mirror of
https://github.com/infiniflow/ragflow.git
synced 2026-07-10 13:45:44 +08:00
Fix: simplify _load_user (#14154)
### What problem does this PR solve? Simplify _load_user, remove unused fallback. ### Type of change - [x] Refactoring
This commit is contained in:
@@ -99,66 +99,57 @@ def _load_user():
|
||||
if not authorization:
|
||||
return None
|
||||
|
||||
# Extract auth_token based on whether Authorization starts with "bearer" (case-insensitive)
|
||||
if authorization.lower().startswith("bearer "):
|
||||
parts = authorization.split(maxsplit=1)
|
||||
if len(parts) < 2:
|
||||
logging.warning("Authorization header has invalid bearer format")
|
||||
return None
|
||||
auth_token = parts[1]
|
||||
else:
|
||||
auth_token = authorization
|
||||
|
||||
# Try JWT decoding
|
||||
try:
|
||||
access_token = str(jwt.loads(authorization))
|
||||
access_token = str(jwt.loads(auth_token))
|
||||
|
||||
if not access_token or not access_token.strip():
|
||||
logging.warning("Authentication attempt with empty access token")
|
||||
return None
|
||||
|
||||
# Access tokens should be UUIDs (32 hex characters)
|
||||
if len(access_token.strip()) < 32:
|
||||
logging.warning(f"Authentication attempt with invalid token format: {len(access_token)} chars")
|
||||
return None
|
||||
|
||||
user = UserService.query(
|
||||
access_token=access_token, status=StatusEnum.VALID.value
|
||||
)
|
||||
user = UserService.query(access_token=access_token, status=StatusEnum.VALID.value)
|
||||
if user:
|
||||
if not user[0].access_token or not user[0].access_token.strip():
|
||||
logging.warning(f"User {user[0].email} has empty access_token in database")
|
||||
return None
|
||||
g.user = user[0]
|
||||
return user[0]
|
||||
except Exception as e_auth:
|
||||
logging.warning(f"load_user from jwt got exception {e_auth}")
|
||||
try:
|
||||
authorization = request.headers.get("Authorization")
|
||||
if len(authorization.split()) == 2:
|
||||
token = authorization.split()[1]
|
||||
objs = APIToken.query(token=token)
|
||||
if objs:
|
||||
user = UserService.query(id=objs[0].tenant_id, status=StatusEnum.VALID.value)
|
||||
if user:
|
||||
if not user[0].access_token or not user[0].access_token.strip():
|
||||
logging.warning(f"User {user[0].email} has empty access_token in database")
|
||||
return None
|
||||
g.user = user[0]
|
||||
return user[0]
|
||||
else:
|
||||
logging.warning(f"load_user: No user found for tenant_id={objs[0].tenant_id} from APIToken")
|
||||
else:
|
||||
logging.warning(f"load_user: No APIToken found for token={token[:10]}...")
|
||||
except Exception as e_api_token:
|
||||
logging.warning(f"load_user from api token got exception {e_api_token}")
|
||||
# Fallback: try raw authorization value as access_token (for login tokens sent without JWT)
|
||||
try:
|
||||
authorization = request.headers.get("Authorization")
|
||||
if authorization and len(authorization.split()) == 1:
|
||||
# Single value without "Bearer " prefix - try as raw access_token
|
||||
access_token = authorization.strip()
|
||||
if access_token and len(access_token) >= 32:
|
||||
user = UserService.query(
|
||||
access_token=access_token, status=StatusEnum.VALID.value
|
||||
)
|
||||
if user:
|
||||
if not user[0].access_token or not user[0].access_token.strip():
|
||||
logging.warning(f"User {user[0].email} has empty access_token in database")
|
||||
return None
|
||||
g.user = user[0]
|
||||
return user[0]
|
||||
except Exception as e_raw_token:
|
||||
logging.warning(f"load_user raw token fallback got exception {e_raw_token}")
|
||||
return None
|
||||
except Exception as e_jwt:
|
||||
logging.warning(f"load_user from jwt got exception {e_jwt}")
|
||||
|
||||
# JWT decode failed, try as api_token
|
||||
try:
|
||||
objs = APIToken.query(token=auth_token)
|
||||
if objs:
|
||||
user = UserService.query(id=objs[0].tenant_id, status=StatusEnum.VALID.value)
|
||||
if user:
|
||||
if not user[0].access_token or not user[0].access_token.strip():
|
||||
logging.warning(f"User {user[0].email} has empty access_token in database")
|
||||
return None
|
||||
g.user = user[0]
|
||||
return user[0]
|
||||
logging.warning(f"load_user: No user found for tenant_id={objs[0].tenant_id} from APIToken")
|
||||
else:
|
||||
logging.warning(f"load_user: No APIToken found for token={auth_token[:10]}...")
|
||||
except Exception as e_api_token:
|
||||
logging.warning(f"load_user from api token got exception {e_api_token}")
|
||||
|
||||
return None
|
||||
|
||||
|
||||
current_user = LocalProxy(_load_user)
|
||||
|
||||
@@ -48,11 +48,6 @@ const storage = {
|
||||
};
|
||||
|
||||
export const getAuthorization = () => {
|
||||
const jwtAuth = getSearchValue('jwt_auth');
|
||||
if (jwtAuth) {
|
||||
return jwtAuth;
|
||||
}
|
||||
|
||||
const auth = getSearchValue('auth');
|
||||
const authorization = auth
|
||||
? 'Bearer ' + auth
|
||||
|
||||
Reference in New Issue
Block a user