zlei6/ragflow
1
0
Fork 0
mirror of https://github.com/infiniflow/ragflow.git synced 2026-06-29 23:41:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

[Go] Fix searchbot BETA auth (#16450)

Browse Source
This commit is contained in:
Wang Qi
2026-06-29 16:44:21 +08:00
committed by GitHub
parent ca17808f12
commit ec5cd6b1c0
2 changed files with 17 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/router/bot_routes.go
View File

@@ -28,16 +28,14 @@ import (
// @manager.route("/chatbots/<dialog_id>/completions") bot_api.py:55
// @manager.route("/chatbots/<dialog_id>/info") bot_api.py:126
//
// Both routes use BetaAuthMiddleware as a group-level middleware.
// The two bot route groups (chatbots + agentbots) cannot share a
// registrar because each carries a different <param_name>
// (dialog_id vs agent_id) and would otherwise register paths under
// the wrong group.
func RegisterChatbotRoutes(g *gin.RouterGroup, mw gin.HandlerFunc, h *handler.BotHandler) {
func RegisterChatbotRoutes(g *gin.RouterGroup, h *handler.BotHandler) {
if g == nil || h == nil {
return
}
g.Use(mw)
g.POST("/:dialog_id/completions", h.ChatbotCompletion)
g.GET("/:dialog_id/info", h.ChatbotInfo)
}
@@ -47,11 +45,10 @@ func RegisterChatbotRoutes(g *gin.RouterGroup, mw gin.HandlerFunc, h *handler.Bo
//
// @manager.route("/agentbots/<agent_id>/completions") bot_api.py:157
// @manager.route("/agentbots/<agent_id>/inputs") bot_api.py:239
func RegisterAgentbotRoutes(g *gin.RouterGroup, mw gin.HandlerFunc, h *handler.BotHandler) {
func RegisterAgentbotRoutes(g *gin.RouterGroup, h *handler.BotHandler) {
if g == nil || h == nil {
return
}
g.Use(mw)
g.POST("/:agent_id/completions", h.AgentbotCompletion)
g.GET("/:agent_id/inputs", h.AgentbotInputs)
}

31
internal/router/router.go
View File

@@ -186,19 +186,23 @@ func (r *Router) Setup(engine *gin.Engine) {
apiNoAuth.POST("/auth/password/forgot/otp", r.userHandler.ForgotSendOTP)
apiNoAuth.POST("/auth/password/forgot/otp/verify", r.userHandler.ForgotVerifyOTP)
apiNoAuth.POST("/auth/password/reset", r.userHandler.ForgotResetPassword)
}
// Beta-token routes. Mirrors python's
// @login_required(auth_types=AUTH_BETA) on bot_api.py bot endpoints.
apiBetaAuth := engine.Group("/api/v1")
apiBetaAuth.Use(r.authHandler.BetaAuthMiddleware())
{
searchbotGroup := apiBetaAuth.Group("/searchbots")
searchbotGroup.POST("/related_questions", r.searchBotHandler.Handle)
searchbotGroup.POST("/retrieval_test", r.searchBotHandler.RetrievalTest)
searchbotGroup.POST("/ask", r.searchBotHandler.Ask)
// Public bot endpoints — beta API token only, NOT regular
// user session. Mirrors python's
// @login_required(auth_types=AUTH_BETA) on bot_api.py:55,126,157,239.
// Mounted on apiNoAuth (not on the auth-protected v1 tree) so
// external widgets / iframes / downloads can hit them with
// only a beta token. Risk R0 of the plan.
if r.botHandler != nil {
betaMW := r.authHandler.BetaAuthMiddleware()
chatbotGroup := apiNoAuth.Group("/chatbots")
RegisterChatbotRoutes(chatbotGroup, betaMW, r.botHandler)
agentbotGroup := apiNoAuth.Group("/agentbots")
RegisterAgentbotRoutes(agentbotGroup, betaMW, r.botHandler)
chatbotGroup := apiBetaAuth.Group("/chatbots")
RegisterChatbotRoutes(chatbotGroup, r.botHandler)
agentbotGroup := apiBetaAuth.Group("/agentbots")
RegisterAgentbotRoutes(agentbotGroup, r.botHandler)
}
}
@@ -289,11 +293,6 @@ func (r *Router) Setup(engine *gin.Engine) {
openai.POST("/:chat_id/chat/completions", r.openaiChatHandler.OpenAIChatCompletions)
}
// Searchbot routes
v1.POST("/searchbots/related_questions", r.searchBotHandler.Handle)
v1.POST("/searchbots/retrieval_test", r.searchBotHandler.RetrievalTest)
v1.POST("/searchbots/ask", r.searchBotHandler.Ask)
// Dataset routes
datasets := v1.Group("/datasets")
{