feat(llm): mask API keys in UI responses and prevent masked-key leakage in fetch/test/save payloads
- Add mask_api_key() and is_masked_or_placeholder() to llm_provider service - Return masked keys in all provider CRUD endpoints - Reject masked/placeholder keys in fetch_models and test_provider_config - Show masked key with Change button in ProviderConfig.svelte edit form - Exclude masked keys from fetch-models, test, and submit payloads on frontend - Update semantics-core skill with clarified complexity tier rules - Switch agent modes from subagent to all
This commit is contained in:
33
docs/openapi/superset/paths/user.json
Normal file
33
docs/openapi/superset/paths/user.json
Normal file
@@ -0,0 +1,33 @@
|
||||
{
|
||||
"/api/v1/user/{user_id}/avatar.png": {
|
||||
"get": {
|
||||
"description": "Gets the avatar URL for the user with the given ID, or returns a 401 error if the user is unauthenticated.",
|
||||
"parameters": [
|
||||
{
|
||||
"description": "The ID of the user",
|
||||
"in": "path",
|
||||
"name": "user_id",
|
||||
"required": true,
|
||||
"schema": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
],
|
||||
"responses": {
|
||||
"301": {
|
||||
"description": "A redirect to the user's avatar URL"
|
||||
},
|
||||
"401": {
|
||||
"$ref": "#/components/responses/401"
|
||||
},
|
||||
"404": {
|
||||
"$ref": "#/components/responses/404"
|
||||
}
|
||||
},
|
||||
"summary": "Get the user avatar",
|
||||
"tags": [
|
||||
"User"
|
||||
]
|
||||
}
|
||||
}
|
||||
}\n
|
||||
Reference in New Issue
Block a user