feat(dashboard): add SSL config validation to prevent saving invalid HTTPS settings

[YukiRa1n]

Motivation / 动机

This PR adds validation for WebUI HTTPS configuration to prevent users from saving invalid SSL settings that would cause the server to fail on startup.

该 PR 添加了 WebUI HTTPS 配置验证，防止用户保存无效的 SSL 设置导致服务器启动失败。

Problem / 问题描述:
When users enable dashboard.ssl.enable without configuring cert_file and key_file, the server fails to start on next launch with SSL certificate loading errors.

当用户启用 dashboard.ssl.enable 但未配置 cert_file 和 key_file 时，服务器下次启动时会因 SSL 证书加载错误而失败。

---

Modifications / 改动点

Backend Validation / 后端验证

• Added validate_ssl_config() function in astrbot/dashboard/routes/config.py
• Validates that when dashboard.ssl.enable is true, both cert_file and key_file must be configured
• Returns user-friendly error messages on validation failure

Frontend Validation / 前端验证

• Added validateSslConfig() method in dashboard/src/views/ConfigPage.vue
• Provides immediate feedback before sending request to backend

i18n Support / 国际化支持

• Added validation messages in both zh-CN and en-US locale files

---

Breaking Changes

• This is NOT a breaking change.
• 这不是一个破坏性变更。

---

Verification / 验证步骤

1. Navigate to System Config panel in WebUI
2. Enable dashboard.ssl.enable
3. Leave cert_file and key_file empty
4. Click Save button
5. Should see validation error message: "启用 WebUI HTTPS 时，必须配置 SSL 证书文件路径和私钥文件路径"
   修改之前

修改之后

---

Checklist / 检查清单

• 😊 如果 PR 中有新加入的功能，已经通过 Issue / 邮件等方式和作者讨论过。/ If there are new features added in the PR, I have discussed it with the authors through issues/emails, etc.
• 👀 我的更改经过了良好的测试，并已在上方提供了"验证步骤"和"运行截图"。/ My changes have been well-tested, and "Verification Steps" and "Screenshots" have been provided above.
• 🤓 我确保没有引入新依赖库，或者引入了新依赖库的同时将其添加到了 requirements.txt 和 pyproject.toml 文件相应位置。/ I have ensured that no new dependencies are introduced, OR if new dependencies are introduced, they have been added to the appropriate locations in requirements.txt and pyproject.toml.
• 😮 我的更改没有引入恶意代码。/ My changes do not introduce malicious code.

Summary by Sourcery

为仪表盘的 HTTPS 配置添加验证，防止保存会导致服务器无法启动的 SSL 设置。

新功能：

• 在后端为仪表盘 SSL 设置添加验证，确保在启用 HTTPS 时提供证书和密钥路径。
• 在仪表盘配置页面添加前端 SSL 配置验证，当必填字段缺失时，在保存之前立即给出反馈。

增强：

• 为仪表盘的英文和中文本地化界面添加本地化的 SSL 验证错误消息。

Original summary in English

Summary by Sourcery

Add validation around dashboard HTTPS configuration to prevent saving SSL settings that would break server startup.

New Features:

• Add backend validation for dashboard SSL settings to ensure certificate and key paths are provided when HTTPS is enabled.
• Add frontend SSL configuration validation on the dashboard config page to give immediate feedback before saving when required fields are missing.

Enhancements:

• Add localized SSL validation error messages for both English and Chinese dashboard locales.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the WebUI configuration by introducing robust validation for HTTPS settings. The primary goal is to prevent server startup failures that occur when users enable SSL without providing the necessary certificate and key files. By implementing both backend and frontend validation, the system now proactively checks for complete SSL configurations, improving stability and user experience, and includes internationalization for error messages.

Highlights

• Backend SSL Configuration Validation: Implemented a new validate_ssl_config function in the backend to ensure that when WebUI HTTPS is enabled, both the SSL certificate file path and private key file path are provided. This validation is integrated into the configuration saving process.
• Frontend SSL Configuration Validation: Added a validateSslConfig method to the ConfigPage.vue component, providing immediate client-side feedback to users if they attempt to save invalid SSL settings (i.e., enabling HTTPS without specifying certificate and key files).
• Internationalization Support: Included new validation messages in both English (en-US) and Simplified Chinese (zh-CN) locale files to support the new SSL configuration validation across different languages.

