Fix secret key inconsistency cross the RAGFlow servers (#14591)

### What problem does this PR solve? A and B, two API servers and a REDIS server. If A and REDIS restart, B will hold the obsolete secret key and will lead to error. TODO: app.config['SECRET_KEY'] and app.secret_key still hold obsolete secret key. ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) --------- Signed-off-by: Jin Hai <haijin.chn@gmail.com>
2026-06-29 23:41:12 +08:00 · 2026-05-07 10:10:02 +08:00
parent 15dcdd7b5b
commit 1d0519d025
6 changed files with 28 additions and 7 deletions
--- a/api/utils/api_utils.py
+++ b/api/utils/api_utils.py
@@ -325,7 +325,7 @@ def token_required(func):
        from common import settings
        from itsdangerous.url_safe import URLSafeTimedSerializer as Serializer
        try:
-            jwt = Serializer(secret_key=settings.SECRET_KEY)
+            jwt = Serializer(secret_key=settings.get_secret_key())
            raw_token = str(jwt.loads(token))
            user = UserService.query(access_token=raw_token, status=StatusEnum.VALID.value)
            if user: