i/Aether
1
0
Fork 0
mirror of https://github.com/fawney19/Aether.git synced 2026-01-03 00:02:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: enhance proxy configuration with password preservation and UI improvements

Browse Source 
- Add 'enabled' field to ProxyConfig for preserving config when disabled
- Mask proxy password in API responses (return '***' instead of actual password)
- Preserve existing password on update when new password not provided
- Add URL encoding for proxy credentials (handle special chars like @, :, /)
- Enhanced URL validation: block SOCKS4, require valid host, forbid embedded auth
- UI improvements: use Switch component, dynamic password placeholder
- Add confirmation dialog for orphaned credentials (URL empty but has username/password)
- Prevent browser password autofill with randomized IDs and CSS text-security
- Unify ProxyConfig type definition in types.ts
This commit is contained in:
fawney19
2025-12-18 16:14:37 +08:00
parent 3e50c157be
commit 293bb592dc
7 changed files with 224 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
frontend/src/api/endpoints/endpoints.ts
View File

@@ -1,14 +1,5 @@
import client from '../client' import client from '../client'
import type { ProviderEndpoint } from './types' import type { ProviderEndpoint, ProxyConfig } from './types'
/**
* 代理配置类型
*/
export interface ProxyConfig {
url: string
username?: string
password?: string
}
/** /**
* 获取指定 Provider 的所有 Endpoints * 获取指定 Provider 的所有 Endpoints
@@ -47,7 +38,7 @@ export async function createEndpoint(
rate_limit?: number rate_limit?: number
is_active?: boolean is_active?: boolean
config?: Record<string, any> config?: Record<string, any>
proxy?: ProxyConfig proxy?: ProxyConfig | null
} }
): Promise<ProviderEndpoint> { ): Promise<ProviderEndpoint> {
const response = await client.post(`/api/admin/endpoints/providers/${providerId}/endpoints`, data) const response = await client.post(`/api/admin/endpoints/providers/${providerId}/endpoints`, data)
@@ -73,7 +64,7 @@ export async function updateEndpoint(
rate_limit: number rate_limit: number
is_active: boolean is_active: boolean
config: Record<string, any> config: Record<string, any>
proxy: ProxyConfig proxy: ProxyConfig | null
}> }>
): Promise<ProviderEndpoint> { ): Promise<ProviderEndpoint> {
const response = await client.put(`/api/admin/endpoints/${endpointId}`, data) const response = await client.put(`/api/admin/endpoints/${endpointId}`, data)

16
frontend/src/api/endpoints/types.ts
View File

@@ -20,6 +20,16 @@ export const API_FORMAT_LABELS: Record<string, string> = {
[API_FORMATS.GEMINI_CLI]: 'Gemini CLI', [API_FORMATS.GEMINI_CLI]: 'Gemini CLI',
} }
/**
* 代理配置类型
*/
export interface ProxyConfig {
url: string
username?: string
password?: string
enabled?: boolean // 是否启用代理false 时保留配置但不使用)
}
export interface ProviderEndpoint { export interface ProviderEndpoint {
id: string id: string
provider_id: string provider_id: string
@@ -41,11 +51,7 @@ export interface ProviderEndpoint {
last_failure_at?: string last_failure_at?: string
is_active: boolean is_active: boolean
config?: Record<string, any> config?: Record<string, any>
proxy?: { proxy?: ProxyConfig | null
url: string
username?: string
password?: string
}
total_keys: number total_keys: number
active_keys: number active_keys: number
created_at: string created_at: string

