Implement UpdateDataset and UpdateMetadata in GO (#13928)

### What problem does this PR solve? Implement UpdateDataset and UpdateMetadata in GO Add cli: UPDATE CHUNK <chunk_id> OF DATASET <dataset_name> SET <update_fields> REMOVE TAGS 'tag1', 'tag2' from DATASET 'dataset_name'; SET METADATA OF DOCUMENT <doc_id> TO <meta> ### Type of change - [ ] Refactoring
2026-06-29 15:31:05 +08:00 · 2026-04-07 09:44:51 +08:00
parent 60ec5880e5
commit 49386bc1b5
27 changed files with 1620 additions and 171 deletions
--- a/api/utils/api_utils.py
+++ b/api/utils/api_utils.py
@@ -307,18 +307,43 @@ def token_required(func):
            raise err

        token = authorization_list[1]
-        objs = APIToken.query(token=token)
-        if not objs:
-            err = WerkzeugUnauthorized(description="Authentication error: API key is invalid!")
-            err.code = RetCode.AUTHENTICATION_ERROR
-            raise err

-        # On success, inject tenant_id into the route function's kwargs
-        kwargs["tenant_id"] = objs[0].tenant_id
-        result = func(*args, **kwargs)
-        if inspect.iscoroutine(result):
-            return await result
-        return result
+        # First try API token (explicit API token authentication)
+        objs = APIToken.query(token=token)
+        if objs:
+            # On success, inject tenant_id into the route function's kwargs
+            kwargs["tenant_id"] = objs[0].tenant_id
+            result = func(*args, **kwargs)
+            if inspect.iscoroutine(result):
+                return await result
+            return result
+
+        # Fallback: try login token (for clients that use login token as API token)
+        # Login tokens are JWT-encoded (URLSafeTimedSerializer), need to decode to get raw access_token
+        from api.db.services.user_service import UserService
+        from common.constants import StatusEnum
+        from common import settings
+        from itsdangerous.url_safe import URLSafeTimedSerializer as Serializer
+        try:
+            jwt = Serializer(secret_key=settings.SECRET_KEY)
+            raw_token = str(jwt.loads(token))
+            user = UserService.query(access_token=raw_token, status=StatusEnum.VALID.value)
+            if user:
+                # On success, inject tenant_id from user's tenant
+                from api.db.services.user_service import UserTenantService
+                tenants = UserTenantService.query(user_id=user[0].id)
+                if tenants:
+                    kwargs["tenant_id"] = tenants[0].tenant_id
+                    result = func(*args, **kwargs)
+                    if inspect.iscoroutine(result):
+                        return await result
+                    return result
+        except Exception:
+            pass
+
+        err = WerkzeugUnauthorized(description="Authentication error: API key is invalid!")
+        err.code = RetCode.AUTHENTICATION_ERROR
+        raise err

    return wrapper