mirror of
https://github.com/infiniflow/ragflow.git
synced 2026-07-10 13:45:44 +08:00
fix(preview): authenticate markdown document preview requests (#15589)
## Summary Fixes [#15585](https://github.com/infiniflow/ragflow/issues/15585). - Route markdown preview through the shared `request` client (same as txt/image previewers) so `Authorization` headers and interceptors are applied consistently. - Add a unit test covering `AUTH_BETA` token loading for embedded search auth. ## Root cause Search result preview for `.md`/`.mdx` used raw `fetch`, which did not apply the same auth path as other preview types. That led to `401` on `GET /api/v1/documents/{id}/preview` even when the user was logged in or using an embedded search `auth` query param. ## Test plan - [ ] Log in, run a search, open a markdown citation link — preview loads (no 401). - [ ] Open an embedded shared search URL with `auth` query param, preview a markdown file — preview loads. - [ ] Confirm PDF/txt preview still works in the same search UI. --------- Co-authored-by: MkDev11 <89318445+bitloi@users.noreply.github.com> Co-authored-by: Wang Qi <wangq8@outlook.com>
This commit is contained in:
@@ -156,6 +156,12 @@ def test_load_user_api_token_fallback_and_fallback_exception(monkeypatch, caplog
|
||||
monkeypatch.setattr(apps_module.Serializer, "loads", _raise_decode)
|
||||
|
||||
fallback_user_empty_token = SimpleNamespace(email="fallback@example.com", access_token="")
|
||||
valid_token = "a" * 32
|
||||
beta_user = SimpleNamespace(
|
||||
id="tenant-1",
|
||||
email="embed@example.com",
|
||||
access_token=valid_token,
|
||||
)
|
||||
|
||||
async def _case():
|
||||
monkeypatch.setattr(apps_module.APIToken, "query", lambda **_kwargs: [SimpleNamespace(tenant_id="tenant-1")])
|
||||
@@ -171,6 +177,29 @@ def test_load_user_api_token_fallback_and_fallback_exception(monkeypatch, caplog
|
||||
with caplog.at_level(logging.WARNING):
|
||||
assert apps_module._load_user() is None
|
||||
|
||||
def _query_api_token(**kwargs):
|
||||
if kwargs.get("beta") == "embed-beta":
|
||||
return [SimpleNamespace(tenant_id="tenant-1")]
|
||||
return []
|
||||
|
||||
def _query_user(**kwargs):
|
||||
if (
|
||||
kwargs.get("id") == "tenant-1"
|
||||
and kwargs.get("status") == apps_module.StatusEnum.VALID.value
|
||||
):
|
||||
return [beta_user]
|
||||
return []
|
||||
|
||||
monkeypatch.setattr(apps_module.APIToken, "query", _query_api_token)
|
||||
monkeypatch.setattr(apps_module.UserService, "query", _query_user)
|
||||
async with quart_app.test_request_context("/", headers={"Authorization": "Bearer embed-beta"}):
|
||||
user = apps_module._load_user(auth_types=[apps_module.AUTH_BETA])
|
||||
assert user is beta_user
|
||||
assert apps_module.g.auth_type == apps_module.AUTH_BETA
|
||||
|
||||
async with quart_app.test_request_context("/", headers={"Authorization": "Bearer invalid-beta"}):
|
||||
assert apps_module._load_user(auth_types=[apps_module.AUTH_BETA]) is None
|
||||
|
||||
_run(_case())
|
||||
assert "api token fallback failed" in caplog.text
|
||||
|
||||
|
||||
Reference in New Issue
Block a user