From 9f4c1ef9f9a13ae29891c68095843a0664af9b82 Mon Sep 17 00:00:00 2001 From: shaw Date: Fri, 6 Feb 2026 19:36:46 +0800 Subject: [PATCH] =?UTF-8?q?fix(ops):=20=E6=B7=BB=E5=8A=A0=20token=20?= =?UTF-8?q?=E7=9B=B8=E5=85=B3=E5=AD=97=E6=AE=B5=E7=99=BD=E5=90=8D=E5=8D=95?= =?UTF-8?q?=E9=81=BF=E5=85=8D=E8=AF=AF=E8=84=B1=E6=95=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 在敏感字段检测中添加白名单,排除 API 参数和用量统计字段: - max_tokens, max_completion_tokens, max_output_tokens - completion_tokens, prompt_tokens, total_tokens - input_tokens, output_tokens - cache_creation_input_tokens, cache_read_input_tokens 这些字段名虽然包含 "token" 但只是数值参数,不应被脱敏处理。 --- backend/internal/service/ops_service.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/backend/internal/service/ops_service.go b/backend/internal/service/ops_service.go index abb8ae12..3b81258d 100644 --- a/backend/internal/service/ops_service.go +++ b/backend/internal/service/ops_service.go @@ -424,6 +424,16 @@ func isSensitiveKey(key string) bool { return false } + // Whitelist: known non-sensitive fields that contain sensitive substrings + // (e.g., "max_tokens" contains "token" but is just an API parameter). + switch k { + case "max_tokens", "max_completion_tokens", "max_output_tokens", + "completion_tokens", "prompt_tokens", "total_tokens", + "input_tokens", "output_tokens", + "cache_creation_input_tokens", "cache_read_input_tokens": + return false + } + // Exact matches (common credential fields). switch k { case "authorization",