fix: #3275 refuse on server side if hide user api key

ChatGPTNextWeb · Nov 15, 2023 · 9876a1a · 9876a1a · czgaotian · Nov 23, 2023
1 parent d898ffc
commit 9876a1a
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/app/api/auth.ts b/app/api/auth.ts
@@ -46,6 +46,13 @@ export function auth(req: NextRequest) {
     };
   }
 
+  if (serverConfig.hideUserApiKey && !!apiKey) {
+    return {
+      error: true,
+      msg: "you are not allowed to access openai with your own api key",
+    };
+  }
+
   // if user does not provide an api key, inject system api key
   if (!apiKey) {
     const serverApiKey = serverConfig.isAzure