From 29f13f34d3b58371dde8a8fcd11bf191fe11e5cd Mon Sep 17 00:00:00 2001
From: Jun Siang Cheah <me@jscheah.me>
Date: Tue, 26 Mar 2024 21:30:53 +0000
Subject: [PATCH 1/6] feat: add WEBUI_AUTH_TRUSTED_EMAIL_HEADER for
 authenticating users by a trusted header This is very yolo code, use at your
 own risk

---
 Dockerfile                        |  1 +
 backend/apps/web/main.py          |  3 ++-
 backend/apps/web/models/auths.py  | 11 +++++++++++
 backend/apps/web/routers/auths.py | 25 ++++++++++++++++++++++++-
 backend/config.py                 |  2 ++
 backend/constants.py              |  2 ++
 backend/main.py                   |  1 +
 src/routes/auth/+page.svelte      | 26 +++++++++++++++-----------
 8 files changed, 58 insertions(+), 13 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index de501838..5f0c13cb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,6 +26,7 @@ ENV OPENAI_API_BASE_URL ""
 ENV OPENAI_API_KEY ""
 
 ENV WEBUI_SECRET_KEY ""
+ENV WEBUI_AUTH_TRUSTED_EMAIL_HEADER ""
 
 ENV SCARF_NO_ANALYTICS true
 ENV DO_NOT_TRACK true
diff --git a/backend/apps/web/main.py b/backend/apps/web/main.py
index dd5c0c70..66cdfb3d 100644
--- a/backend/apps/web/main.py
+++ b/backend/apps/web/main.py
@@ -20,6 +20,7 @@ from config import (
     ENABLE_SIGNUP,
     USER_PERMISSIONS,
     WEBHOOK_URL,
+    WEBUI_AUTH_TRUSTED_EMAIL_HEADER,
 )
 
 app = FastAPI()
@@ -34,7 +35,7 @@ app.state.DEFAULT_PROMPT_SUGGESTIONS = DEFAULT_PROMPT_SUGGESTIONS
 app.state.DEFAULT_USER_ROLE = DEFAULT_USER_ROLE
 app.state.USER_PERMISSIONS = USER_PERMISSIONS
 app.state.WEBHOOK_URL = WEBHOOK_URL
-
+app.state.AUTH_TRUSTED_EMAIL_HEADER = WEBUI_AUTH_TRUSTED_EMAIL_HEADER
 
 app.add_middleware(
     CORSMiddleware,
diff --git a/backend/apps/web/models/auths.py b/backend/apps/web/models/auths.py
index b26236ef..26934d6e 100644
--- a/backend/apps/web/models/auths.py
+++ b/backend/apps/web/models/auths.py
@@ -122,6 +122,17 @@ class AuthsTable:
         except:
             return None
 
+    def authenticate_user_by_trusted_header(self,
+                                            email: str) -> Optional[UserModel]:
+        log.info(f"authenticate_user_by_trusted_header: {email}")
+        try:
+            auth = Auth.get(Auth.email == email, Auth.active == True)
+            if auth:
+                user = Users.get_user_by_id(auth.id)
+                return user
+        except:
+            return None
+
     def update_user_password_by_id(self, id: str, new_password: str) -> bool:
         try:
             query = Auth.update(password=new_password).where(Auth.id == id)
diff --git a/backend/apps/web/routers/auths.py b/backend/apps/web/routers/auths.py
index d881ec74..c1a1121b 100644
--- a/backend/apps/web/routers/auths.py
+++ b/backend/apps/web/routers/auths.py
@@ -29,6 +29,7 @@ from utils.utils import (
 from utils.misc import parse_duration, validate_email_format
 from utils.webhook import post_webhook
 from constants import ERROR_MESSAGES, WEBHOOK_MESSAGES
+from config import WEBUI_AUTH_TRUSTED_EMAIL_HEADER
 
 router = APIRouter()
 
@@ -79,6 +80,8 @@ async def update_profile(
 async def update_password(
     form_data: UpdatePasswordForm, session_user=Depends(get_current_user)
 ):
+    if WEBUI_AUTH_TRUSTED_EMAIL_HEADER:
+        raise HTTPException(400, detail=ERROR_MESSAGES.ACTION_PROHIBITED)
     if session_user:
         user = Auths.authenticate_user(session_user.email, form_data.password)
 
