fix: #3275 refuse on server side if hide user api key

2023-11-16 00:53:11 +08:00 · 2023-11-16 00:53:11 +08:00 · 9876a1aeca
commit 9876a1aeca
parent d898ffce23
1 changed files with 7 additions and 0 deletions
--- a/app/api/auth.ts
+++ b/app/api/auth.ts
@ -46,6 +46,13 @@ export function auth(req: NextRequest) {
    };
  }

+  if (serverConfig.hideUserApiKey && !!apiKey) {
+    return {
+      error: true,
+      msg: "you are not allowed to access openai with your own api key",
+    };
+  }
+
  // if user does not provide an api key, inject system api key
  if (!apiKey) {
    const serverApiKey = serverConfig.isAzure