mirror of
https://github.com/sipeed/picoclaw.git
synced 2026-06-12 18:08:54 +00:00
refactor config and security to simplified the structure (#2068)
This commit is contained in:
Cytown
@@ -58,12 +58,11 @@ func (h *Handler) handleUpdateConfig(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// Load existing config and copy security credentials before validation,
|
||||
// so that security-managed fields (e.g. pico token) are available.
|
||||
oldCfg, err := config.LoadConfig(h.configPath)
|
||||
err = cfg.SecurityCopyFrom(h.configPath)
|
||||
if err != nil {
|
||||
http.Error(w, fmt.Sprintf("Failed to load config: %v", err), http.StatusInternalServerError)
|
||||
http.Error(w, fmt.Sprintf("Failed to apply security config: %v", err), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
cfg.SecurityCopyFrom(oldCfg)
|
||||
|
||||
if errs := validateConfig(&cfg); len(errs) > 0 {
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
@@ -149,15 +148,14 @@ func (h *Handler) handlePatchConfig(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
var newCfg config.Config
|
||||
if err := json.Unmarshal(merged, &newCfg); err != nil {
|
||||
if err = json.Unmarshal(merged, &newCfg); err != nil {
|
||||
http.Error(w, fmt.Sprintf("Merged config is invalid: %v", err), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// Restore security fields (tokens/keys) from the loaded config before validation,
|
||||
// because private fields are lost during JSON round-trip.
|
||||
newCfg.SecurityCopyFrom(cfg)
|
||||
if err := newCfg.ApplySecurity(); err != nil {
|
||||
if err = newCfg.SecurityCopyFrom(h.configPath); err != nil {
|
||||
http.Error(w, fmt.Sprintf("Failed to apply security config: %v", err), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
@@ -261,17 +259,17 @@ func validateConfig(cfg *config.Config) []string {
|
||||
}
|
||||
|
||||
// Pico channel: token required when enabled
|
||||
if cfg.Channels.Pico.Enabled && cfg.Channels.Pico.Token() == "" {
|
||||
if cfg.Channels.Pico.Enabled && cfg.Channels.Pico.Token.String() == "" {
|
||||
errs = append(errs, "channels.pico.token is required when pico channel is enabled")
|
||||
}
|
||||
|
||||
// Telegram: token required when enabled
|
||||
if cfg.Channels.Telegram.Enabled && cfg.Channels.Telegram.Token() == "" {
|
||||
if cfg.Channels.Telegram.Enabled && cfg.Channels.Telegram.Token.String() == "" {
|
||||
errs = append(errs, "channels.telegram.token is required when telegram channel is enabled")
|
||||
}
|
||||
|
||||
// Discord: token required when enabled
|
||||
if cfg.Channels.Discord.Enabled && cfg.Channels.Discord.Token() == "" {
|
||||
if cfg.Channels.Discord.Enabled && cfg.Channels.Discord.Token.String() == "" {
|
||||
errs = append(errs, "channels.discord.token is required when discord channel is enabled")
|
||||
}
|
||||
|
||||
@@ -279,7 +277,7 @@ func validateConfig(cfg *config.Config) []string {
|
||||
if cfg.Channels.WeCom.BotID == "" {
|
||||
errs = append(errs, "channels.wecom.bot_id is required when wecom channel is enabled")
|
||||
}
|
||||
if cfg.Channels.WeCom.Secret() == "" {
|
||||
if cfg.Channels.WeCom.Secret.String() == "" {
|
||||