@@ -98,7 +101,16 @@ async def update_password(
 
 @router.post("/signin", response_model=SigninResponse)
 async def signin(request: Request, form_data: SigninForm):
-    user = Auths.authenticate_user(form_data.email.lower(), form_data.password)
+    if WEBUI_AUTH_TRUSTED_EMAIL_HEADER:
+        if WEBUI_AUTH_TRUSTED_EMAIL_HEADER not in request.headers:
+            raise HTTPException(400,
+                                detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)
+        trusted_email = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER].lower(
+        )
+        user = Auths.authenticate_user_by_trusted_header(trusted_email)
+    else:
+        user = Auths.authenticate_user(form_data.email.lower(),
+                                       form_data.password)
     if user:
         token = create_token(
             data={"id": user.id},
@@ -138,6 +150,17 @@ async def signup(request: Request, form_data: SignupForm):
     if Users.get_user_by_email(form_data.email.lower()):
         raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)
 
+    if WEBUI_AUTH_TRUSTED_EMAIL_HEADER:
+        if WEBUI_AUTH_TRUSTED_EMAIL_HEADER not in request.headers:
+            raise HTTPException(400,
+                                detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)
+        trusted_email = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER].lower(
+        )
+        if trusted_email != form_data.email:
+            raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_MISMATCH)
+        # TODO: Yolo hack to assign a password
+        form_data.password = str(uuid.uuid4())
+
     try:
         role = (
             "admin"
diff --git a/backend/config.py b/backend/config.py
index 27311fac..41269488 100644
--- a/backend/config.py
+++ b/backend/config.py
@@ -348,6 +348,8 @@ WEBUI_VERSION = os.environ.get("WEBUI_VERSION", "v1.0.0-alpha.100")
 ####################################
 
 WEBUI_AUTH = True
+WEBUI_AUTH_TRUSTED_EMAIL_HEADER = os.environ.get(
+    "WEBUI_AUTH_TRUSTED_EMAIL_HEADER", None)
 
 ####################################
 # WEBUI_SECRET_KEY
diff --git a/backend/constants.py b/backend/constants.py
index 8bcdd078..f8daf338 100644
--- a/backend/constants.py
+++ b/backend/constants.py
@@ -20,6 +20,7 @@ class ERROR_MESSAGES(str, Enum):
     ENV_VAR_NOT_FOUND = "Required environment variable not found. Terminating now."
     CREATE_USER_ERROR = "Oops! Something went wrong while creating your account. Please try again later. If the issue persists, contact support for assistance."
     DELETE_USER_ERROR = "Oops! Something went wrong. We encountered an issue while trying to delete the user. Please give it another shot."
+    EMAIL_MISMATCH = "Uh-oh! This email does not match the email your provider is registered with. Please check your email and try again."
     EMAIL_TAKEN = "Uh-oh! This email is already registered. Sign in with your existing account or choose another email to start anew."
     USERNAME_TAKEN = (
         "Uh-oh! This username is already registered. Please choose another username."
@@ -36,6 +37,7 @@ class ERROR_MESSAGES(str, Enum):
     INVALID_PASSWORD = (
         "The password provided is incorrect. Please check for typos and try again."
     )
+    INVALID_TRUSTED_HEADER = "Your provider has not provided a trusted header. Please contact your administrator for assistance."
     UNAUTHORIZED = "401 Unauthorized"
     ACCESS_PROHIBITED = "You do not have permission to access this resource. Please contact your administrator for assistance."
     ACTION_PROHIBITED = (
diff --git a/backend/main.py b/backend/main.py
index d4b67079..85514e43 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -171,6 +171,7 @@ async def get_app_config():
         "images": images_app.state.ENABLED,
         "default_models": webui_app.state.DEFAULT_MODELS,
         "default_prompt_suggestions": webui_app.state.DEFAULT_PROMPT_SUGGESTIONS,
+        "trusted_header_auth": bool(webui_app.state.AUTH_TRUSTED_EMAIL_HEADER),
     }
 
 
diff --git a/src/routes/auth/+page.svelte b/src/routes/auth/+page.svelte
index d392e9f7..a72f0e05 100644
--- a/src/routes/auth/+page.svelte
+++ b/src/routes/auth/+page.svelte
@@ -15,6 +15,8 @@
 	let email = '';
 	let password = '';
 
