fixed: Adjust the api authentication sequence to preferentially proce…

…ss authentication to avoid incorrect authentication caused by cookies (#572)
labring · Dec 7, 2023 · 54d52d8 · 54d52d8
1 parent f298b90
commit 54d52d8
Showing 1 changed file with 12 additions and 12 deletions.
diff --git a/packages/service/support/permission/controller.ts b/packages/service/support/permission/controller.ts
@@ -115,6 +115,18 @@ export async function parseHeaderCert({
     {}) as ReqHeaderAuthType;
 
   const { uid, teamId, tmbId, appId, openApiKey, authType } = await (async () => {
+    if (authApiKey && authorization) {
+      // apikey from authorization
+      const authResponse = await parseAuthorization(authorization);
+      return {
+        uid: authResponse.uid,
+        teamId: authResponse.teamId,
+        tmbId: authResponse.tmbId,
+        appId: authResponse.appId,
+        openApiKey: authResponse.apikey,
+        authType: AuthUserTypeEnum.apikey
+      };
+    }
     if (authToken && (cookie || token)) {
       // user token(from fastgpt web)
       const res = await authCookieToken(cookie, token);
@@ -152,18 +164,6 @@ export async function parseHeaderCert({
       };
     }
 
-    if (authApiKey && authorization) {
-      // apikey from authorization
-      const authResponse = await parseAuthorization(authorization);
-      return {
-        uid: authResponse.uid,
-        teamId: authResponse.teamId,
-        tmbId: authResponse.tmbId,
-        appId: authResponse.appId,
-        openApiKey: authResponse.apikey,
-        authType: AuthUserTypeEnum.apikey
-      };
-    }
     return {
       uid: '',
       teamId: '',