From 51d7a9b6be1e3e699dc790e6eab89d06a5630fb6 Mon Sep 17 00:00:00 2001
From: Harry <xh001x@hotmail.com>
Date: Mon, 21 Jul 2025 14:35:46 +0800
Subject: [PATCH] feat:  mask hidden values in tenant OAuth client retrieval

---
 api/services/datasource_provider_service.py | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/api/services/datasource_provider_service.py b/api/services/datasource_provider_service.py
index cd959f075f..513d7366c1 100644
--- a/api/services/datasource_provider_service.py
+++ b/api/services/datasource_provider_service.py
@@ -111,7 +111,7 @@ class DatasourceProviderService:
             )
 
     def get_tenant_oauth_client(
-        self, tenant_id: str, datasource_provider_id: DatasourceProviderID
+        self, tenant_id: str, datasource_provider_id: DatasourceProviderID, mask: bool = False
     ) -> dict[str, Any] | None:
         """
         get tenant oauth client
@@ -128,7 +128,10 @@ class DatasourceProviderService:
             )
             if tenant_oauth_client_params:
                 encrypter, _ = self.get_oauth_encrypter(tenant_id, datasource_provider_id)
-                return encrypter.decrypt(tenant_oauth_client_params.client_params)
+                if mask:
+                    return encrypter.mask_tool_credentials(encrypter.decrypt(tenant_oauth_client_params.client_params))
+                else:
+                    return encrypter.decrypt(tenant_oauth_client_params.client_params)
             return None
 
     def get_oauth_encrypter(
@@ -416,8 +419,7 @@ class DatasourceProviderService:
                     "author": datasource.declaration.identity.author,
                     "credentials_list": credentials,
                     "credential_schema": [
-                        credential.model_dump()
-                        for credential in datasource.declaration.credentials_schema
+                        credential.model_dump() for credential in datasource.declaration.credentials_schema
                     ],
                     "oauth_schema": {
                         "client_schema": [
@@ -428,7 +430,9 @@ class DatasourceProviderService:
                             credential_schema.model_dump()
                             for credential_schema in datasource.declaration.oauth_schema.credentials_schema
                         ],
-                        "oauth_custom_client_params": self.get_tenant_oauth_client(tenant_id, datasource_provider_id),
+                        "oauth_custom_client_params": self.get_tenant_oauth_client(
+                            tenant_id, datasource_provider_id, mask=True
+                        ),
                         "is_oauth_custom_client_enabled": self.is_tenant_oauth_params_enabled(
                             tenant_id, datasource_provider_id
                         ),