From c44b0b64c325395b676ef2302fd1c18a51a2e6e2 Mon Sep 17 00:00:00 2001
From: LittleSheep <littlesheep.code@hotmail.com>
Date: Mon, 25 Aug 2025 22:39:35 +0800
Subject: [PATCH] :bug: Fix api key auth issue

---
 DysonNetwork.Pass/Auth/Auth.cs             | 2 +-
 DysonNetwork.Pass/Auth/TokenAuthService.cs | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/DysonNetwork.Pass/Auth/Auth.cs b/DysonNetwork.Pass/Auth/Auth.cs
index 30c26d5..d182c73 100644
--- a/DysonNetwork.Pass/Auth/Auth.cs
+++ b/DysonNetwork.Pass/Auth/Auth.cs
@@ -70,7 +70,7 @@ public class DysonTokenAuthHandler(
             };
 
             // Add scopes as claims
-            session.Challenge.Scopes.ForEach(scope => claims.Add(new Claim("scope", scope)));
+            session.Challenge?.Scopes.ForEach(scope => claims.Add(new Claim("scope", scope)));
 
             // Add superuser claim if applicable
             if (session.Account.IsSuperuser)
diff --git a/DysonNetwork.Pass/Auth/TokenAuthService.cs b/DysonNetwork.Pass/Auth/TokenAuthService.cs
index c139f0e..849431e 100644
--- a/DysonNetwork.Pass/Auth/TokenAuthService.cs
+++ b/DysonNetwork.Pass/Auth/TokenAuthService.cs
@@ -22,6 +22,7 @@ public class TokenAuthService(
     /// then cache and return.
     /// </summary>
     /// <param name="token">Incoming token string</param>
+    /// <param name="ipAddress">Client IP address, for logging purposes</param>
     /// <returns>(Valid, Session, Message)</returns>
     public async Task<(bool Valid, AuthSession? Session, string? Message)> AuthenticateTokenAsync(string token, string? ipAddress = null)
     {