fix: resolve the security issues of apikey #840

kimteayon · 2025-05-20T06:52:44Z

🤔 This is a ...

🔗 Related Issues

#831
#790

Summary by CodeRabbit

新功能
- 消息内容支持以 <think> 标签包裹推理内容，实现推理内容与主内容的更细致流式展示。
修复
- 优化流式消息分块处理和内容拼接逻辑，提升展示准确性和一致性。
文档
- 本地定义了 BubbleDataType 类型，替代原有的导入方式。
杂项
- 更新了 API 接口地址和模型标识，API 密钥替换为占位符提升安全性。
- 微调了部分样式和格式。

coderabbitai · 2025-05-20T06:52:50Z

📝 Walkthrough

Walkthrough

本次更新统一了多个组件和文档示例中的 API 接口地址与密钥为占位符，并优化了流式消息解析和内容拼接逻辑，特别是对 <think> 标签的处理。部分类型定义从外部导入改为本地声明，代码格式与样式也做了微调。

Changes

文件/文件组	变更摘要
components/use-x-agent/demo/model.tsx components/use-x-chat/demo/model.tsx components/x-request/demo/model.tsx docs/playground/copilot.tsx docs/playground/independent.tsx	API 基础地址统一更换为 `https://api.x.ant.design/api/llm_siliconflow_deepseekv3` 或相关路径，API Key 替换为占位符。部分类型定义本地声明。
components/use-x-agent/demo/model.tsx components/use-x-chat/demo/model.tsx docs/playground/copilot.tsx docs/playground/independent.tsx	流式消息解析逻辑优化，分别提取 `reasoning_content` 与 `content`，并根据内容动态拼接 `<think>` 标签。
components/x-request/demo/model.tsx	模型名从 `DeepSeek-R1-Distill-Qwen-7B` 更新为 `DeepSeek-V3`。
docs/playground/copilot.tsx docs/playground/independent.tsx	`BubbleDataType` 类型由本地声明替代外部导入，部分 JSX 样式及属性格式优化。
components/x-request/index.ts	移除 `catch` 代码块中多余空行，逻辑未变。

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant UI
    participant Agent
    participant API

    User->>UI: 发送消息
    UI->>Agent: 调用 agent.send
    Agent->>API: 请求 /api/llm_siliconflow_deepseekv3 (带占位符密钥)
    API-->>Agent: 流式返回 JSON 块
    Agent->>UI: 提取 reasoning_content 和 content，拼接 <think> 标签
    UI-->>User: 渲染处理后的消息内容

Poem

兔子挥笔写新篇，
API 地址焕新颜。
流式消息巧拼接，
<think> 标签藏机缘。
类型本地更安全，
代码整洁心也甜！
🐰✨

Note

⚡️ AI Code Reviews for VS Code, Cursor, Windsurf

CodeRabbit now has a plugin for VS Code, Cursor and Windsurf. This brings AI code reviews directly in the code editor. Each commit is reviewed immediately, finding bugs before the PR is raised. Seamless context handoff to your AI code agent ensures that you can easily incorporate review feedback.
Learn more here.

Note

⚡️ Faster reviews with caching

CodeRabbit now supports caching for code and dependencies, helping speed up reviews. This means quicker feedback, reduced wait times, and a smoother review experience overall. Cached data is encrypted and stored securely. This feature will be automatically enabled for all accounts on May 30th. To opt out, configure Review - Disable Cache at either the organization or repository level. If you prefer to disable all data retention across your organization, simply turn off the Data Retention setting under your Organization Settings.
Enjoy the performance boost—your workflow just got faster.

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 331dffc and fa77ec5.

📒 Files selected for processing (3)

components/use-x-chat/demo/model.tsx (2 hunks)
docs/playground/copilot.tsx (5 hunks)
docs/playground/independent.tsx (7 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

docs/playground/copilot.tsx
components/use-x-chat/demo/model.tsx
docs/playground/independent.tsx

⏰ Context from checks skipped due to timeout of 90000ms (3)

Git 8000 Hub Check: test / react component workflow
GitHub Check: build preview
GitHub Check: size

✨ Finishing Touches

📝 Generate Docstrings

🧪 Generate Unit Tests

Create PR with Unit Tests
Commit Unit Tests in branch fixapikey
Post Copyable Unit Tests in Comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate docstrings to generate docstrings for this PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai auto-generate unit tests to generate unit tests for this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

github-actions · 2025-05-20T06:52:55Z

petercat-assistant · 2025-05-20T06:53:05Z

Walkthrough

This pull request addresses security concerns by updating API keys and URLs across several components. It also refines the message transformation logic to handle content more robustly.

