[Bug]: Get conversation history doesn't validate API key

[RELmon25]

Is there an existing issue for the same bug?

• [X] I have checked the existing issues.

Branch name

main

Commit ID

unknown

Other environment information

No response

Actual behavior

I sent a request to the Chat Bot API to get the history of a conversation with a fake API key and it worked.

I reviewed the code (in the api/apps/api_app.py file) and I noticed there isn't an API key validation on this method:

@manager.route('/conversation/<conversation_id>', methods=['GET'])
# @login_required
def get(conversation_id):
    try:
        e, conv = API4ConversationService.get_by_id(conversation_id)
        if not e:
            return get_data_error_result(retmsg="Conversation not found!")

        conv = conv.to_dict()
        for referenct_i in conv['reference']:
            if referenct_i is None or len(referenct_i) == 0:
                continue
            for chunk_i in referenct_i['chunks']:
                if 'docnm_kwd' in chunk_i.keys():
                    chunk_i['doc_name'] = chunk_i['docnm_kwd']
                    chunk_i.pop('docnm_kwd')
        return get_json_result(data=conv)
    except Exception as e:
        return server_error_response(e)

Expected behavior

It shouldn't work. There should be a validation to verify the API key actually exists.

Steps to reproduce

Get a new conversation id with the /api/new_conversation method (adding the correct API key in the headers).
Get the conversation history with the /api/conversation/<id> method (adding a fake API key in the headers).

Additional information

No response