168
frontend/src/features/providers/components/EndpointFormDialog.vue
View File

@@ -9,7 +9,7 @@
> >
<form <form
class="space-y-6" class="space-y-6"
@submit.prevent="handleSubmit" @submit.prevent="handleSubmit()"
> >
<!-- API 配置 --> <!-- API 配置 -->
<div class="space-y-4"> <div class="space-y-4">
@@ -139,14 +139,10 @@
<h3 class="text-sm font-medium"> <h3 class="text-sm font-medium">
代理配置 代理配置
</h3> </h3>
<label class="flex items-center gap-2 text-sm"> <div class="flex items-center gap-2">
<input <Switch v-model="proxyEnabled" />
v-model="proxyEnabled" <span class="text-sm text-muted-foreground">启用代理</span>
type="checkbox" </div>
class="h-4 w-4 rounded border-gray-300"
>
启用代理
</label>
</div> </div>
<div <div
@@ -159,29 +155,51 @@
id="proxy_url" id="proxy_url"
v-model="form.proxy_url" v-model="form.proxy_url"
placeholder="http://host:port 或 socks5://host:port" placeholder="http://host:port 或 socks5://host:port"
required
:class="proxyUrlError ? 'border-red-500' : ''"
/> />
<p class="text-xs text-muted-foreground"> <p
支持 HTTPHTTPSSOCKS4SOCKS5 代理 v-if="proxyUrlError"
class="text-xs text-red-500"
>
{{ proxyUrlError }}
</p>
<p
v-else
class="text-xs text-muted-foreground"
>
支持 HTTPHTTPSSOCKS5 代理
</p> </p>
</div> </div>
<div class="grid grid-cols-2 gap-4"> <div class="grid grid-cols-2 gap-4">
<div class="space-y-2"> <div class="space-y-2">
<Label for="proxy_username">用户名可选</Label> <Label for="proxy_user">用户名可选</Label>
<Input <Input
id="proxy_username" :id="`proxy_user_${formId}`"
:name="`proxy_user_${formId}`"
v-model="form.proxy_username" v-model="form.proxy_username"
placeholder="代理认证用户名" placeholder="代理认证用户名"
autocomplete="off"
data-form-type="other"
data-lpignore="true"
data-1p-ignore="true"
/> />
</div> </div>
<div class="space-y-2"> <div class="space-y-2">
<Label for="proxy_password">密码可选</Label> <Label :for="`proxy_pass_${formId}`">密码可选</Label>
<Input <Input
id="proxy_password" :id="`proxy_pass_${formId}`"
:name="`proxy_pass_${formId}`"
v-model="form.proxy_password" v-model="form.proxy_password"
type="password" type="text"
placeholder="代理认证密码" :placeholder="passwordPlaceholder"
autocomplete="off"
data-form-type="other"
data-lpignore="true"
data-1p-ignore="true"
:style="{ '-webkit-text-security': 'disc', 'text-security': 'disc' }"
/> />
</div> </div>
</div> </div>
@@ -200,12 +218,24 @@
</Button> </Button>
<Button <Button
:disabled="loading || !form.base_url || (!isEditMode && !form.api_format)" :disabled="loading || !form.base_url || (!isEditMode && !form.api_format)"
@click="handleSubmit" @click="handleSubmit()"
> >
{{ loading ? (isEditMode ? '保存中...' : '创建中...') : (isEditMode ? '保存修改' : '创建') }} {{ loading ? (isEditMode ? '保存中...' : '创建中...') : (isEditMode ? '保存修改' : '创建') }}
</Button> </Button>
</template> </template>
</Dialog> </Dialog>
<!-- 确认清空凭据对话框 -->
<AlertDialog
v-model="showClearCredentialsDialog"
