refac: token handling

2024-11-16 21:42:58 +00:00 · 2024-11-05 21:14:02 -08:00 · 2024-11-05 21:14:02 -08:00 · 4616b508b1
commit 4616b508b1
parent 60df959875
2 changed files with 17 additions and 2 deletions
--- a/backend/open_webui/main.py
+++ b/backend/open_webui/main.py
@ -2224,7 +2224,14 @@ async def get_app_config(request: Request):
    user = None
    if "token" in request.cookies:
        token = request.cookies.get("token")
+        try:
            data = decode_token(token)
+        except Exception as e:
+            log.debug(e)
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid token",
+            )
        if data is not None and "id" in data:
            user = Users.get_user_by_id(data["id"])

--- a/backend/open_webui/utils/utils.py
+++ b/backend/open_webui/utils/utils.py
@ -91,7 +91,15 @@ def get_current_user(
        return get_current_user_by_api_key(token)

    # auth by jwt token
+
+    try:
        data = decode_token(token)
+    except Exception as e:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid token",
+        )
+
    if data is not None and "id" in data:
        user = Users.get_user_by_id(data["id"])
        if user is None: