Merge pull request #1119 from FlowiseAI/bugfix/API-Authentication

HenryHengZJ · web-flow · commit 012fe45e8610 · 2023-10-23T16:29:34.000+01:00
Bugfix/Chatflow API Authentication
diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts
@@ -809,18 +809,21 @@ export class App {
      * @param {Response} res
      * @param {ChatFlow} chatflow
      */
-    async validateKey(req: Request, res: Response, chatflow: ChatFlow) {
+    async validateKey(req: Request, chatflow: ChatFlow) {
         const chatFlowApiKeyId = chatflow.apikeyid
-        const authorizationHeader = (req.headers['Authorization'] as string) ?? (req.headers['authorization'] as string) ?? ''
+        if (!chatFlowApiKeyId) return true
 
-        if (chatFlowApiKeyId && !authorizationHeader) return res.status(401).send(`Unauthorized`)
+        const authorizationHeader = (req.headers['Authorization'] as string) ?? (req.headers['authorization'] as string) ?? ''
+        if (chatFlowApiKeyId && !authorizationHeader) return false
 
         const suppliedKey = authorizationHeader.split(`Bearer `).pop()
-        if (chatFlowApiKeyId && suppliedKey) {
+        if (suppliedKey) {
             const keys = await getAPIKeys()
             const apiSecret = keys.find((key) => key.id === chatFlowApiKeyId)?.apiSecret
-            if (!compareKeys(apiSecret, suppliedKey)) return res.status(401).send(`Unauthorized`)
+            if (!compareKeys(apiSecret, suppliedKey)) return false
+            return true
         }
+        return false
     }
 
     /**
@@ -846,7 +849,8 @@ export class App {
             if (!chatId) chatId = chatflowid
 
             if (!isInternal) {
-                await this.validateKey(req, res, chatflow)
+                const isKeyValidated = await this.validateKey(req, chatflow)
+                if (!isKeyValidated) return res.status(401).send('Unauthorized')
             }
 
             let isStreamValid = false
