tdpeuter/open-webui
tdpeuter/open-webui
1
Fork 0
forked from open-webui/open-webui
Code Issues Pull requests 1 Releases 2 Packages Activity Actions
open-webui/backend/apps/web/routers/auths.py

256 lines
7.2 KiB
Python
Raw Normal View History

feat: toggle signup enable from admin panel
2024-01-01 21:32:28 +01:00
from fastapi import Response, Request
feat: multi-user support w/ RBAC
2023-11-19 01:47:12 +01:00
from fastapi import Depends, FastAPI, HTTPException, status
from datetime import datetime, timedelta
from typing import List, Union
Endpoint role-checking was redundantly applied but FastAPI provides a nice abstraction mechanic...so I applied it. There should be no logical changes in this code; only simpler, cleaner ways for doing the same thing.
2024-02-09 01:05:01 +01:00
from fastapi import APIRouter, status
feat: multi-user support w/ RBAC
2023-11-19 01:47:12 +01:00
from pydantic import BaseModel
import time
import uuid
feat: jwt utils
2024-02-20 05:44:00 +01:00
import re
feat: multi-user support w/ RBAC
2023-11-19 01:47:12 +01:00
from apps.web.models.auths import (
SigninForm,
SignupForm,
feat: profile update frontend integration
2024-01-27 06:22:25 +01:00
UpdateProfileForm,
feat: change password support
2023-12-29 09:12:30 +01:00
UpdatePasswordForm,
feat: multi-user support w/ RBAC
2023-11-19 01:47:12 +01:00
UserResponse,
SigninResponse,
Auths,
)
from apps.web.models.users import Users
feat: admin settings
2024-02-14 10:17:43 +01:00
from utils.utils import (
get_password_hash,
get_current_user,
get_admin_user,
create_token,
)
feat: jwt utils
2024-02-20 05:44:00 +01:00
from utils.misc import parse_duration, validate_email_format
feat: webhook backend
2024-03-21 02:35:02 +01:00
from utils.webhook import post_webhook
from constants import ERROR_MESSAGES, WEBHOOK_MESSAGES
feat: multi-user support w/ RBAC
2023-11-19 01:47:12 +01:00
feat: admin panel added
2023-11-19 09:13:59 +01:00
router = APIRouter()
feat: multi-user support w/ RBAC
2023-11-19 01:47:12 +01:00
############################
# GetSessionUser
############################
refac: remove the verify_token and use get-current user for auth+user
2024-01-01 09:55:50 +01:00
@router.get("/", response_model=UserResponse)
refac: use dependencies to verify token - feat: added new util to get the current user when needed. Middleware was adding authentication logic to all the routes. let's revisit if we can move the non-auth endpoints to a separate route. - refac: update the routes to use new helpers for verification and retrieving user - chore: added black for local formatting of py code
2023-12-30 11:53:33 +01:00
async def get_session_user(user=Depends(get_current_user)):
return {
"id": user.id,
"email": user.email,
"name": user.name,
"role": user.role,
"profile_image_url": user.profile_image_url,
}
feat: multi-user support w/ RBAC
2023-11-19 01:47:12 +01:00
feat: profile image update backend
2024-01-27 05:27:45 +01:00
############################
feat: profile update frontend integration
2024-01-27 06:22:25 +01:00
# Update Profile
feat: profile image update backend
2024-01-27 05:27:45 +01:00
############################
@router.post("/update/profile", response_model=UserResponse)
feat: profile update frontend integration
2024-01-27 06:22:25 +01:00
async def update_profile(
form_data: UpdateProfileForm, session_user=Depends(get_current_user)
feat: profile image update backend
2024-01-27 05:27:45 +01:00
):
if session_user:
feat: profile update frontend integration
2024-01-27 06:22:25 +01:00
user = Users.update_user_by_id(
session_user.id,
{"profile_image_url": form_data.profile_image_url, "name": form_data.name},
feat: profile image update backend
2024-01-27 05:27:45 +01:00
)
if user:
return user
else:
raise HTTPException(400, detail=ERROR_MESSAGES.DEFAULT())
else:
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
feat: change password support
2023-12-29 09:12:30 +01:00
############################
