Merge pull request #1119 from FlowiseAI/bugfix/API-Authentication

Bugfix/Chatflow API Authentication
2023-10-23 16:29:34 +01:00 · 2023-10-23 16:29:34 +01:00 · 012fe45e86
parent 43ca334b1d 2f0b4e18f4
commit 012fe45e86
1 changed files with 10 additions and 6 deletions
--- a/packages/server/src/index.ts
+++ b/packages/server/src/index.ts
@ -809,18 +809,21 @@ export class App {
     * @param {Response} res
     * @param {ChatFlow} chatflow
     */
-    async validateKey(req: Request, res: Response, chatflow: ChatFlow) {
+    async validateKey(req: Request, chatflow: ChatFlow) {
        const chatFlowApiKeyId = chatflow.apikeyid
-        const authorizationHeader = (req.headers['Authorization'] as string) ?? (req.headers['authorization'] as string) ?? ''
+        if (!chatFlowApiKeyId) return true

-        if (chatFlowApiKeyId && !authorizationHeader) return res.status(401).send(`Unauthorized`)
+        const authorizationHeader = (req.headers['Authorization'] as string) ?? (req.headers['authorization'] as string) ?? ''
+        if (chatFlowApiKeyId && !authorizationHeader) return false

        const suppliedKey = authorizationHeader.split(`Bearer `).pop()
-        if (chatFlowApiKeyId && suppliedKey) {
+        if (suppliedKey) {
            const keys = await getAPIKeys()
            const apiSecret = keys.find((key) => key.id === chatFlowApiKeyId)?.apiSecret
-            if (!compareKeys(apiSecret, suppliedKey)) return res.status(401).send(`Unauthorized`)
+            if (!compareKeys(apiSecret, suppliedKey)) return false
+            return true
        }
+        return false
    }

    /**
@ -846,7 +849,8 @@ export class App {
            if (!chatId) chatId = chatflowid

            if (!isInternal) {
-                await this.validateKey(req, res, chatflow)
+                const isKeyValidated = await this.validateKey(req, chatflow)
+                if (!isKeyValidated) return res.status(401).send('Unauthorized')
            }

            let isStreamValid = false