From 6820fe7fd4218c89abbd7cf622a194fa2f4f7cda Mon Sep 17 00:00:00 2001
From: pmc <740076875@qq.com>
Date: Thu, 7 May 2026 22:52:12 +0800
Subject: [PATCH] =?UTF-8?q?feat(02-01):=20=E6=96=B0=E5=A2=9E=20CredentialS?=
 =?UTF-8?q?lotSerializer?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- ModelSerializer 三字段: app_id / access_token / updated_at
- updated_at read_only 双重保险（模型层 auto_now=True 已兜底）
- app_id / access_token allow_blank=True / allow_null=False / required=False
  与模型层 blank=True / default='' 对齐
- 脱敏不在 serializer 层做（per CONTEXT.md）, 由 view 层 mask_token 完成
---
 qy_lty/aiapp/serializers.py | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/qy_lty/aiapp/serializers.py b/qy_lty/aiapp/serializers.py
index 0e98a9e..2d90e44 100644
--- a/qy_lty/aiapp/serializers.py
+++ b/qy_lty/aiapp/serializers.py
@@ -1,8 +1,30 @@
 from rest_framework import serializers
-from .models import ChatMessage
+from .models import ChatMessage, CredentialSlot
 
 class ChatMessageSerializer(serializers.ModelSerializer):
     class Meta:
         model = ChatMessage
         fields = ['id', 'user', 'bot', 'message', 'timestamp', 'sender', 'message_type', 'message_audio_url', 'message_video_url']
         read_only_fields = ['id', 'timestamp', 'sender']
+
+
+class CredentialSlotSerializer(serializers.ModelSerializer):
+    """通用凭据槽位序列化器（明文存储，脱敏由 view 层完成）。
+
+    设计动机（per CONTEXT.md D-Serializer）：
+    - 脱敏放 view 层不放 serializer：PUT 路径需要明文走 is_valid + save，serializer
+      不应承担"既要明文又要脱敏"的双重责任。
+    - app_id / access_token 在模型层 blank=True, default=''，对应 serializer 配
+      allow_blank=True, allow_null=False, required=False；既允许空字符串覆写、又
+      拒绝 None；缺字段时由 ModelSerializer 默认行为（用现有值兜底）。
+    - updated_at 由模型层 auto_now=True 自动维护，read_only 双重保险。
+    """
+
+    class Meta:
+        model = CredentialSlot
+        fields = ['app_id', 'access_token', 'updated_at']
+        read_only_fields = ['updated_at']
+        extra_kwargs = {
+            'app_id':       {'allow_blank': True, 'allow_null': False, 'required': False},
+            'access_token': {'allow_blank': True, 'allow_null': False, 'required': False},
+        }