From f922214d2acbc204af41867b7abc13cc71098242 Mon Sep 17 00:00:00 2001
From: Gabriel Luiz Freitas Almeida <gabriel@logspace.ai>
Date: Mon, 28 Aug 2023 11:17:34 -0300
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix(endpoints.py):=20add=20check?=
 =?UTF-8?q?=20for=20missing=20api=5Fkey=20and=20raise=20HTTPException=20wi?=
 =?UTF-8?q?th=20status=20code=20401=20and=20detail=20message=20"Invalid=20?=
 =?UTF-8?q?API=20Key"=20=F0=9F=90=9B=20fix(crud.py):=20remove=20unnecessar?=
 =?UTF-8?q?y=20return=20statement=20and=20update=5Ftotal=5Fuses=20function?=
 =?UTF-8?q?=20call=20if=20api=5Fkey=5Fobject=20is=20None?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/backend/langflow/api/v1/endpoints.py      |  5 +++++
 .../services/database/models/api_key/crud.py  | 20 +++++++++----------
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/src/backend/langflow/api/v1/endpoints.py b/src/backend/langflow/api/v1/endpoints.py
index 423217015..49426aeb7 100644
--- a/src/backend/langflow/api/v1/endpoints.py
+++ b/src/backend/langflow/api/v1/endpoints.py
@@ -100,6 +100,11 @@ async def process_flow(
     """
 
     try:
+        if api_key is None:
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED,
+                detail="Invalid API Key",
+            )
         api_key_user = api_key.user
         # Get the flow that matches the flow_id and belongs to the user
         flow = (
diff --git a/src/backend/langflow/services/database/models/api_key/crud.py b/src/backend/langflow/services/database/models/api_key/crud.py
index adf53d382..abc84f108 100644
--- a/src/backend/langflow/services/database/models/api_key/crud.py
+++ b/src/backend/langflow/services/database/models/api_key/crud.py
@@ -50,17 +50,15 @@ def check_key(session: Session, api_key: str) -> Optional[ApiKey]:
     """Check if the API key is valid."""
     query = select(ApiKey).where(ApiKey.api_key == api_key)
     api_key_object: Optional[ApiKey] = session.exec(query).first()
-    if api_key_object is None:
-        return api_key_object
-
-    threading.Thread(
-        target=update_total_uses,
-        args=(
-            session,
-            api_key_object,
-        ),
-    ).start()
-    return api_key_object.user
+    if api_key_object is not None:
+        threading.Thread(
+            target=update_total_uses,
+            args=(
+                session,
+                api_key_object,
+            ),
+        ).start()
+    return api_key_object
 
 
 def update_total_uses(session, api_key: ApiKey):