api/core interface unAuthorization

[dq7532183]

例行检查

• 我已确认目前没有类似 issue
• 我已完整查看过项目 README，以及项目文档
• 我使用了自己的 key，并确认我的 key 是可正常使用的
• 我理解并愿意跟进此 issue，协助测试和提供反馈
• 我理解并认可上述内容，并理解项目维护者精力有限，不遵循规则的 issue 可能会被无视或直接关闭

你的版本

• 公有云版本
• 私有部署版本

问题描述

1. api/core/chat/item/delete 删除聊天记录接口,使用应用的apikey或全局通用的 key或rootkey,都不能请求,错误403 unAuthorization
2. api/core/chat/feedback/userUpdate 反馈建议接口,不使用任何token,能请求
3. api/core/ai/agent/createQuestionGuide 下一步引导接口,使用root_key能请求,但是用应用的apikey不能请求,错误403 unAuthorization
   官网的rootkey暴露了

预期结果
使用应用的apikey可以请求 api/core/chat 下的接口,
使用通用的apikey可以请求非应用的所有接口

相关截图

[c121914yu]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Routine inspection

• I have confirmed that there is no similar issue currently
• I have fully reviewed the project README, as well as project documentation
• [x ] I used my own key and confirmed that my key can be used normally
• I understand and am willing to follow up on this issue, assist in testing and provide feedback
• I understand and acknowledge the above content, and understand that project maintainers have limited energy. Issues that do not follow the rules may be ignored or closed directly

your version

• Public cloud version
• Private deployment version

Problem Description

1. api/core/chat/item/delete interface for deleting chat records, using the application’s apikey or global key or rootkey, cannot be requested, error 403 unAuthorization
2. api/core/chat/feedback/userUpdate feedback suggestion interface, does not use any token, can request
3. api/core/ai/agent/createQuestionGuide The next step is to guide the interface. It can be requested using root_key, but it cannot be requested using the application's apikey. Error 403 unAuthorization
   The rootkey of the official website was exposed

expected outcome
Use the application's apikey to request the interface under api/core/chat.
Use a common apikey to request all interfaces of non-applications

Related screenshots

[c121914yu]

非常感谢! 我们立即修复这个问题。
关于apikey无法调用接口，目前并不计划所有接口允许apikey调用，仅支持部分。

[Halecoder]

非常感谢! 我们立即修复这个问题。 关于apikey无法调用接口，目前并不计划所有接口允许apikey调用，仅支持部分。

我也有这样问题，无法导出csv，报错

{
    "code": 403,
    "statusText": "unAuthorization",
    "message": "凭证错误",
    "data": null
}

[c121914yu]

Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑‍🤝‍🧑👫🧑🏿‍🤝‍🧑🏻👩🏾‍🤝‍👨🏿👬🏿

---

Thank you very much! We will fix this immediately. Regarding the interface that apikey cannot call, there are currently no plans to allow apikey to call all interfaces, only some are supported.

I also have this problem, I can't export csv and get an error

{
    "code": 403,
    "statusText": "unAuthorization",
    "message": "Certificate error",
    "data": null
}

[c121914yu]

非常感谢! 我们立即修复这个问题。 关于apikey无法调用接口，目前并不计划所有接口允许apikey调用，仅支持部分。

我也有这样问题，无法导出csv，报错

{
    "code": 403,
    "statusText": "unAuthorization",
    "message": "凭证错误",
    "data": null
}

看着像浏览器不支持cookie，可以尝试换谷歌浏览器。