github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-13 19:46:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): strip partial API token from status labels (#33262)

Browse Source 
Merged via squash.

Prepared head SHA: 5fe81704e6
Co-authored-by: cu1ch3n <80438676+cu1ch3n@users.noreply.github.com>
Co-authored-by: grp06 <1573959+grp06@users.noreply.github.com>
Reviewed-by: @grp06
This commit is contained in:
Cui Chen
2026-03-04 07:11:49 +08:00
committed by GitHub
parent b1a735829d
commit e8cb0484ce
4 changed files with 36 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/agents/model-auth-label.ts
View File

@@ -1,6 +1,5 @@
import type { OpenClawConfig } from "../config/config.js";
import type { SessionEntry } from "../config/sessions.js";
import { maskApiKey } from "../utils/mask-api-key.js";
import {
ensureAuthProfileStore,
resolveAuthProfileDisplayLabel,
@@ -9,28 +8,6 @@ import {
import { getCustomProviderApiKey, resolveEnvApiKey } from "./model-auth.js";
import { normalizeProviderId } from "./model-selection.js";
function formatApiKeySnippet(apiKey: string): string {
const compact = apiKey.replace(/\s+/g, "");
if (!compact) {
return "unknown";
}
return maskApiKey(compact);
}
function formatCredentialSnippet(params: {
value: string | undefined;
ref: { source: string; id: string } | undefined;
}): string {
const value = typeof params.value === "string" ? params.value.trim() : "";
if (value) {
return formatApiKeySnippet(value);
}
if (params.ref) {
return `ref(${params.ref.source}:${params.ref.id})`;
}
return "unknown";
}
export function resolveModelAuthLabel(params: {
provider?: string;
cfg?: OpenClawConfig;
@@ -69,13 +46,9 @@ export function resolveModelAuthLabel(params: {
return `oauth${label ? ` (${label})` : ""}`;
}
if (profile.type === "token") {
return `token ${formatCredentialSnippet({ value: profile.token, ref: profile.tokenRef })}${
label ? ` (${label})` : ""
}`;
return `token${label ? ` (${label})` : ""}`;
}
return `api-key ${formatCredentialSnippet({ value: profile.key, ref: profile.keyRef })}${
label ? ` (${label})` : ""
}`;
return `api-key${label ? ` (${label})` : ""}`;
}
const envKey = resolveEnvApiKey(providerKey);
@@ -83,12 +56,12 @@ export function resolveModelAuthLabel(params: {
if (envKey.source.includes("OAUTH_TOKEN")) {
return `oauth (${envKey.source})`;
}
return `api-key ${formatApiKeySnippet(envKey.apiKey)} (${envKey.source})`;
return `api-key (${envKey.source})`;
}
const customKey = getCustomProviderApiKey(params.cfg, providerKey);
if (customKey) {
return `api-key ${formatApiKeySnippet(customKey)} (models.json)`;
return `api-key (models.json)`;
}
return "unknown";