支持master key

routes/bot_manager.py

@@ -18,7 +18,7 @@ from pydantic import BaseModel
 from agent.db_pool_manager import get_db_pool_manager
 from utils.fastapi_utils import extract_api_key_from_auth
 from utils.new_api_proxy import get_new_api_proxy
-from utils.settings import SINGLE_AGENT_MODE, TEMPLATE_BOT_ID, TEMPLATE_BOT_NAME
+from utils.settings import SINGLE_AGENT_MODE, TEMPLATE_BOT_ID, TEMPLATE_BOT_NAME, MASTERKEY
 
 logger = logging.getLogger('app')
 
@@ -229,6 +229,10 @@ async def verify_user_auth(authorization: Optional[str]) -> tuple[bool, Optional
     """
     验证用户认证
 
+    支持两种认证方式：
+    1. MASTERKEY - 使用 settings.MASTERKEY 进行鉴权，视为超级管理员
+    2. 用户 Token - 从数据库验证用户 token
+
     Args:
         authorization: Authorization header 值
 
@@ -239,6 +243,10 @@ async def verify_user_auth(authorization: Optional[str]) -> tuple[bool, Optional
     if not provided_token:
         return False, None, None
 
+    # 检查是否为 masterkey
+    if MASTERKEY and provided_token == MASTERKEY:
+        return True, "__masterkey__", "masterkey"
+
     pool = get_db_pool_manager().pool
 
     async with pool.connection() as conn:
@@ -290,6 +298,10 @@ async def is_admin_user(authorization: Optional[str]) -> bool:
     if not user_valid or not user_id:
         return False
 
+    # masterkey 用户视为管理员
+    if user_id == "__masterkey__":
+        return True
+
     pool = get_db_pool_manager().pool
     async with pool.connection() as conn:
         async with conn.cursor() as cursor:

utils/multi_project_manager.py

@@ -431,7 +431,7 @@ def _extract_skills_to_robot(bot_id: str, skills: List[str], project_path: Path)
 
 _COMMON_ENV_KEYS = frozenset({
     'TMPDIR', 'PATH', 'HOME', 'USER', 'SHELL', 'LANG', 'TERM',
-    'PWD', 'OLDPWD', 'NODE_ENV',
+    'PWD', 'OLDPWD', 'NODE_ENV', 'MASTERKEY', 'ASSISTANT_ID', 'USER_IDENTIFIER' , 'TRACE_ID'
 })
 
 _ENV_PATTERNS = [