feat: 添加 Provider API Key 查看和复制功能

- 后端添加 GET /api/admin/endpoints/keys/{key_id}/reveal 接口 - 前端密钥列表添加眼睛按钮（显示/隐藏完整密钥）和复制按钮 - 关闭抽屉时自动清除已显示的密钥（安全考虑） Fixes #53
2026-01-02 15:52:26 +08:00 · 2025-12-29 17:14:26 +08:00
parent 41719a00e7
commit 599b3d4c95
3 changed files with 125 additions and 3 deletions
--- a/frontend/src/api/endpoints/keys.ts
+++ b/frontend/src/api/endpoints/keys.ts
@@ -110,6 +110,14 @@ export async function updateEndpointKey(
  return response.data
 }

+/**
+ * 获取完整的 API Key（用于查看和复制）
+ */
+export async function revealEndpointKey(keyId: string): Promise<{ api_key: string }> {
+  const response = await client.get(`/api/admin/endpoints/keys/${keyId}/reveal`)
+  return response.data
+}
+
 /**
 * 删除 Endpoint Key
 */
--- a/frontend/src/features/providers/components/ProviderDetailDrawer.vue
+++ b/frontend/src/features/providers/components/ProviderDetailDrawer.vue
@@ -337,8 +337,40 @@
                                        {{ key.is_active ? '活跃' : '禁用' }}
                                      </Badge>
                                    </div>
-                                    <div class="text-[10px] font-mono text-muted-foreground truncate">
-                                      {{ key.api_key_masked }}
+                                    <div class="flex items-center gap-1">
+                                      <span class="text-[10px] font-mono text-muted-foreground truncate max-w-[180px]">
+                                        {{ revealedKeys.has(key.id) ? revealedKeys.get(key.id) : key.api_key_masked }}
+                                      </span>
+                                      <Button
+                                        variant="ghost"
+                                        size="icon"
+                                        class="h-5 w-5 shrink-0"
+                                        :title="revealedKeys.has(key.id) ? '隐藏密钥' : '显示密钥'"
+                                        :disabled="revealingKeyId === key.id"
+                                        @click.stop="toggleKeyReveal(key)"
+                                      >
+                                        <Loader2
+                                          v-if="revealingKeyId === key.id"
+                                          class="w-3 h-3 animate-spin"
+                                        />
+                                        <EyeOff
+                                          v-else-if="revealedKeys.has(key.id)"
+                                          class="w-3 h-3"
+                                        />
+                                        <Eye
+                                          v-else
+                                          class="w-3 h-3"
+                                        />
+                                      </Button>
+                                      <Button
+                                        variant="ghost"
+                                        size="icon"
+                                        class="h-5 w-5 shrink-0"
+                                        title="复制密钥"
+                                        @click.stop="copyFullKey(key)"
+                                      >
+                                        <Copy class="w-3 h-3" />
+                                      </Button>
                                    </div>
                                  </div>
                                  <div class="flex items-center gap-1.5 ml-auto shrink-0">
@@ -654,7 +686,9 @@ import {
  Power,
  Layers,
  GripVertical,
-  Copy
+  Copy,
+  Eye,
+  EyeOff
 } from 'lucide-vue-next'
 import { useEscapeKey } from '@/composables/useEscapeKey'
 import Button from '@/components/ui/button.vue'
@@ -681,6 +715,7 @@ import {
  updateEndpoint,
  updateEndpointKey,
  batchUpdateKeyPriority,
+  revealEndpointKey,
  type ProviderEndpoint,
  type EndpointAPIKey,
  type Model
@@ -731,6 +766,10 @@ const recoveringEndpointId = ref<string | null>(null)
 const togglingEndpointId = ref<string | null>(null)
 const togglingKeyId = ref<string | null>(null)

