pmc
192d0a15ec
- 1:1 复刻 RTCChatHistoryAPIView 单 URL 多方法 APIView 风格(不走 RetrieveUpdateAPIView) - authentication_classes=[RedisTokenAuthentication] - permission_classes=[IsAuthenticated] + view 内 _ensure_admin 二次校验 is_staff (per RESEARCH.md:仓库零处 IsAdminTokenAuthenticated 类,沿用 AdminEmailLoginView 模式) - _build_response_data helper 强制脱敏:data['access_token'] = mask_token(instance.access_token) - GET / PUT 都走 _build_response_data,避免 PUT 直接 return success_response(data=serializer.data) 导致明文回显(CONTEXT.md / Pitfall 3 锁定) - @swagger_auto_schema method-level 装饰:access_token 字段 description 显式标注脱敏掩码 - 顶部 import 追加:CredentialSlot / CredentialSlotSerializer / mask_token / get_standardized_response_schema