From 967ed01cf734b7dd97624c33f5ee898bf4d9f3ff Mon Sep 17 00:00:00 2001 From: Weilong Liao <37870767+Soulter@users.noreply.github.com> Date: Wed, 24 Jun 2026 16:37:46 +0800 Subject: [PATCH] fix: add data scope to api keys (#8985) --- astrbot/dashboard/services/auth_service.py | 1 + dashboard/src/api/generated/openapi-v1/types.gen.ts | 5 ++++- dashboard/src/views/Settings.vue | 1 + openspec/openapi-v1.yaml | 6 +++--- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/astrbot/dashboard/services/auth_service.py b/astrbot/dashboard/services/auth_service.py index e73c176ea..bc6cbde50 100644 --- a/astrbot/dashboard/services/auth_service.py +++ b/astrbot/dashboard/services/auth_service.py @@ -54,6 +54,7 @@ ALL_OPEN_API_SCOPES = ( "im", "config", "chat", + "data", "file", "plugin", "mcp", diff --git a/dashboard/src/api/generated/openapi-v1/types.gen.ts b/dashboard/src/api/generated/openapi-v1/types.gen.ts index a75cf4931..850c2b723 100644 --- a/dashboard/src/api/generated/openapi-v1/types.gen.ts +++ b/dashboard/src/api/generated/openapi-v1/types.gen.ts @@ -86,6 +86,9 @@ export type ChatProjectRequest = { }; export type ChatRequest = { + /** + * Caller-declared WebChat sender/session owner. This value is used as the message sender identity and may participate in sender-ID-based command permission checks. Treat chat-scoped API keys as trusted backend credentials and map or validate usernames before accepting end-user input. + */ username?: string; session_id?: string; /** @@ -191,7 +194,7 @@ export type ConversationRef = { export type CreateApiKeyRequest = { name: string; - scopes?: Array<('bot' | 'provider' | 'persona' | 'im' | 'config' | 'chat' | 'file' | 'plugin' | 'mcp' | 'skill')>; + scopes?: Array<('bot' | 'provider' | 'persona' | 'im' | 'config' | 'chat' | 'data' | 'file' | 'plugin' | 'mcp' | 'skill')>; expires_at?: string; expires_in_days?: number; }; diff --git a/dashboard/src/views/Settings.vue b/dashboard/src/views/Settings.vue index 9f06909d3..1020b51e2 100644 --- a/dashboard/src/views/Settings.vue +++ b/dashboard/src/views/Settings.vue @@ -513,6 +513,7 @@ const availableScopes = [ { value: 'im', label: 'im' }, { value: 'config', label: 'config' }, { value: 'chat', label: 'chat' }, + { value: 'data', label: 'data' }, { value: 'file', label: 'file' }, { value: 'plugin', label: 'plugin' }, { value: 'mcp', label: 'mcp' }, diff --git a/openspec/openapi-v1.yaml b/openspec/openapi-v1.yaml index 80cbeef3b..80559792d 100644 --- a/openspec/openapi-v1.yaml +++ b/openspec/openapi-v1.yaml @@ -8,7 +8,7 @@ info: JSON objects because their schemas are provided at runtime by template endpoints. Developer API keys currently support these scopes only: bot, provider, - persona, im, config, chat, file, plugin, mcp, skill. The config scope also + persona, im, config, chat, data, file, plugin, mcp, skill. The config scope also grants bot and provider access. servers: - url: http://localhost:6185 @@ -5127,8 +5127,8 @@ components: type: array items: type: string - enum: [bot, provider, persona, im, config, chat, file, plugin, mcp, skill] - example: [bot, provider, persona, im, config, chat, file, plugin, mcp, skill] + enum: [bot, provider, persona, im, config, chat, data, file, plugin, mcp, skill] + example: [bot, provider, persona, im, config, chat, data, file, plugin, mcp, skill] expires_at: type: string format: date-time