# Update Password
############################
refac: remove the verify_token and use get-current user for auth+user
2024-01-01 09:55:50 +01:00
@router.post("/update/password", response_model=bool)
feat: profile image update backend
2024-01-27 05:27:45 +01:00
async def update_password(
form_data: UpdatePasswordForm, session_user=Depends(get_current_user)
):
feat: change password frontend added
2023-12-29 09:26:47 +01:00
if session_user:
user = Auths.authenticate_user(session_user.email, form_data.password)
feat: change password support
2023-12-29 09:12:30 +01:00
feat: change password frontend added
2023-12-29 09:26:47 +01:00
if user:
hashed = get_password_hash(form_data.new_password)
chore: update password refac
2023-12-29 09:29:18 +01:00
return Auths.update_user_password_by_id(user.id, hashed)
feat: change password frontend added
2023-12-29 09:26:47 +01:00
else:
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_PASSWORD)
feat: change password support
2023-12-29 09:12:30 +01:00
else:
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
feat: multi-user support w/ RBAC
2023-11-19 01:47:12 +01:00
############################
# SignIn
############################
@router.post("/signin", response_model=SigninResponse)
feat: jwt utils
2024-02-20 05:44:00 +01:00
async def signin(request: Request, form_data: SigninForm):
feat: multi-user support w/ RBAC
2023-11-19 01:47:12 +01:00
user = Auths.authenticate_user(form_data.email.lower(), form_data.password)
if user:
feat: jwt utils
2024-02-20 05:44:00 +01:00
token = create_token(
data={"id": user.id},
expires_delta=parse_duration(request.app.state.JWT_EXPIRES_IN),
)
feat: multi-user support w/ RBAC
2023-11-19 01:47:12 +01:00
return {
"token": token,
"token_type": "Bearer",
"id": user.id,
"email": user.email,
"name": user.name,
"role": user.role,
feat: basic RBAC support
2023-11-19 06:41:43 +01:00
"profile_image_url": user.profile_image_url,
feat: multi-user support w/ RBAC
2023-11-19 01:47:12 +01:00
}
else:
feat: basic RBAC support
2023-11-19 06:41:43 +01:00
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
feat: multi-user support w/ RBAC
2023-11-19 01:47:12 +01:00
############################
# SignUp
############################
@router.post("/signup", response_model=SigninResponse)
feat: toggle signup enable from admin panel
2024-01-01 21:32:28 +01:00
async def signup(request: Request, form_data: SignupForm):
feat: add guard clause to improve signup process
2024-01-20 15:54:53 +01:00
if not request.app.state.ENABLE_SIGNUP:
feat: admin settings
2024-02-14 10:17:43 +01:00
raise HTTPException(
status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.ACCESS_PROHIBITED
)
feat: profile image update backend
2024-01-27 05:27:45 +01:00
feat: add guard clause to improve signup process
2024-01-20 15:54:53 +01:00
if not validate_email_format(form_data.email.lower()):
feat: admin settings
2024-02-14 10:17:43 +01:00
raise HTTPException(
status.HTTP_400_BAD_REQUEST, detail=ERROR_MESSAGES.INVALID_EMAIL_FORMAT
)
feat: profile image update backend
2024-01-27 05:27:45 +01:00
feat: add guard clause to improve signup process
2024-01-20 15:54:53 +01:00
if Users.get_user_by_email(form_data.email.lower()):
raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)
feat: profile image update backend
2024-01-27 05:27:45 +01:00
feat: add guard clause to improve signup process
2024-01-20 15:54:53 +01:00
try:
feat: admin settings
2024-02-14 10:17:43 +01:00
role = (
"admin"
if Users.get_num_users() == 0
else request.app.state.DEFAULT_USER_ROLE
)
feat: add guard clause to improve signup process
2024-01-20 15:54:53 +01:00
hashed = get_password_hash(form_data.password)
feat: profile image update backend
2024-01-27 05:27:45 +01:00
user = Auths.insert_new_auth(
run npm run lint:backend
2024-04-04 10:10:51 +02:00
form_data.email.lower(),
hashed,
form_data.name,
form_data.profile_image_url,
role,
feat: profile image update backend
2024-01-27 05:27:45 +01:00
)
feat: toggle signup enable from admin panel
