From 49dd1a56f0a3e8735638b58427d53cab2fb28429 Mon Sep 17 00:00:00 2001
From: Josh Hayes <35790761+hayescode@users.noreply.github.com>
Date: Fri, 25 Oct 2024 06:03:13 -0500
Subject: [PATCH] Update server.py (#1474)

Solving the underlying issue properly requires moving to HTTP only cookies, which is out of scope for now (we want to properly clean up auth). We're gonna ship this ASAP.

This reopens #1101 and #1438 .
---
 backend/chainlit/server.py | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/backend/chainlit/server.py b/backend/chainlit/server.py
index 7c4a824b68..4893c8d03c 100644
--- a/backend/chainlit/server.py
+++ b/backend/chainlit/server.py
@@ -881,7 +881,7 @@ async def upload_file(
 async def get_file(
     file_id: str,
     session_id: str,
-    current_user: Annotated[Union[User, PersistedUser], Depends(get_current_user)],
+    # current_user: Annotated[Union[User, PersistedUser], Depends(get_current_user)], #TODO: Causes 401 error. See https://github.com/Chainlit/chainlit/issues/1472
 ):
     """Get a file from the session files directory."""
 
@@ -895,12 +895,13 @@ async def get_file(
             detail="Unauthorized",
         )
 
-    if current_user:
-        if not session.user or session.user.identifier != current_user.identifier:
-            raise HTTPException(
-                status_code=401,
-                detail="You are not authorized to download files from this session",
-            )
+     #TODO: Causes 401 error. See https://github.com/Chainlit/chainlit/issues/1472
+    # if current_user:
+    #     if not session.user or session.user.identifier != current_user.identifier:
+    #         raise HTTPException(
+    #             status_code=401,
+    #             detail="You are not authorized to download files from this session",
+    #         )
 
     if file_id in session.files:
         file = session.files[file_id]