From 7e5f9a2049afd08299c823d21b3345e6d74f9631 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=BC=A8=E7=BC=A8?= <wanyingxing@gmail.com>
Date: Wed, 11 Sep 2024 14:27:35 +0800
Subject: [PATCH] chore: prohibit manually publishing the bot through the API
 (#370)

* chore: prohibit manually publishing the bot through the API

* chore: fix ci
---
 server/bot/router.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/server/bot/router.py b/server/bot/router.py
index 2b405926..6370bc0d 100644
--- a/server/bot/router.py
+++ b/server/bot/router.py
@@ -101,8 +101,14 @@ async def create_bot(
     bot_data: BotCreateRequest,
     user_id: Annotated[str | None, Depends(get_user_id)] = None,
 ):
+    blacklist_fields = {"public"}
+    filtered_bot_data = {
+        key: value
+        for key, value in bot_data.model_dump().items()
+        if key not in blacklist_fields
+    }
     try:
-        res = await bot_builder(user_id, **bot_data.model_dump())
+        res = await bot_builder(user_id, **filtered_bot_data)
         if not res:
             return JSONResponse(
                 content={"success": False, "errorMessage": "仓库不存在，生成失败"},
@@ -141,13 +147,14 @@ def update_bot(
 ):
     if not id:
         return {"error": "Incomplete parameters", "status": 400}
+    blacklist_fields = {"public"}
+
     try:
         update_fields = {
             key: value
             for key, value in bot_data.model_dump(exclude_unset=True).items()
-            if value is not None
+            if value is not None and key not in blacklist_fields
         }
-
         if not update_fields:
             return JSONResponse(
                 content={"success": False, "errorMessage": "No fields to update"},