From 44fe78fff56679a0ae1e69191f53c579fa89d721 Mon Sep 17 00:00:00 2001
From: Steven Moder <java20131114@gmail.com>
Date: Wed, 29 Jan 2025 21:40:30 +0800
Subject: [PATCH] fix: Enhance API key validation in is_any_api_key function
 (#2113)

---
 shared_utils/key_pattern_manager.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/shared_utils/key_pattern_manager.py b/shared_utils/key_pattern_manager.py
index e0d101d1..b7191638 100644
--- a/shared_utils/key_pattern_manager.py
+++ b/shared_utils/key_pattern_manager.py
@@ -45,6 +45,13 @@ def is_cohere_api_key(key):
 
 
 def is_any_api_key(key):
+    # key 一般只包含字母、数字、下划线、逗号、中划线
+    if not re.match(r"^[a-zA-Z0-9_\-,]+$", key):
+        # 如果配置了 CUSTOM_API_KEY_PATTERN，再检查以下以免误杀
+        if CUSTOM_API_KEY_PATTERN := get_conf('CUSTOM_API_KEY_PATTERN'):
+            return bool(re.match(CUSTOM_API_KEY_PATTERN, key))
+        return False
+
     if ',' in key:
         keys = key.split(',')
         for k in keys: