From 78c37e470f4ccef4d10ce982dc45263e8f2443c7 Mon Sep 17 00:00:00 2001
From: "raoha.rh" <raohai.rh@antgroup.com>
Date: Fri, 22 Nov 2024 16:04:24 +0800
Subject: [PATCH 1/2] fix: 1122 issues

---
 server/auth/middleware.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/auth/middleware.py b/server/auth/middleware.py
index 04591656..1b33694a 100644
--- a/server/auth/middleware.py
+++ b/server/auth/middleware.py
@@ -23,6 +23,7 @@
 ]
 
 ANONYMOUS_USER_ALLOW_LIST = [
+  "/api/auth/userinfo"
   "/api/chat/qa",
   "/api/chat/stream_qa",
 ]

From 63526886eea576276985d8bd05a44e32ff1e35df Mon Sep 17 00:00:00 2001
From: "raoha.rh" <raohai.rh@antgroup.com>
Date: Fri, 22 Nov 2024 17:43:14 +0800
Subject: [PATCH 2/2] fix: quote

---
 server/auth/cors_middleware.py | 1 -
 server/auth/middleware.py      | 6 +++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/server/auth/cors_middleware.py b/server/auth/cors_middleware.py
index 4f3c0700..367838ea 100644
--- a/server/auth/cors_middleware.py
+++ b/server/auth/cors_middleware.py
@@ -28,6 +28,5 @@ async def dispatch(self, request: Request, call_next: Callable[[Request], Awaita
     def mutate_cors_headers(self, request: Request, response: Response):
         requested_origin = request.headers.get('origin')
         headers = response.headers
-
         headers["Access-Control-Allow-Origin"] = requested_origin
         return headers
diff --git a/server/auth/middleware.py b/server/auth/middleware.py
index 1b33694a..44a8912e 100644
--- a/server/auth/middleware.py
+++ b/server/auth/middleware.py
@@ -23,7 +23,7 @@
 ]
 
 ANONYMOUS_USER_ALLOW_LIST = [
-  "/api/auth/userinfo"
+  "/api/auth/userinfo",
   "/api/chat/qa",
   "/api/chat/stream_qa",
 ]
@@ -53,8 +53,8 @@ async def oauth(self, request: Request):
         
   async def dispatch(self, request: Request, call_next: Callable[[Request], Awaitable[Response]]) -> Response:
     try:
-      if ENVRIMENT == "development":
-        return await call_next(request)
+      # if ENVRIMENT == "development":
+      #   return await call_next(request)
       
       # Auth 相关的直接放过
       if request.url.path.startswith("/api/auth"):