From b0813eb3f6623c1e71a46038b16dff63ba13d0c3 Mon Sep 17 00:00:00 2001 From: hlohaus <983577+hlohaus@users.noreply.github.com> Date: Tue, 23 Dec 2025 23:18:49 +0100 Subject: [PATCH] Refactor authentication cookie retrieval in HuggingChat; enhance header update logic in AppConfig and Backend_Api for improved flexibility --- g4f/Provider/needs_auth/hf/HuggingChat.py | 2 +- g4f/api/__init__.py | 12 +++++++----- g4f/gui/server/backend_api.py | 2 +- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/g4f/Provider/needs_auth/hf/HuggingChat.py b/g4f/Provider/needs_auth/hf/HuggingChat.py index ae3762f3..07f8d94c 100644 --- a/g4f/Provider/needs_auth/hf/HuggingChat.py +++ b/g4f/Provider/needs_auth/hf/HuggingChat.py @@ -62,7 +62,7 @@ class HuggingChat(AsyncAuthedProvider, ProviderModelMixin): @classmethod async def on_auth_async(cls, cookies: Cookies = None, proxy: str = None, **kwargs) -> AsyncIterator: if cookies is None: - cookies = get_cookies(cls.domain, single_browser=True) + cookies = get_cookies(cls.domain, raise_requirements_error=False, single_browser=True) try: yield RequestLogin(cls.__name__, os.environ.get("G4F_LOGIN_URL") or "") yield AuthResult( diff --git a/g4f/api/__init__.py b/g4f/api/__init__.py index bd4c07e6..06b0b6d0 100644 --- a/g4f/api/__init__.py +++ b/g4f/api/__init__.py @@ -193,9 +193,10 @@ class AppConfig: if value is not None: setattr(cls, key, value) -def update_headers(request: Request, user: str) -> Request: +def update_headers(request: Request, delete_authorization: bool = True, user: str = None) -> Request: new_headers = request.headers.mutablecopy() - del new_headers["Authorization"] + if delete_authorization and "authorization" in new_headers: + del new_headers["authorization"] if user: new_headers["x-user"] = user request.scope["headers"] = new_headers.raw @@ -236,11 +237,12 @@ class Api: async def authorization(request: Request, call_next): user = None if request.method != "OPTIONS" and AppConfig.g4f_api_key is not None or AppConfig.demo: + delete_authorization = False try: user_g4f_api_key = await self.get_g4f_api_key(request) except HTTPException: - user_g4f_api_key = await self.security(request) - user_g4f_api_key = getattr(user_g4f_api_key, "credentials", user_g4f_api_key) + user_g4f_api_key = getattr(await self.security(request), "credentials", None) + delete_authorization = True country = request.headers.get("Cf-Ipcountry", "") if AppConfig.demo and user is None: ip = request.headers.get("X-Forwarded-For", "")[:4].strip(":.") @@ -293,7 +295,7 @@ class Api: user = await self.get_username(request) except HTTPException as e: return ErrorResponse.from_message(e.detail, e.status_code, e.headers) - request = update_headers(request, user) + request = update_headers(request, delete_authorization, user) response = await call_next(request) return response diff --git a/g4f/gui/server/backend_api.py b/g4f/gui/server/backend_api.py index 9c2845a2..21cfb26b 100644 --- a/g4f/gui/server/backend_api.py +++ b/g4f/gui/server/backend_api.py @@ -181,7 +181,7 @@ class Backend_Api(Api): logger.exception(e) return jsonify({"error": {"message": "Invalid JSON data"}}), 400 if app.demo and has_crypto: - secret = request.headers.get("x_secret") + secret = request.headers.get("x-secret", request.headers.get("x_secret")) if not secret or not validate_secret(secret): return jsonify({"error": {"message": "Invalid or missing secret"}}), 403 tempfiles = []