admin/dify
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(api): add session_id validation for webapp JWT authentication (#28297)

Browse Source 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This commit is contained in:
yangzheli
2025-11-21 11:23:52 +08:00
committed by GitHub
parent 3cf19dc07f
commit a4c4d18f42
4 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
web/service/webapp-auth.ts
View File

@@ -30,10 +30,13 @@ type isWebAppLogin = {
app_logged_in: boolean
}
export async function webAppLoginStatus(shareCode: string) {
export async function webAppLoginStatus(shareCode: string, userId?: string) {
// always need to check login to prevent passport from being outdated
// check remotely, the access token could be in cookie (enterprise SSO redirected with https)
const { logged_in, app_logged_in } = await getPublic<isWebAppLogin>(`/login/status?app_code=${shareCode}`)
const params = new URLSearchParams({ app_code: shareCode })
if (userId)
params.append('user_id', userId)
const { logged_in, app_logged_in } = await getPublic<isWebAppLogin>(`/login/status?${params.toString()}`)
return {
userLoggedIn: logged_in,
appLoggedIn: app_logged_in,