feat(llm): mask API keys in UI responses and prevent masked-key leakage in fetch/test/save payloads
- Add mask_api_key() and is_masked_or_placeholder() to llm_provider service - Return masked keys in all provider CRUD endpoints - Reject masked/placeholder keys in fetch_models and test_provider_config - Show masked key with Change button in ProviderConfig.svelte edit form - Exclude masked keys from fetch-models, test, and submit payloads on frontend - Update semantics-core skill with clarified complexity tier rules - Switch agent modes from subagent to all
This commit is contained in:
59
docs/openapi/litellm/chunks_paths/paths__v2_user.json
Normal file
59
docs/openapi/litellm/chunks_paths/paths__v2_user.json
Normal file
@@ -0,0 +1,59 @@
|
||||
{
|
||||
"/v2/user/info": {
|
||||
"get": {
|
||||
"tags": [
|
||||
"Internal User management"
|
||||
],
|
||||
"summary": "User Info V2",
|
||||
"description": "Lightweight endpoint to get user info. Returns only the user object \u2014 no keys, no teams objects.\n\nThis is the v2 replacement for /user/info, designed to avoid the \"god endpoint\" problem\nwhere the old endpoint loaded all keys and teams into memory.\n\nAccess control:\n- Proxy admins can query any user\n- Team admins can query users within their teams\n- Internal users can only query themselves (omit user_id or pass own)\n- Returns 404 for non-existent users or unauthorized access\n\nExample request:\n```\ncurl -X GET 'http://localhost:4000/v2/user/info?user_id=user123' \\\n--header 'Authorization: Bearer sk-1234'\n```",
|
||||
"operationId": "user_info_v2_v2_user_info_get",
|
||||
"security": [
|
||||
{
|
||||
"APIKeyHeader": []
|
||||
}
|
||||
],
|
||||
"parameters": [
|
||||
{
|
||||
"name": "user_id",
|
||||
"in": "query",
|
||||
"required": false,
|
||||
"schema": {
|
||||
"anyOf": [
|
||||
{
|
||||
"type": "string"
|
||||
},
|
||||
{
|
||||
"type": "null"
|
||||
}
|
||||
],
|
||||
"description": "User ID in the request parameters",
|
||||
"title": "User Id"
|
||||
},
|
||||
"description": "User ID in the request parameters"
|
||||
}
|
||||
],
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "Successful Response",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"$ref": "#/components/schemas/UserInfoV2Response"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"422": {
|
||||
"description": "Validation Error",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"$ref": "#/components/schemas/HTTPValidationError"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user