feat: 添加自定义 API 配置功能并修复安全问题

- 添加统一的自定义 API 配置开关，允许用户覆盖环境变量
- 修复环境变量暴露问题：未启用自定义时不在 settings 中存储环境变量值
- 调整设置项顺序：开关 → API Base URL → API Key
- 优化设置界面颜色对比度：使用主题色替代低对比度的灰色
- 实际调用 API 时根据 useCustomApi 动态选择环境变量或用户配置

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Author: Wing900

components/settings/AboutSettings.tsx

@@ -96,19 +96,19 @@ export const AboutSettings: React.FC<AboutSettingsProps> = ({ versionInfo }) =>
       <div className="border-t border-[var(--glass-border)] pt-6 space-y-4">
         <h3 className="font-bold text-lg text-[var(--text-color)]">{t('usefulLinks')}</h3>
         <div className="flex flex-wrap gap-4">
-          <a href="https://github.com/Wing900/KChat" target="_blank" rel="noopener noreferrer" className="flex items-center gap-2 text-[var(--accent-color)] hover:underline">
+          <a href="https://github.com/Wing900/KChat" target="_blank" rel="noopener noreferrer" className="flex items-center gap-2 text-[var(--md-sys-color-primary)] hover:underline">
             <Icon icon="github" className="w-4 h-4" />
             <span>{t('sourceCode')}</span>
           </a>
-          <a href="https://github.com/Wing900/KChat/issues" target="_blank" rel="noopener noreferrer" className="flex items-center gap-2 text-[var(--accent-color)] hover:underline">
+          <a href="https://github.com/Wing900/KChat/issues" target="_blank" rel="noopener noreferrer" className="flex items-center gap-2 text-[var(--md-sys-color-primary)] hover:underline">
             <Icon icon="bug" className="w-4 h-4" />
             <span>{t('reportBug')}</span>
           </a>
-          <a href="https://github.com/Wing900/KChat/discussions" target="_blank" rel="noopener noreferrer" className="flex items-center gap-2 text-[var(--accent-color)] hover:underline">
+          <a href="https://github.com/Wing900/KChat/discussions" target="_blank" rel="noopener noreferrer" className="flex items-center gap-2 text-[var(--md-sys-color-primary)] hover:underline">
             <Icon icon="message-square" className="w-4 h-4" />
             <span>{t('discussions')}</span>
           </a>
-          <a href="https://iambin.qzz.io" target="_blank" rel="noopener noreferrer" className="flex items-center gap-2 text-[var(--accent-color)] hover:underline">
+          <a href="https://iambin.qzz.io" target="_blank" rel="noopener noreferrer" className="flex items-center gap-2 text-[var(--md-sys-color-primary)] hover:underline">
             <Icon icon="chicken" className="w-4 h-4" />
             <span>iambin.qzz.io</span>
           </a>

