From 13785edaae8afada4fe09e31284722b3f3212034 Mon Sep 17 00:00:00 2001
From: H <43509927+guoyuhao2330@users.noreply.github.com>
Date: Mon, 26 Aug 2024 17:29:44 +0800
Subject: [PATCH] Fix  API key validation api/conversation (#2100)

### What problem does this PR solve?

#2081

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)
---
 api/apps/api_app.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/api/apps/api_app.py b/api/apps/api_app.py
index d9375941f..af5b4bfda 100644
--- a/api/apps/api_app.py
+++ b/api/apps/api_app.py
@@ -344,12 +344,22 @@ def completion():
 @manager.route('/conversation/<conversation_id>', methods=['GET'])
 # @login_required
 def get(conversation_id):
+    token = request.headers.get('Authorization').split()[1]
+    objs = APIToken.query(token=token)
+    if not objs:
+        return get_json_result(
+            data=False, retmsg='Token is not valid!"', retcode=RetCode.AUTHENTICATION_ERROR)
+    
     try:
         e, conv = API4ConversationService.get_by_id(conversation_id)
         if not e:
             return get_data_error_result(retmsg="Conversation not found!")
 
         conv = conv.to_dict()
+        if token != APIToken.query(dialog_id=conv['dialog_id'])[0].token:
+            return get_json_result(data=False, retmsg='Token is not valid for this conversation_id!"',
+                                   retcode=RetCode.AUTHENTICATION_ERROR)
+            
         for referenct_i in conv['reference']:
             if referenct_i is None or len(referenct_i) == 0:
                 continue
@@ -769,4 +779,4 @@ def retrieval():
         if str(e).find("not_found") > 0:
             return get_json_result(data=False, retmsg=f'No chunk found! Check the chunk status please!',
                                    retcode=RetCode.DATA_ERROR)
-        return server_error_response(e)
\ No newline at end of file
+        return server_error_response(e)