Changelog

• astrbot/dashboard/routes/config.py
  • Added validate_ssl_config function to check for required SSL certificate and key files when HTTPS is enabled.
  • Integrated validate_ssl_config into the save_config function to perform backend validation before saving.
• dashboard/src/i18n/locales/en-US/features/config.json
  • Added a new sslValidation.required key with an English message for SSL configuration validation.
• dashboard/src/i18n/locales/zh-CN/features/config.json
  • Added a new sslValidation.required key with a Chinese message for SSL configuration validation.
• dashboard/src/views/ConfigPage.vue
  • Added validateSslConfig method to perform client-side validation for SSL certificate and key files.
  • Integrated validateSslConfig into the updateConfig method to provide immediate feedback to the user.

Activity

• The author has provided detailed verification steps to test the new SSL configuration validation.
• The author has confirmed that the changes have been well-tested.
• The author has confirmed that no new dependencies were introduced and no malicious code was added.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey - 我提供了一些高层面的反馈：

• SSL 校验规则目前同时实现于后端的 validate_ssl_config 和前端的 validateSslConfig 中；建议把这些规则（或者至少条件/文案）集中到同一个地方，以避免它们随着时间推移出现不一致。
• 后端的 validate_ssl_config 返回的是硬编码的中文错误字符串，然后再包装到通用的 ValueError 中；你可以考虑统一使用适合 i18n 的键/消息，或者使用专门的校验错误类型，这样调用方就能更好地区分不同错误并以一致的方式展示。

给 AI Agents 的提示

Please address the comments from this code review:

## Overall Comments
- The SSL validation rules are implemented both in `validate_ssl_config` on the backend and `validateSslConfig` on the frontend; consider centralizing the rules (or at least the conditions/messages) in one place to avoid them drifting out of sync over time.
- Backend `validate_ssl_config` returns hardcoded Chinese error strings and then wraps them in a generic `ValueError`; you may want to either standardize on i18n-friendly keys/messages or use a dedicated validation error type so the caller can distinguish and present errors consistently.

---

Sourcery 对开源项目是免费的 —— 如果你觉得我们的评审有帮助，欢迎分享 ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{帮我变得更有用！请在每条评论上点 👍 或 👎，我会根据你的反馈改进后续的评审。}

Original comment in English

Hey - I've left some high level feedback:

• The SSL validation rules are implemented both in validate_ssl_config on the backend and validateSslConfig on the frontend; consider centralizing the rules (or at least the conditions/messages) in one place to avoid them drifting out of sync over time.
• Backend validate_ssl_config returns hardcoded Chinese error strings and then wraps them in a generic ValueError; you may want to either standardize on i18n-friendly keys/messages or use a dedicated validation error type so the caller can distinguish and present errors consistently.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The SSL validation rules are implemented both in `validate_ssl_config` on the backend and `validateSslConfig` on the frontend; consider centralizing the rules (or at least the conditions/messages) in one place to avoid them drifting out of sync over time.
- Backend `validate_ssl_config` returns hardcoded Chinese error strings and then wraps them in a generic `ValueError`; you may want to either standardize on i18n-friendly keys/messages or use a dedicated validation error type so the caller can distinguish and present errors consistently.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[dosubot]

Related Documentation

Checked 1 published document(s) in 1 knowledge base(s). No updates required.

^{How did I do? Any feedback?}  

[gemini-code-assist]

Code Review

This pull request introduces validation for SSL configuration on both the backend and frontend, which is a great addition to prevent server startup failures due to invalid HTTPS settings. The implementation is solid, with checks in config.py and ConfigPage.vue, along with i18n support for error messages. I have one suggestion to enhance the backend validation by checking for the existence of the certificate and key files, which would more robustly prevent the issue described.