fix(comments-api): 从配置接口响应中移除敏感的管理员密钥信息
确保公共配置接口不会泄露敏感的管理员密钥信息,只返回公开的配置设置
This commit is contained in:
@@ -173,7 +173,13 @@ app.post('/api/verify-admin', verifyAdminKey);
|
||||
app.get('/api/config/comments', async (c) => {
|
||||
try {
|
||||
const settings = await loadCommentSettings(c.env);
|
||||
return c.json(settings);
|
||||
const {
|
||||
adminKey,
|
||||
adminKeySet,
|
||||
...publicSettings
|
||||
} = settings as any;
|
||||
|
||||
return c.json(publicSettings);
|
||||
} catch (e: any) {
|
||||
return c.json({ message: e.message || '加载评论配置失败' }, 500);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user