feat: Separate dialogue authentication processor and system authentication processor (#4552)

shaohuzhang1 · web-flow · commit b39ecf691bfc · 2025-12-23T18:50:48.000+08:00
diff --git a/apps/chat/views/chat.py b/apps/chat/views/chat.py
@@ -21,7 +21,7 @@
     TextToSpeechSerializers, OpenAIChatSerializer
 from chat.serializers.chat_authentication import AnonymousAuthenticationSerializer, ApplicationProfileSerializer, \
     AuthProfileSerializer
-from common.auth import TokenAuth
+from common.auth import ChatTokenAuth
 from common.constants.permission_constants import ChatAuth
 from common.exception.app_exception import AppAuthenticationFailed
 from common.result import result
@@ -65,7 +65,7 @@ def get(self, request: Request):
 
 
 class OpenAIView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]
 
     @extend_schema(
         methods=['POST'],
@@ -108,7 +108,7 @@ def post(self, request: Request):
 
 
 class ApplicationProfile(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]
 
     @extend_schema(
         methods=['GET'],
@@ -142,7 +142,7 @@ def get(self, request: Request):
 
 
 class ChatView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]
 
     @extend_schema(
         methods=['POST'],
@@ -164,7 +164,7 @@ def post(self, request: Request, chat_id: str):
 
 
 class OpenView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]
 
     @extend_schema(
         methods=['GET'],
@@ -196,7 +196,7 @@ def get(self, request: Request):
 
 
 class SpeechToText(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]
 
     @extend_schema(
         methods=['POST'],
@@ -215,7 +215,7 @@ def post(self, request: Request):
 
 
 class TextToSpeech(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]
 
     @extend_schema(
         methods=['POST'],
@@ -234,7 +234,7 @@ def post(self, request: Request):
 
 
 class UploadFile(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]
     parser_classes = [MultiPartParser]
 
     @extend_schema(
diff --git a/apps/chat/views/chat_record.py b/apps/chat/views/chat_record.py
@@ -18,11 +18,11 @@
 from chat.serializers.chat_record import VoteSerializer, HistoricalConversationSerializer, \
     HistoricalConversationRecordSerializer, HistoricalConversationOperateSerializer
 from common import result
-from common.auth import TokenAuth
+from common.auth import ChatTokenAuth
 
 
 class VoteView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]
 
     @extend_schema(
         methods=['PUT'],
@@ -42,7 +42,7 @@ def put(self, request: Request, chat_id: str, chat_record_id: str):
 
 
 class HistoricalConversationView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]
 
     @extend_schema(
         methods=['GET'],
@@ -61,7 +61,7 @@ def get(self, request: Request):
             }).list())
 
     class Operate(APIView):
-        authentication_classes = [TokenAuth]
+        authentication_classes = [ChatTokenAuth]
 
         @extend_schema(
             methods=['PUT'],
@@ -100,7 +100,7 @@ def delete(self, request: Request, chat_id: str):
                 }).logic_delete())
 
     class BatchDelete(APIView):
-        authentication_classes = [TokenAuth]
+        authentication_classes = [ChatTokenAuth]
 
         @extend_schema(
             methods=['DELETE'],
@@ -118,7 +118,7 @@ def delete(self, request: Request):
             }).batch_logic_delete())
 
     class PageView(APIView):
-        authentication_classes = [TokenAuth]
+        authentication_classes = [ChatTokenAuth]
 
         @extend_schema(
             methods=['GET'],
@@ -138,7 +138,7 @@ def get(self, request: Request, current_page: int, page_size: int):
 
 
 class HistoricalConversationRecordView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]
 
     @extend_schema(
         methods=['GET'],
@@ -158,7 +158,7 @@ def get(self, request: Request, chat_id: str):
             }).list())
 
     class PageView(APIView):
-        authentication_classes = [TokenAuth]
+        authentication_classes = [ChatTokenAuth]
 
         @extend_schema(
             methods=['GET'],
@@ -179,7 +179,7 @@ def get(self, request: Request, chat_id: str, current_page: int, page_size: int)
 
 
 class ChatRecordView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]
 
     @extend_schema(
         methods=['GET'],
diff --git a/apps/common/auth/authenticate.py b/apps/common/auth/authenticate.py
@@ -51,6 +51,7 @@ def new_instance_by_class_path(class_path: str):
 
 
 handles = [new_instance_by_class_path(class_path) for class_path in settings.AUTH_HANDLES]
+chat_handles = [new_instance_by_class_path(class_path) for class_path in settings.CHAT_AUTH_HANDLES]
 
 
 class TokenDetails:
@@ -93,3 +94,29 @@ def authenticate(self, request):
                                                                                                                  AppApiException):
                 raise e
             raise AppAuthenticationFailed(1002, _('Authentication information is incorrect! illegal user'))
+
+
+class ChatTokenAuth(TokenAuthentication):
+    keyword = "Bearer"
+
+    # 重新 authenticate 方法，自定义认证规则
+    def authenticate(self, request):
+        auth = request.META.get('HTTP_AUTHORIZATION')
+        # 未认证
+        if auth is None:
+            raise AppAuthenticationFailed(1003, _('Not logged in, please log in first'))
+        if not auth.startswith("Bearer "):
+            raise AppAuthenticationFailed(1002, _('Authentication information is incorrect! illegal user'))
+        try:
+            token = auth[7:]
+            token_details = TokenDetails(token)
+            for handle in chat_handles:
+                if handle.support(request, token, token_details.get_token_details):
+                    return handle.handle(request, token, token_details.get_token_details)
+            raise AppAuthenticationFailed(1002, _('Authentication information is incorrect! illegal user'))
+        except Exception as e:
+            maxkb_logger.error(f'Exception: {e}', exc_info=True)
+            if isinstance(e, AppEmbedIdentityFailed) or isinstance(e, AppChatNumOutOfBoundsFailed) or isinstance(e,
+                                                                                                                 AppApiException):
+                raise e
+            raise AppAuthenticationFailed(1002, _('Authentication information is incorrect! illegal user'))
diff --git a/apps/maxkb/settings/auth/model.py b/apps/maxkb/settings/auth/model.py
@@ -9,3 +9,5 @@
 
 AUTH_HANDLES = [
 ]
+CHAT_AUTH_HANDLES = [
+]
diff --git a/apps/maxkb/settings/auth/web.py b/apps/maxkb/settings/auth/web.py
@@ -10,7 +10,10 @@
 CHAT_ANONYMOUS_USER_AURH = 'common.auth.handle.impl.chat_anonymous_user_token.ChatAnonymousUserToken'
 APPLICATION_KEY_AUTH = 'common.auth.handle.impl.application_key.ApplicationKey'
 AUTH_HANDLES = [
-    USER_TOKEN_AUTH,
+    USER_TOKEN_AUTH
+]
+
+CHAT_AUTH_HANDLES = [
     CHAT_ANONYMOUS_USER_AURH,
     APPLICATION_KEY_AUTH
 ]

Original file line number	Diff line number	Diff line change
`@@ -9,3 +9,5 @@`
`9`	`9`
`10`	`10`	`AUTH_HANDLES = [`
`11`	`11`	`]`
	`12`	`+CHAT_AUTH_HANDLES = [`
	`13`	`+]`