errs = append(errs, "channels.wecom.secret is required when wecom channel is enabled")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -163,17 +163,11 @@ func setupPicoEnabledEnv(t *testing.T) (string, func()) {
|
||||
cfg.ModelList = []*config.ModelConfig{{
|
||||
ModelName: "custom-default",
|
||||
Model: "openai/gpt-4o",
|
||||
APIKeys: config.SimpleSecureStrings("sk-default"),
|
||||
}}
|
||||
cfg.Agents.Defaults.ModelName = "custom-default"
|
||||
cfg.Channels.Pico.Enabled = true
|
||||
cfg.WithSecurity(&config.SecurityConfig{
|
||||
ModelList: map[string]config.ModelSecurityEntry{
|
||||
"custom-default": {APIKeys: []string{"sk-default"}},
|
||||
},
|
||||
Channels: &config.ChannelsSecurity{
|
||||
Pico: &config.PicoSecurity{Token: "test-pico-token"},
|
||||
},
|
||||
})
|
||||
cfg.Channels.Pico.Token = *config.NewSecureString("test-pico-token")
|
||||
|
||||
configPath := filepath.Join(tmp, "config.json")
|
||||
if err := config.SaveConfig(configPath, cfg); err != nil {
|
||||
|
||||
@@ -80,6 +80,7 @@ func TestHandleListModels_ConfiguredStatusUsesRuntimeProbesForLocalModels(t *tes
|
||||
ModelName: "vllm-remote",
|
||||
Model: "vllm/custom-model",
|
||||
APIBase: "https://models.example.com/v1",
|
||||
APIKeys: config.SimpleSecureStrings("remote-key"),
|
||||
},
|
||||
{
|
||||
ModelName: "copilot-gpt-5.4",
|
||||
@@ -88,11 +89,6 @@ func TestHandleListModels_ConfiguredStatusUsesRuntimeProbesForLocalModels(t *tes
|
||||
AuthMethod: "oauth",
|
||||
},
|
||||
}
|
||||
cfg.WithSecurity(&config.SecurityConfig{ModelList: map[string]config.ModelSecurityEntry{
|
||||
"vllm-remote": {
|
||||
APIKeys: []string{"remote-key"},
|
||||
},
|
||||
}})
|
||||
cfg.Agents.Defaults.ModelName = "openai-oauth"
|
||||
if err := config.SaveConfig(configPath, cfg); err != nil {
|
||||
t.Fatalf("SaveConfig() error = %v", err)
|
||||
|
||||
@@ -232,15 +232,9 @@ func setupOAuthTestEnv(t *testing.T) (string, func()) {
|
||||
cfg.ModelList = []*config.ModelConfig{{
|
||||
ModelName: "custom-default",
|
||||
Model: "openai/gpt-4o",
|
||||
APIKeys: config.SimpleSecureStrings("sk-default"),
|
||||
}}
|
||||
cfg.Agents.Defaults.ModelName = "custom-default"
|
||||
cfg.WithSecurity(&config.SecurityConfig{
|
||||
ModelList: map[string]config.ModelSecurityEntry{
|
||||
"custom-default": {
|
||||
APIKeys: []string{"sk-default"},
|
||||
},
|
||||
},
|
||||
})
|
||||
|
||||
configPath := filepath.Join(tmp, "config.json")
|
||||
if err := config.SaveConfig(configPath, cfg); err != nil {
|
||||
|
||||
@@ -57,7 +57,7 @@ func (h *Handler) handleGetPicoToken(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
json.NewEncoder(w).Encode(map[string]any{
|
||||
"token": cfg.Channels.Pico.Token(),
|
||||
"token": cfg.Channels.Pico.Token.String(),
|
||||
"ws_url": wsURL,
|
||||
"enabled": cfg.Channels.Pico.Enabled,
|
||||
})
|
||||
@@ -110,7 +110,7 @@ func (h *Handler) EnsurePicoChannel(callerOrigin string) (bool, error) {
|
||||
changed = true
|
||||
}
|
||||
|
||||
if cfg.Channels.Pico.Token() == "" {
|
||||
if cfg.Channels.Pico.Token.String() == "" {
|
||||
cfg.Channels.Pico.SetToken(generateSecureToken())
|
||||
changed = true
|
||||
}
|
||||
@@ -150,7 +150,7 @@ func (h *Handler) handlePicoSetup(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
json.NewEncoder(w).Encode(map[string]any{