+	let showPasswordField = !($config?.trusted_header_auth ?? false);
+
 	const setSessionUser = async (sessionUser) => {
 		if (sessionUser) {
 			console.log(sessionUser);
@@ -141,17 +143,19 @@
 							/>
 						</div>
 
-						<div>
-							<div class=" text-sm font-semibold text-left mb-1">{$i18n.t('Password')}</div>
-							<input
-								bind:value={password}
-								type="password"
-								class=" border px-4 py-2.5 rounded-2xl w-full text-sm"
-								placeholder={$i18n.t('Enter Your Password')}
-								autocomplete="current-password"
-								required
-							/>
-						</div>
+						{#if showPasswordField}
+							<div>
+								<div class=" text-sm font-semibold text-left mb-1">{$i18n.t('Password')}</div>
+								<input
+									bind:value={password}
+									type="password"
+									class=" border px-4 py-2.5 rounded-2xl w-full text-sm"
+									placeholder={$i18n.t('Enter Your Password')}
+									autocomplete="current-password"
+									required
+								/>
+							</div>
+						{/if}
 					</div>
 
 					<div class="mt-5">

From 50f6addd6f0d5374972962a36da73dc87ba68f69 Mon Sep 17 00:00:00 2001
From: Jun Siang Cheah <git@jscheah.me>
Date: Thu, 28 Mar 2024 10:34:57 +0000
Subject: [PATCH 2/6] feat: auto signup/login with
 WEBUI_AUTH_TRUSTED_EMAIL_HEADER

---
 backend/apps/web/routers/auths.py | 16 +++---------
 src/routes/auth/+page.svelte      | 41 +++++++++++++++++++------------
 2 files changed, 28 insertions(+), 29 deletions(-)

diff --git a/backend/apps/web/routers/auths.py b/backend/apps/web/routers/auths.py
index c1a1121b..822a6757 100644
--- a/backend/apps/web/routers/auths.py
+++ b/backend/apps/web/routers/auths.py
@@ -105,8 +105,9 @@ async def signin(request: Request, form_data: SigninForm):
         if WEBUI_AUTH_TRUSTED_EMAIL_HEADER not in request.headers:
             raise HTTPException(400,
                                 detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)
-        trusted_email = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER].lower(
-        )
+        trusted_email = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER].lower()
+        if not Users.get_user_by_email(trusted_email.lower()):
+            await signup(request, SignupForm(email=trusted_email, password=str(uuid.uuid4()), name=trusted_email))
         user = Auths.authenticate_user_by_trusted_header(trusted_email)
     else:
         user = Auths.authenticate_user(form_data.email.lower(),
@@ -150,17 +151,6 @@ async def signup(request: Request, form_data: SignupForm):
     if Users.get_user_by_email(form_data.email.lower()):
         raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)
 
-    if WEBUI_AUTH_TRUSTED_EMAIL_HEADER:
-        if WEBUI_AUTH_TRUSTED_EMAIL_HEADER not in request.headers:
-            raise HTTPException(400,
-                                detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)
-        trusted_email = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER].lower(
-        )
-        if trusted_email != form_data.email:
-            raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_MISMATCH)
-        # TODO: Yolo hack to assign a password
-        form_data.password = str(uuid.uuid4())
-
     try:
         role = (
             "admin"
diff --git a/src/routes/auth/+page.svelte b/src/routes/auth/+page.svelte
index a72f0e05..6b662946 100644
--- a/src/routes/auth/+page.svelte
+++ b/src/routes/auth/+page.svelte
@@ -15,8 +15,6 @@
 	let email = '';
 	let password = '';
 
-	let showPasswordField = !($config?.trusted_header_auth ?? false);
-
 	const setSessionUser = async (sessionUser) => {
 		if (sessionUser) {
 			console.log(sessionUser);
@@ -58,6 +56,9 @@
 			await goto('/');
 		}
 		loaded = true;
+		if ($config?.trusted_header_auth ?? false) {
+			await signInHandler();
+		}
 	});
 </script>
 
