Auth: Fix key check coalesce

Prefer the auth-specific headers before the generic authorization header. Signed-off-by: kingbri <bdashore3@proton.me>
2026-05-01 03:31:24 +00:00 · 2024-07-19 10:08:57 -04:00
parent e20a2d504b
commit 38185a1ff4
2 changed files with 2 additions and 2 deletions
--- a/common/auth.py
+++ b/common/auth.py
@@ -86,9 +86,9 @@ def get_key_permission(request: Request):

    # Hyphens are okay here
    test_key = coalesce(
-        request.headers.get("authorization"),
        request.headers.get("x-admin-key"),
        request.headers.get("x-api-key"),
+        request.headers.get("authorization"),
    )

    if test_key is None:
--- a/endpoints/OAI/router.py
+++ b/endpoints/OAI/router.py
@@ -432,9 +432,9 @@ async def key_permission(request: Request) -> AuthPermissionResponse:
    Gets the access level/permission of a provided key in headers.

    Priority:
-    - Authorization
    - X-admin-key
    - X-api-key
+    - Authorization
    """

    try: