security: Implemented API key redaction for secure logging

- Add redact_key_for_logging() helper function to show only first/last 6 chars
- Fix API key exposure in app/service/key/key_manager.py line 68
- Apply key redaction across all Python files with API key logging
- Standardize logging security across 17 files including routers, services, handlers
This commit is contained in:
Shuai Lin
2025-07-21 02:03:19 +08:00
parent b25cf7d978
commit 6abda7d902
17 changed files with 78 additions and 46 deletions

View File

@@ -8,6 +8,7 @@ import json
from app.database.connection import database
from app.database.models import Settings, ErrorLog, RequestLog, FileRecord, FileState
from app.log.logger import get_database_logger
from app.utils.helpers import redact_key_for_logging
logger = get_database_logger()
@@ -143,7 +144,7 @@ async def add_error_log(
)
)
await database.execute(query)
logger.info(f"Added error log for key: {gemini_key}")
logger.info(f"Added error log for key: {redact_key_for_logging(gemini_key)}")
return True
except Exception as e:
logger.error(f"Failed to add error log: {str(e)}")