Fix: simplify _load_user (#14154)

### What problem does this PR solve?

Simplify _load_user, remove unused fallback.

### Type of change

- [x] Refactoring
This commit is contained in:
Lynn
2026-04-16 18:47:43 +08:00
committed by GitHub
parent 4cf4d444d2
commit 655dd2f8c6
2 changed files with 35 additions and 49 deletions

View File

@@ -99,66 +99,57 @@ def _load_user():
if not authorization:
return None
# Extract auth_token based on whether Authorization starts with "bearer" (case-insensitive)
if authorization.lower().startswith("bearer "):
parts = authorization.split(maxsplit=1)
if len(parts) < 2:
logging.warning("Authorization header has invalid bearer format")
return None
auth_token = parts[1]
else:
auth_token = authorization
# Try JWT decoding
try:
access_token = str(jwt.loads(authorization))
access_token = str(jwt.loads(auth_token))
if not access_token or not access_token.strip():
logging.warning("Authentication attempt with empty access token")
return None
# Access tokens should be UUIDs (32 hex characters)
if len(access_token.strip()) < 32:
logging.warning(f"Authentication attempt with invalid token format: {len(access_token)} chars")
return None
user = UserService.query(
access_token=access_token, status=StatusEnum.VALID.value
)
user = UserService.query(access_token=access_token, status=StatusEnum.VALID.value)
if user:
if not user[0].access_token or not user[0].access_token.strip():
logging.warning(f"User {user[0].email} has empty access_token in database")
return None
g.user = user[0]
return user[0]
except Exception as e_auth:
logging.warning(f"load_user from jwt got exception {e_auth}")
try:
authorization = request.headers.get("Authorization")
if len(authorization.split()) == 2:
token = authorization.split()[1]
objs = APIToken.query(token=token)
if objs:
user = UserService.query(id=objs[0].tenant_id, status=StatusEnum.VALID.value)
if user:
if not user[0].access_token or not user[0].access_token.strip():
logging.warning(f"User {user[0].email} has empty access_token in database")
return None
g.user = user[0]
return user[0]
else:
logging.warning(f"load_user: No user found for tenant_id={objs[0].tenant_id} from APIToken")
else:
logging.warning(f"load_user: No APIToken found for token={token[:10]}...")
except Exception as e_api_token:
logging.warning(f"load_user from api token got exception {e_api_token}")
# Fallback: try raw authorization value as access_token (for login tokens sent without JWT)
try:
authorization = request.headers.get("Authorization")
if authorization and len(authorization.split()) == 1:
# Single value without "Bearer " prefix - try as raw access_token
access_token = authorization.strip()
if access_token and len(access_token) >= 32:
user = UserService.query(
access_token=access_token, status=StatusEnum.VALID.value
)
if user:
if not user[0].access_token or not user[0].access_token.strip():
logging.warning(f"User {user[0].email} has empty access_token in database")
return None
g.user = user[0]
return user[0]
except Exception as e_raw_token:
logging.warning(f"load_user raw token fallback got exception {e_raw_token}")
return None
except Exception as e_jwt:
logging.warning(f"load_user from jwt got exception {e_jwt}")
# JWT decode failed, try as api_token
try:
objs = APIToken.query(token=auth_token)
if objs:
user = UserService.query(id=objs[0].tenant_id, status=StatusEnum.VALID.value)
if user:
if not user[0].access_token or not user[0].access_token.strip():
logging.warning(f"User {user[0].email} has empty access_token in database")
return None
g.user = user[0]
return user[0]
logging.warning(f"load_user: No user found for tenant_id={objs[0].tenant_id} from APIToken")
else:
logging.warning(f"load_user: No APIToken found for token={auth_token[:10]}...")
except Exception as e_api_token:
logging.warning(f"load_user from api token got exception {e_api_token}")
return None
current_user = LocalProxy(_load_user)

View File

@@ -48,11 +48,6 @@ const storage = {
};
export const getAuthorization = () => {
const jwtAuth = getSearchValue('jwt_auth');
if (jwtAuth) {
return jwtAuth;
}
const auth = getSearchValue('auth');
const authorization = auth
? 'Bearer ' + auth