refactor: seperate security.yml for store keys

web/backend/api/models.go

@@ -58,7 +58,7 @@ func (h *Handler) handleListModels(w http.ResponseWriter, r *http.Request) {
 	var wg sync.WaitGroup
 	wg.Add(len(cfg.ModelList))
 	for i, m := range cfg.ModelList {
-		go func(i int, m config.ModelConfig) {
+		go func(i int, m *config.ModelConfig) {
 			defer wg.Done()
 			configured[i] = isModelConfigured(m)
 		}(i, m)
@@ -72,7 +72,7 @@ func (h *Handler) handleListModels(w http.ResponseWriter, r *http.Request) {
 			ModelName:      m.ModelName,
 			Model:          m.Model,
 			APIBase:        m.APIBase,
-			APIKey:         maskAPIKey(m.APIKey),
+			APIKey:         maskAPIKey(m.APIKey()),
 			Proxy:          m.Proxy,
 			AuthMethod:     m.AuthMethod,
 			ConnectMode:    m.ConnectMode,
@@ -122,7 +122,7 @@ func (h *Handler) handleAddModel(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	cfg.ModelList = append(cfg.ModelList, mc)
+	cfg.ModelList = append(cfg.ModelList, &mc)
 
 	if err := config.SaveConfig(h.configPath, cfg); err != nil {
 		http.Error(w, fmt.Sprintf("Failed to save config: %v", err), http.StatusInternalServerError)
@@ -180,11 +180,11 @@ func (h *Handler) handleUpdateModel(w http.ResponseWriter, r *http.Request) {
 
 	// Preserve the existing API key when the caller omits it (empty string).
 	// This lets the UI update api_base / proxy without clearing the stored secret.
-	if mc.APIKey == "" {
-		mc.APIKey = cfg.ModelList[idx].APIKey
+	if mc.APIKey() == "" {
+		mc.SetAPIKey(cfg.ModelList[idx].APIKey())
 	}
 
-	cfg.ModelList[idx] = mc
+	cfg.ModelList[idx] = &mc
 
 	if err := config.SaveConfig(h.configPath, cfg); err != nil {
 		http.Error(w, fmt.Sprintf("Failed to save config: %v", err), http.StatusInternalServerError)