Changes

Files	Summary
components/use-x-agent/demo/model.tsx, components/use-x-chat/demo/model.tsx, components/x-request/demo/model.tsx, docs/playground/copilot.tsx, docs/playground/independent.tsx	Updated BASE_URL and API_KEY to enhance security. Improved message transformation logic to handle content and reasoning content more effectively.
components/x-request/index.ts	Minor refactoring to improve error handling.
docs/playground/copilot.tsx, docs/playground/independent.tsx	Added type definition for BubbleDataType.

components/use-x-agent/demo/model.tsx

components/use-x-chat/demo/model.tsx

components/x-request/demo/model.tsx

docs/playground/copilot.tsx

docs/playground/independent.tsx

codecov · 2025-05-20T06:53:45Z

Bundle Report

Changes will decrease total bundle size by 466 bytes (-0.34%) ⬇️. This is within the configured threshold ✅

Detailed changes

Bundle name	Size	Change
antdx-array-push	136.15kB	-466 bytes (-0.34%) ⬇️

Affected Assets, Files, and Routes:

view changes for bundle: antdx-array-push

Assets Changed:

Asset Name	Size Change	Total Size	Change (%)
`antdx.min.js`	-466 bytes	136.15kB	-0.34%

coderabbitai

Actionable comments posted: 3

🧹 Nitpick comments (2)

docs/playground/independent.tsx (1)

37-40: 本地化类型定义，提高代码独立性

将BubbleDataType类型从外部导入改为本地定义，这样可以减少对外部模块的依赖，使组件更加独立。但需要注意，新定义的类型与原导入类型的结构不完全相同，原类型继承自BubbleProps并包含可选的key和role属性，而新类型仅包含必需的role和content字符串属性。

建议确保这种类型变更不会影响其他依赖于此类型的代码逻辑。

docs/playground/copilot.tsx (1)

34-37: 本地化类型定义，提高代码独立性

将BubbleDataType类型从外部导入改为本地定义，这样可以减少对外部模块的依赖，使组件更加独立。但需要注意，新定义的类型与原导入类型的结构不完全相同，原类型继承自BubbleProps并包含可选的key和role属性，而新类型仅包含必需的role和content字符串属性。

建议确保这种类型变更不会影响其他依赖于此类型的代码逻辑。

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 10e3cc2 and 9924c78.

📒 Files selected for processing (6)

components/use-x-agent/demo/model.tsx (2 hunks)
components/use-x-chat/demo/model.tsx (2 hunks)
components/x-request/demo/model.tsx (1 hunks)
components/x-request/index.ts (0 hunks)
docs/playground/copilot.tsx (5 hunks)
docs/playground/independent.tsx (7 hunks)

💤 Files with no reviewable changes (1)

components/x-request/index.ts

🧰 Additional context used

🧬 Code Graph Analysis (2)

docs/playground/independent.tsx (1)

components/bubble/BubbleList.tsx (1)

BubbleDataType (22-25)

docs/playground/copilot.tsx (1)

components/bubble/BubbleList.tsx (1)

BubbleDataType (22-25)

⏰ Context from checks skipped due to timeout of 90000ms (3)

GitHub Check: build preview
GitHub Check: test / react component workflow
GitHub Check: size

🔇 Additional comments (7)

components/x-request/demo/model.tsx (1)

12-14: 优化了API密钥安全性和端点配置

代码更新了API端点、模型标识符和API密钥。这些更改符合PR的目标，通过� 8000 ��用占位符替换了实际的API密钥，提高了安全性。

具体更改:

将基础URL从特定的API端点更改为通用的占位符URL

更新了模型到最新版本

用占位符替换了实际的API密钥

components/use-x-agent/demo/model.tsx (2)

13-13: 增强了API密钥安全性

代码修改了API端点和密钥配置，将实际的API密钥替换为占位符值，这符合PR目标中提到的解决API密钥安全问题。

Also applies to: 15-15

70-70: 简化了流式内容的获取逻辑

代码优化了从流式响应中提取内容的方式，不再显式检查reasoning_content，而是直接访问modalMessage?.choices?.[0]?.delta?.content并提供空字符串作为回退值。这种更改使代码更简洁且更健壮。

docs/playground/independent.tsx (2)

274-274: 提高API密钥安全性

代码更新了API端点并用占位符替换了实际的API密钥，符合PR的目标，解决了API密钥泄露的安全隐患。

Also applies to: 276-276

296-320: 优化了流式消息处理逻辑

重写了transformMessage函数来分别处理reasoning_content和content内容，通过条件逻辑来处理<think>标签的包装，使得流式内容的拼接更加合理和健壮。新的实现能够正确处理以下情况：