+// 密钥显示状态：key_id -> 完整密钥
+const revealedKeys = ref<Map<string, string>>(new Map())
+const revealingKeyId = ref<string | null>(null)
+
 // 模型相关状态
 const modelFormDialogOpen = ref(false)
 const editingModel = ref<Model | null>(null)
@@ -800,6 +839,9 @@ watch(() => props.open, (newOpen) => {
    currentEndpoint.value = null
    editingKey.value = null
    keyToDelete.value = null
+
+    // 清除已显示的密钥（安全考虑）
+    revealedKeys.value.clear()
  }
 })

@@ -888,6 +930,43 @@ function handleConfigKeyModels(key: EndpointAPIKey) {
  keyAllowedModelsDialogOpen.value = true
 }

+// 切换密钥显示/隐藏
+async function toggleKeyReveal(key: EndpointAPIKey) {
+  if (revealedKeys.value.has(key.id)) {
+    // 已显示，隐藏它
+    revealedKeys.value.delete(key.id)
+    return
+  }
+
+  // 未显示，调用 API 获取完整密钥
+  revealingKeyId.value = key.id
+  try {
+    const result = await revealEndpointKey(key.id)
+    revealedKeys.value.set(key.id, result.api_key)
+  } catch (err: any) {
+    showError(err.response?.data?.detail || '获取密钥失败', '错误')
+  } finally {
+    revealingKeyId.value = null
+  }
+}
+
+// 复制完整密钥
+async function copyFullKey(key: EndpointAPIKey) {
+  // 如果已经显示了，直接复制
+  if (revealedKeys.value.has(key.id)) {
+    copyToClipboard(revealedKeys.value.get(key.id)!)
+    return
+  }
+
+  // 否则先获取再复制
+  try {
+    const result = await revealEndpointKey(key.id)
+    copyToClipboard(result.api_key)
+  } catch (err: any) {
+    showError(err.response?.data?.detail || '获取密钥失败', '错误')
+  }
+}
+
 function handleDeleteKey(key: EndpointAPIKey) {
  keyToDelete.value = key
  deleteKeyConfirmOpen.value = true
--- a/src/api/admin/endpoints/keys.py
+++ b/src/api/admin/endpoints/keys.py
@@ -80,6 +80,17 @@ async def get_keys_grouped_by_format(
    return await pipeline.run(adapter=adapter, http_request=request, db=db, mode=adapter.mode)


+@router.get("/keys/{key_id}/reveal")
+async def reveal_endpoint_key(
+    key_id: str,
+    request: Request,
+    db: Session = Depends(get_db),
+) -> dict:
+    """获取完整的 API Key（用于查看和复制）"""
+    adapter = AdminRevealEndpointKeyAdapter(key_id=key_id)
+    return await pipeline.run(adapter=adapter, http_request=request, db=db, mode=adapter.mode)
+
+
@router.delete("/keys/{key_id}")
 async def delete_endpoint_key(
    key_id: str,
@@ -293,6 +304,30 @@ class AdminUpdateEndpointKeyAdapter(AdminApiAdapter):
        return EndpointAPIKeyResponse(**response_dict)


+@dataclass
+class AdminRevealEndpointKeyAdapter(AdminApiAdapter):
+    """获取完整的 API Key（用于查看和复制）"""
+
+    key_id: str
+
+    async def handle(self, context):  # type: ignore[override]
+        db = context.db
+        key = db.query(ProviderAPIKey).filter(ProviderAPIKey.id == self.key_id).first()
+        if not key:
+            raise NotFoundException(f"Key {self.key_id} 不存在")
+
+        try:
+            decrypted_key = crypto_service.decrypt(key.api_key)
+        except Exception as e:
+            logger.error(f"解密 Key 失败: ID={self.key_id}, Error={e}")
+            raise InvalidRequestException(
+                "无法解密 API Key，可能是加密密钥已更改。请重新添加该密钥。"
+            )
+
+        logger.info(f"[REVEAL] 查看完整 Key: ID={self.key_id}, Name={key.name}")
+        return {"api_key": decrypted_key}
+
+
@dataclass
 class AdminDeleteEndpointKeyAdapter(AdminApiAdapter):
    key_id: str