
+
+def build_temp_secret_dir() -> Path:
+    return Path(tempfile.mkdtemp(prefix="xf-settings-test-", dir="D:\\tmp"))
+
+
+def test_settings_service_persists_non_secret_and_secret_fields(monkeypatch) -> None:
+    temp_dir = build_temp_secret_dir()
+    monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
+    monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
+
+    with build_session(temp_dir / "settings.db") as db:
+        service = SettingsService(db)
+        initial_snapshot = service.get_settings_snapshot()
+        payload = initial_snapshot.model_dump()
+
+        payload["companyForm"]["companyName"] = "YGSOFT"
+        payload["companyForm"]["displayName"] = "云广软件"
+        payload["adminForm"]["adminAccount"] = "admin-root"
+        payload["adminForm"]["adminEmail"] = "admin@example.com"
+        payload["adminForm"]["newPassword"] = "54321"
+        payload["adminForm"]["confirmPassword"] = "54321"
+        payload["llmForm"]["mainModel"] = "glm-4.5"
+        payload["llmForm"]["mainApiKey"] = "main-secret"
+        payload["mailForm"]["password"] = "smtp-secret"
+
+        saved_snapshot = service.save_settings_snapshot(SettingsWrite(**payload))
+
+        assert saved_snapshot.companyForm.companyName == "YGSOFT"
+        assert saved_snapshot.companyForm.displayName == "云广软件"
+        assert saved_snapshot.llmForm.mainModel == "glm-4.5"
+        assert saved_snapshot.llmForm.mainApiKey == ""
+        assert saved_snapshot.llmForm.mainApiKeyConfigured is True
+        assert saved_snapshot.mailForm.password == ""
+        assert saved_snapshot.mailForm.passwordConfigured is True
+        assert saved_snapshot.adminForm.newPassword == ""
+        assert saved_snapshot.adminForm.adminPasswordConfigured is True
+
+        assert service.load_saved_model_api_key("main") == "main-secret"
+        assert service.verify_admin_login("admin-root", "54321") is not None
+        assert service.verify_admin_login("admin@example.com", "54321") is not None
+
+
+def test_blank_secret_input_does_not_clear_saved_secret(monkeypatch) -> None:
+    temp_dir = build_temp_secret_dir()
+    monkeypatch.setattr(secret_box, "SECRET_KEY_FILE", temp_dir / "settings.key")
+    monkeypatch.setattr(Base.metadata, "create_all", lambda *args, **kwargs: None)
+
+    with build_session(temp_dir / "settings.db") as db:
+        service = SettingsService(db)
+        first_payload = service.get_settings_snapshot().model_dump()
+        first_payload["llmForm"]["mainApiKey"] = "persisted-key"
+        service.save_settings_snapshot(SettingsWrite(**first_payload))
+
+        second_payload = service.get_settings_snapshot().model_dump()
+        second_payload["llmForm"]["mainApiKey"] = ""
+        service.save_settings_snapshot(SettingsWrite(**second_payload))
+
+        assert service.load_saved_model_api_key("main") == "persisted-key"