mirror of
https://github.com/langgenius/dify.git
synced 2026-06-26 14:51:13 +08:00
a79bc7d074
Previously the console api-key list returned every key's full plaintext token, so anyone with console access could retrieve the secret of an already-created key (via the copy button or the raw API response). This is contrary to the reveal-once norm. - List endpoints (app keys, workspace dataset keys, per-dataset keys) now return a masked token (prefix + last 4); the full secret is only ever returned by the create endpoint, at creation time. - Frontend secret-key modal displays the masked token as-is and drops the copy affordance for existing keys (copying a masked value is pointless). Applies to both app and dataset keys since they share the modal and the ApiKeyItem response model. |
||
|---|---|---|
| .. | ||
| rag_pipeline | ||
| __init__.py | ||
| test_data_source.py | ||
| test_datasets_document_download.py | ||
| test_datasets_document.py | ||
| test_datasets_segments.py | ||
| test_datasets.py | ||
| test_external_dataset_payload.py | ||
| test_external.py | ||
| test_hit_testing_base.py | ||
| test_hit_testing.py | ||
| test_metadata.py | ||
| test_website.py | ||
| test_wraps.py | ||