@@ -92,7 +93,16 @@
 		</div> -->
 
 		<div class="w-full sm:max-w-lg px-4 min-h-screen flex flex-col">
-			<div class=" my-auto pb-10 w-full">
+			{#if ($config?.trusted_header_auth ?? false)}
+				<div class=" my-auto pb-10 w-full">
+					<div class=" text-xl sm:text-2xl font-bold">
+						{$i18n.t('Signing in')}
+						{$i18n.t('to')}
+						{$WEBUI_NAME}
+					</div>
+				</div>
+			{:else}
+				<div class=" my-auto pb-10 w-full">
 				<form
 					class=" flex flex-col justify-center bg-white py-6 sm:py-16 px-6 sm:px-16 rounded-2xl"
 					on:submit|preventDefault={() => {
@@ -143,19 +153,17 @@
 							/>
 						</div>
 
-						{#if showPasswordField}
-							<div>
-								<div class=" text-sm font-semibold text-left mb-1">{$i18n.t('Password')}</div>
-								<input
-									bind:value={password}
-									type="password"
-									class=" border px-4 py-2.5 rounded-2xl w-full text-sm"
-									placeholder={$i18n.t('Enter Your Password')}
-									autocomplete="current-password"
-									required
-								/>
-							</div>
-						{/if}
+						<div>
+							<div class=" text-sm font-semibold text-left mb-1">{$i18n.t('Password')}</div>
+							<input
+								bind:value={password}
+								type="password"
+								class=" border px-4 py-2.5 rounded-2xl w-full text-sm"
+								placeholder={$i18n.t('Enter Your Password')}
+								autocomplete="current-password"
+								required
+							/>
+						</div>
 					</div>
 
 					<div class="mt-5">
@@ -188,6 +196,7 @@
 					</div>
 				</form>
 			</div>
+			{/if}
 		</div>
 	</div>
 {/if}

From 047c9fe82c0e9ec4e38234315e2144bc13f5f408 Mon Sep 17 00:00:00 2001
From: "Timothy J. Baek" <timothyjrbeck@gmail.com>
Date: Fri, 29 Mar 2024 13:02:38 -0700
Subject: [PATCH 3/6] fix: styling

---
 src/lib/components/common/Spinner.svelte |  37 ++---
 src/routes/auth/+page.svelte             | 175 ++++++++++++-----------
 2 files changed, 111 insertions(+), 101 deletions(-)

diff --git a/src/lib/components/common/Spinner.svelte b/src/lib/components/common/Spinner.svelte
index 206c7f5c..4b7f5e39 100644
--- a/src/lib/components/common/Spinner.svelte
+++ b/src/lib/components/common/Spinner.svelte
@@ -1,24 +1,25 @@
 <script lang="ts">
-	export let className: string = 'text-white';
-	export let theme: 'blue' | 'white' | 'black' = 'white';
+	export let className: string = '';
 </script>
 
 <div class="flex justify-center text-center {className}">
-	<svg
-		class="animate-spin -ml-1 mr-3 h-5 w-5 {theme === 'blue'
-			? 'text-sky-600'
-			: theme === 'white'
-			? 'text-white'
-			: 'text-gray-600'} "
-		xmlns="http://www.w3.org/2000/svg"
-		fill="none"
-		viewBox="0 0 24 24"
+	<svg class="size-5" viewBox="0 0 24 24" fill="currentColor" xmlns="http://www.w3.org/2000/svg"
+		><style>
+			.spinner_ajPY {
+				transform-origin: center;
+				animation: spinner_AtaB 0.75s infinite linear;
+			}
+			@keyframes spinner_AtaB {
+				100% {
+					transform: rotate(360deg);
+				}
+			}
+		</style><path
+			d="M12,1A11,11,0,1,0,23,12,11,11,0,0,0,12,1Zm0,19a8,8,0,1,1,8-8A8,8,0,0,1,12,20Z"
+			opacity=".25"
+		/><path
+			d="M10.14,1.16a11,11,0,0,0-9,8.92A1.59,1.59,0,0,0,2.46,12,1.52,1.52,0,0,0,4.11,10.7a8,8,0,0,1,6.66-6.61A1.42,1.42,0,0,0,12,2.69h0A1.57,1.57,0,0,0,10.14,1.16Z"
+			class="spinner_ajPY"
+		/></svg
 	>
-		<circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4" />
-		<path
-			class="opacity-75"
-			fill="currentColor"
-			d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"
-		/>
-	</svg>
 </div>
diff --git a/src/routes/auth/+page.svelte b/src/routes/auth/+page.svelte
index 6b662946..2dc2a92b 100644
--- a/src/routes/auth/+page.svelte
+++ b/src/routes/auth/+page.svelte
@@ -1,6 +1,7 @@
 <script>
 	import { goto } from '$app/navigation';
 	import { userSignIn, userSignUp } from '$lib/apis/auths';
+	import Spinner from '$lib/components/common/Spinner.svelte';
 	import { WEBUI_API_BASE_URL, WEBUI_BASE_URL } from '$lib/constants';
 	import { WEBUI_NAME, config, user } from '$lib/stores';
 	import { onMount, getContext } from 'svelte';
@@ -93,109 +94,117 @@
 		</div> -->
 
