0f8e2d0934
Account.Credentials 是 JSONB map,混合存放可编辑的非敏感配置(base_url、 model_mapping、project_id 等)与敏感秘钥(OAuth access/refresh/id token、 API key、AWS secret、Vertex private key 等)。当前所有 admin 账号接口直接 透传该 map,token 经由浏览器 DevTools、抓包、日志等途径泄漏。 - service 包新增 SensitiveCredentialKeys 清单与 MergePreservingSensitiveCreds 作为单一权威定义。 - dto 层 RedactCredentials 在响应里剥离敏感子键,输出 credentials_status (has_<key> 布尔标识)告知前端存在性,不暴露原值。 - AccountFromServiceShallow 接入脱敏,覆盖 list、get、create、update、 refresh、batch、bulk-update、OAuth 创建等 9 个 handler。 - service.UpdateAccount 改为合并语义:incoming 没传敏感键则保留 existing, 让前端"全对象 PUT"流程在脱敏后无感工作;显式提供新 token 仍会覆盖。 - 前端 EditAccountModal 修复脱敏后会崩的两处兜底:apikey 必填检查和 Vertex SA JSON 存在性校验改读 credentials_status.has_*。 - 导出端点 /admin/accounts/data 走独立的 DataAccount 结构,按设计保留 完整 credentials 作为管理员备份路径。 测试:RedactCredentials 单元测试、mapper 端到端 JSON 断言(确认序列化 后无 token 子串)、UpdateAccount 合并语义三种场景(保留 / 覆盖 / 空 map 跳过)。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
68 lines
2.2 KiB
Go
68 lines
2.2 KiB
Go
package dto
|
|
|
|
import (
|
|
"encoding/json"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/Wei-Shaw/sub2api/internal/service"
|
|
)
|
|
|
|
func TestAccountFromServiceShallow_RedactsSensitiveCredentials(t *testing.T) {
|
|
src := &service.Account{
|
|
ID: 42,
|
|
Name: "demo",
|
|
Platform: "anthropic",
|
|
Type: "oauth",
|
|
Credentials: map[string]any{
|
|
"access_token": "at-secret",
|
|
"refresh_token": "rt-secret",
|
|
"id_token": "id-secret",
|
|
"api_key": "sk-secret",
|
|
"base_url": "https://api.example.com",
|
|
"model_mapping": map[string]any{"foo": "bar"},
|
|
},
|
|
}
|
|
|
|
got := AccountFromServiceShallow(src)
|
|
require.NotNil(t, got)
|
|
|
|
// 敏感键不在 Credentials 里
|
|
require.NotContains(t, got.Credentials, "access_token")
|
|
require.NotContains(t, got.Credentials, "refresh_token")
|
|
require.NotContains(t, got.Credentials, "id_token")
|
|
require.NotContains(t, got.Credentials, "api_key")
|
|
// 非敏感键保留
|
|
require.Equal(t, "https://api.example.com", got.Credentials["base_url"])
|
|
require.Equal(t, map[string]any{"foo": "bar"}, got.Credentials["model_mapping"])
|
|
|
|
// 状态 map 标记敏感键存在
|
|
require.True(t, got.CredentialsStatus["has_access_token"])
|
|
require.True(t, got.CredentialsStatus["has_refresh_token"])
|
|
require.True(t, got.CredentialsStatus["has_id_token"])
|
|
require.True(t, got.CredentialsStatus["has_api_key"])
|
|
|
|
// JSON 序列化校验:响应体里不会出现敏感子串
|
|
raw, err := json.Marshal(got)
|
|
require.NoError(t, err)
|
|
require.NotContains(t, string(raw), "rt-secret")
|
|
require.NotContains(t, string(raw), "at-secret")
|
|
require.NotContains(t, string(raw), "sk-secret")
|
|
require.NotContains(t, string(raw), "id-secret")
|
|
// 状态标识应序列化进 JSON
|
|
require.Contains(t, string(raw), "credentials_status")
|
|
require.Contains(t, string(raw), "has_refresh_token")
|
|
|
|
// 原始 service.Account 不应被改动
|
|
require.Equal(t, "rt-secret", src.Credentials["refresh_token"])
|
|
}
|
|
|
|
func TestAccountFromServiceShallow_NilCredentialsOmitsStatus(t *testing.T) {
|
|
src := &service.Account{ID: 1, Name: "n", Platform: "anthropic", Type: "oauth"}
|
|
got := AccountFromServiceShallow(src)
|
|
require.NotNil(t, got)
|
|
require.Nil(t, got.Credentials)
|
|
require.Nil(t, got.CredentialsStatus)
|
|
}
|