From 1e10517dcf6b18724f7ae5b366fec03452398b2e Mon Sep 17 00:00:00 2001 From: ytqh Date: Sun, 2 Mar 2025 16:28:21 +0800 Subject: [PATCH] optimize token validation --- api/controllers/service_api_with_auth/wraps.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/api/controllers/service_api_with_auth/wraps.py b/api/controllers/service_api_with_auth/wraps.py index 45625016c5..d2b4d1f810 100644 --- a/api/controllers/service_api_with_auth/wraps.py +++ b/api/controllers/service_api_with_auth/wraps.py @@ -14,6 +14,7 @@ from libs.passport import PassportService from models.account import Account, Tenant, TenantAccountJoin, TenantStatus from models.model import ApiToken, App, EndUser from pydantic import BaseModel # type: ignore +from services.account_service import AccountService from services.feature_service import FeatureService from sqlalchemy import select, update # type: ignore from sqlalchemy.orm import Session # type: ignore @@ -54,11 +55,18 @@ def validate_user_token_and_extract_info(view: Optional[Callable] = None): try: decoded = PassportService().verify(auth_token) user_id = decoded.get("user_id") - if not user_id: - raise Unauthorized("Invalid token: missing user_id") except Exception as e: raise Unauthorized(f"Failed to extract user_id from token: {str(e)}") + if not user_id: + raise Unauthorized("Invalid token: missing user_id") + + account = AccountService.load_user(user_id) + if account is None: + raise Unauthorized("Invalid token: user not found") + if account.status != Account.AccountStatus.ACTIVE: + raise Unauthorized("Invalid token: account is not active") + app_id = request.headers.get("X-App-Id") if not app_id: app_id = dify_config.DEFAULT_APP_ID