mirror of
https://github.com/langgenius/dify.git
synced 2026-06-26 23:01:11 +08:00
a79bc7d074
Previously the console api-key list returned every key's full plaintext token, so anyone with console access could retrieve the secret of an already-created key (via the copy button or the raw API response). This is contrary to the reveal-once norm. - List endpoints (app keys, workspace dataset keys, per-dataset keys) now return a masked token (prefix + last 4); the full secret is only ever returned by the create endpoint, at creation time. - Frontend secret-key modal displays the masked token as-is and drops the copy affordance for existing keys (copying a masked value is pointless). Applies to both app and dataset keys since they share the modal and the ApiKeyItem response model. |
||
|---|---|---|
| .. | ||
| rag_pipeline | ||
| data_source.py | ||
| datasets_document.py | ||
| datasets_segments.py | ||
| datasets.py | ||
| error.py | ||
| external.py | ||
| hit_testing_base.py | ||
| hit_testing.py | ||
| metadata.py | ||
| website.py | ||
| wraps.py | ||