From 9876a1aeca71610841af5585d7baeba3126a8df9 Mon Sep 17 00:00:00 2001 From: Yidadaa Date: Thu, 16 Nov 2023 00:53:11 +0800 Subject: [PATCH] fix: #3275 refuse on server side if hide user api key --- app/api/auth.ts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/api/auth.ts b/app/api/auth.ts index c1f6e7fdec22..b41e34e059b2 100644 --- a/app/api/auth.ts +++ b/app/api/auth.ts @@ -46,6 +46,13 @@ export function auth(req: NextRequest) { }; } + if (serverConfig.hideUserApiKey && !!apiKey) { + return { + error: true, + msg: "you are not allowed to access openai with your own api key", + }; + } + // if user does not provide an api key, inject system api key if (!apiKey) { const serverApiKey = serverConfig.isAzure