feat: add ALLOW_ADMIN_EXPORT to disable exporting of chats and the db

This commit is contained in:
Jun Siang Cheah 2024-04-17 09:33:22 +01:00
parent 1e76dbc9a0
commit 190b934ab5
6 changed files with 44 additions and 25 deletions

View file

@ -28,7 +28,10 @@ from apps.web.models.tags import (
from constants import ERROR_MESSAGES from constants import ERROR_MESSAGES
from config import SRC_LOG_LEVELS from config import (
SRC_LOG_LEVELS,
ALLOW_ADMIN_EXPORT
)
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
log.setLevel(SRC_LOG_LEVELS["MODELS"]) log.setLevel(SRC_LOG_LEVELS["MODELS"])
@ -79,6 +82,11 @@ async def get_all_user_chats(user=Depends(get_current_user)):
@router.get("/all/db", response_model=List[ChatResponse]) @router.get("/all/db", response_model=List[ChatResponse])
async def get_all_user_chats_in_db(user=Depends(get_admin_user)): async def get_all_user_chats_in_db(user=Depends(get_admin_user)):
if not ALLOW_ADMIN_EXPORT:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
)
return [ return [
ChatResponse(**{**chat.model_dump(), "chat": json.loads(chat.chat)}) ChatResponse(**{**chat.model_dump(), "chat": json.loads(chat.chat)})
for chat in Chats.get_all_chats() for chat in Chats.get_all_chats()

View file

@ -91,7 +91,11 @@ async def download_chat_as_pdf(
@router.get("/db/download") @router.get("/db/download")
async def download_db(user=Depends(get_admin_user)): async def download_db(user=Depends(get_admin_user)):
if not ALLOW_ADMIN_EXPORT:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
)
return FileResponse( return FileResponse(
f"{DATA_DIR}/webui.db", f"{DATA_DIR}/webui.db",
media_type="application/octet-stream", media_type="application/octet-stream",

View file

@ -382,6 +382,8 @@ MODEL_FILTER_LIST = [model.strip() for model in MODEL_FILTER_LIST.split(";")]
WEBHOOK_URL = os.environ.get("WEBHOOK_URL", "") WEBHOOK_URL = os.environ.get("WEBHOOK_URL", "")
ALLOW_ADMIN_EXPORT = os.environ.get("ALLOW_ADMIN_EXPORT", "True").lower() == "true"
#################################### ####################################
# WEBUI_VERSION # WEBUI_VERSION
#################################### ####################################

View file

@ -52,6 +52,7 @@ from config import (
GLOBAL_LOG_LEVEL, GLOBAL_LOG_LEVEL,
SRC_LOG_LEVELS, SRC_LOG_LEVELS,
WEBHOOK_URL, WEBHOOK_URL,
ALLOW_ADMIN_EXPORT,
) )
from constants import ERROR_MESSAGES from constants import ERROR_MESSAGES
@ -207,6 +208,7 @@ async def get_app_config():
"default_models": webui_app.state.DEFAULT_MODELS, "default_models": webui_app.state.DEFAULT_MODELS,
"default_prompt_suggestions": webui_app.state.DEFAULT_PROMPT_SUGGESTIONS, "default_prompt_suggestions": webui_app.state.DEFAULT_PROMPT_SUGGESTIONS,
"trusted_header_auth": bool(webui_app.state.AUTH_TRUSTED_EMAIL_HEADER), "trusted_header_auth": bool(webui_app.state.AUTH_TRUSTED_EMAIL_HEADER),
"allow_admin_export": ALLOW_ADMIN_EXPORT,
} }

View file

@ -1,6 +1,7 @@
<script lang="ts"> <script lang="ts">
import { downloadDatabase } from '$lib/apis/utils'; import { downloadDatabase } from '$lib/apis/utils';
import { onMount, getContext } from 'svelte'; import { onMount, getContext } from 'svelte';
import { config } from '$lib/stores';
const i18n = getContext('i18n'); const i18n = getContext('i18n');
@ -24,6 +25,7 @@
<div class=" flex w-full justify-between"> <div class=" flex w-full justify-between">
<!-- <div class=" self-center text-xs font-medium">{$i18n.t('Allow Chat Deletion')}</div> --> <!-- <div class=" self-center text-xs font-medium">{$i18n.t('Allow Chat Deletion')}</div> -->
{#if $config?.allow_admin_export ?? true}
<button <button
class=" flex rounded-md py-1.5 px-3 w-full hover:bg-gray-200 dark:hover:bg-gray-800 transition" class=" flex rounded-md py-1.5 px-3 w-full hover:bg-gray-200 dark:hover:bg-gray-800 transition"
type="button" type="button"
@ -50,6 +52,7 @@
</div> </div>
<div class=" self-center text-sm font-medium">{$i18n.t('Download Database')}</div> <div class=" self-center text-sm font-medium">{$i18n.t('Download Database')}</div>
</button> </button>
{/if}
</div> </div>
</div> </div>
</div> </div>

View file

@ -301,7 +301,7 @@
</button> </button>
{/if} {/if}
{#if $user?.role === 'admin'} {#if $user?.role === 'admin' && ($config?.allow_admin_export ?? true)}
<hr class=" dark:border-gray-700" /> <hr class=" dark:border-gray-700" />
<button <button