From 9876a1aeca71610841af5585d7baeba3126a8df9 Mon Sep 17 00:00:00 2001
From: Yidadaa <yidadaa@qq.com>
Date: Thu, 16 Nov 2023 00:53:11 +0800
Subject: [PATCH] fix: #3275 refuse on server side if hide user api key

---
 app/api/auth.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/api/auth.ts b/app/api/auth.ts
index c1f6e7fdec2..b41e34e059b 100644
--- a/app/api/auth.ts
+++ b/app/api/auth.ts
@@ -46,6 +46,13 @@ export function auth(req: NextRequest) {
     };
   }
 
+  if (serverConfig.hideUserApiKey && !!apiKey) {
+    return {
+      error: true,
+      msg: "you are not allowed to access openai with your own api key",
+    };
+  }
+
   // if user does not provide an api key, inject system api key
   if (!apiKey) {
     const serverApiKey = serverConfig.isAzure