# Copyright 2026 zhaoxi826 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from typing import List from kilostar.core.postgres_database.model.provider import ProviderModel from sqlalchemy import select from kilostar.core.postgres_database.database_exception import database_exception from kilostar.utils.crypto import ( CryptoError, decrypt_secret, encrypt_secret, is_encrypted, ) from kilostar.utils.logger import get_logger logger = get_logger("provider_dao") def _decrypt_apikey(value): if not value: return value if not is_encrypted(value): return value try: return decrypt_secret(value) except CryptoError as e: logger.error(f"Provider apikey 解密失败: {e}") return value def _encrypt_apikey(value): if not value or is_encrypted(value): return value return encrypt_secret(value) class ProviderDatabase: """Provider 表的 DAO:模型 Provider 的增删查改;``provider_apikey`` 透明 Fernet 加解密。""" def __init__(self, async_session_maker): self.async_session_maker = async_session_maker @database_exception async def get_provider(self) -> List[ProviderModel]: """返回全部 Provider,并将每行重新构造为新的 ``ProviderModel`` 实例(脱离 session)。""" async with self.async_session_maker() as session: statement = select(ProviderModel) results = await session.execute(statement) results = results.scalars().all() providers = [ ProviderModel( provider_id=provider.provider_id, provider_title=provider.provider_title, provider_url=provider.provider_url, provider_apikey=_decrypt_apikey(provider.provider_apikey), provider_models=provider.provider_models, provider_type=provider.provider_type, provider_owner=provider.provider_owner, is_active=provider.is_active, model_settings=provider.model_settings, ) for provider in results ] return providers @database_exception async def add_provider(self, **kwargs) -> None: """新建一条 Provider 记录;``provider_apikey`` 写入前自动加密。""" if "provider_apikey" in kwargs: kwargs["provider_apikey"] = _encrypt_apikey(kwargs["provider_apikey"]) async with self.async_session_maker() as session: provider = ProviderModel(**kwargs) session.add(provider) await session.commit() @database_exception async def delete_provider(self, provider_id: str) -> None: """删除指定 ID 的 Provider;不存在时静默返回。""" async with self.async_session_maker() as session: provider = await session.get(ProviderModel, provider_id) if provider is not None: await session.delete(provider) await session.commit() @database_exception async def delete_provider_by_title(self, provider_title: str) -> None: """按 provider_title 删除 Provider;不存在时静默返回。""" async with self.async_session_maker() as session: statement = select(ProviderModel).where( ProviderModel.provider_title == provider_title ) result = await session.execute(statement) provider = result.scalar_one_or_none() if provider is not None: await session.delete(provider) await session.commit() @database_exception async def update_provider(self, provider_id: str, **kwargs) -> None: """部分更新指定 Provider 的字段;``provider_apikey`` 写入前自动加密。""" if "provider_apikey" in kwargs: kwargs["provider_apikey"] = _encrypt_apikey(kwargs["provider_apikey"]) async with self.async_session_maker() as session: provider = await session.get(ProviderModel, provider_id) if provider is not None: for key, value in kwargs.items(): setattr(provider, key, value) session.add(provider) await session.commit() await session.refresh(provider) # 解密返回,方便上游使用 provider.provider_apikey = _decrypt_apikey(provider.provider_apikey) return provider return None