validateAIProviderAPIKeys checks that each supplied key is non-empty and free of leading/trailing whitespace. An empty slice itself is permitted: on create it means "no keys yet"; on update it means "clear all keys". Keys are stored verbatim; surrounding whitespace would silently corrupt the credent
(keys []string)
| 349 | // would silently corrupt the credential, so callers must trim before |
| 350 | // sending. |
| 351 | func validateAIProviderAPIKeys(keys []string) []ValidationError { |
| 352 | var validations []ValidationError |
| 353 | for i, key := range keys { |
| 354 | switch { |
| 355 | case key == "": |
| 356 | validations = append(validations, ValidationError{ |
| 357 | Field: fmt.Sprintf("api_keys[%d]", i), |
| 358 | Detail: "api_keys entries must not be empty", |
| 359 | }) |
| 360 | case strings.TrimSpace(key) != key: |
| 361 | validations = append(validations, ValidationError{ |
| 362 | Field: fmt.Sprintf("api_keys[%d]", i), |
| 363 | Detail: "api_keys entries must not contain leading or trailing whitespace", |
| 364 | }) |
| 365 | } |
| 366 | } |
| 367 | return validations |
| 368 | } |
| 369 | |
| 370 | // validateAIProviderKeyMutations checks each entry has exactly one of |
| 371 | // ID or APIKey set, that plaintexts are non-empty after trimming, and |