Skip to content

Commit 40f2c5a

Browse files
committed
fix(providers): 自定义供应商创建同样拦截含中文/全角字符的 API key
/api/config、/api/test-provider、/api/provider-models 三处已拦, /api/custom-providers 创建时存 key 是第四个入口——漏拦会把坏 key 落盘, 之后每次运行/测试都撞底层 ByteString 报错。四个入口现已一致。
1 parent 70f74d9 commit 40f2c5a

1 file changed

Lines changed: 3 additions & 0 deletions

File tree

web/server.js

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1525,6 +1525,9 @@ app.post('/api/custom-providers', (req, res) => {
15251525
if (typeof baseUrl !== 'string' || !baseUrl.trim()) {
15261526
return res.status(400).json({ error: 'baseUrl required' });
15271527
}
1528+
if (typeof apiKey === 'string' && apiKey.trim() && /[^\x20-\x7E]/.test(apiKey)) {
1529+
return res.status(400).json({ error: 'API key 含中文/全角字符——通常是复制时把旁边的说明文字一起带上了,请只粘贴 key 本身(重新复制或删掉多余字符)' });
1530+
}
15281531
const err = validateCustomProviderId(id, reservedProviderIds());
15291532
const existing = readCustomProviders(CUSTOM_PROVIDERS_FILE);
15301533
if (existing.some((p) => p.id === id)) {

0 commit comments

Comments
 (0)