OpenAI-compatible AI gateway with Vue admin UI, multi-provider egress, ingress key governance, monitoring, and security controls. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
@@ -0,0 +1,66 @@
|
||||
package settings
|
||||
|
||||
import (
|
||||
"log"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/rose_cat707/luminary/internal/auth"
|
||||
"github.com/rose_cat707/luminary/internal/model"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
// encryptionKeyCandidates returns possible keys ordered for repair attempts.
|
||||
func encryptionKeyCandidates() []string {
|
||||
seen := map[string]bool{}
|
||||
var out []string
|
||||
add := func(key string) {
|
||||
key = strings.TrimSpace(key)
|
||||
if key == "" || seen[key] {
|
||||
return
|
||||
}
|
||||
seen[key] = true
|
||||
out = append(out, key)
|
||||
}
|
||||
|
||||
add(os.Getenv("LUMINARY_ENCRYPTION_KEY"))
|
||||
add(legacyDefaultEncryptionKey)
|
||||
return out
|
||||
}
|
||||
|
||||
// EnsureEncryptionKeyWorks verifies provider keys can be decrypted and repairs the
|
||||
// stored encryption_key from legacy sources when needed.
|
||||
func (r *Runtime) EnsureEncryptionKeyWorks() {
|
||||
var sample model.ProviderKey
|
||||
err := r.db.Where("api_key_enc <> ''").First(&sample).Error
|
||||
if err == gorm.ErrRecordNotFound {
|
||||
return
|
||||
}
|
||||
if err != nil {
|
||||
log.Printf("settings: check encryption key: %v", err)
|
||||
return
|
||||
}
|
||||
|
||||
current := r.EncryptionKey()
|
||||
if _, err := auth.Decrypt(sample.APIKeyEnc, current); err == nil {
|
||||
return
|
||||
}
|
||||
|
||||
for _, candidate := range encryptionKeyCandidates() {
|
||||
if candidate == current {
|
||||
continue
|
||||
}
|
||||
if _, err := auth.Decrypt(sample.APIKeyEnc, candidate); err != nil {
|
||||
continue
|
||||
}
|
||||
key := candidate
|
||||
if err := r.Update(UpdateInput{EncryptionKey: &key}); err != nil {
|
||||
log.Printf("settings: repair encryption_key: %v", err)
|
||||
return
|
||||
}
|
||||
log.Printf("settings: repaired encryption_key from legacy source")
|
||||
return
|
||||
}
|
||||
|
||||
log.Printf("settings: provider keys cannot be decrypted; set the correct encryption_key in admin system settings or re-save provider keys")
|
||||
}
|
||||
Reference in New Issue
Block a user