From 8305bc68ca7f5352999856ce3dbb14f148ef845e Mon Sep 17 00:00:00 2001 From: shaohuzhang1 Date: Tue, 23 Dec 2025 18:43:30 +0800 Subject: [PATCH] feat: Separate dialogue authentication processor and system authentication processor --- apps/chat/views/chat.py | 16 ++++++++-------- apps/chat/views/chat_record.py | 18 +++++++++--------- apps/common/auth/authenticate.py | 27 +++++++++++++++++++++++++++ apps/maxkb/settings/auth/model.py | 2 ++ apps/maxkb/settings/auth/web.py | 5 ++++- 5 files changed, 50 insertions(+), 18 deletions(-) diff --git a/apps/chat/views/chat.py b/apps/chat/views/chat.py index 3e10c4a4c..44e572acb 100644 --- a/apps/chat/views/chat.py +++ b/apps/chat/views/chat.py @@ -21,7 +21,7 @@ from chat.serializers.chat import OpenChatSerializers, ChatSerializers, SpeechTo TextToSpeechSerializers, OpenAIChatSerializer from chat.serializers.chat_authentication import AnonymousAuthenticationSerializer, ApplicationProfileSerializer, \ AuthProfileSerializer -from common.auth import TokenAuth +from common.auth import ChatTokenAuth from common.auth.mcp_auth_token import mcp_token_required from common.constants.permission_constants import ChatAuth from common.exception.app_exception import AppAuthenticationFailed @@ -66,7 +66,7 @@ class ResourceProxy(APIView): class OpenAIView(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['POST'], @@ -109,7 +109,7 @@ class AnonymousAuthentication(APIView): class ApplicationProfile(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['GET'], @@ -143,7 +143,7 @@ class AuthProfile(APIView): class ChatView(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['POST'], @@ -166,7 +166,7 @@ class ChatView(APIView): class OpenView(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['GET'], @@ -199,7 +199,7 @@ class CaptchaView(APIView): class SpeechToText(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['POST'], @@ -218,7 +218,7 @@ class SpeechToText(APIView): class TextToSpeech(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['POST'], @@ -237,7 +237,7 @@ class TextToSpeech(APIView): class UploadFile(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] parser_classes = [MultiPartParser] @extend_schema( diff --git a/apps/chat/views/chat_record.py b/apps/chat/views/chat_record.py index a2d80dcce..c50d95b64 100644 --- a/apps/chat/views/chat_record.py +++ b/apps/chat/views/chat_record.py @@ -18,11 +18,11 @@ from chat.api.vote_api import VoteAPI from chat.serializers.chat_record import VoteSerializer, HistoricalConversationSerializer, \ HistoricalConversationRecordSerializer, HistoricalConversationOperateSerializer from common import result -from common.auth import TokenAuth +from common.auth import ChatTokenAuth class VoteView(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['PUT'], @@ -42,7 +42,7 @@ class VoteView(APIView): class HistoricalConversationView(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['GET'], @@ -61,7 +61,7 @@ class HistoricalConversationView(APIView): }).list()) class Operate(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['PUT'], @@ -100,7 +100,7 @@ class HistoricalConversationView(APIView): }).logic_delete()) class BatchDelete(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['DELETE'], @@ -118,7 +118,7 @@ class HistoricalConversationView(APIView): }).batch_logic_delete()) class PageView(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['GET'], @@ -138,7 +138,7 @@ class HistoricalConversationView(APIView): class HistoricalConversationRecordView(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['GET'], @@ -158,7 +158,7 @@ class HistoricalConversationRecordView(APIView): }).list()) class PageView(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['GET'], @@ -179,7 +179,7 @@ class HistoricalConversationRecordView(APIView): class ChatRecordView(APIView): - authentication_classes = [TokenAuth] + authentication_classes = [ChatTokenAuth] @extend_schema( methods=['GET'], diff --git a/apps/common/auth/authenticate.py b/apps/common/auth/authenticate.py index 30bccf590..5e249d783 100644 --- a/apps/common/auth/authenticate.py +++ b/apps/common/auth/authenticate.py @@ -51,6 +51,7 @@ def new_instance_by_class_path(class_path: str): handles = [new_instance_by_class_path(class_path) for class_path in settings.AUTH_HANDLES] +chat_handles = [new_instance_by_class_path(class_path) for class_path in settings.CHAT_AUTH_HANDLES] class TokenDetails: @@ -93,3 +94,29 @@ class TokenAuth(TokenAuthentication): AppApiException): raise e raise AppAuthenticationFailed(1002, _('Authentication information is incorrect! illegal user')) + + +class ChatTokenAuth(TokenAuthentication): + keyword = "Bearer" + + # 重新 authenticate 方法,自定义认证规则 + def authenticate(self, request): + auth = request.META.get('HTTP_AUTHORIZATION') + # 未认证 + if auth is None: + raise AppAuthenticationFailed(1003, _('Not logged in, please log in first')) + if not auth.startswith("Bearer "): + raise AppAuthenticationFailed(1002, _('Authentication information is incorrect! illegal user')) + try: + token = auth[7:] + token_details = TokenDetails(token) + for handle in chat_handles: + if handle.support(request, token, token_details.get_token_details): + return handle.handle(request, token, token_details.get_token_details) + raise AppAuthenticationFailed(1002, _('Authentication information is incorrect! illegal user')) + except Exception as e: + maxkb_logger.error(f'Exception: {e}', exc_info=True) + if isinstance(e, AppEmbedIdentityFailed) or isinstance(e, AppChatNumOutOfBoundsFailed) or isinstance(e, + AppApiException): + raise e + raise AppAuthenticationFailed(1002, _('Authentication information is incorrect! illegal user')) diff --git a/apps/maxkb/settings/auth/model.py b/apps/maxkb/settings/auth/model.py index a21013025..1ad24f38c 100644 --- a/apps/maxkb/settings/auth/model.py +++ b/apps/maxkb/settings/auth/model.py @@ -9,3 +9,5 @@ AUTH_HANDLES = [ ] +CHAT_AUTH_HANDLES = [ +] diff --git a/apps/maxkb/settings/auth/web.py b/apps/maxkb/settings/auth/web.py index 7c6bbd97a..e7936ef23 100644 --- a/apps/maxkb/settings/auth/web.py +++ b/apps/maxkb/settings/auth/web.py @@ -10,7 +10,10 @@ USER_TOKEN_AUTH = 'common.auth.handle.impl.user_token.UserToken' CHAT_ANONYMOUS_USER_AURH = 'common.auth.handle.impl.chat_anonymous_user_token.ChatAnonymousUserToken' APPLICATION_KEY_AUTH = 'common.auth.handle.impl.application_key.ApplicationKey' AUTH_HANDLES = [ - USER_TOKEN_AUTH, + USER_TOKEN_AUTH +] + +CHAT_AUTH_HANDLES = [ CHAT_ANONYMOUS_USER_AURH, APPLICATION_KEY_AUTH ]