fix: 修复 API Key 访问限制字段无法清除的问题

- 统一前端创建和更新 API Key 时的空数组处理逻辑
- 后端创建和更新接口都支持空数组转 NULL（表示不限制）
- 开启自动刷新时立即刷新一次数据

frontend/src/views/admin/ApiKeys.vue

@@ -1046,9 +1046,10 @@ async function handleKeyFormSubmit(data: StandaloneKeyFormData) {
         rate_limit: data.rate_limit,
         expire_days: data.never_expire ? null : (data.expire_days || null),
         auto_delete_on_expiry: data.auto_delete_on_expiry,
-        allowed_providers: data.allowed_providers.length > 0 ? data.allowed_providers : undefined,
+        // 空数组表示清除限制（允许全部），后端会将空数组存为 NULL
-        allowed_api_formats: data.allowed_api_formats.length > 0 ? data.allowed_api_formats : undefined,
+        allowed_providers: data.allowed_providers,
-        allowed_models: data.allowed_models.length > 0 ? data.allowed_models : undefined
+        allowed_api_formats: data.allowed_api_formats,
+        allowed_models: data.allowed_models
       }
       await adminApi.updateApiKey(data.id, updateData)
       success('API Key 更新成功')
@@ -1064,9 +1065,10 @@ async function handleKeyFormSubmit(data: StandaloneKeyFormData) {
         rate_limit: data.rate_limit,
         expire_days: data.never_expire ? null : (data.expire_days || null),
         auto_delete_on_expiry: data.auto_delete_on_expiry,
-        allowed_providers: data.allowed_providers.length > 0 ? data.allowed_providers : undefined,
+        // 空数组表示不设置限制（允许全部），后端会将空数组存为 NULL
-        allowed_api_formats: data.allowed_api_formats.length > 0 ? data.allowed_api_formats : undefined,
+        allowed_providers: data.allowed_providers,
-        allowed_models: data.allowed_models.length > 0 ? data.allowed_models : undefined
+        allowed_api_formats: data.allowed_api_formats,
+        allowed_models: data.allowed_models
       }
       const response = await adminApi.createStandaloneApiKey(createData)
       newKeyValue.value = response.key

frontend/src/views/shared/Usage.vue

@@ -301,6 +301,7 @@ function stopGlobalAutoRefresh() {
 function handleAutoRefreshChange(value: boolean) {
   globalAutoRefresh.value = value
   if (value) {
+    refreshData() // 立即刷新一次
     startGlobalAutoRefresh()
   } else {
     stopGlobalAutoRefresh()

src/services/user/apikey.py

@@ -59,14 +59,15 @@ class ApiKeyService:
         if expire_days:
             expires_at = datetime.now(timezone.utc) + timedelta(days=expire_days)
 
+        # 空数组转为 None（表示不限制）
         api_key = ApiKey(
             user_id=user_id,
             key_hash=key_hash,
             key_encrypted=key_encrypted,
             name=name or f"API Key {datetime.now(timezone.utc).strftime('%Y%m%d%H%M%S')}",
-            allowed_providers=allowed_providers,
+            allowed_providers=allowed_providers or None,
-            allowed_api_formats=allowed_api_formats,
+            allowed_api_formats=allowed_api_formats or None,
-            allowed_models=allowed_models,
+            allowed_models=allowed_models or None,
             rate_limit=rate_limit,
             concurrent_limit=concurrent_limit,
             expires_at=expires_at,
@@ -141,8 +142,18 @@ class ApiKeyService:
             "auto_delete_on_expiry",
         ]
 
+        # 允许显式设置为空数组/None 的字段（空数组会转为 None，表示"全部"）
+        nullable_list_fields = {"allowed_providers", "allowed_api_formats", "allowed_models"}
+
         for field, value in kwargs.items():
-            if field in updatable_fields and value is not None:
+            if field not in updatable_fields:
+                continue
+            # 对于 nullable_list_fields，空数组应该转为 None（表示不限制）
+            if field in nullable_list_fields:
+                if value is not None:
+                    # 空数组转为 None（表示允许全部）
+                    setattr(api_key, field, value if value else None)
+            elif value is not None:
                 setattr(api_key, field, value)
 
         api_key.updated_at = datetime.now(timezone.utc)