title="清空代理凭据"
description="代理 URL 为空,但用户名和密码仍有值。是否清空这些凭据并继续保存?"
type="warning"
confirm-text="清空并保存"
cancel-text="返回编辑"
@confirm="confirmClearCredentials"
@cancel="showClearCredentialsDialog = false"
/>
</template> </template>
<script setup lang="ts"> <script setup lang="ts">
@@ -220,7 +250,9 @@ import {
SelectValue, SelectValue,
SelectContent, SelectContent,
SelectItem, SelectItem,
Switch,
} from '@/components/ui' } from '@/components/ui'
import AlertDialog from '@/components/common/AlertDialog.vue'
import { Link, SquarePen } from 'lucide-vue-next' import { Link, SquarePen } from 'lucide-vue-next'
import { useToast } from '@/composables/useToast' import { useToast } from '@/composables/useToast'
import { useFormDialog } from '@/composables/useFormDialog' import { useFormDialog } from '@/composables/useFormDialog'
@@ -250,6 +282,10 @@ const { success, error: showError } = useToast()
const loading = ref(false) const loading = ref(false)
const selectOpen = ref(false) const selectOpen = ref(false)
const proxyEnabled = ref(false) const proxyEnabled = ref(false)
const showClearCredentialsDialog = ref(false) // 确认清空凭据对话框
// 生成随机 ID 防止浏览器自动填充
const formId = Math.random().toString(36).substring(2, 10)
// 内部状态 // 内部状态
const internalOpen = computed(() => props.modelValue) const internalOpen = computed(() => props.modelValue)
@@ -297,6 +333,53 @@ const defaultPathPlaceholder = computed(() => {
return `留空使用默认路径:${defaultPath.value}` return `留空使用默认路径:${defaultPath.value}`
}) })
// 检查是否有已保存的密码(后端返回 *** 表示有密码)
const hasExistingPassword = computed(() => {
if (!props.endpoint?.proxy) return false
const proxy = props.endpoint.proxy as { password?: string }
return proxy?.password === MASKED_PASSWORD
})
// 密码输入框的 placeholder
const passwordPlaceholder = computed(() => {
if (hasExistingPassword.value) {
return '已保存密码,留空保持不变'
}
return '代理认证密码'
})
// 代理 URL 验证
const proxyUrlError = computed(() => {
// 只有启用代理且填写了 URL 时才验证
if (!proxyEnabled.value || !form.value.proxy_url) {
return ''
}
const url = form.value.proxy_url.trim()
// 检查禁止的特殊字符
if (/[\n\r]/.test(url)) {
return '代理 URL 包含非法字符'
}
// 验证协议(不支持 SOCKS4
if (!/^(http|https|socks5):\/\//i.test(url)) {
return '代理 URL 必须以 http://, https:// 或 socks5:// 开头'
}
try {
const parsed = new URL(url)
if (!parsed.host) {
return '代理 URL 必须包含有效的 host'
}
// 禁止 URL 中内嵌认证信息
if (parsed.username || parsed.password) {
return '请勿在 URL 中包含用户名和密码,请使用独立的认证字段'
}
} catch {
return '代理 URL 格式无效'
}
return ''
})
// 组件挂载时加载API格式 // 组件挂载时加载API格式
onMounted(() => { onMounted(() => {
loadApiFormats() loadApiFormats()
@@ -320,11 +403,14 @@ function resetForm() {
proxyEnabled.value = false proxyEnabled.value = false
} }
// 原始密码占位符(后端返回的脱敏标记)
const MASKED_PASSWORD = '***'
// 加载端点数据(编辑模式) // 加载端点数据(编辑模式)
function loadEndpointData() { function loadEndpointData() {
