From 9a99b9ce826f1441ebdfb1e82092c234321d5269 Mon Sep 17 00:00:00 2001
From: PKC278 <52959804+PKC278@users.noreply.github.com>
Date: Fri, 26 Dec 2025 23:02:40 +0800
Subject: [PATCH] =?UTF-8?q?fix(system):=20=E6=9B=B4=E6=96=B0global?=
 =?UTF-8?q?=E8=BF=94=E5=9B=9E=E5=AD=97=E6=AE=B5=EF=BC=8C=E9=87=87=E7=94=A8?=
 =?UTF-8?q?=E7=99=BD=E5=90=8D=E5=8D=95=E6=A8=A1=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/api/endpoints/system.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/api/endpoints/system.py b/app/api/endpoints/system.py
index 78672c4d..136299b7 100644
--- a/app/api/endpoints/system.py
+++ b/app/api/endpoints/system.py
@@ -134,11 +134,15 @@ def get_global_setting(token: str):
     if token != "moviepilot":
         raise HTTPException(status_code=403, detail="Forbidden")
 
-    # FIXME: 新增敏感配置项时要在此处添加排除项
+    # 白名单模式，仅包含前端业务逻辑必需的字段
     info = settings.model_dump(
-        exclude={"SECRET_KEY", "RESOURCE_SECRET_KEY", "API_TOKEN", "TMDB_API_KEY", "TVDB_API_KEY", "FANART_API_KEY",
-                 "COOKIECLOUD_KEY", "COOKIECLOUD_PASSWORD", "GITHUB_TOKEN", "REPO_GITHUB_TOKEN", "U115_APP_ID",
-                 "ALIPAN_APP_ID", "TVDB_V4_API_KEY", "TVDB_V4_API_PIN"}
+        include={
+            "TMDB_IMAGE_DOMAIN",
+            "GLOBAL_IMAGE_CACHE",
+            "ADVANCED_MODE",
+            "RECOGNIZE_SOURCE",
+            "SEARCH_SOURCE"
+        }
     )
     # 追加用户唯一ID和订阅分享管理权限
     share_admin = SubscribeHelper().is_admin_user()