components/settings/AdvancedSettings.tsx

@@ -40,27 +40,28 @@ export const AdvancedSettings: React.FC<AdvancedSettingsProps> = ({ settings, on
           />
         </SettingsItem>
       )}
-      {visibleIds.has('apiKey') && (
-        <SettingsItem label={t('apiKey')} description={t('apiKeyDesc')}>
-           <textarea
-              value={isApiKeySetByEnv ? '' : (settings.apiKey || []).join('\n')}
-              onChange={handleApiKeyChange}
-              disabled={isApiKeySetByEnv}
-              placeholder={isApiKeySetByEnv ? t('apiKeyEnvVar') : t('apiKeyPlaceholder')}
-              className="input-glass max-w-60 min-h-24"
-              rows={3}
-           />
+
+      {/* 使用自定义 API 配置的开关（同时控制 URL 和 Key） */}
+      {(isApiBaseUrlSetByEnv || isApiKeySetByEnv) && (
+        <SettingsItem label={t('useCustomApi')} description={t('useCustomApiDesc')}>
+          <Switch
+            size="sm"
+            checked={settings.useCustomApi || false}
+            onChange={e => onSettingsChange({ useCustomApi: e.target.checked })}
+          />
         </SettingsItem>
       )}
+
+      {/* API Base URL */}
       {visibleIds.has('apiBaseUrl') && (
         <SettingsItem label={t('apiBaseUrl')} description={t('apiBaseUrlDesc')}>
           <input
             type="text"
-            value={isApiBaseUrlSetByEnv ? '' : (settings.apiBaseUrl || '')}
+            value={(isApiBaseUrlSetByEnv || isApiKeySetByEnv) && !settings.useCustomApi ? '' : (settings.apiBaseUrl || '')}
             onChange={e => onSettingsChange({ apiBaseUrl: e.target.value })}
-            disabled={isApiBaseUrlSetByEnv}
+            disabled={(isApiBaseUrlSetByEnv || isApiKeySetByEnv) && !settings.useCustomApi}
             placeholder={
-              isApiBaseUrlSetByEnv
+              (isApiBaseUrlSetByEnv || isApiKeySetByEnv) && !settings.useCustomApi
                 ? t('apiKeyEnvVar')
                 : settings.llmProvider === 'openai'
                   ? 'https://api.openai.com'
@@ -70,6 +71,21 @@ export const AdvancedSettings: React.FC<AdvancedSettingsProps> = ({ settings, on
           />
         </SettingsItem>
       )}
+
+      {/* API Key */}
+      {visibleIds.has('apiKey') && (
+        <SettingsItem label={t('apiKey')} description={t('apiKeyDesc')}>
+           <textarea
+              value={(isApiBaseUrlSetByEnv || isApiKeySetByEnv) && !settings.useCustomApi ? '' : (settings.apiKey || []).join('\n')}
+              onChange={handleApiKeyChange}
+              disabled={(isApiBaseUrlSetByEnv || isApiKeySetByEnv) && !settings.useCustomApi}
+              placeholder={(isApiBaseUrlSetByEnv || isApiKeySetByEnv) && !settings.useCustomApi ? t('apiKeyEnvVar') : t('apiKeyPlaceholder')}
+              className="input-glass max-w-60 min-h-24"
+              rows={3}
+           />
+        </SettingsItem>
+      )}
+
       {visibleIds.has('temperature') && (
         <SettingsItem label={t('temperature')} description={t('temperatureDesc')}>
           <div className="flex items-center gap-4 w-60">

