wangbo/ComfyUI
1
0
Fork 0
mirror of https://github.com/comfyanonymous/ComfyUI.git synced 2026-04-18 14:32:49 +08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

fix: remove sensitive tokens from history items

Browse Source 
Sanitize history items returned by get_history() to strip
auth_token_comfy_org and api_key_comfy_org from prompt inputs.
This prevents tokens from being exposed if history is ever
persisted to disk or accessed over open networks.

Closes #8889
This commit is contained in:
zhaog100 2026-03-22 03:59:13 +08:00
parent bdead4bc04
commit 87b7f4fcd6
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
execution.py
View File

@ -1253,7 +1253,22 @@ class PromptQueue:
return True return True
return False return False
def _sanitize_history_item(self, item: dict) -> dict:
"""Remove sensitive keys from prompt inputs in history items.
Prevents tokens from being exposed if history is ever persisted to disk."""
item = copy.deepcopy(item)
prompt = item.get("prompt", {})
if isinstance(prompt, dict):
for node_id, node_data in prompt.items():
if isinstance(node_data, dict):
inputs = node_data.get("inputs", {})
if isinstance(inputs, dict):
inputs.pop("auth_token_comfy_org", None)
inputs.pop("api_key_comfy_org", None)
return item
def get_history(self, prompt_id=None, max_items=None, offset=-1, map_function=None): def get_history(self, prompt_id=None, max_items=None, offset=-1, map_function=None):
sanitize = self._sanitize_history_item
with self.mutex: with self.mutex:
if prompt_id is None: if prompt_id is None:
out = {} out = {}
@ -1265,6 +1280,8 @@ class PromptQueue:
p = self.history[k] p = self.history[k]
if map_function is not None: if map_function is not None:
p = map_function(p) p = map_function(p)
else:
p = sanitize(p)
out[k] = p out[k] = p
if max_items is not None and len(out) >= max_items: if max_items is not None and len(out) >= max_items:
break break
@ -1273,7 +1290,7 @@ class PromptQueue:
elif prompt_id in self.history: elif prompt_id in self.history:
p = self.history[prompt_id] p = self.history[prompt_id]
if map_function is None: if map_function is None:
p = copy.deepcopy(p) p = sanitize(p)
else: else:
p = map_function(p) p = map_function(p)
return {prompt_id: p} return {prompt_id: p}