From 2b9b852c31772b4c2bec736c71afd2754cfb0e57 Mon Sep 17 00:00:00 2001
From: GareArc <chen4851@purdue.edu>
Date: Thu, 29 May 2025 11:04:05 +0800
Subject: [PATCH] fix: remove app code retrival in web app login

---
 api/controllers/web/login.py        | 21 +++++----------------
 api/services/webapp_auth_service.py | 18 +++++++-----------
 2 files changed, 12 insertions(+), 27 deletions(-)

diff --git a/api/controllers/web/login.py b/api/controllers/web/login.py
index 195457285d..36b52a7d47 100644
--- a/api/controllers/web/login.py
+++ b/api/controllers/web/login.py
@@ -1,11 +1,11 @@
-from flask import request
 from flask_restful import Resource, reqparse
 from jwt import InvalidTokenError  # type: ignore
 from web import api
-from werkzeug.exceptions import BadRequest
 
 import services
-from controllers.console.auth.error import EmailCodeError, EmailOrPasswordMismatchError, InvalidEmailError
+from controllers.console.auth.error import (EmailCodeError,
+                                            EmailOrPasswordMismatchError,
+                                            InvalidEmailError)
 from controllers.console.error import AccountBannedError, AccountNotFound
 from controllers.console.wraps import only_edition_enterprise, setup_required
 from controllers.web import api
@@ -27,10 +27,6 @@ class LoginApi(Resource):
         parser.add_argument("password", type=valid_password, required=True, location="json")
         args = parser.parse_args()
 
-        app_code = request.headers.get("X-App-Code")
-        if app_code is None:
-            raise BadRequest("X-App-Code header is missing.")
-
         try:
             account = WebAppAuthService.authenticate(args["email"], args["password"])
         except services.errors.account.AccountLoginError:
@@ -40,9 +36,7 @@ class LoginApi(Resource):
         except services.errors.account.AccountNotFoundError:
             raise AccountNotFound()
 
-        end_user = WebAppAuthService.create_end_user(email=args["email"], app_code=app_code)
-
-        token = WebAppAuthService.login(account=account, app_code=app_code, end_user_id=end_user.id)
+        token = WebAppAuthService.login(account=account)
         return {"result": "success", "token": token}
 
 
@@ -90,9 +84,6 @@ class EmailCodeLoginApi(Resource):
         args = parser.parse_args()
 
         user_email = args["email"]
-        app_code = request.headers.get("X-App-Code")
-        if app_code is None:
-            raise BadRequest("X-App-Code header is missing.")
 
         token_data = WebAppAuthService.get_email_code_login_data(args["token"])
         if token_data is None:
@@ -109,9 +100,7 @@ class EmailCodeLoginApi(Resource):
         if not account:
             raise AccountNotFound()
 
-        end_user = WebAppAuthService.create_end_user(email=user_email, app_code=app_code)
-
-        token = WebAppAuthService.login(account=account, app_code=app_code, end_user_id=end_user.id)
+        token = WebAppAuthService.login(account=account)
         AccountService.reset_login_error_rate_limit(args["email"])
         return {"result": "success", "token": token}
 
diff --git a/api/services/webapp_auth_service.py b/api/services/webapp_auth_service.py
index 766688a2b9..2c11c59c39 100644
--- a/api/services/webapp_auth_service.py
+++ b/api/services/webapp_auth_service.py
@@ -2,7 +2,7 @@ import random
 from datetime import UTC, datetime, timedelta
 from typing import Any, Optional, cast
 
-from werkzeug.exceptions import NotFound, Unauthorized
+from werkzeug.exceptions import Unauthorized
 
 from configs import dify_config
 from extensions.ext_database import db
@@ -11,7 +11,8 @@ from libs.passport import PassportService
 from libs.password import compare_password
 from models.account import Account, AccountStatus
 from models.model import App, EndUser, Site
-from services.errors.account import AccountLoginError, AccountNotFoundError, AccountPasswordError
+from services.errors.account import (AccountLoginError, AccountNotFoundError,
+                                     AccountPasswordError)
 from tasks.mail_email_code_login import send_email_code_login_mail_task
 
 
@@ -34,12 +35,8 @@ class WebAppAuthService:
         return cast(Account, account)
 
     @classmethod
-    def login(cls, account: Account, app_code: str, end_user_id: str) -> str:
-        site = db.session.query(Site).filter(Site.code == app_code).first()
-        if not site:
-            raise NotFound("Site not found.")
-
-        access_token = cls._get_account_jwt_token(account=account, site=site, end_user_id=end_user_id)
+    def login(cls, account: Account) -> str:
+        access_token = cls._get_account_jwt_token(account=account)
 
         return access_token
 
@@ -101,14 +98,13 @@ class WebAppAuthService:
         return end_user
 
     @classmethod
-    def _get_account_jwt_token(cls, account: Account, site: Site, end_user_id: str) -> str:
-        exp_dt = datetime.now(UTC) + timedelta(hours=dify_config.WebAppSessionTimeoutInHours * 24)
+    def _get_account_jwt_token(cls, account: Account) -> str:
+        exp_dt = datetime.now(UTC) + timedelta(hours=dify_config.ACCESS_TOKEN_EXPIRE_MINUTES * 24)
         exp = int(exp_dt.timestamp())
 
         payload = {
             "sub": "Web API Passport",
             "user_id": account.id,
-            "end_user_id": end_user_id,
             "token_source": "webapp_login_token",
             "exp": exp,
         }