Skip to content

fix: OpenAPI authentication #4110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
shaohuzhang1 merged 1 commit into from
Sep 25, 2025
Merged

fix: OpenAPI authentication #4110

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion apps/common/middleware/doc_headers_middleware.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,8 @@

class DocHeadersMiddleware(MiddlewareMixin):
def process_response(self, request, response):
if request.path.startswith('/doc/') or request.path.startswith('/doc_chat/'):
if request.path.startswith(CONFIG.get_admin_path() + '/api-doc/') or request.path.startswith(
CONFIG.get_chat_path() + '/api-doc/'):
auth = request.COOKIES.get('Authorization')
if auth is None:
return HttpResponse(content)
Copy link
Contributor Author

@shaohuzhang1 shaohuzhang1 Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The provided code snippet has a logical error in that it does not check for authentication when the path starts with /doc-chat/. This can lead to unauthorized access for this route. Additionally, the function CONFIG.get_admin_path() and CONFIG.get_chat_path() should ideally be called within the scope of where they are defined or imported.

To correct these issues:

  1. Add an additional condition to check for the presence of authentication on paths starting with '/doc_chat/'.
if request.path.startswith(CONFIG.get_admin_path() + '/api-doc/') or \
   request.path.startswith(CONFIG.get_chat_path() + '/api-doc/') or \
   (request.path.startswith('/doc_chat/') and auth is None):
  1. Ensure that CONFIG is properly initialized before being used in process_response.
  2. Consider adding logging statements to help debug potential issues.

Expand Down
Loading