From b58538bbae2f8877d4190a9a58abccce5ac8fe92 Mon Sep 17 00:00:00 2001 From: bookworm Date: Fri, 10 Apr 2026 11:05:25 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E6=97=A7=E7=89=88=E6=98=8E=E6=96=87?= =?UTF-8?q?=E7=BC=93=E5=AD=98=E5=85=BC=E5=AE=B9=20+=20=E8=87=AA=E5=8A=A8?= =?UTF-8?q?=E8=BF=81=E7=A7=BB=20DPAPI=20+=20=E5=86=99=20User=20=E7=8E=AF?= =?UTF-8?q?=E5=A2=83=E5=8F=98=E9=87=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- auto-setup.ps1 | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/auto-setup.ps1 b/auto-setup.ps1 index d422914..9adfa4b 100644 --- a/auto-setup.ps1 +++ b/auto-setup.ps1 @@ -473,18 +473,29 @@ function Get-CachedSecrets { } $props = Get-ItemProperty $regPath -ErrorAction SilentlyContinue $loaded = 0 + $needMigrate = $false foreach ($p in $props.PSObject.Properties) { - # B9: 只加载白名单内的 Key (防止 PATH/COMSPEC 注入) if ($CacheAllowedKeys -contains $p.Name) { - try { - $val = Unprotect-String $p.Value + $val = $null + # 先尝试 DPAPI 解密 (新格式) + try { $val = Unprotect-String $p.Value } catch {} + # 回退: 旧版明文格式 (非 Base64 / DPAPI 失败) + if (-not $val -and $p.Value -and $p.Value.Length -lt 200) { + $val = $p.Value + $needMigrate = $true + } + if ($val) { [System.Environment]::SetEnvironmentVariable($p.Name, $val, "Process") + [System.Environment]::SetEnvironmentVariable($p.Name, $val, "User") $loaded++ - } catch { - Bw-Log "WARN" "缓存解密失败: $($p.Name)" } } } + # 旧缓存自动迁移为 DPAPI 格式 + if ($needMigrate -and $loaded -gt 0) { + Save-SecretsToCache + Bw-Log "INFO" "旧版明文缓存已迁移为 DPAPI 加密" + } return ($loaded -gt 0 -and $env:ANTHROPIC_API_KEY) } catch { return $false } }