Skip to content

Commit 4d92e1a

Browse files
shaohuzhang1wangliang181230
authored andcommitted
fix: By using API keys from different applications, it is possible to call the same application for dialogue 1Panel-dev#4854 (1Panel-dev#4869)
1 parent e7be283 commit 4d92e1a

File tree

1 file changed

+7
-4
lines changed

1 file changed

+7
-4
lines changed

apps/chat/views/chat.py

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -80,10 +80,13 @@ class OpenAIView(APIView):
8080
)
8181
def post(self, request: Request, application_id: str):
8282
ip_address = _get_ip_address(request)
83-
return OpenAIChatSerializer(data={'application_id': application_id, 'chat_user_id': request.auth.chat_user_id,
84-
'chat_user_type': request.auth.chat_user_type,
85-
'ip_address': ip_address,
86-
'source': {"type": ChatSourceChoices.API_CALL.value}}).chat(request.data)
83+
if application_id != str(request.auth.application_id):
84+
raise AppAuthenticationFailed(500, _('Secret key is invalid'))
85+
return OpenAIChatSerializer(
86+
data={'application_id': application_id, 'chat_user_id': request.auth.chat_user_id,
87+
'chat_user_type': request.auth.chat_user_type,
88+
'ip_address': ip_address,
89+
'source': {"type": ChatSourceChoices.API_CALL.value}}).chat(request.data)
8790

8891

8992
class AnonymousAuthentication(APIView):

0 commit comments

Comments
 (0)