feat(auth): improve OpenAI compatibility normalization and API key handling

- Refined trimming and normalization logic for `baseURL` and `apiKey` attributes. - Updated `Authorization` header logic to omit empty API keys. - Enhanced compatibility processing by handling empty `api-key-entries`. - Improved legacy format fallback and added safeguards for empty credentials across executor paths.
2026-02-18 12:20:52 +08:00 · 2025-10-03 02:38:30 +08:00
parent 12c09f1a46
commit 2eef6875e9
2 changed files with 42 additions and 13 deletions
--- a/internal/watcher/watcher.go
+++ b/internal/watcher/watcher.go
@@ -799,23 +799,23 @@ func (w *Watcher) SnapshotCoreAuths() []*coreauth.Auth {
 			base := strings.TrimSpace(compat.BaseURL)

 			// Handle new APIKeyEntries format (preferred)
+			createdEntries := 0
 			if len(compat.APIKeyEntries) > 0 {
 				for j := range compat.APIKeyEntries {
 					entry := &compat.APIKeyEntries[j]
 					key := strings.TrimSpace(entry.APIKey)
-					if key == "" {
-						continue
-					}
 					proxyURL := strings.TrimSpace(entry.ProxyURL)
 					idKind := fmt.Sprintf("openai-compatibility:%s", providerName)
 					id, token := idGen.next(idKind, key, base, proxyURL)
 					attrs := map[string]string{
 						"source":       fmt.Sprintf("config:%s[%s]", providerName, token),
 						"base_url":     base,
-						"api_key":      key,
 						"compat_name":  compat.Name,
 						"provider_key": providerName,
 					}
+					if key != "" {
+						attrs["api_key"] = key
+					}
 					if hash := computeOpenAICompatModelsHash(compat.Models); hash != "" {
 						attrs["models_hash"] = hash
 					}
@@ -830,6 +830,7 @@ func (w *Watcher) SnapshotCoreAuths() []*coreauth.Auth {
 						UpdatedAt:  now,
 					}
 					out = append(out, a)
+					createdEntries++
 				}
 			} else {
 				// Handle legacy APIKeys format for backward compatibility
@@ -843,10 +844,10 @@ func (w *Watcher) SnapshotCoreAuths() []*coreauth.Auth {
 					attrs := map[string]string{
 						"source":       fmt.Sprintf("config:%s[%s]", providerName, token),
 						"base_url":     base,
-						"api_key":      key,
 						"compat_name":  compat.Name,
 						"provider_key": providerName,
 					}
+					attrs["api_key"] = key
 					if hash := computeOpenAICompatModelsHash(compat.Models); hash != "" {
 						attrs["models_hash"] = hash
 					}
@@ -860,8 +861,32 @@ func (w *Watcher) SnapshotCoreAuths() []*coreauth.Auth {
 						UpdatedAt:  now,
 					}
 					out = append(out, a)
+					createdEntries++
 				}
 			}
+			if createdEntries == 0 {
+				idKind := fmt.Sprintf("openai-compatibility:%s", providerName)
+				id, token := idGen.next(idKind, base)
+				attrs := map[string]string{
+					"source":       fmt.Sprintf("config:%s[%s]", providerName, token),
+					"base_url":     base,
+					"compat_name":  compat.Name,
+					"provider_key": providerName,
+				}
+				if hash := computeOpenAICompatModelsHash(compat.Models); hash != "" {
+					attrs["models_hash"] = hash
+				}
+				a := &coreauth.Auth{
+					ID:         id,
+					Provider:   providerName,
+					Label:      compat.Name,
+					Status:     coreauth.StatusActive,
+					Attributes: attrs,
+					CreatedAt:  now,
+					UpdatedAt:  now,
+				}
+				out = append(out, a)
+			}
 		}
 	}
 	// Also synthesize auth entries directly from auth files (for OAuth/file-backed providers)