Bugfix/whitelist urls for non password protected instance (#3085)

whitelist urls for non password protected instance
2024-08-26 11:29:46 +01:00 · 2024-08-26 11:29:46 +01:00 · 75f779f861
parent 759e07dfaa
commit 75f779f861
1 changed files with 22 additions and 19 deletions
--- a/packages/server/src/index.ts
+++ b/packages/server/src/index.ts
@ -117,30 +117,31 @@ export class App {
            next()
        })

+        const whitelistURLs = [
+            '/api/v1/verify/apikey/',
+            '/api/v1/chatflows/apikey/',
+            '/api/v1/public-chatflows',
+            '/api/v1/public-chatbotConfig',
+            '/api/v1/prediction/',
+            '/api/v1/vector/upsert/',
+            '/api/v1/node-icon/',
+            '/api/v1/components-credentials-icon/',
+            '/api/v1/chatflows-streaming',
+            '/api/v1/chatflows-uploads',
+            '/api/v1/openai-assistants-file/download',
+            '/api/v1/feedback',
+            '/api/v1/leads',
+            '/api/v1/get-upload-file',
+            '/api/v1/ip',
+            '/api/v1/ping'
+        ]
+
        if (process.env.FLOWISE_USERNAME && process.env.FLOWISE_PASSWORD) {
            const username = process.env.FLOWISE_USERNAME
            const password = process.env.FLOWISE_PASSWORD
            const basicAuthMiddleware = basicAuth({
                users: { [username]: password }
            })
-            const whitelistURLs = [
-                '/api/v1/verify/apikey/',
-                '/api/v1/chatflows/apikey/',
-                '/api/v1/public-chatflows',
-                '/api/v1/public-chatbotConfig',
-                '/api/v1/prediction/',
-                '/api/v1/vector/upsert/',
-                '/api/v1/node-icon/',
-                '/api/v1/components-credentials-icon/',
-                '/api/v1/chatflows-streaming',
-                '/api/v1/chatflows-uploads',
-                '/api/v1/openai-assistants-file/download',
-                '/api/v1/feedback',
-                '/api/v1/leads',
-                '/api/v1/get-upload-file',
-                '/api/v1/ip',
-                '/api/v1/ping'
-            ]
            this.app.use(async (req, res, next) => {
                if (/\/api\/v1\//i.test(req.url)) {
                    if (whitelistURLs.some((url) => new RegExp(url, 'i').test(req.url))) {
@ -161,7 +162,9 @@ export class App {
        } else {
            this.app.use(async (req, res, next) => {
                if (/\/api\/v1\//i.test(req.url)) {
-                    if (req.headers['x-request-from'] === 'internal') {
+                    if (whitelistURLs.some((url) => new RegExp(url, 'i').test(req.url))) {
+                        next()
+                    } else if (req.headers['x-request-from'] === 'internal') {
                        next()
                    } else {
                        const isKeyValidated = await validateAPIKey(req)