mirror of
https://github.com/langgenius/dify.git
synced 2026-06-26 23:01:11 +08:00
a79bc7d074
Previously the console api-key list returned every key's full plaintext token, so anyone with console access could retrieve the secret of an already-created key (via the copy button or the raw API response). This is contrary to the reveal-once norm. - List endpoints (app keys, workspace dataset keys, per-dataset keys) now return a masked token (prefix + last 4); the full secret is only ever returned by the create endpoint, at creation time. - Frontend secret-key modal displays the masked token as-is and drops the copy affordance for existing keys (copying a masked value is pointless). Applies to both app and dataset keys since they share the modal and the ApiKeyItem response model. |
||
|---|---|---|
| .. | ||
| (commonLayout) | ||
| (humanInputLayout)/form/[token] | ||
| (shareLayout) | ||
| account | ||
| activate | ||
| auth/refresh | ||
| components | ||
| device | ||
| education-apply | ||
| forgot-password | ||
| init | ||
| install | ||
| oauth-callback | ||
| reset-password | ||
| signin | ||
| signup | ||
| styles | ||
| error.tsx | ||
| layout.tsx | ||
| routePrefixHandle.tsx | ||