opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-04-29 20:48:01 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: support webapp passport token with end_user_id in web API auth (#27396)

Browse Source
This commit is contained in:
Novice 2025-10-24 13:29:47 +08:00 committed by GitHub
parent fa6d03c979
commit eabdb09f8e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 26 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
api/extensions/ext_login.py
View File

@ -6,10 +6,11 @@ from flask_login import user_loaded_from_request, user_logged_in
from werkzeug.exceptions import NotFound, Unauthorized from werkzeug.exceptions import NotFound, Unauthorized
from configs import dify_config from configs import dify_config
from constants import HEADER_NAME_APP_CODE
from dify_app import DifyApp from dify_app import DifyApp
from extensions.ext_database import db from extensions.ext_database import db
from libs.passport import PassportService from libs.passport import PassportService
from libs.token import extract_access_token from libs.token import extract_access_token, extract_webapp_passport
from models import Account, Tenant, TenantAccountJoin from models import Account, Tenant, TenantAccountJoin
from models.model import AppMCPServer, EndUser from models.model import AppMCPServer, EndUser
from services.account_service import AccountService from services.account_service import AccountService
@ -61,14 +62,30 @@ def load_user_from_request(request_from_flask_login):
logged_in_account = AccountService.load_logged_in_account(account_id=user_id) logged_in_account = AccountService.load_logged_in_account(account_id=user_id)
return logged_in_account return logged_in_account
elif request.blueprint == "web": elif request.blueprint == "web":
decoded = PassportService().verify(auth_token) app_code = request.headers.get(HEADER_NAME_APP_CODE)
end_user_id = decoded.get("end_user_id") webapp_token = extract_webapp_passport(app_code, request) if app_code else None
if not end_user_id:
raise Unauthorized("Invalid Authorization token.") if webapp_token:
end_user = db.session.query(EndUser).where(EndUser.id == decoded["end_user_id"]).first() decoded = PassportService().verify(webapp_token)
if not end_user: end_user_id = decoded.get("end_user_id")
raise NotFound("End user not found.") if not end_user_id:
return end_user raise Unauthorized("Invalid Authorization token.")
end_user = db.session.query(EndUser).where(EndUser.id == end_user_id).first()
if not end_user:
raise NotFound("End user not found.")
return end_user
else:
if not auth_token:
raise Unauthorized("Invalid Authorization token.")
decoded = PassportService().verify(auth_token)
end_user_id = decoded.get("end_user_id")
if end_user_id:
end_user = db.session.query(EndUser).where(EndUser.id == end_user_id).first()
if not end_user:
raise NotFound("End user not found.")
return end_user
else:
raise Unauthorized("Invalid Authorization token for web API.")
elif request.blueprint == "mcp": elif request.blueprint == "mcp":
server_code = request.view_args.get("server_code") if request.view_args else None server_code = request.view_args.get("server_code") if request.view_args else None
if not server_code: if not server_code: