fix(newapi): validate token input across ui and api

2026-05-06 20:02:51 +08:00 · 2026-03-27 13:45:39 +08:00
parent 235c60df25
commit 062afb35db
7 changed files with 304 additions and 8 deletions
--- a/static/js/settings.js
+++ b/static/js/settings.js
@@ -1296,6 +1296,28 @@ function closeNewapiServiceModal() {
    elements.newapiServiceEditModal.classList.remove('active');
 }

+function validateNewapiApiKeyInput(apiKey, { required = false } = {}) {
+    const normalizedApiKey = String(apiKey || '').trim();
+    if (!normalizedApiKey) {
+        if (required) {
+            return '新增服务时 Root Token / API Key 不能为空';
+        }
+        return '';
+    }
+
+    for (const char of normalizedApiKey) {
+        const code = char.charCodeAt(0);
+        if (code > 127) {
+            return 'Root Token / API Key 只能包含 ASCII 字符，请粘贴实际令牌，不要填写中文说明';
+        }
+        if (code < 32 || code === 127) {
+            return 'Root Token / API Key 包含非法控制字符';
+        }
+    }
+
+    return '';
+}
+
 async function editNewapiService(id) {
    try {
        const service = await api.get(`/newapi-services/${id}`);
@@ -1321,8 +1343,9 @@ async function handleSaveNewapiService(e) {
        toast.error('名称和 API URL 不能为空');
        return;
    }
-    if (!id && !apiKey) {
-        toast.error('新增服务时 Root Token / API Key 不能为空');
+    const apiKeyValidationError = validateNewapiApiKeyInput(apiKey, { required: !id });
+    if (apiKeyValidationError) {
+        toast.error(apiKeyValidationError);
        return;
    }