dearwolf/LocalAI
1
0
Fork 0
mirror of https://github.com/mudler/LocalAI.git synced 2025-05-20 18:45:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 21

feat: add WebUI API token authorization (#4197)

Browse source 
* return 401 instead of 403, provide www-authenticate header, redirect to the login page, add cookie token support

* set cookies completely through js in auth page
This commit is contained in:
mintyleaf 2024-11-19 21:43:02 +04:00 committed by GitHub
parent 8a4df3af99
commit de148cb2ad
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 119 additions and 96 deletions
Download patch file Download diff file Expand all files Collapse all files

2
core/http/app_test.go
View file

@ -345,7 +345,7 @@ var _ = Describe("API test", func() {
It("Should fail if the api key is missing", func() { It("Should fail if the api key is missing", func() {
err, sc := postInvalidRequest("http://127.0.0.1:9090/models/available") err, sc := postInvalidRequest("http://127.0.0.1:9090/models/available")
Expect(err).ToNot(BeNil()) Expect(err).ToNot(BeNil())
Expect(sc).To(Equal(403)) Expect(sc).To(Equal(401))
}) })
}) })

8
core/http/middleware/auth.go
View file

@ -7,7 +7,6 @@ import (
"github.com/dave-gray101/v2keyauth" "github.com/dave-gray101/v2keyauth"
"github.com/gofiber/fiber/v2" "github.com/gofiber/fiber/v2"
"github.com/gofiber/fiber/v2/middleware/keyauth" "github.com/gofiber/fiber/v2/middleware/keyauth"
"github.com/microcosm-cc/bluemonday"
"github.com/mudler/LocalAI/core/config" "github.com/mudler/LocalAI/core/config"
) )
@ -16,7 +15,7 @@ import (
// Therefore `dave-gray101/v2keyauth` contains the v2 backport of the middleware until v3 stabilizes and we migrate. // Therefore `dave-gray101/v2keyauth` contains the v2 backport of the middleware until v3 stabilizes and we migrate.
func GetKeyAuthConfig(applicationConfig *config.ApplicationConfig) (*v2keyauth.Config, error) { func GetKeyAuthConfig(applicationConfig *config.ApplicationConfig) (*v2keyauth.Config, error) {
customLookup, err := v2keyauth.MultipleKeySourceLookup([]string{"header:Authorization", "header:x-api-key", "header:xi-api-key"}, keyauth.ConfigDefault.AuthScheme) customLookup, err := v2keyauth.MultipleKeySourceLookup([]string{"header:Authorization", "header:x-api-key", "header:xi-api-key", "cookie:token"}, keyauth.ConfigDefault.AuthScheme)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -36,10 +35,11 @@ func getApiKeyErrorHandler(applicationConfig *config.ApplicationConfig) fiber.Er
if len(applicationConfig.ApiKeys) == 0 { if len(applicationConfig.ApiKeys) == 0 {
return ctx.Next() // if no keys are set up, any error we get here is not an error. return ctx.Next() // if no keys are set up, any error we get here is not an error.
} }
ctx.Set("WWW-Authenticate", "Bearer")
if applicationConfig.OpaqueErrors { if applicationConfig.OpaqueErrors {
return ctx.SendStatus(403) return ctx.SendStatus(401)
} }
return ctx.Status(403).SendString(bluemonday.StrictPolicy().Sanitize(err.Error())) return ctx.Status(401).Render("views/login", nil)
} }
if applicationConfig.OpaqueErrors { if applicationConfig.OpaqueErrors {
return ctx.SendStatus(500) return ctx.SendStatus(500)

23
core/http/views/login.html Normal file
View file

@ -0,0 +1,23 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Open Authenticated Website</title>
</head>
<body>
<h1>Authorization is required</h1>
<input type="text" id="token" placeholder="Token" />
<button onclick="login()">Login</button>
<script>
function login() {
const token = document.getElementById('token').value;
var date = new Date();
date.setTime(date.getTime() + (24*60*60*1000));
document.cookie = `token=${token}; expires=${date.toGMTString()}`;
window.location.reload();
}
</script>
</body>
</html>