feat: Separate dialogue authentication processor and system authentication processor

2025-12-25 17:22:55 +00:00 · 2025-12-23 18:43:30 +08:00 · 2025-12-23 18:43:30 +08:00 · 8305bc68ca
parent ed45fabcce
commit 8305bc68ca
5 changed files with 50 additions and 18 deletions
--- a/apps/chat/views/chat.py
+++ b/apps/chat/views/chat.py
@ -21,7 +21,7 @@ from chat.serializers.chat import OpenChatSerializers, ChatSerializers, SpeechTo
    TextToSpeechSerializers, OpenAIChatSerializer
 from chat.serializers.chat_authentication import AnonymousAuthenticationSerializer, ApplicationProfileSerializer, \
    AuthProfileSerializer
-from common.auth import TokenAuth
+from common.auth import ChatTokenAuth
 from common.auth.mcp_auth_token import mcp_token_required
 from common.constants.permission_constants import ChatAuth
 from common.exception.app_exception import AppAuthenticationFailed
@ -66,7 +66,7 @@ class ResourceProxy(APIView):


 class OpenAIView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]

    @extend_schema(
        methods=['POST'],
@ -109,7 +109,7 @@ class AnonymousAuthentication(APIView):


 class ApplicationProfile(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]

    @extend_schema(
        methods=['GET'],
@ -143,7 +143,7 @@ class AuthProfile(APIView):


 class ChatView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]

    @extend_schema(
        methods=['POST'],
@ -166,7 +166,7 @@ class ChatView(APIView):


 class OpenView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]

    @extend_schema(
        methods=['GET'],
@ -199,7 +199,7 @@ class CaptchaView(APIView):


 class SpeechToText(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]

    @extend_schema(
        methods=['POST'],
@ -218,7 +218,7 @@ class SpeechToText(APIView):


 class TextToSpeech(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]

    @extend_schema(
        methods=['POST'],
@ -237,7 +237,7 @@ class TextToSpeech(APIView):


 class UploadFile(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]
    parser_classes = [MultiPartParser]

    @extend_schema(
--- a/apps/chat/views/chat_record.py
+++ b/apps/chat/views/chat_record.py
@ -18,11 +18,11 @@ from chat.api.vote_api import VoteAPI
 from chat.serializers.chat_record import VoteSerializer, HistoricalConversationSerializer, \
    HistoricalConversationRecordSerializer, HistoricalConversationOperateSerializer
 from common import result
-from common.auth import TokenAuth
+from common.auth import ChatTokenAuth


 class VoteView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]

    @extend_schema(
        methods=['PUT'],
@ -42,7 +42,7 @@ class VoteView(APIView):


 class HistoricalConversationView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]

    @extend_schema(
        methods=['GET'],
@ -61,7 +61,7 @@ class HistoricalConversationView(APIView):
            }).list())

    class Operate(APIView):
-        authentication_classes = [TokenAuth]
+        authentication_classes = [ChatTokenAuth]

        @extend_schema(
            methods=['PUT'],
@ -100,7 +100,7 @@ class HistoricalConversationView(APIView):
                }).logic_delete())

    class BatchDelete(APIView):
-        authentication_classes = [TokenAuth]
+        authentication_classes = [ChatTokenAuth]

        @extend_schema(
            methods=['DELETE'],
@ -118,7 +118,7 @@ class HistoricalConversationView(APIView):
            }).batch_logic_delete())

    class PageView(APIView):
-        authentication_classes = [TokenAuth]
+        authentication_classes = [ChatTokenAuth]

        @extend_schema(
            methods=['GET'],
@ -138,7 +138,7 @@ class HistoricalConversationView(APIView):


 class HistoricalConversationRecordView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]

    @extend_schema(
        methods=['GET'],
@ -158,7 +158,7 @@ class HistoricalConversationRecordView(APIView):
            }).list())

    class PageView(APIView):
-        authentication_classes = [TokenAuth]
+        authentication_classes = [ChatTokenAuth]

        @extend_schema(
            methods=['GET'],
@ -179,7 +179,7 @@ class HistoricalConversationRecordView(APIView):


 class ChatRecordView(APIView):
-    authentication_classes = [TokenAuth]
+    authentication_classes = [ChatTokenAuth]

    @extend_schema(
        methods=['GET'],
--- a/apps/common/auth/authenticate.py
+++ b/apps/common/auth/authenticate.py
@ -51,6 +51,7 @@ def new_instance_by_class_path(class_path: str):


 handles = [new_instance_by_class_path(class_path) for class_path in settings.AUTH_HANDLES]
+chat_handles = [new_instance_by_class_path(class_path) for class_path in settings.CHAT_AUTH_HANDLES]


 class TokenDetails:
@ -93,3 +94,29 @@ class TokenAuth(TokenAuthentication):
                                                                                                                 AppApiException):
                raise e
            raise AppAuthenticationFailed(1002, _('Authentication information is incorrect! illegal user'))
+
+
+class ChatTokenAuth(TokenAuthentication):
+    keyword = "Bearer"
+
+    # 重新 authenticate 方法，自定义认证规则
+    def authenticate(self, request):
+        auth = request.META.get('HTTP_AUTHORIZATION')
+        # 未认证
+        if auth is None:
+            raise AppAuthenticationFailed(1003, _('Not logged in, please log in first'))
+        if not auth.startswith("Bearer "):
+            raise AppAuthenticationFailed(1002, _('Authentication information is incorrect! illegal user'))
+        try:
+            token = auth[7:]
+            token_details = TokenDetails(token)
+            for handle in chat_handles:
+                if handle.support(request, token, token_details.get_token_details):
+                    return handle.handle(request, token, token_details.get_token_details)
+            raise AppAuthenticationFailed(1002, _('Authentication information is incorrect! illegal user'))
+        except Exception as e:
+            maxkb_logger.error(f'Exception: {e}', exc_info=True)
+            if isinstance(e, AppEmbedIdentityFailed) or isinstance(e, AppChatNumOutOfBoundsFailed) or isinstance(e,
+                                                                                                                 AppApiException):
+                raise e
+            raise AppAuthenticationFailed(1002, _('Authentication information is incorrect! illegal user'))
--- a/apps/maxkb/settings/auth/model.py
+++ b/apps/maxkb/settings/auth/model.py
@ -9,3 +9,5 @@

 AUTH_HANDLES = [
 ]
+CHAT_AUTH_HANDLES = [
+]
--- a/apps/maxkb/settings/auth/web.py
+++ b/apps/maxkb/settings/auth/web.py
@ -10,7 +10,10 @@ USER_TOKEN_AUTH = 'common.auth.handle.impl.user_token.UserToken'
 CHAT_ANONYMOUS_USER_AURH = 'common.auth.handle.impl.chat_anonymous_user_token.ChatAnonymousUserToken'
 APPLICATION_KEY_AUTH = 'common.auth.handle.impl.application_key.ApplicationKey'
 AUTH_HANDLES = [
-    USER_TOKEN_AUTH,
+    USER_TOKEN_AUTH
+]
+
+CHAT_AUTH_HANDLES = [
    CHAT_ANONYMOUS_USER_AURH,
    APPLICATION_KEY_AUTH
 ]