fix(tts): harden StepFun provider integration

- Validate voice.provider against known whitelist (xiaomi|stepfun) in
  beat-audio route to return a clear 400 instead of falling through
- Move single-char pronouns (他/她) to weak-signal fallback in
  detectGender to avoid false positives on compounds like 其他
- Update .env.example with StepFun configuration examples

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
yuanzonghao
2026-06-09 14:24:27 +08:00
parent 04f22249c9
commit 1a6238f8b8
3 changed files with 28 additions and 10 deletions
+8 -2
View File
@@ -16,9 +16,15 @@ export async function POST(req: Request) {
// Accept either provider's voice shape — xiaomi carries referenceAudioBase64,
// stepfun carries voiceId. We only check the discriminator + the line text;
// shape-specific validation lives in each provider's synth function.
if (!body.beat?.id || !body.beat?.line || !body.voice?.provider) {
const VALID_TTS_PROVIDERS = ["xiaomi", "stepfun"];
if (
!body.beat?.id ||
!body.beat?.line ||
!body.voice?.provider ||
!VALID_TTS_PROVIDERS.includes(body.voice.provider)
) {
return NextResponse.json(
{ error: "beat.id, beat.line and voice.provider are required" },
{ error: "beat.id, beat.line and voice.provider (xiaomi|stepfun) are required" },
{ status: 400 },
);
}