fix: prioritize database provider configs and implement API key encryption
- Added AES-GCM encryption/decryption for provider API keys in the database. - Implemented RefreshProviders to load provider configs from the database with precedence over environment variables. - Updated dashboard handlers to encrypt keys on save and trigger in-memory provider refresh. - Updated Grok test model to grok-3-mini for better compatibility.
This commit is contained in:
@@ -10,6 +10,7 @@ import (
|
||||
|
||||
"gophergate/internal/db"
|
||||
"gophergate/internal/models"
|
||||
"gophergate/internal/utils"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/google/uuid"
|
||||
"golang.org/x/crypto/bcrypt"
|
||||
@@ -912,24 +913,40 @@ func (s *Server) handleUpdateProvider(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
apiKeyEncrypted := false
|
||||
var apiKey *string = req.APIKey
|
||||
if req.APIKey != nil && *req.APIKey != "" {
|
||||
encrypted, err := utils.Encrypt(*req.APIKey, s.cfg.KeyBytes)
|
||||
if err == nil {
|
||||
apiKey = &encrypted
|
||||
apiKeyEncrypted = true
|
||||
}
|
||||
}
|
||||
|
||||
_, err := s.database.Exec(`
|
||||
INSERT INTO provider_configs (id, display_name, enabled, base_url, api_key, credit_balance, low_credit_threshold, billing_mode)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?)
|
||||
INSERT INTO provider_configs (id, display_name, enabled, base_url, api_key, credit_balance, low_credit_threshold, billing_mode, api_key_encrypted)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
|
||||
ON CONFLICT(id) DO UPDATE SET
|
||||
enabled = excluded.enabled,
|
||||
base_url = COALESCE(excluded.base_url, provider_configs.base_url),
|
||||
api_key = COALESCE(excluded.api_key, provider_configs.api_key),
|
||||
api_key_encrypted = excluded.api_key_encrypted,
|
||||
credit_balance = COALESCE(excluded.credit_balance, provider_configs.credit_balance),
|
||||
low_credit_threshold = COALESCE(excluded.low_credit_threshold, provider_configs.low_credit_threshold),
|
||||
billing_mode = COALESCE(excluded.billing_mode, provider_configs.billing_mode),
|
||||
updated_at = CURRENT_TIMESTAMP
|
||||
`, name, strings.ToUpper(name), req.Enabled, req.BaseURL, req.APIKey, req.CreditBalance, req.LowCreditThreshold, req.BillingMode)
|
||||
`, name, strings.ToUpper(name), req.Enabled, req.BaseURL, apiKey, req.CreditBalance, req.LowCreditThreshold, req.BillingMode, apiKeyEncrypted)
|
||||
|
||||
if err != nil {
|
||||
c.JSON(http.StatusInternalServerError, ErrorResponse(err.Error()))
|
||||
return
|
||||
}
|
||||
|
||||
// Refresh in-memory providers
|
||||
if err := s.RefreshProviders(); err != nil {
|
||||
fmt.Printf("Error refreshing providers: %v\n", err)
|
||||
}
|
||||
|
||||
c.JSON(http.StatusOK, SuccessResponse(gin.H{"message": "Provider updated"}))
|
||||
}
|
||||
|
||||
@@ -962,7 +979,7 @@ func (s *Server) handleTestProvider(c *gin.Context) {
|
||||
} else if name == "deepseek" {
|
||||
testReq.Model = "deepseek-chat"
|
||||
} else if name == "grok" {
|
||||
testReq.Model = "grok-2"
|
||||
testReq.Model = "grok-3-mini"
|
||||
}
|
||||
|
||||
_, err := provider.ChatCompletion(c.Request.Context(), testReq)
|
||||
|
||||
Reference in New Issue
Block a user