if (!props.endpoint) return if (!props.endpoint) return
const proxy = props.endpoint.proxy as { url?: string; username?: string; password?: string } | null const proxy = props.endpoint.proxy as { url?: string; username?: string; password?: string; enabled?: boolean } | null
form.value = { form.value = {
api_format: props.endpoint.api_format, api_format: props.endpoint.api_format,
@@ -337,11 +423,12 @@ function loadEndpointData() {
is_active: props.endpoint.is_active, is_active: props.endpoint.is_active,
proxy_url: proxy?.url || '', proxy_url: proxy?.url || '',
proxy_username: proxy?.username || '', proxy_username: proxy?.username || '',
proxy_password: proxy?.password || '', // 如果密码是脱敏标记,显示为空(让用户知道有密码但看不到)
proxy_password: proxy?.password === MASKED_PASSWORD ? '' : (proxy?.password || ''),
} }
// 如果有代理配置,启用代理开关 // 根据 enabled 字段或 url 存在判断是否启用代理
proxyEnabled.value = !!proxy?.url proxyEnabled.value = proxy?.enabled ?? !!proxy?.url
} }
// 使用 useFormDialog 统一处理对话框逻辑 // 使用 useFormDialog 统一处理对话框逻辑
@@ -355,21 +442,42 @@ const { isEditMode, handleDialogUpdate, handleCancel } = useFormDialog({
}) })
// 构建代理配置 // 构建代理配置
function buildProxyConfig() { // - 有 URL 时始终保存配置,通过 enabled 字段控制是否启用
if (!proxyEnabled.value || !form.value.proxy_url) { // - 无 URL 时返回 null
return undefined function buildProxyConfig(): { url: string; username?: string; password?: string; enabled: boolean } | null {
if (!form.value.proxy_url) {
// 没填 URL无代理配置
return null
} }
return { return {
url: form.value.proxy_url, url: form.value.proxy_url,
username: form.value.proxy_username || undefined, username: form.value.proxy_username || undefined,
password: form.value.proxy_password || undefined, password: form.value.proxy_password || undefined,
enabled: proxyEnabled.value, // 开关状态决定是否启用
} }
} }
// 提交表单 // 提交表单
const handleSubmit = async () => { const handleSubmit = async (skipCredentialCheck = false) => {
if (!props.provider && !props.endpoint) return if (!props.provider && !props.endpoint) return
// 只在开关开启且填写了 URL 时验证
if (proxyEnabled.value && form.value.proxy_url && proxyUrlError.value) {
showError(proxyUrlError.value, '代理配置错误')
return
}
// 检查:开关开启但没有 URL却有用户名或密码
const hasOrphanedCredentials = proxyEnabled.value
&& !form.value.proxy_url
&& (form.value.proxy_username || form.value.proxy_password)
if (hasOrphanedCredentials && !skipCredentialCheck) {
// 弹出确认对话框
showClearCredentialsDialog.value = true
return
}
loading.value = true loading.value = true
try { try {
const proxyConfig = buildProxyConfig() const proxyConfig = buildProxyConfig()
@@ -417,4 +525,12 @@ const handleSubmit = async () => {
loading.value = false loading.value = false
} }
} }
// 确认清空凭据并继续保存
const confirmClearCredentials = () => {
form.value.proxy_username = ''
form.value.proxy_password = ''
showClearCredentialsDialog.value = false
handleSubmit(true) // 跳过凭据检查,直接提交
}
</script> </script>

