huangzhenpc/yinghuoapi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ops): 添加 token 相关字段白名单避免误脱敏

Browse Source 
在敏感字段检测中添加白名单,排除 API 参数和用量统计字段:
- max_tokens, max_completion_tokens, max_output_tokens
- completion_tokens, prompt_tokens, total_tokens
- input_tokens, output_tokens
- cache_creation_input_tokens, cache_read_input_tokens

这些字段名虽然包含 "token" 但只是数值参数,不应被脱敏处理。
This commit is contained in:
shaw
2026-02-06 19:36:46 +08:00
parent bd7fdb5e6c
commit 9f4c1ef9f9
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/internal/service/ops_service.go
View File

@@ -424,6 +424,16 @@ func isSensitiveKey(key string) bool {
return false return false
} }
// Whitelist: known non-sensitive fields that contain sensitive substrings
// (e.g., "max_tokens" contains "token" but is just an API parameter).
switch k {
case "max_tokens", "max_completion_tokens", "max_output_tokens",
"completion_tokens", "prompt_tokens", "total_tokens",
"input_tokens", "output_tokens",
"cache_creation_input_tokens", "cache_read_input_tokens":
return false
}
// Exact matches (common credential fields). // Exact matches (common credential fields).
switch k { switch k {
case "authorization", case "authorization",