原始消息内容为空且有新的思考内容时，添加<think>开始标签

原始消息已包含<think>标签但尚未闭合，且有新的常规内容时，添加</think>闭合标签

其他情况下简单拼接内容

这种实现改进了流式响应的处理方式，使UI展示更加准确。

docs/playground/copilot.tsx (2)

178-178: 提高API密钥安全性

代码更新了API端点并用占位符替换了实际的API密钥，符合PR的目标，解决了API密钥泄露的安全隐患。

Also applies to: 180-180

200-224: 优化了流式消息处理逻辑

重写了transformMessage函数来分别处理reasoning_content和content内容，通过条件逻辑来处理<think>标签的包装，使得流式内容的拼接更加合理和健壮。新的实现能够正确处理以下情况：

原始消息内容为空且有新的思考内容时，添加<think>开始标签

原始消息已包含<think>标签但尚未闭合，且有新的常规内容时，添加</think>闭合标签

其他情况下简单拼接内容

这种实现改进了流式响应的处理方式，使UI展示更加准确。改动与docs/playground/independent.tsx文件中的更改保持一致，确保了代码库中处理流式消息的方式的一致性。

components/use-x-chat/demo/model.tsx

codecov · 2025-05-20T06:56:07Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.35%. Comparing base (10e3cc2) to head (fa77ec5).
Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #840   +/-   ##
=======================================
  Coverage   92.35%   92.35%           
=======================================
  Files          66       66           
  Lines        1492     1492           
  Branches      388      405   +17     
=======================================
  Hits         1378     1378           
  Misses        114      114

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

components/use-x-agent/demo/model.tsx

components/use-x-chat/demo/model.tsx

* chore: sync main to feature branch (#810) * fix(attachment): fix image display style (#751) * chore: update CodePreviewer to support React 19 (#758) * docs: update a new contributions charts (#761) * fix: fix some potential issue (#773) * refactor: using setState function (#774) Co-authored-by: vanndxh <wangyuezhou.wyz@digital-engine.com> * type: fix some potential issue (#775) * fix: watch config three sub-items (#777) * feat: function setState * fix: watch config --------- Co-authored-by: vanndxh <wangyuezhou.wyz@digital-engine.com> * fix: fix Conversations ellipsis tooltip issues by removing it (#776) * fix: fix Conversations ellipsis tooltip issues by removing it * test: update snapshot * style: use native text overflow style * docs: changelog of 1.2.0 (#778) * fix: fix some potential issue * fix: fix some potential issue * fix: fix some potential issue * docs: changelog of 1.2.0 * docs: changelog of 1.2.0 * docs: changelog of 1.2.0 * docs: changelog of 1.2.0 * docs: changelog of 1.2.0 * docs: changelog of 1.2.0 * docs: changelog of 1.2.0 * 🏷️ type: add Conversation type export (#258) Co-authored-by: afc163 <afc163@gmail.com> * docs: fix the wrong docs of ThoughtChain (#781) * fix: fix some potential issue * fix: fix some potential issue * fix: fix some potential issue * docs: changelog of 1.2.0 * docs: changelog of 1.2.0 * docs: changelog of 1.2.0 * docs: changelog of 1.2.0 * docs: changelog of 1.2.0 * docs: changelog of 1.2.0 * docs: changelog of 1.2.0 * docs: fix the wrong docs of ThoughtChain * docs: optimize Bubble.List scoll position * docs: fix thought-chain and changelog * fix: Prompts scroll styles (#785) * fix: Prompts srollX * fix: Prompts srollX * docs: optimize Bubble.List scroll bar position (#783) * docs: optimize Bubble.List scoll position * docs: optimize Bubble.List scoll position * test: demo snap * fix: Prompts srollX * chore: sync main to feature branch --------- Co-authored-by: wzc520pyfm <1528857653@qq.com> Co-authored-by: ice <49827327+coding-ice@users.noreply.github.com> Co-authored-by: Shinji-Li <1349021570@qq.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Vanndxh <77873426+vanndxh@users.noreply.github.com> Co-authored-by: vanndxh <wangyuezhou.wyz@digital-engine.com> Co-authored-by: afc163 <afc163@gmail.com> * chore: fix warning of deprecated API (#827) * chore: fix warning of deprecated API * chore: fix ts * chore: fix logic * test: ignore legacy * chore: delete webpack.config.js (#229) * docs(bubble): update content and messageRender type (#814) * docs: sender supplement documents to address user inquiries (#835) * docs: supplement documents to address user inquiries * docs: sender * chore: sync main to feature branch * feat: make the Bubble foot and header to get from context & Bubble can get key (#683) * feat: 调整Bubble foot,header参数,支持头部获取上下文 * fix: # 支持useXAgent通过deps 获取最新状态 * fix: 剔多余提交 * fix: 英文文档格式修复 * fix 简化参数 * Update header-and-footer.tsx fix: 调整用例 * feat: bubble's footer and header * feat: bubble's footer and header * test: bubble's footer and header * fix: ts of key * fix: ts of key --------- Co-authored-by: Mickey <951203214@qq.com> * fix: resolve the security issues of apikey (#840) * fix: Resolve the security issues of apikey * fix: Resolve the security issues of apikey * test: update snap * fix:api key and stream * fix:api key and stream * docs: modification tips (#844) * docs: changelog of 1.3.0 (#845) * test: sender * test: delete * docs: changelog of 1.3.0 * docs: changelog of 1.3.0 * docs: changelog of 1.3.0 --------- Co-authored-by: wzc520pyfm <1528857653@qq.com> Co-authored-by: ice <49827327+coding-ice@users.noreply.github.com> Co-authored-by: Shinji-Li <1349021570@qq.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Vanndxh <77873426+vanndxh@users.noreply.github.com> Co-authored-by: vanndxh <wangyuezhou.wyz@digital-engine.com> Co-authored-by: afc163 <afc163@gmail.com> Co-authored-by: 二货爱吃白萝卜 <smith3816@gmail.com> Co-authored-by: Lawliet <37376096+L-Hknu@users.noreply.github.com>

