From 4b95be9762ac9c329c8ea3640f893a7eb34d5924 Mon Sep 17 00:00:00 2001
From: dangzerong <429714019@qq.com>
Date: Mon, 27 Oct 2025 16:31:17 +0800
Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=81=20=E6=A0=87=E5=87=86Bearer?=
 =?UTF-8?q?=E6=A0=BC=E5=BC=8F=E5=92=8C=E7=9B=B4=E6=8E=A5token=E6=A0=BC?=
 =?UTF-8?q?=E5=BC=8F=EF=BC=88?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 api/apps/document_app.py      |  4 ++--
 api/apps/file2document_app.py |  4 ++--
 api/apps/file_app.py          |  4 ++--
 api/apps/mcp_server_app.py    |  4 ++--
 api/apps/user_app_fastapi.py  |  4 ++--
 api/utils/api_utils.py        | 31 ++++++++++++++++++++++++++++++-
 6 files changed, 40 insertions(+), 11 deletions(-)

diff --git a/api/apps/document_app.py b/api/apps/document_app.py
index e314681..2ea42cd 100644
--- a/api/apps/document_app.py
+++ b/api/apps/document_app.py
@@ -23,7 +23,8 @@ from typing import List, Optional
 
 from fastapi import APIRouter, Depends, File, Form, HTTPException, UploadFile, Query
 from fastapi.responses import StreamingResponse
-from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.security import HTTPAuthorizationCredentials
+from api.utils.api_utils import security
 
 from api import settings
 from api.common.check_team_permission import check_kb_team_permission
@@ -53,7 +54,6 @@ from pydantic import BaseModel
 from api.db.db_models import User
 
 # Security
-security = HTTPBearer()
 
 # Pydantic models for request/response
 class WebCrawlRequest(BaseModel):
diff --git a/api/apps/file2document_app.py b/api/apps/file2document_app.py
index 005e815..1866592 100644
--- a/api/apps/file2document_app.py
+++ b/api/apps/file2document_app.py
@@ -18,7 +18,8 @@ from pathlib import Path
 from typing import List
 
 from fastapi import APIRouter, Depends
-from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.security import HTTPAuthorizationCredentials
+from api.utils.api_utils import security
 
 from api.db.services.file2document_service import File2DocumentService
 from api.db.services.file_service import FileService
@@ -33,7 +34,6 @@ from api.utils.api_utils import get_json_result
 from pydantic import BaseModel
 
 # Security
-security = HTTPBearer()
 
 # Pydantic models for request/response
 class ConvertRequest(BaseModel):
diff --git a/api/apps/file_app.py b/api/apps/file_app.py
index 6360208..f31c885 100644
--- a/api/apps/file_app.py
+++ b/api/apps/file_app.py
@@ -20,7 +20,8 @@ from typing import List, Optional
 
 from fastapi import APIRouter, Depends, File, Form, HTTPException, UploadFile, Query
 from fastapi.responses import StreamingResponse
-from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.security import HTTPAuthorizationCredentials
+from api.utils.api_utils import security
 
 from api.common.check_team_permission import check_file_team_permission
 from api.db.services.document_service import DocumentService
@@ -38,7 +39,6 @@ from rag.utils.storage_factory import STORAGE_IMPL
 from pydantic import BaseModel
 
 # Security
-security = HTTPBearer()
 
 # Pydantic models for request/response
 class CreateFileRequest(BaseModel):
diff --git a/api/apps/mcp_server_app.py b/api/apps/mcp_server_app.py
index 17ad887..55e5e34 100644
--- a/api/apps/mcp_server_app.py
+++ b/api/apps/mcp_server_app.py
@@ -15,7 +15,8 @@
 #
 from typing import List, Optional, Dict, Any
 from fastapi import APIRouter, Depends, HTTPException, Query
-from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.security import HTTPAuthorizationCredentials
+from api.utils.api_utils import security
 
 from api import settings
 from api.db import VALID_MCP_SERVER_TYPES
@@ -31,7 +32,6 @@ from rag.utils.mcp_tool_call_conn import MCPToolCallSession, close_multiple_mcp_
 from pydantic import BaseModel
 
 # Security
-security = HTTPBearer()
 
 # Pydantic models for request/response
 class ListMCPRequest(BaseModel):
diff --git a/api/apps/user_app_fastapi.py b/api/apps/user_app_fastapi.py
index 1eb172e..4525bee 100644
--- a/api/apps/user_app_fastapi.py
+++ b/api/apps/user_app_fastapi.py
@@ -21,7 +21,8 @@ from datetime import datetime
 from typing import Optional, Dict, Any
 
 from fastapi import APIRouter, Depends, HTTPException, Request, Response, status
-from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.security import HTTPAuthorizationCredentials
+from api.utils.api_utils import security
 from fastapi.responses import RedirectResponse
 from pydantic import BaseModel, EmailStr
 try:
@@ -65,7 +66,6 @@ from api.utils.crypt import decrypt
 router = APIRouter()
 
 # 安全方案
-security = HTTPBearer()
 
 # Pydantic模型
 class LoginRequest(BaseModel):
diff --git a/api/utils/api_utils.py b/api/utils/api_utils.py
index 5379ce1..3736255 100644
--- a/api/utils/api_utils.py
+++ b/api/utils/api_utils.py
@@ -38,6 +38,8 @@ from fastapi import Request, Response as FastAPIResponse, HTTPException, status
 from fastapi.responses import JSONResponse, FileResponse, StreamingResponse
 from fastapi import Depends
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi.security.base import SecurityBase
+from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
 from itsdangerous import URLSafeTimedSerializer
 from peewee import OperationalError
 from werkzeug.http import HTTP_STATUS_CODES
@@ -51,8 +53,35 @@ from api.db.services.llm_service import LLMService
 from api.db.services.tenant_llm_service import TenantLLMService
 from api.utils.json import CustomJSONEncoder, json_dumps
 
+# 自定义认证方案，支持不传Bearer格式
+class CustomHTTPBearer(SecurityBase):
+    def __init__(self, *, scheme_name: str = None, auto_error: bool = True):
+        self.scheme_name = scheme_name or self.__class__.__name__
+        self.auto_error = auto_error
+        # 添加 model 属性用于 OpenAPI 文档生成
+        self.model = HTTPBearer()
+
+    async def __call__(self, request: Request) -> HTTPAuthorizationCredentials:
+        authorization: str = request.headers.get("Authorization")
+        if not authorization:
+            if self.auto_error:
+                raise HTTPException(
+                    status_code=status.HTTP_403_FORBIDDEN,
+                    detail="Not authenticated"
+                )
+            else:
+                return None
+        
+        # 支持Bearer格式和直接token格式
+        if authorization.startswith("Bearer "):
+            token = authorization[7:]  # 移除"Bearer "前缀
+        else:
+            token = authorization  # 直接使用token
+        
+        return HTTPAuthorizationCredentials(scheme="Bearer", credentials=token)
+
 # FastAPI 安全方案
-security = HTTPBearer()
+security = CustomHTTPBearer()
 from api.utils import get_uuid
 from rag.utils.mcp_tool_call_conn import MCPToolCallSession, close_multiple_mcp_toolcall_sessions