components/settings/SettingsModal.tsx

@@ -62,31 +62,31 @@ export const SettingsModal: React.FC<SettingsModalProps> = ({ versionInfo, ...pr
         {!showAllSections && (
           <div className="flex border-b border-[var(--glass-border)] mb-4 -mx-6 px-6">
             <button
-              className={`px-4 py-2 font-medium text-sm ${activeTab === 'general' ? 'text-[var(--accent-color)] border-b-2 border-[var(--accent-color)]' : 'text-[var(--text-color-secondary)] hover:text-[var(--text-color)]'}`}
+              className={`px-4 py-2 font-medium text-sm ${activeTab === 'general' ? 'text-[var(--md-sys-color-primary)] border-b-2 border-[var(--md-sys-color-primary)]' : 'text-[var(--text-color-secondary)] hover:text-[var(--text-color)]'}`}
               onClick={() => setActiveTab('general')}
             >
               {t('general')}
             </button>
             <button
-              className={`px-4 py-2 font-medium text-sm ${activeTab === 'behavior' ? 'text-[var(--accent-color)] border-b-2 border-[var(--accent-color)]' : 'text-[var(--text-color-secondary)] hover:text-[var(--text-color)]'}`}
+              className={`px-4 py-2 font-medium text-sm ${activeTab === 'behavior' ? 'text-[var(--md-sys-color-primary)] border-b-2 border-[var(--md-sys-color-primary)]' : 'text-[var(--text-color-secondary)] hover:text-[var(--text-color)]'}`}
               onClick={() => setActiveTab('behavior')}
             >
               {t('behavior')}
             </button>
             <button
-              className={`px-4 py-2 font-medium text-sm ${activeTab === 'advanced' ? 'text-[var(--accent-color)] border-b-2 border-[var(--accent-color)]' : 'text-[var(--text-color-secondary)] hover:text-[var(--text-color)]'}`}
+              className={`px-4 py-2 font-medium text-sm ${activeTab === 'advanced' ? 'text-[var(--md-sys-color-primary)] border-b-2 border-[var(--md-sys-color-primary)]' : 'text-[var(--text-color-secondary)] hover:text-[var(--text-color)]'}`}
               onClick={() => setActiveTab('advanced')}
             >
               {t('advanced')}
             </button>
             <button
-              className={`px-4 py-2 font-medium text-sm ${activeTab === 'data' ? 'text-[var(--accent-color)] border-b-2 border-[var(--accent-color)]' : 'text-[var(--text-color-secondary)] hover:text-[var(--text-color)]'}`}
+              className={`px-4 py-2 font-medium text-sm ${activeTab === 'data' ? 'text-[var(--md-sys-color-primary)] border-b-2 border-[var(--md-sys-color-primary)]' : 'text-[var(--text-color-secondary)] hover:text-[var(--text-color)]'}`}
               onClick={() => setActiveTab('data')}
             >
               {t('data')}
             </button>
             <button
-              className={`px-4 py-2 font-medium text-sm ${activeTab === 'about' ? 'text-[var(--accent-color)] border-b-2 border-[var(--accent-color)]' : 'text-[var(--text-color-secondary)] hover:text-[var(--text-color)]'}`}
+              className={`px-4 py-2 font-medium text-sm ${activeTab === 'about' ? 'text-[var(--md-sys-color-primary)] border-b-2 border-[var(--md-sys-color-primary)]' : 'text-[var(--text-color-secondary)] hover:text-[var(--text-color)]'}`}
               onClick={() => setActiveTab('about')}
             >
               {t('about')}

contexts/locales/en.ts

@@ -79,6 +79,8 @@ export const en = {
     apiKeyEnvVar: 'Key set by environment variable',
     apiBaseUrl: 'API Base URL',
     apiBaseUrlDesc: 'Optional. Use a proxy or a different API endpoint.',
+    useCustomApi: 'Use Custom API Configuration',
+    useCustomApiDesc: 'Override environment variables and use custom API URL and Key.',
     llmProvider: 'Model Service Provider',
     llmProviderDesc: 'Choose the backend large language model service for chat.',
     langDetectModel: 'Language Detection Model',

contexts/locales/zh.ts

@@ -79,6 +79,8 @@ export const zh = {
     apiKeyEnvVar: '密钥已由环境变量设置',
     apiBaseUrl: 'API Base URL',
     apiBaseUrlDesc: '可选。使用代理或不同的 API 端点。',
+    useCustomApi: '使用自定义 API 配置',
+    useCustomApiDesc: '覆盖环境变量，使用自定义的 API 地址和密钥。',
     llmProvider: '模型服务商',
     llmProviderDesc: '选择用于聊天的后端大语言模型服务。',
     langDetectModel: '语言检测模型',

hooks/useChatMessaging.ts

@@ -30,10 +30,19 @@ export const useChatMessaging = ({ settings, activeChat, personas, setChats, set
   }, []);
 
   const _initiateStream = useCallback(async (chatId: string, historyForAPI: Message[], personaId: string | null | undefined, titleGenerationMode: 'INITIAL' | 'RECURRING' | null = null) => {
-    const apiKeys = settings.apiKey && settings.apiKey.length > 0
-      ? settings.apiKey
-      : (process.env.API_KEY ? [process.env.API_KEY] : []);
-    
+    // 获取 API Key：如果用户启用了自定义，使用用户的配置；否则使用环境变量
+    let apiKeys: string[] = [];
+    if (settings.useCustomApi) {
+      // 用户启用了自定义配置，使用用户输入的 API Key
+      apiKeys = settings.apiKey && settings.apiKey.length > 0 ? settings.apiKey : [];
+    } else {
+      // 用户未启用自定义，使用环境变量
+      const envKey = settings.llmProvider === 'openai'
+        ? process.env.OPENAI_API_KEY
+        : process.env.GEMINI_API_KEY || process.env.API_KEY;
+      apiKeys = envKey ? [envKey] : [];
+    }
+
     if (apiKeys.length === 0) {
         const providerName = settings.llmProvider === 'openai' ? 'OpenAI' : 'Gemini';
         addToast(`Please set your ${providerName} API key in Settings.`, 'error');
@@ -67,7 +76,19 @@ export const useChatMessaging = ({ settings, activeChat, personas, setChats, set
 
