From 899ab77bb0efc8469d2a592196957d0441516bee Mon Sep 17 00:00:00 2001
From: YuLi <liyu7352@gmail.com>
Date: Sat, 13 Jun 2026 01:38:44 -0700
Subject: [PATCH] Restore secret requirement for HTTP API auth

---
 server/WebApi.cpp | 28 +++-------------------------
 1 file changed, 3 insertions(+), 25 deletions(-)

diff --git a/server/WebApi.cpp b/server/WebApi.cpp
index 148f4500..d547b1fe 100755
--- a/server/WebApi.cpp
+++ b/server/WebApi.cpp
@@ -741,31 +741,9 @@ void check_secret(toolkit::SockInfo &sender, mediakit::HttpSession::KeyValue &he
         throw AuthException("Your ip is not allowed to access the service.");
     }
 
-    try {
-        auto logined_cookie = HttpCookieManager::Instance().getCookie(kLoginedCookieName, allArgs.getParser().getHeader());
-        if (!logined_cookie) {
-            auto unlogin_cookie = HttpCookieManager::Instance().getCookie(kUnLoginCookieName, allArgs.getParser().getHeader());
-            if (!unlogin_cookie) {
-                unlogin_cookie = HttpCookieManager::Instance().addCookie(kUnLoginCookieName, "", kUnLoginCookieLifeSeconds);
-                headerOut["Set-Cookie"] = unlogin_cookie->getCookie(kLoginCookiePath);
-            }
-            val["cookie"] = unlogin_cookie->getCookie();
-            throw AuthException("Please login first", headerOut, val);
-        }
-        // 优先cookie登陆鉴权
-    } catch (...) {
-        try {
-            // cookie登陆鉴权失败了再比对secret
-            CHECK_ARGS("secret");
-            if (api_secret != allArgs["secret"]) {
-                throw AuthException("Incorrect secret");
-            }
-            return;
-        } catch (...) {
-            // 未提供secret或secret不匹配，这个异常隐藏
-        }
-        // secret鉴权模式失败，抛出要求cookie登录的异常
-        throw;
+    CHECK_ARGS("secret");
+    if (api_secret != allArgs["secret"]) {
+        throw AuthException("Incorrect secret");
     }
 }