支持 标准Bearer格式和直接token格式（

api/apps/document_app.py

@@ -23,7 +23,8 @@ from typing import List, Optional
 
 from fastapi import APIRouter, Depends, File, Form, HTTPException, UploadFile, Query
 from fastapi.responses import StreamingResponse
-from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.security import HTTPAuthorizationCredentials
+from api.utils.api_utils import security
 
 from api import settings
 from api.common.check_team_permission import check_kb_team_permission
@@ -53,7 +54,6 @@ from pydantic import BaseModel
 from api.db.db_models import User
 
 # Security
-security = HTTPBearer()
 
 # Pydantic models for request/response
 class WebCrawlRequest(BaseModel):

api/apps/file2document_app.py

@@ -18,7 +18,8 @@ from pathlib import Path
 from typing import List
 
 from fastapi import APIRouter, Depends
-from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.security import HTTPAuthorizationCredentials
+from api.utils.api_utils import security
 
 from api.db.services.file2document_service import File2DocumentService
 from api.db.services.file_service import FileService
@@ -33,7 +34,6 @@ from api.utils.api_utils import get_json_result
 from pydantic import BaseModel
 
 # Security
-security = HTTPBearer()
 
 # Pydantic models for request/response
 class ConvertRequest(BaseModel):

api/apps/file_app.py

@@ -20,7 +20,8 @@ from typing import List, Optional
 
 from fastapi import APIRouter, Depends, File, Form, HTTPException, UploadFile, Query
 from fastapi.responses import StreamingResponse
-from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.security import HTTPAuthorizationCredentials
+from api.utils.api_utils import security
 
 from api.common.check_team_permission import check_file_team_permission
 from api.db.services.document_service import DocumentService
@@ -38,7 +39,6 @@ from rag.utils.storage_factory import STORAGE_IMPL
 from pydantic import BaseModel
 
 # Security
-security = HTTPBearer()
 
 # Pydantic models for request/response
 class CreateFileRequest(BaseModel):

api/apps/mcp_server_app.py

@@ -15,7 +15,8 @@
 #
 from typing import List, Optional, Dict, Any
 from fastapi import APIRouter, Depends, HTTPException, Query
-from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.security import HTTPAuthorizationCredentials
+from api.utils.api_utils import security
 
 from api import settings
 from api.db import VALID_MCP_SERVER_TYPES
@@ -31,7 +32,6 @@ from rag.utils.mcp_tool_call_conn import MCPToolCallSession, close_multiple_mcp_
 from pydantic import BaseModel
 
 # Security
-security = HTTPBearer()
 
 # Pydantic models for request/response
 class ListMCPRequest(BaseModel):

api/apps/user_app_fastapi.py

@@ -21,7 +21,8 @@ from datetime import datetime
 from typing import Optional, Dict, Any
 
 from fastapi import APIRouter, Depends, HTTPException, Request, Response, status
-from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.security import HTTPAuthorizationCredentials
+from api.utils.api_utils import security
 from fastapi.responses import RedirectResponse
 from pydantic import BaseModel, EmailStr
 try:
@@ -65,7 +66,6 @@ from api.utils.crypt import decrypt
 router = APIRouter()
 
 # 安全方案
-security = HTTPBearer()
 
 # Pydantic模型
 class LoginRequest(BaseModel):

api/utils/api_utils.py

@@ -38,6 +38,8 @@ from fastapi import Request, Response as FastAPIResponse, HTTPException, status
 from fastapi.responses import JSONResponse, FileResponse, StreamingResponse
 from fastapi import Depends
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.security.base import SecurityBase
+from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
 from itsdangerous import URLSafeTimedSerializer
 from peewee import OperationalError
 from werkzeug.http import HTTP_STATUS_CODES
@@ -51,8 +53,35 @@ from api.db.services.llm_service import LLMService
 from api.db.services.tenant_llm_service import TenantLLMService
 from api.utils.json import CustomJSONEncoder, json_dumps
 
+# 自定义认证方案，支持不传Bearer格式
+class CustomHTTPBearer(SecurityBase):
+    def __init__(self, *, scheme_name: str = None, auto_error: bool = True):
+        self.scheme_name = scheme_name or self.__class__.__name__
+        self.auto_error = auto_error
+        # 添加 model 属性用于 OpenAPI 文档生成
+        self.model = HTTPBearer()
+
+    async def __call__(self, request: Request) -> HTTPAuthorizationCredentials:
+        authorization: str = request.headers.get("Authorization")
+        if not authorization:
+            if self.auto_error:
+                raise HTTPException(
+                    status_code=status.HTTP_403_FORBIDDEN,
+                    detail="Not authenticated"
+                )
+            else:
+                return None
+        
+        # 支持Bearer格式和直接token格式
+        if authorization.startswith("Bearer "):
+            token = authorization[7:]  # 移除"Bearer "前缀
+        else:
+            token = authorization  # 直接使用token
+        
+        return HTTPAuthorizationCredentials(scheme="Bearer", credentials=token)
+
 # FastAPI 安全方案
-security = HTTPBearer()
+security = CustomHTTPBearer()
 from api.utils import get_uuid
 from rag.utils.mcp_tool_call_conn import MCPToolCallSession, close_multiple_mcp_toolcall_sessions