 		<div class="w-full sm:max-w-lg px-4 min-h-screen flex flex-col">
-			{#if ($config?.trusted_header_auth ?? false)}
+			{#if $config?.trusted_header_auth ?? false}
 				<div class=" my-auto pb-10 w-full">
-					<div class=" text-xl sm:text-2xl font-bold">
-						{$i18n.t('Signing in')}
-						{$i18n.t('to')}
-						{$WEBUI_NAME}
+					<div
+						class="flex items-center justify-center gap-3 text-xl sm:text-2xl text-center font-bold dark:text-gray-200"
+					>
+						<div>
+							{$i18n.t('Signing in')}
+							{$i18n.t('to')}
+							{$WEBUI_NAME}
+						</div>
+
+						<div>
+							<Spinner />
+						</div>
 					</div>
 				</div>
 			{:else}
 				<div class=" my-auto pb-10 w-full">
-				<form
-					class=" flex flex-col justify-center bg-white py-6 sm:py-16 px-6 sm:px-16 rounded-2xl"
-					on:submit|preventDefault={() => {
-						submitHandler();
-					}}
-				>
-					<div class=" text-xl sm:text-2xl font-bold">
-						{mode === 'signin' ? $i18n.t('Sign in') : $i18n.t('Sign up')}
-						{$i18n.t('to')}
-						{$WEBUI_NAME}
-					</div>
-
-					{#if mode === 'signup'}
-						<div class=" mt-1 text-xs font-medium text-gray-500">
-							ⓘ {$WEBUI_NAME}
-							{$i18n.t(
-								'does not make any external connections, and your data stays securely on your locally hosted server.'
-							)}
+					<form
+						class=" flex flex-col justify-center bg-white py-6 sm:py-16 px-6 sm:px-16 rounded-2xl"
+						on:submit|preventDefault={() => {
+							submitHandler();
+						}}
+					>
+						<div class=" text-xl sm:text-2xl font-bold">
+							{mode === 'signin' ? $i18n.t('Sign in') : $i18n.t('Sign up')}
+							{$i18n.t('to')}
+							{$WEBUI_NAME}
 						</div>
-					{/if}
 
-					<div class="flex flex-col mt-4">
 						{#if mode === 'signup'}
-							<div>
-								<div class=" text-sm font-semibold text-left mb-1">{$i18n.t('Name')}</div>
+							<div class=" mt-1 text-xs font-medium text-gray-500">
+								ⓘ {$WEBUI_NAME}
+								{$i18n.t(
+									'does not make any external connections, and your data stays securely on your locally hosted server.'
+								)}
+							</div>
+						{/if}
+
+						<div class="flex flex-col mt-4">
+							{#if mode === 'signup'}
+								<div>
+									<div class=" text-sm font-semibold text-left mb-1">{$i18n.t('Name')}</div>
+									<input
+										bind:value={name}
+										type="text"
+										class=" border px-4 py-2.5 rounded-2xl w-full text-sm"
+										autocomplete="name"
+										placeholder={$i18n.t('Enter Your Full Name')}
+										required
+									/>
+								</div>
+
+								<hr class=" my-3" />
+							{/if}
+
+							<div class="mb-2">
+								<div class=" text-sm font-semibold text-left mb-1">{$i18n.t('Email')}</div>
 								<input
-									bind:value={name}
-									type="text"
+									bind:value={email}
+									type="email"
 									class=" border px-4 py-2.5 rounded-2xl w-full text-sm"
-									autocomplete="name"
-									placeholder={$i18n.t('Enter Your Full Name')}
+									autocomplete="email"
+									placeholder={$i18n.t('Enter Your Email')}
 									required
 								/>
 							</div>
 