36
src/api/admin/endpoints/routes.py
View File

@@ -5,7 +5,7 @@ ProviderEndpoint CRUD 管理 API
import uuid import uuid
from dataclasses import dataclass from dataclasses import dataclass
from datetime import datetime, timezone from datetime import datetime, timezone
from typing import List from typing import List, Optional
from fastapi import APIRouter, Depends, Query, Request from fastapi import APIRouter, Depends, Query, Request
from sqlalchemy import and_, func from sqlalchemy import and_, func
@@ -27,6 +27,16 @@ router = APIRouter(tags=["Endpoint Management"])
pipeline = ApiRequestPipeline() pipeline = ApiRequestPipeline()
def mask_proxy_password(proxy_config: Optional[dict]) -> Optional[dict]:
"""对代理配置中的密码进行脱敏处理"""
if not proxy_config:
return None
masked = dict(proxy_config)
if masked.get("password"):
masked["password"] = "***"
return masked
@router.get("/providers/{provider_id}/endpoints", response_model=List[ProviderEndpointResponse]) @router.get("/providers/{provider_id}/endpoints", response_model=List[ProviderEndpointResponse])
async def list_provider_endpoints( async def list_provider_endpoints(
provider_id: str, provider_id: str,
@@ -153,6 +163,7 @@ class AdminListProviderEndpointsAdapter(AdminApiAdapter):
"api_format": endpoint.api_format, "api_format": endpoint.api_format,
"total_keys": total_keys_map.get(endpoint.id, 0), "total_keys": total_keys_map.get(endpoint.id, 0),
"active_keys": active_keys_map.get(endpoint.id, 0), "active_keys": active_keys_map.get(endpoint.id, 0),
"proxy": mask_proxy_password(endpoint.proxy),
} }
endpoint_dict.pop("_sa_instance_state", None) endpoint_dict.pop("_sa_instance_state", None)
result.append(ProviderEndpointResponse(**endpoint_dict)) result.append(ProviderEndpointResponse(**endpoint_dict))
@@ -216,12 +227,13 @@ class AdminCreateProviderEndpointAdapter(AdminApiAdapter):
endpoint_dict = { endpoint_dict = {
k: v k: v
for k, v in new_endpoint.__dict__.items() for k, v in new_endpoint.__dict__.items()
if k not in {"api_format", "_sa_instance_state"} if k not in {"api_format", "_sa_instance_state", "proxy"}
} }
return ProviderEndpointResponse( return ProviderEndpointResponse(
**endpoint_dict, **endpoint_dict,
provider_name=provider.name, provider_name=provider.name,
api_format=new_endpoint.api_format, api_format=new_endpoint.api_format,
proxy=mask_proxy_password(new_endpoint.proxy),
total_keys=0, total_keys=0,
active_keys=0, active_keys=0,
) )
@@ -260,12 +272,13 @@ class AdminGetProviderEndpointAdapter(AdminApiAdapter):
endpoint_dict = { endpoint_dict = {
k: v k: v
for k, v in endpoint_obj.__dict__.items() for k, v in endpoint_obj.__dict__.items()
if k not in {"api_format", "_sa_instance_state"} if k not in {"api_format", "_sa_instance_state", "proxy"}
} }
return ProviderEndpointResponse( return ProviderEndpointResponse(
**endpoint_dict, **endpoint_dict,
provider_name=provider.name, provider_name=provider.name,
api_format=endpoint_obj.api_format, api_format=endpoint_obj.api_format,
proxy=mask_proxy_password(endpoint_obj.proxy),
total_keys=total_keys, total_keys=total_keys,
active_keys=active_keys, active_keys=active_keys,
) )
@@ -285,9 +298,17 @@ class AdminUpdateProviderEndpointAdapter(AdminApiAdapter):
raise NotFoundException(f"Endpoint {self.endpoint_id} 不存在") raise NotFoundException(f"Endpoint {self.endpoint_id} 不存在")
update_data = self.endpoint_data.model_dump(exclude_unset=True) update_data = self.endpoint_data.model_dump(exclude_unset=True)
# 把 proxy 转换为 dict 存储 # 把 proxy 转换为 dict 存储,支持显式设置为 None 清除代理
if "proxy" in update_data and update_data["proxy"] is not None: if "proxy" in update_data:
update_data["proxy"] = dict(update_data["proxy"]) if update_data["proxy"] is not None:
new_proxy = dict(update_data["proxy"])
# 只有当密码字段未提供时才保留原密码(空字符串视为显式清除)
if "password" not in new_proxy and endpoint.proxy:
old_password = endpoint.proxy.get("password")
if old_password:
new_proxy["password"] = old_password
update_data["proxy"] = new_proxy
# proxy 为 None 时保留,用于清除代理配置
for field, value in update_data.items(): for field, value in update_data.items():
setattr(endpoint, field, value) setattr(endpoint, field, value)
endpoint.updated_at = datetime.now(timezone.utc) endpoint.updated_at = datetime.now(timezone.utc)
@@ -315,12 +336,13 @@ class AdminUpdateProviderEndpointAdapter(AdminApiAdapter):
endpoint_dict = { endpoint_dict = {
k: v k: v
for k, v in endpoint.__dict__.items() for k, v in endpoint.__dict__.items()
if k not in {"api_format", "_sa_instance_state"} if k not in {"api_format", "_sa_instance_state", "proxy"}
} }
return ProviderEndpointResponse( return ProviderEndpointResponse(
**endpoint_dict, **endpoint_dict,
provider_name=provider.name if provider else "Unknown", provider_name=provider.name if provider else "Unknown",
api_format=endpoint.api_format, api_format=endpoint.api_format,
proxy=mask_proxy_password(endpoint.proxy),
total_keys=total_keys, total_keys=total_keys,
active_keys=active_keys, active_keys=active_keys,
) )