|
||||
"token": cfg.Channels.Pico.Token(),
|
||||
"token": cfg.Channels.Pico.Token.String(),
|
||||
"ws_url": wsURL,
|
||||
"enabled": true,
|
||||
"changed": changed,
|
||||
|
||||
@@ -34,7 +34,7 @@ func TestEnsurePicoChannel_FreshConfig(t *testing.T) {
|
||||
if !cfg.Channels.Pico.Enabled {
|
||||
t.Error("expected Pico to be enabled after setup")
|
||||
}
|
||||
if cfg.Channels.Pico.Token() == "" {
|
||||
if cfg.Channels.Pico.Token.String() == "" {
|
||||
t.Error("expected a non-empty token after setup")
|
||||
}
|
||||
}
|
||||
@@ -144,8 +144,8 @@ func TestEnsurePicoChannel_PreservesUserSettings(t *testing.T) {
|
||||
t.Fatalf("LoadConfig() error = %v", err)
|
||||
}
|
||||
|
||||
if cfg.Channels.Pico.Token() != "user-custom-token" {
|
||||
t.Errorf("token = %q, want %q", cfg.Channels.Pico.Token(), "user-custom-token")
|
||||
if cfg.Channels.Pico.Token.String() != "user-custom-token" {
|
||||
t.Errorf("token = %q, want %q", cfg.Channels.Pico.Token.String(), "user-custom-token")
|
||||
}
|
||||
if !cfg.Channels.Pico.AllowTokenQuery {
|
||||
t.Error("user's allow_token_query=true must be preserved")
|
||||
@@ -185,7 +185,7 @@ func TestEnsurePicoChannel_ExistingConfigWithoutSecurityFile(t *testing.T) {
|
||||
if !cfg.Channels.Pico.Enabled {
|
||||
t.Error("expected Pico to be enabled after setup")
|
||||
}
|
||||
if cfg.Channels.Pico.Token() == "" {
|
||||
if cfg.Channels.Pico.Token.String() == "" {
|
||||
t.Error("expected a non-empty token after setup")
|
||||
}
|
||||
if _, err := os.Stat(filepath.Join(filepath.Dir(configPath), config.SecurityConfigFile)); err != nil {
|
||||
@@ -215,7 +215,7 @@ func TestEnsurePicoChannel_ConfiguresPicoWithoutGateway(t *testing.T) {
|
||||
if !cfg.Channels.Pico.Enabled {
|
||||
t.Error("expected Pico to be enabled after launcher startup setup")
|
||||
}
|
||||
if cfg.Channels.Pico.Token() == "" {
|
||||
if cfg.Channels.Pico.Token.String() == "" {
|
||||
t.Error("expected a non-empty token after launcher startup setup")
|
||||
}
|
||||
}
|
||||
@@ -232,7 +232,7 @@ func TestEnsurePicoChannel_Idempotent(t *testing.T) {
|
||||
}
|
||||
|
||||
cfg1, _ := config.LoadConfig(configPath)
|
||||
token1 := cfg1.Channels.Pico.Token()
|
||||
token1 := cfg1.Channels.Pico.Token.String()
|
||||
|
||||
// Second call should be a no-op
|
||||
changed, err := h.EnsurePicoChannel(origin)
|
||||
@@ -244,7 +244,7 @@ func TestEnsurePicoChannel_Idempotent(t *testing.T) {
|
||||
}
|
||||
|
||||
cfg2, _ := config.LoadConfig(configPath)
|
||||
if cfg2.Channels.Pico.Token() != token1 {
|
||||
if cfg2.Channels.Pico.Token.String() != token1 {
|
||||
t.Error("token should not change on subsequent calls")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -44,7 +44,7 @@ func TestSaveWeixinBindingReturnsSuccessWhenRestartFails(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("LoadConfig() error = %v", err)
|
||||
}
|
||||
if got := savedCfg.Channels.Weixin.Token(); got != "bot-token" {
|
||||
if got := savedCfg.Channels.Weixin.Token.String(); got != "bot-token" {
|
||||
t.Fatalf("Weixin.Token() = %q, want %q", got, "bot-token")
|
||||
}
|
||||
if got := savedCfg.Channels.Weixin.AccountID; got != "bot-account" {
|
||||
|
||||
Reference in New Issue
Block a user