fix(config): 避免 pydantic-settings 自動 JSON 解析 WHITELIST

使用 str + property 取代 list[int] + validator 解決 K8s Secret 注入時的解析錯誤 Co-Authored-By: Claude <noreply@anthropic.com>
2026-03-22 23:18:50 +08:00
parent 13200076aa
commit c2b33a99a3
1 changed files with 16 additions and 13 deletions
--- a/apps/api/src/core/config.py
+++ b/apps/api/src/core/config.py
@@ -225,21 +225,24 @@ class Settings(BaseSettings):
        default="",
        description="Telegram Chat ID for notifications",
    )
-    OPENCLAW_TG_USER_WHITELIST: list[int] = Field(
-        default=[],
-        description="Telegram user IDs allowed to sign approvals",
+    # 使用 str 避免 pydantic-settings 自動 JSON 解析，在 property 中轉換
+    _OPENCLAW_TG_USER_WHITELIST_RAW: str = Field(
+        default="",
+        alias="OPENCLAW_TG_USER_WHITELIST",
+        description="Telegram user IDs allowed to sign approvals (comma-separated)",
    )

-    @field_validator("OPENCLAW_TG_USER_WHITELIST", mode="before")
-    @classmethod
-    def parse_tg_whitelist(cls, v: str | list[int] | int) -> list[int]:
-        if isinstance(v, int):
-            return [v]
-        if isinstance(v, str):
-            if not v.strip():
-                return []
-            return [int(uid.strip()) for uid in v.split(",")]
-        return v
+    @property
+    def OPENCLAW_TG_USER_WHITELIST(self) -> list[int]:
+        """Parse comma-separated user IDs to list[int]"""
+        raw = self._OPENCLAW_TG_USER_WHITELIST_RAW
+        if not raw or not raw.strip():
+            return []
+        # Handle JSON array format or comma-separated
+        if raw.startswith("["):
+            import json
+            return json.loads(raw)
+        return [int(uid.strip()) for uid in raw.split(",")]

    # ==========================================================================
    # Phase 5: Webhook Security (CISO 要求)