Fix secret key inconsistency cross the RAGFlow servers (#14591)

### What problem does this PR solve?

A and B, two API servers and a REDIS server.
If A and REDIS restart, B will hold the obsolete secret key and will
lead to error.

TODO:
app.config['SECRET_KEY'] and app.secret_key still hold obsolete secret
key.

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)

---------

Signed-off-by: Jin Hai <haijin.chn@gmail.com>
This commit is contained in:
Jin Hai
2026-05-07 10:10:02 +08:00
committed by GitHub
parent 15dcdd7b5b
commit 1d0519d025
6 changed files with 28 additions and 7 deletions

View File

@@ -79,8 +79,8 @@ app.config["SESSION_REDIS"] = settings.decrypt_database_config(name="redis")
app.config["MAX_CONTENT_LENGTH"] = int(
os.environ.get("MAX_CONTENT_LENGTH", 1024 * 1024 * 1024)
)
app.config['SECRET_KEY'] = settings.SECRET_KEY
app.secret_key = settings.SECRET_KEY
app.config['SECRET_KEY'] = settings.get_secret_key()
app.secret_key = settings.get_secret_key()
commands.register_commands(app)
from functools import wraps
@@ -93,7 +93,7 @@ P = ParamSpec("P")
def _load_user():
jwt = Serializer(secret_key=settings.SECRET_KEY)
jwt = Serializer(secret_key=settings.get_secret_key())
authorization = request.headers.get("Authorization")
g.user = None
if not authorization:

View File

@@ -726,7 +726,7 @@ class User(DataBaseModel, AuthUser):
return self.email
def get_id(self):
jwt = Serializer(secret_key=settings.SECRET_KEY)
jwt = Serializer(secret_key=settings.get_secret_key())
return jwt.dumps(str(self.access_token))
class Meta:

View File

@@ -325,7 +325,7 @@ def token_required(func):
from common import settings
from itsdangerous.url_safe import URLSafeTimedSerializer as Serializer
try:
jwt = Serializer(secret_key=settings.SECRET_KEY)
jwt = Serializer(secret_key=settings.get_secret_key())
raw_token = str(jwt.loads(token))
user = UserService.query(access_token=raw_token, status=StatusEnum.VALID.value)
if user: