🐛 fix(endpoints.py): add check for missing api_key and raise HTTPException with status code 401 and detail message "Invalid API Key"

🐛 fix(crud.py): remove unnecessary return statement and update_total_uses function call if api_key_object is None
2023-08-28 11:17:34 -03:00 · 2023-08-28 11:17:34 -03:00 · f922214d2a
commit f922214d2a
parent 2d22737c31
2 changed files with 14 additions and 11 deletions
--- a/src/backend/langflow/api/v1/endpoints.py
+++ b/src/backend/langflow/api/v1/endpoints.py
@ -100,6 +100,11 @@ async def process_flow(
    """

    try:
+        if api_key is None:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid API Key",
+            )
        api_key_user = api_key.user
        # Get the flow that matches the flow_id and belongs to the user
        flow = (
--- a/src/backend/langflow/services/database/models/api_key/crud.py
+++ b/src/backend/langflow/services/database/models/api_key/crud.py
@ -50,17 +50,15 @@ def check_key(session: Session, api_key: str) -> Optional[ApiKey]:
    """Check if the API key is valid."""
    query = select(ApiKey).where(ApiKey.api_key == api_key)
    api_key_object: Optional[ApiKey] = session.exec(query).first()
-    if api_key_object is None:
-        return api_key_object
-
-    threading.Thread(
-        target=update_total_uses,
-        args=(
-            session,
-            api_key_object,
-        ),
-    ).start()
-    return api_key_object.user
+    if api_key_object is not None:
+        threading.Thread(
+            target=update_total_uses,
+            args=(
+                session,
+                api_key_object,
+            ),
+        ).start()
+    return api_key_object


 def update_total_uses(session, api_key: ApiKey):