From f8130fdff99cbf526b203c2dd2267e8f10fdaffc Mon Sep 17 00:00:00 2001
From: Henry <hzj94@hotmail.com>
Date: Mon, 23 Oct 2023 15:46:27 +0100
Subject: [PATCH 1/2] fix Chatflow API Authentication

---
 packages/server/src/index.ts | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts
index 9d3f70524..8d4592b5c 100644
--- a/packages/server/src/index.ts
+++ b/packages/server/src/index.ts
@@ -809,18 +809,18 @@ export class App {
      * @param {Response} res
      * @param {ChatFlow} chatflow
      */
-    async validateKey(req: Request, res: Response, chatflow: ChatFlow) {
+    async validateKey(req: Request, chatflow: ChatFlow) {
         const chatFlowApiKeyId = chatflow.apikeyid
         const authorizationHeader = (req.headers['Authorization'] as string) ?? (req.headers['authorization'] as string) ?? ''
-
-        if (chatFlowApiKeyId && !authorizationHeader) return res.status(401).send(`Unauthorized`)
-
+        if (chatFlowApiKeyId && !authorizationHeader) return false
         const suppliedKey = authorizationHeader.split(`Bearer `).pop()
         if (chatFlowApiKeyId && suppliedKey) {
             const keys = await getAPIKeys()
             const apiSecret = keys.find((key) => key.id === chatFlowApiKeyId)?.apiSecret
-            if (!compareKeys(apiSecret, suppliedKey)) return res.status(401).send(`Unauthorized`)
+            if (!compareKeys(apiSecret, suppliedKey)) return false
+            return true
         }
+        return false
     }
 
     /**
@@ -846,7 +846,8 @@ export class App {
             if (!chatId) chatId = chatflowid
 
             if (!isInternal) {
-                await this.validateKey(req, res, chatflow)
+                const isKeyValidated = await this.validateKey(req, chatflow)
+                if (!isKeyValidated) return res.status(401).send('Unauthorized')
             }
 
             let isStreamValid = false

From 2f0b4e18f478d3c9c2d8019e199344290016658b Mon Sep 17 00:00:00 2001
From: Henry <hzj94@hotmail.com>
Date: Mon, 23 Oct 2023 15:52:28 +0100
Subject: [PATCH 2/2] update fix when no chatflow apikey is set

---
 packages/server/src/index.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts
index 8d4592b5c..89b36ad17 100644
--- a/packages/server/src/index.ts
+++ b/packages/server/src/index.ts
@@ -811,10 +811,13 @@ export class App {
      */
     async validateKey(req: Request, chatflow: ChatFlow) {
         const chatFlowApiKeyId = chatflow.apikeyid
+        if (!chatFlowApiKeyId) return true
+
         const authorizationHeader = (req.headers['Authorization'] as string) ?? (req.headers['authorization'] as string) ?? ''
         if (chatFlowApiKeyId && !authorizationHeader) return false
+
         const suppliedKey = authorizationHeader.split(`Bearer `).pop()
-        if (chatFlowApiKeyId && suppliedKey) {
+        if (suppliedKey) {
             const keys = await getAPIKeys()
             const apiSecret = keys.find((key) => key.id === chatFlowApiKeyId)?.apiSecret
             if (!compareKeys(apiSecret, suppliedKey)) return false