GithubBackup/BiliNote
1
0
Fork 0
mirror of https://github.com/JefferyHcool/BiliNote.git synced 2026-06-12 11:09:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(backend): 防御 API Key 掩码污染并修复 EXE 版 .env 加载路径

Browse Source 
- provider.py: 更新供应商时,若 api_key 包含 '*'(掩码字符),
  跳过该字段,防止前端展示用的 mask_key() 值被误写入数据库。

- ffmpeg_helper.py: load_dotenv() 默认只从 CWD 查找 .env,
  PyInstaller 打包后 CWD 为 EXE 目录,导致 _internal/.env 被忽略。
  改为遍历多个候选路径(CWD、脚本目录、项目根目录、_internal/),
  确保源码和打包两种场景都能正确加载环境变量。
This commit is contained in:
techotaku39
2026-05-23 22:47:28 +08:00
parent db556b8991
commit 4425239717
2 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/app/services/provider.py
View File

@@ -129,6 +129,10 @@ class ProviderService:
try:
# 过滤掉空值
filtered_data = {k: v for k, v in data.items() if v is not None and k != 'id'}
# 防御掩码污染:前端展示时 api_key 被 mask_key() 处理过(如 a92f****...2d3a
# 如果用户未重新输入直接保存,带星号的值不应覆盖原 key。
if 'api_key' in filtered_data and '*' in str(filtered_data.get('api_key', '')):
filtered_data.pop('api_key')
print('更新模型供应商',filtered_data)
update_provider(id, **filtered_data)
# 获取更新后的供应商信息