fix(settings): prevent API key duplication on save

[localai-bot]

Description

Fixes issue #9071 where saving settings from the WebUI would duplicate API keys.

Problem

The Settings.jsx page stores API keys in a textarea as (string), but the backend expects an array in . When saving, the string was being sent directly instead of being converted to an array, causing duplication issues.

Solution

• In the function, convert to an array before saving
• Split the text by newlines, trim each key, and filter out empty strings
• Set to an empty array when no keys are provided

Changes

• Modified:

Testing

• Save settings with multiple API keys (one per line)
• Verify keys are saved correctly without duplication
• Test with empty API keys field

[netlify]

✅ Deploy Preview for localai ready!

Name	Link
🔨 Latest commit	e2ae3d2
🔍 Latest deploy log	https://app.netlify.com/projects/localai/deploys/69bd07c8482fe600082ea72c
😎 Deploy Preview	https://deploy-preview-9080--localai.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Copilot]

Pull request overview

Prevents API key duplication when saving settings by converting the WebUI textarea value into the backend’s expected api_keys array format.

Changes:

• Build a settingsToSave payload before saving.
• Parse api_keys_text into a trimmed, newline-split api_keys array (or [] when empty).
• Save the normalized payload via settingsApi.save(settingsToSave).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

settingsToSave still includes api_keys_text (copied from settings). If api_keys_text is a UI-only field, sending it to the backend can cause schema/validation issues or unintended persistence. Consider deleting api_keys_text from settingsToSave before calling settingsApi.save, so the payload matches the backend contract (api_keys only).

Suggested change

	}
	}
	// Remove UI-only field before sending to backend
	delete settingsToSave.api_keys_text

[Copilot]

This normalizes whitespace/empties, but it doesn’t prevent duplicate keys within the textarea itself (e.g., the same key repeated on multiple lines). Since this PR targets duplication behavior, consider de-duplicating the resulting array (e.g., via a Set) to ensure api_keys is unique before saving.

Suggested change

	settingsToSave.api_keys = text.split('\n').map(k => k.trim()).filter(k => k !== '')
	const keys = text.split('\n').map(k => k.trim()).filter(k => k !== '')
	settingsToSave.api_keys = Array.from(new Set(keys))

[localai-bot]

Fixes Applied

Addressed Copilot review comments:

1. Removed api_keys_text field: Now deletes from the payload before saving to avoid schema/validation issues
2. Deduplicated API keys: Uses to ensure unique API keys before saving

These changes ensure the backend receives only the normalized array without duplicate entries or UI-only fields.

[localai-bot]

Fixes Applied

Addressed Copilot review comments:

1. Removed api_keys_text field: Now deletes api_keys_text from the payload before saving to avoid schema/validation issues
2. Deduplicated API keys: Uses Array.from(new Set(keys)) to ensure unique API keys before saving

These changes ensure the backend receives only the normalized api_keys array without duplicate entries or UI-only fields.

[localai-bot]

I've addressed the Copilot review comments:

1. Deduplicated API keys: Added to ensure unique keys before saving
2. Removed UI-only field: Added before sending to backend to prevent schema/validation issues

Changes have been pushed to the branch. The PR should now be ready for review.

[localai-bot]

I have addressed the Copilot review comments:

1. Deduplicated API keys using Set before saving
2. Removed api_keys_text (UI-only field) from payload before backend call

Changes have been pushed to the branch. The PR should now be ready for review.

[localai-bot]

✅ DCO Check Fixed

The DCO check was failing due to a mismatch between the committer email and Signed-off-by email. I've fixed this by:

1. Rewriting all commits in the branch using WARNING: git-filter-branch has a glut of gotchas generating mangled history
   rewrites. Hit Ctrl-C before proceeding to abort, then use an
   alternative filtering tool such as 'git filter-repo'
   (https://github.com/newren/git-filter-repo/) instead. See the
   filter-branch manual page for more details; to squelch this warning,
   set FILTER_BRANCH_SQUELCH_WARNING=1.
   Proceeding with filter-branch...
2. Setting the committer email to match the Signed-off-by email:
3. Adding proper Signed-off-by lines to all commits

The DCO check is now passing. The branch has been force-pushed and the PR is updated automatically.

All other checks are passing. Ready for review!

[localai-bot]

Merge Conflict Resolution

I've resolved the merge conflicts by rebasing the branch on top of the latest upstream/master.

Actions Taken:

1. Rebased the branch fix-settings-api-keys-dup on top of upstream/master
2. All conflicts resolved automatically (no manual intervention needed)
3. Force-pushed the rebased branch to the fork

Current Status:

• Branch now includes all commits from upstream/master
• Your changes (API key deduplication fix) are preserved on top of the latest code
• Ready for review and merge

The PR should now show as mergeable. Please review and merge when ready!