From 14d9136a3b062323ed0b534adb4169d17af71e5e Mon Sep 17 00:00:00 2001
From: Marsway <liwei@marsway.red>
Date: Mon, 5 Jan 2026 17:28:01 +0800
Subject: [PATCH] =?UTF-8?q?=E4=B8=A5=E6=A0=BC=20json=20=E6=A0=BC=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md          |  2 ++
 app/admin/views.py | 41 +++++++++++++++++------------------------
 2 files changed, 19 insertions(+), 24 deletions(-)

diff --git a/README.md b/README.md
index 4283869..48b7dc0 100644
--- a/README.md
+++ b/README.md
@@ -84,6 +84,8 @@ ConnectHub 是一个轻量级企业集成中间件：统一管理多系统集成
 {"rest_user":"REST帐号","rest_password":"REST密码","loginName":"可选-模拟登录名"}
 ```
 
+- 注意：在 Admin 中保存 `public_cfg/secret_cfg` 时必须输入 **合法 JSON 对象（双引号、且为 `{...}`）**，否则会直接报错并阻止落库。
+
 - token 失效处理：遇到 401 或响应包含 `Invalid token`，自动刷新 token 并重试一次。
 
 #### 示例插件：sync_oa_to_didi（仅演示 token 获取日志）
diff --git a/app/admin/views.py b/app/admin/views.py
index 872278d..dfa9111 100644
--- a/app/admin/views.py
+++ b/app/admin/views.py
@@ -106,34 +106,27 @@ class JobAdmin(ModelView, model=Job):
         itr = croniter(str(cron_expr).strip(), base)
         _ = itr.get_next(datetime)
 
-        # public_cfg 允许以 JSON 字符串输入
-        pcfg = _maybe_json(data.get("public_cfg"))
+        # public_cfg：必须是合法 JSON 对象（dict），否则直接报错阻止落库
+        pcfg = data.get("public_cfg")
         if isinstance(pcfg, str):
+            try:
+                pcfg = json.loads(pcfg)
+            except json.JSONDecodeError as e:
+                raise ValueError("public_cfg must be a JSON object") from e
+        if not isinstance(pcfg, dict):
             raise ValueError("public_cfg must be a JSON object")
-        if isinstance(pcfg, dict):
-            data["public_cfg"] = pcfg
+        data["public_cfg"] = pcfg
 
-        # secret_cfg：若用户输入 JSON 字符串，则自动加密落库；若输入已是 token，则原样保存
-        scfg = data.get("secret_cfg", "")
-        if scfg is None:
-            data["secret_cfg"] = ""
-            return
+        # secret_cfg：必须是合法 JSON 对象（dict），并且保存时必须加密落库
+        scfg = data.get("secret_cfg")
         if isinstance(scfg, str):
-            s = scfg.strip()
-            if not s:
-                data["secret_cfg"] = ""
-                return
-            parsed = _maybe_json(s)
-            if isinstance(parsed, dict):
-                data["secret_cfg"] = encrypt_json(parsed)
-            else:
-                # 非 JSON：视为已加密 token
-                data["secret_cfg"] = s
-            return
-        if isinstance(scfg, dict):
-            data["secret_cfg"] = encrypt_json(scfg)
-            return
-        raise ValueError("secret_cfg must be JSON object or encrypted token string")
+            try:
+                scfg = json.loads(scfg)
+            except json.JSONDecodeError as e:
+                raise ValueError("secret_cfg must be a JSON object") from e
+        if not isinstance(scfg, dict):
+            raise ValueError("secret_cfg must be a JSON object")
+        data["secret_cfg"] = encrypt_json(scfg)
 
 
 class JobLogAdmin(ModelView, model=JobLog):