     try {
       const llmService = createLLMService(settings);
-      
+
+      // 获取 API Base URL：如果用户启用了自定义，使用用户的配置；否则使用环境变量
+      let apiBaseUrl = '';
+      if (settings.useCustomApi) {
+        // 用户启用了自定义配置，使用用户输入的 API Base URL
+        apiBaseUrl = settings.apiBaseUrl || '';
+      } else {
+        // 用户未启用自定义，使用环境变量
+        apiBaseUrl = settings.llmProvider === 'openai'
+          ? (process.env.OPENAI_API_BASE_URL || '')
+          : (process.env.API_BASE_URL || '');
+      }
+
       const chatRequest: ChatRequest = {
         messages: historyForAPI,
         model: chatSession.model,
@@ -78,7 +99,7 @@ export const useChatMessaging = ({ settings, activeChat, personas, setChats, set
           contextLength: settings.contextLength,
         },
         apiKey: apiKeys[0], // 服务内部目前只处理单个key
-        apiBaseUrl: settings.apiBaseUrl,
+        apiBaseUrl: apiBaseUrl,
         showThoughts: settings.showThoughts,
         enableSearch: settings.enableSearch,
       };

hooks/useSettings.ts

@@ -87,11 +87,18 @@ export const useSettings = () => {
     const loadedSettings = loadSettings();
     const initialSettings = { ...defaultSettings, ...loadedSettings };
 
-    // 优先使用环境变量配置（每次启动都重新读取）
+    // 如果有环境变量配置
     if (envConfig) {
       initialSettings.llmProvider = envConfig.provider;
-      initialSettings.apiKey = [envConfig.apiKey];
-      initialSettings.apiBaseUrl = envConfig.apiBaseUrl;
+
+      // 关键修改：只有在用户启用了自定义 API 配置时，才保留用户的设置
+      // 否则，清空 apiKey 和 apiBaseUrl，避免暴露环境变量
+      if (!initialSettings.useCustomApi) {
+        // 用户未启用自定义，清空这些字段，实际使用时从环境变量读取
+        initialSettings.apiKey = [];
+        initialSettings.apiBaseUrl = '';
+      }
+      // 如果用户启用了自定义，保留 loadedSettings 中的值
     }
 
     // 如果没有环境变量配置，保持用户之前的手动配置或默认值
@@ -107,11 +114,11 @@ export const useSettings = () => {
   useEffect(() => {
     if (!isStorageLoaded) return;
 
-    // 保存设置时，排除 apiKey 和 apiBaseUrl（如果来自环境变量）
+    // 保存设置时，排除 apiKey 和 apiBaseUrl（如果来自环境变量且用户未启用自定义）
     // 这样环境变量不会被缓存到 localStorage
     const settingsToSave = { ...settings };
-    if (hasEnvApiKey) {
-      // 环境变量有配置，不保存敏感信息到 localStorage
+    if ((hasEnvApiKey || isApiBaseUrlSetByEnv) && !settings.useCustomApi) {
+      // 环境变量有配置且用户未启用自定义，不保存 API 配置到 localStorage
       delete (settingsToSave as Record<string, unknown>).apiKey;
       delete (settingsToSave as Record<string, unknown>).apiBaseUrl;
     }

types.ts

@@ -89,6 +89,7 @@ export interface Settings {
   thinkDeeper: boolean;
   enableSearch: boolean;
   apiBaseUrl?: string;
+  useCustomApi?: boolean; // 是否使用自定义 API 配置（包括 URL 和 Key，覆盖环境变量）
   temperature?: number;
   maxOutputTokens?: number;
   contextLength?: number;