AI/dify
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/langgenius/dify.git synced 2025-08-14 05:16:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: optimize service api authorization header invalid error (#910)

Browse Source
This commit is contained in:
takatost 2023-08-18 20:32:44 +08:00 committed by GitHub
parent db7156dafd
commit 09ea27f1ee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api/controllers/service_api/wraps.py
View File

@ -17,7 +17,7 @@ def validate_app_token(view=None):
def decorated(*args, **kwargs): def decorated(*args, **kwargs):
api_token = validate_and_get_api_token('app') api_token = validate_and_get_api_token('app')
app_model = db.session.query(App).get(api_token.app_id) app_model = db.session.query(App).filter(App.id == api_token.app_id).first()
if not app_model: if not app_model:
raise NotFound() raise NotFound()
@ -44,7 +44,7 @@ def validate_dataset_token(view=None):
def decorated(*args, **kwargs): def decorated(*args, **kwargs):
api_token = validate_and_get_api_token('dataset') api_token = validate_and_get_api_token('dataset')
dataset = db.session.query(Dataset).get(api_token.dataset_id) dataset = db.session.query(Dataset).filter(Dataset.id == api_token.dataset_id).first()
if not dataset: if not dataset:
raise NotFound() raise NotFound()
@ -64,14 +64,14 @@ def validate_and_get_api_token(scope=None):
Validate and get API token. Validate and get API token.
""" """
auth_header = request.headers.get('Authorization') auth_header = request.headers.get('Authorization')
if auth_header is None: if auth_header is None or ' ' not in auth_header:
raise Unauthorized() raise Unauthorized("Authorization header must be provided and start with 'Bearer'")
auth_scheme, auth_token = auth_header.split(None, 1) auth_scheme, auth_token = auth_header.split(None, 1)
auth_scheme = auth_scheme.lower() auth_scheme = auth_scheme.lower()
if auth_scheme != 'bearer': if auth_scheme != 'bearer':
raise Unauthorized() raise Unauthorized("Authorization scheme must be 'Bearer'")
api_token = db.session.query(ApiToken).filter( api_token = db.session.query(ApiToken).filter(
ApiToken.token == auth_token, ApiToken.token == auth_token,
@ -79,7 +79,7 @@ def validate_and_get_api_token(scope=None):
).first() ).first()
if not api_token: if not api_token:
raise Unauthorized() raise Unauthorized("Access token is invalid")
api_token.last_used_at = datetime.utcnow() api_token.last_used_at = datetime.utcnow()
db.session.commit() db.session.commit()