Make opt in to only restrict API calls for prompt and apis using REST…

…RICT_APIS_ONLY. Only restricting queuing/prompting a job
ServiceStack · Nov 21, 2024 · baa503e · baa503e
1 parent a9ffbc3
commit baa503e
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/comfy/ai-agent-extension/main.py b/comfy/ai-agent-extension/main.py
@@ -102,9 +102,6 @@ async def engines_list(request):
 async def simple_api_key_auth(request, handler):
     # Allow paths that aren't /prompt or don't start with /api
     path = request.path
-    restrict_apis_only = os.getenv('RESTRICT_APIS_ONLY', 'false').lower() == 'true'
-    if path != '/prompt' and not path.startswith('/api/prompt') and restrict_apis_only:
-        return await handler(request)
 
     auth_token = os.getenv('AGENT_PASSWORD')
     is_authorized = False
@@ -121,6 +118,11 @@ async def simple_api_key_auth(request, handler):
         if request.query['apiKey'] == auth_token:
             is_authorized = True
 
+
+    restrict_apis_only = os.getenv('RESTRICT_APIS_ONLY', 'false').lower() == 'true'
+    if path != '/prompt' and not path.startswith('/api/prompt') and restrict_apis_only and is_authorized is False:
+        is_authorized = True
+
     # Return error if neither authentication method succeeded
     if not is_authorized:
         return web.json_response({