lzh/picoclaw
1
0
Fork 0
mirror of https://github.com/sipeed/picoclaw.git synced 2026-06-12 18:08:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(web): ensure at least 40% of the characters are masked for api key

Browse Source 
- keys longer than 12 chars show prefix + last 4 chars
- keys 9-12 chars show prefix + last 2 chars
- shorter keys are fully masked
This commit is contained in:
lc6464
2026-03-24 12:20:57 +08:00
parent ce1619051d
commit f1ac1a1072
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/backend/api/models.go
+10 -1
View File
@@ -307,16 +307,25 @@ func (h *Handler) handleSetDefaultModel(w http.ResponseWriter, r *http.Request)
}
// maskAPIKey returns a masked version of an API key for safe display.
// Keys longer than 8 chars show prefix + last 4 chars: "sk-****abcd"
// Keys longer than 12 chars show prefix + last 4 chars: "sk-****abcd".
// Keys 9-12 chars show prefix + last 2 chars: "sk-****cd".
// Shorter keys are fully masked as "****".
// Empty keys return empty string.
// Ensure at least 40% of the key is masked.
func maskAPIKey(key string) string {
if key == "" {
return ""
}
if len(key) <= 8 {
return "****"
}
// Show first 3 chars and last 2 chars
if len(key) <= 12 {
return key[:3] + "****" + key[len(key)-2:]
}
// Show first 3 chars and last 4 chars
return key[:3] + "****" + key[len(key)-4:]
}