search

ChatGPTNextWeb / ChatGPT-Next-Web

A cross-platform ChatGPT/Gemini UI (Web / PWA / Linux / Win / MacOS). 一键拥有你自己的跨平台 ChatGPT/Gemini 应用。
https://app.nextchat.dev/
MIT License
75.62k stars 58.88k forks source link

[Bug] 20230505Docker版本的http auth问题 #1305

Closed franocisgar closed 1 year ago

franocisgar commented 1 year ago

用docker部署后,nginx反代同时使用http auth后,会不断要求重新验证,用user:pass@domain 来登录的话就会输入授权密码后就直接

出错了,稍后重试吧

之前还是可以用http auth前置反代的。

Yidadaa commented 1 year ago

https://github.com/Yidadaa/ChatGPT-Next-Web/issues/741#issuecomment-1537172117

hibobmaster commented 1 year ago

@Yidadaa 这里能不能换个请求头,Authorization 和 basic_auth 的请求头冲突 https://github.com/Yidadaa/ChatGPT-Next-Web/blob/bc523d302b7c05050a71cf0460588049aab9d2f9/app/api/auth.ts#L30 我看原来貌似用的是 token 来获取用户输入的api key 应该是这个 commit 引入的: https://github.com/Yidadaa/ChatGPT-Next-Web/commit/48ebd74859042aaa3d8cdbb74a61bd7391400b89

Ma-Chang-an commented 11 months ago

@Yidadaa 这里能不能换个请求头,Authorization 和 basic_auth 的请求头冲突

https://github.com/Yidadaa/ChatGPT-Next-Web/blob/bc523d302b7c05050a71cf0460588049aab9d2f9/app/api/auth.ts#L30

我看原来貌似用的是 token 来获取用户输入的api key 应该是这个 commit 引入的: 48ebd74

@Yidadaa 我有同样的问题,我使用华为云FunctionGraph来部署了ChatGPT-Next-Web,通过华为云的APIG网关来访问页面,当不适用密码是访问正常,可以正常chat,但是当我设置了Code环境变量,并在设置页面输入了密码后,所有HTTPS请求都会被APIG网关拦截,报错401认证错误,原因就是华为云的APIG网关会使用Authorization字段进行鉴权,但是ChatGPT-Next-Web的前端会把密码、API key得信息填写到Authorization字段导致华为云APIG网关鉴权失败,所以建议换一个请求头域段来承载这两个信息,下面是我测试过程的截图,图一是不使用Code密码的访问情况, image

图二是使用CODE密码的访问情况 image

Issues-translate-bot commented 11 months ago

Bot detected the issue body's language is not English, translate it automatically.

@Yidadaa Can you change the request header here? Authorization conflicts with the request header of basic_auth

https://github.com/Yidadaa/ChatGPT-Next-Web/blob/bc523d302b7c05050a71cf0460588049aab9d2f9/app/api/auth.ts#L30

It seems that token is used to obtain the api key entered by the user. It should be introduced by this commit: 48ebd74

@Yidadaa I have the same problem. I used Huawei Cloud FunctionGraph to deploy ChatGPT-Next-Web and accessed the page through Huawei Cloud's APIG gateway. When the password is not applicable, the access is normal and chat can be normal, but when I set the Code After setting the environment variable and entering the password on the settings page, all HTTPS requests will be intercepted by the APIG gateway and a 401 authentication error will be reported. The reason is that Huawei Cloud's APIG gateway will use the Authorization field for authentication, but the front end of ChatGPT-Next-Web will Filling in the password and API key information into the Authorization field caused Huawei Cloud APIG gateway authentication to fail. Therefore, it is recommended to change a request header field to carry these two information. The following is a screenshot of my test process. Figure 1 does not use the Code password. The access situation, Figure 2 shows the access situation using CODE password