()
| 41 | |
| 42 | |
| 43 | async def ensure_security_settings() -> None: |
| 44 | config_record = await KeyValue.filter(key="settings").first() |
| 45 | if not config_record: |
| 46 | return |
| 47 | |
| 48 | current_config = {**DEFAULT_CONFIG, **(config_record.value or {})} |
| 49 | security_config = prepare_security_config(current_config) |
| 50 | if not security_config.changed: |
| 51 | return |
| 52 | |
| 53 | config_record.value = security_config.config |
| 54 | await config_record.save() |
| 55 | if security_config.setup_required: |
| 56 | logger.warning("检测到空密码或旧版默认管理员密码,请通过初始化页面重新设置") |
| 57 | elif security_config.password_hashed: |
| 58 | logger.info("已将管理员密码迁移为哈希存储") |
| 59 | if security_config.jwt_secret_rotated: |
| 60 | logger.info("已生成独立 JWT 签名密钥") |
| 61 | await refresh_settings() |
| 62 | |
| 63 | |
| 64 | def _sync_ip_limits() -> None: |
no test coverage detected