-							<hr class=" my-3" />
-						{/if}
-
-						<div class="mb-2">
-							<div class=" text-sm font-semibold text-left mb-1">{$i18n.t('Email')}</div>
-							<input
-								bind:value={email}
-								type="email"
-								class=" border px-4 py-2.5 rounded-2xl w-full text-sm"
-								autocomplete="email"
-								placeholder={$i18n.t('Enter Your Email')}
-								required
-							/>
+							<div>
+								<div class=" text-sm font-semibold text-left mb-1">{$i18n.t('Password')}</div>
+								<input
+									bind:value={password}
+									type="password"
+									class=" border px-4 py-2.5 rounded-2xl w-full text-sm"
+									placeholder={$i18n.t('Enter Your Password')}
+									autocomplete="current-password"
+									required
+								/>
+							</div>
 						</div>
 
-						<div>
-							<div class=" text-sm font-semibold text-left mb-1">{$i18n.t('Password')}</div>
-							<input
-								bind:value={password}
-								type="password"
-								class=" border px-4 py-2.5 rounded-2xl w-full text-sm"
-								placeholder={$i18n.t('Enter Your Password')}
-								autocomplete="current-password"
-								required
-							/>
-						</div>
-					</div>
-
-					<div class="mt-5">
-						<button
-							class=" bg-gray-900 hover:bg-gray-800 w-full rounded-full text-white font-semibold text-sm py-3 transition"
-							type="submit"
-						>
-							{mode === 'signin' ? $i18n.t('Sign in') : $i18n.t('Create Account')}
-						</button>
-
-						<div class=" mt-4 text-sm text-center">
-							{mode === 'signin'
-								? $i18n.t("Don't have an account?")
-								: $i18n.t('Already have an account?')}
-
+						<div class="mt-5">
 							<button
-								class=" font-medium underline"
-								type="button"
-								on:click={() => {
-									if (mode === 'signin') {
-										mode = 'signup';
-									} else {
-										mode = 'signin';
-									}
-								}}
+								class=" bg-gray-900 hover:bg-gray-800 w-full rounded-full text-white font-semibold text-sm py-3 transition"
+								type="submit"
 							>
-								{mode === 'signin' ? $i18n.t('Sign up') : $i18n.t('Sign in')}
+								{mode === 'signin' ? $i18n.t('Sign in') : $i18n.t('Create Account')}
 							</button>
+
+							<div class=" mt-4 text-sm text-center">
+								{mode === 'signin'
+									? $i18n.t("Don't have an account?")
+									: $i18n.t('Already have an account?')}
+
+								<button
+									class=" font-medium underline"
+									type="button"
+									on:click={() => {
+										if (mode === 'signin') {
+											mode = 'signup';
+										} else {
+											mode = 'signin';
+										}
+									}}
+								>
+									{mode === 'signin' ? $i18n.t('Sign up') : $i18n.t('Sign in')}
+								</button>
+							</div>
 						</div>
-					</div>
-				</form>
-			</div>
+					</form>
+				</div>
 			{/if}
 		</div>
 	</div>

From 12287f8680ec117e192ab1b38a3599aff6f3a74a Mon Sep 17 00:00:00 2001
From: "Timothy J. Baek" <timothyjrbeck@gmail.com>
Date: Fri, 29 Mar 2024 13:06:18 -0700
Subject: [PATCH 4/6] chore: code formatting

---
 backend/apps/web/routers/auths.py | 47 +++++++++++++++++--------------
 1 file changed, 26 insertions(+), 21 deletions(-)

diff --git a/backend/apps/web/routers/auths.py b/backend/apps/web/routers/auths.py
index 822a6757..131570f9 100644
--- a/backend/apps/web/routers/auths.py
+++ b/backend/apps/web/routers/auths.py
@@ -103,32 +103,37 @@ async def update_password(
 async def signin(request: Request, form_data: SigninForm):
     if WEBUI_AUTH_TRUSTED_EMAIL_HEADER:
         if WEBUI_AUTH_TRUSTED_EMAIL_HEADER not in request.headers:
-            raise HTTPException(400,
-                                detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)
+            raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)
+
         trusted_email = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER].lower()
         if not Users.get_user_by_email(trusted_email.lower()):
-            await signup(request, SignupForm(email=trusted_email, password=str(uuid.uuid4()), name=trusted_email))
+            await signup(
+                request,
+                SignupForm(
+                    email=trusted_email, password=str(uuid.uuid4()), name=trusted_email
+                ),
+            )
         user = Auths.authenticate_user_by_trusted_header(trusted_email)
     else:
-        user = Auths.authenticate_user(form_data.email.lower(),
-                                       form_data.password)
-    if user:
-        token = create_token(
-            data={"id": user.id},
-            expires_delta=parse_duration(request.app.state.JWT_EXPIRES_IN),
-        )
+        user = Auths.authenticate_user(form_data.email.lower(), form_data.password)
 