20
src/clients/http_client.py
View File

@@ -5,7 +5,7 @@
from contextlib import asynccontextmanager from contextlib import asynccontextmanager
from typing import Any, Dict, Optional from typing import Any, Dict, Optional
from urllib.parse import urlparse from urllib.parse import quote, urlparse
import httpx import httpx
@@ -17,14 +17,19 @@ def build_proxy_url(proxy_config: Dict[str, Any]) -> Optional[str]:
根据代理配置构建完整的代理 URL 根据代理配置构建完整的代理 URL
Args: Args:
proxy_config: 代理配置字典,包含 url, username, password proxy_config: 代理配置字典,包含 url, username, password, enabled
Returns: Returns:
完整的代理 URL如 socks5://user:pass@host:port 完整的代理 URL如 socks5://user:pass@host:port
如果 enabled=False 或无配置,返回 None
""" """
if not proxy_config: if not proxy_config:
return None return None
# 检查 enabled 字段,默认为 True兼容旧数据
if not proxy_config.get("enabled", True):
return None
proxy_url = proxy_config.get("url") proxy_url = proxy_config.get("url")
if not proxy_url: if not proxy_url:
return None return None
@@ -32,10 +37,17 @@ def build_proxy_url(proxy_config: Dict[str, Any]) -> Optional[str]:
username = proxy_config.get("username") username = proxy_config.get("username")
password = proxy_config.get("password") password = proxy_config.get("password")
if username and password: # 只要有用户名就添加认证信息(密码可以为空)
if username:
parsed = urlparse(proxy_url) parsed = urlparse(proxy_url)
# URL 编码用户名和密码,处理特殊字符(如 @, :, /
encoded_username = quote(username, safe="")
encoded_password = quote(password, safe="") if password else ""
# 重新构建带认证的代理 URL # 重新构建带认证的代理 URL
auth_proxy = f"{parsed.scheme}://{username}:{password}@{parsed.netloc}" if encoded_password:
auth_proxy = f"{parsed.scheme}://{encoded_username}:{encoded_password}@{parsed.netloc}"
else:
auth_proxy = f"{parsed.scheme}://{encoded_username}@{parsed.netloc}"
if parsed.path: if parsed.path:
auth_proxy += parsed.path auth_proxy += parsed.path
return auth_proxy return auth_proxy

23
src/models/admin_requests.py
View File

@@ -19,14 +19,33 @@ class ProxyConfig(BaseModel):
url: str = Field(..., description="代理 URL (http://, https://, socks5://)") url: str = Field(..., description="代理 URL (http://, https://, socks5://)")
username: Optional[str] = Field(None, max_length=255, description="代理用户名") username: Optional[str] = Field(None, max_length=255, description="代理用户名")
password: Optional[str] = Field(None, max_length=500, description="代理密码") password: Optional[str] = Field(None, max_length=500, description="代理密码")
enabled: bool = Field(True, description="是否启用代理false 时保留配置但不使用)")
@field_validator("url") @field_validator("url")
@classmethod @classmethod
def validate_proxy_url(cls, v: str) -> str: def validate_proxy_url(cls, v: str) -> str:
"""验证代理 URL 格式""" """验证代理 URL 格式"""
from urllib.parse import urlparse
v = v.strip() v = v.strip()
if not re.match(r"^(http|https|socks5|socks4)://", v, re.IGNORECASE):
raise ValueError("代理 URL 必须以 http://, https://, socks5:// 或 socks4:// 开头") # 检查禁止的字符(防止注入)
if "\n" in v or "\r" in v:
raise ValueError("代理 URL 包含非法字符")
# 验证协议(不支持 SOCKS4
if not re.match(r"^(http|https|socks5)://", v, re.IGNORECASE):
raise ValueError("代理 URL 必须以 http://, https:// 或 socks5:// 开头")
# 验证 URL 结构
parsed = urlparse(v)
if not parsed.netloc:
raise ValueError("代理 URL 必须包含有效的 host")
# 禁止 URL 中内嵌认证信息,强制使用独立字段
if parsed.username or parsed.password:
raise ValueError("请勿在 URL 中包含用户名和密码,请使用独立的认证字段")
return v return v

4
src/models/endpoint_models.py
View File

@@ -110,8 +110,8 @@ class ProviderEndpointResponse(BaseModel):
# 额外配置 # 额外配置
config: Optional[Dict[str, Any]] = None config: Optional[Dict[str, Any]] = None
# 代理配置 # 代理配置(响应中密码已脱敏)
proxy: Optional[Dict[str, Any]] = Field(default=None, description="代理配置") proxy: Optional[Dict[str, Any]] = Field(default=None, description="代理配置(密码已脱敏)")
# 统计(从 Keys 聚合) # 统计(从 Keys 聚合)
total_keys: int = Field(default=0, description="总 Key 数量") total_keys: int = Field(default=0, description="总 Key 数量")