Skip to content

Commit ed35872

Browse files
committed
fix(settings): address Codex bot review on CPA auto-discovery
- Don't auto-probe on API key changes. Key is only sent when user explicitly clicks "Test connection" or when baseUrl/wire changes (where they already implicitly authorize a probe by editing the endpoint). Avoids leaking keys to typo'd or malicious hosts. - Use a monotonic seq counter to discard stale async responses. Fixes race where a slow older probe could overwrite newer state and default-model selection. Signed-off-by: hqhq1025 <1506751656@qq.com>
1 parent 616acaf commit ed35872

1 file changed

Lines changed: 4 additions & 2 deletions

File tree

apps/desktop/src/renderer/src/components/AddCustomProviderModal.tsx

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,7 @@ export function AddCustomProviderModal({
108108
const userPickedModel = useRef(false);
109109

110110
const debounceTimer = useRef<ReturnType<typeof setTimeout> | null>(null);
111+
const discoverySeq = useRef(0);
111112

112113
function scheduleDiscovery(currentBaseUrl: string, currentApiKey: string, currentWire: WireApi) {
113114
if (debounceTimer.current !== null) clearTimeout(debounceTimer.current);
@@ -122,13 +123,15 @@ export function AddCustomProviderModal({
122123

123124
async function runDiscovery(currentBaseUrl: string, currentApiKey: string, currentWire: WireApi) {
124125
if (!window.codesign?.config) return;
126+
const seq = ++discoverySeq.current;
125127
setDiscovery({ kind: 'discovering' });
126128
try {
127129
const res = await window.codesign.config.testEndpoint({
128130
wire: currentWire,
129131
baseUrl: currentBaseUrl.trim(),
130132
apiKey: currentApiKey.trim(),
131133
});
134+
if (seq !== discoverySeq.current) return;
132135
if (res.ok && res.models.length > 0) {
133136
setDiscovery({ kind: 'found', models: res.models });
134137
if (!userPickedModel.current) {
@@ -139,7 +142,7 @@ export function AddCustomProviderModal({
139142
setDiscovery({ kind: 'failed' });
140143
}
141144
} catch {
142-
setDiscovery({ kind: 'failed' });
145+
if (seq === discoverySeq.current) setDiscovery({ kind: 'failed' });
143146
}
144147
}
145148

@@ -152,7 +155,6 @@ export function AddCustomProviderModal({
152155

153156
function handleApiKeyChange(v: string) {
154157
setApiKey(v);
155-
scheduleDiscovery(baseUrl, v, wire);
156158
}
157159

158160
function handleWireChange(v: WireApi) {

0 commit comments

Comments
 (0)