* fix: Resolve the security issues of apikey * fix: Resolve the security issues of apikey * test: update snap * fix:api key and stream * fix:api key and stream

kimteayon added 2 commits May 20, 2025 14:48

fix: Resolve the security issues of apikey

bc3c3f8

fix: Resolve the security issues of apikey

9924c78

petercat-assistant bot reviewed May 20, 2025

View reviewed changes

components/use-x-agent/demo/model.tsx Show resolved Hide resolved

petercat-assistant bot reviewed May 20, 2025

View reviewed changes

components/use-x-chat/demo/model.tsx Outdated Show resolved Hide resolved

petercat-assistant bot reviewed May 20, 2025

View reviewed changes

components/x-request/demo/model.tsx Show resolved Hide resolved

petercat-assistant bot reviewed May 20, 2025

View reviewed changes

docs/playground/copilot.tsx Show resolved Hide resolved

petercat-assistant bot reviewed 8000 May 20, 2025

View reviewed changes

docs/playground/independent.tsx Show resolved Hide resolved

dosubot bot added bug Something isn't working documentation Improvements or additions to documentation labels May 20, 2025

coderabbitai bot reviewed May 20, 2025

View reviewed changes

components/use-x-chat/demo/model.tsx Outdated Show resolved Hide resolved

components/use-x-chat/demo/model.tsx Show resolved Hide resolved

components/use-x-chat/demo/model.tsx Show resolved Hide resolved

hylin reviewed May 20, 2025

View reviewed changes

components/use-x-agent/demo/model.tsx Show resolved Hide resolved

afc163 reviewed May 20, 2025

View reviewed changes

components/use-x-chat/demo/model.tsx Outdated Show resolved Hide resolved

kimteayon added 3 commits May 20, 2025 22:19

test: update snap

869d27d

fix:api key and stream

331dffc

fix:api key and stream

fa77ec5

hylin approved these changes May 21, 2025

View reviewed changes

dosubot bot added the lgtm This PR has been approved by a maintainer label May 21, 2025

kimteayon requested a review from afc163 May 21, 2025 06:38

kimteayon merged commit 340dfee into ant-design:main May 21, 2025
11 checks passed

kimteayon mentioned this pull request May 21, 2025

docs: changelog of 1.3.0 #845

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

fix: resolve the security issues of apikey #840

fix: resolve the security issues of apikey #840

Uh oh!

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Poem

Chat

Support

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (`.coderabbit.yaml`)

Documentation and Community

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Assets Changed:

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

fix: resolve the security issues of apikey #840

fix: resolve the security issues of apikey #840

Uh oh!

Conversation

Uh oh!

🤔 This is a ...

🔗 Related Issues

Summary by CodeRabbit

Uh oh!

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Poem

Chat

Support

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

Uh oh!

Uh oh!

Uh oh!

Walkthrough

Changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Bundle Report

Affected Assets, Files, and Routes:

Assets Changed:

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

CodeRabbit Configuration File (`.coderabbit.yaml`)