2024-01-01 21:32:28 +01:00
feat: add guard clause to improve signup process
2024-01-20 15:54:53 +01:00
if user:
feat: jwt utils
2024-02-20 05:44:00 +01:00
token = create_token(
data={"id": user.id},
expires_delta=parse_duration(request.app.state.JWT_EXPIRES_IN),
)
feat: add guard clause to improve signup process
2024-01-20 15:54:53 +01:00
# response.set_cookie(key='token', value=token, httponly=True)
feat: webhook backend
2024-03-21 02:35:02 +01:00
if request.app.state.WEBHOOK_URL:
post_webhook(
request.app.state.WEBHOOK_URL,
refac: post webhook
2024-03-21 02:47:13 +01:00
WEBHOOK_MESSAGES.USER_SIGNUP(user.name),
feat: webhook backend
2024-03-21 02:35:02 +01:00
{
"action": "signup",
"message": WEBHOOK_MESSAGES.USER_SIGNUP(user.name),
"user": user.model_dump_json(exclude_none=True),
},
)
feat: add guard clause to improve signup process
2024-01-20 15:54:53 +01:00
return {
"token": token,
"token_type": "Bearer",
"id": user.id,
"email": user.email,
"name": user.name,
"role": user.role,
"profile_image_url": user.profile_image_url,
}
else:
feat: profile image update backend
2024-01-27 05:27:45 +01:00
raise HTTPException(500, detail=ERROR_MESSAGES.CREATE_USER_ERROR)
feat: add guard clause to improve signup process
2024-01-20 15:54:53 +01:00
except Exception as err:
feat: profile image update backend
2024-01-27 05:27:45 +01:00
raise HTTPException(500, detail=ERROR_MESSAGES.DEFAULT(err))
feat: toggle signup enable from admin panel
2024-01-01 21:32:28 +01:00
############################
# ToggleSignUp
############################
@router.get("/signup/enabled", response_model=bool)
Endpoint role-checking was redundantly applied but FastAPI provides a nice abstraction mechanic...so I applied it. There should be no logical changes in this code; only simpler, cleaner ways for doing the same thing.
2024-02-09 01:05:01 +01:00
async def get_sign_up_status(request: Request, user=Depends(get_admin_user)):
return request.app.state.ENABLE_SIGNUP
feat: toggle signup enable from admin panel
2024-01-01 21:32:28 +01:00
@router.get("/signup/enabled/toggle", response_model=bool)
Endpoint role-checking was redundantly applied but FastAPI provides a nice abstraction mechanic...so I applied it. There should be no logical changes in this code; only simpler, cleaner ways for doing the same thing.
2024-02-09 01:05:01 +01:00
async def toggle_sign_up(request: Request, user=Depends(get_admin_user)):
request.app.state.ENABLE_SIGNUP = not request.app.state.ENABLE_SIGNUP
return request.app.state.ENABLE_SIGNUP
feat: admin settings
2024-02-14 10:17:43 +01:00
############################
# Default User Role
############################
@router.get("/signup/user/role")
async def get_default_user_role(request: Request, user=Depends(get_admin_user)):
return request.app.state.DEFAULT_USER_ROLE
class UpdateRoleForm(BaseModel):
role: str
@router.post("/signup/user/role")
async def update_default_user_role(
request: Request, form_data: UpdateRoleForm, user=Depends(get_admin_user)
):
if form_data.role in ["pending", "user", "admin"]:
request.app.state.DEFAULT_USER_ROLE = form_data.role
return request.app.state.DEFAULT_USER_ROLE
feat: jwt utils
2024-02-20 05:44:00 +01:00
############################
# JWT Expiration
############################
@router.get("/token/expires")
async def get_token_expires_duration(request: Request, user=Depends(get_admin_user)):
return request.app.state.JWT_EXPIRES_IN
class UpdateJWTExpiresDurationForm(BaseModel):
duration: str
@router.post("/token/expires/update")
async def update_token_expires_duration(
request: Request,
form_data: UpdateJWTExpiresDurationForm,
user=Depends(get_admin_user),
):
pattern = r"^(-1|0|(-?\d+(\.\d+)?)(ms|s|m|h|d|w))$"
# Check if the input string matches the pattern
if re.match(pattern, form_data.duration):
request.app.state.JWT_EXPIRES_IN = form_data.duration
return request.app.state.JWT_EXPIRES_IN
else:
return request.app.state.JWT_EXPIRES_IN
Copy permalink