-        return {
-            "token": token,
-            "token_type": "Bearer",
-            "id": user.id,
-            "email": user.email,
-            "name": user.name,
-            "role": user.role,
-            "profile_image_url": user.profile_image_url,
-        }
-    else:
-        raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
+        if user:
+            token = create_token(
+                data={"id": user.id},
+                expires_delta=parse_duration(request.app.state.JWT_EXPIRES_IN),
+            )
+
+            return {
+                "token": token,
+                "token_type": "Bearer",
+                "id": user.id,
+                "email": user.email,
+                "name": user.name,
+                "role": user.role,
+                "profile_image_url": user.profile_image_url,
+            }
+        else:
+            raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
 
 
 ############################

From 150152ddbdb50b93ee2510451d5a46f6aca22aab Mon Sep 17 00:00:00 2001
From: Jun Siang Cheah <git@jscheah.me>
Date: Fri, 29 Mar 2024 21:04:30 +0000
Subject: [PATCH 5/6] fix: accidental indent during format changed logic

---
 backend/apps/web/routers/auths.py | 32 +++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/backend/apps/web/routers/auths.py b/backend/apps/web/routers/auths.py
index 131570f9..e938a58f 100644
--- a/backend/apps/web/routers/auths.py
+++ b/backend/apps/web/routers/auths.py
@@ -117,23 +117,23 @@ async def signin(request: Request, form_data: SigninForm):
     else:
         user = Auths.authenticate_user(form_data.email.lower(), form_data.password)
 
-        if user:
-            token = create_token(
-                data={"id": user.id},
-                expires_delta=parse_duration(request.app.state.JWT_EXPIRES_IN),
-            )
+    if user:
+        token = create_token(
+            data={"id": user.id},
+            expires_delta=parse_duration(request.app.state.JWT_EXPIRES_IN),
+        )
 
-            return {
-                "token": token,
-                "token_type": "Bearer",
-                "id": user.id,
-                "email": user.email,
-                "name": user.name,
-                "role": user.role,
-                "profile_image_url": user.profile_image_url,
-            }
-        else:
-            raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
+        return {
+            "token": token,
+            "token_type": "Bearer",
+            "id": user.id,
+            "email": user.email,
+            "name": user.name,
+            "role": user.role,
+            "profile_image_url": user.profile_image_url,
+        }
+    else:
+        raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
 
 
 ############################

From 0e3b7a11e325d6cabcfad555e7744a57692adc20 Mon Sep 17 00:00:00 2001
From: Jun Siang Cheah <git@jscheah.me>
Date: Sun, 31 Mar 2024 22:07:43 +0100
Subject: [PATCH 6/6] chore: python formatting

---
 backend/apps/web/models/auths.py | 3 +--
 backend/config.py                | 3 ++-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/apps/web/models/auths.py b/backend/apps/web/models/auths.py
index 26934d6e..40efbcf2 100644
--- a/backend/apps/web/models/auths.py
+++ b/backend/apps/web/models/auths.py
@@ -122,8 +122,7 @@ class AuthsTable:
         except:
             return None
 
-    def authenticate_user_by_trusted_header(self,
-                                            email: str) -> Optional[UserModel]:
+    def authenticate_user_by_trusted_header(self, email: str) -> Optional[UserModel]:
         log.info(f"authenticate_user_by_trusted_header: {email}")
         try:
             auth = Auth.get(Auth.email == email, Auth.active == True)
diff --git a/backend/config.py b/backend/config.py
index 41269488..a1f565b2 100644
--- a/backend/config.py
+++ b/backend/config.py
@@ -349,7 +349,8 @@ WEBUI_VERSION = os.environ.get("WEBUI_VERSION", "v1.0.0-alpha.100")
 
 WEBUI_AUTH = True
 WEBUI_AUTH_TRUSTED_EMAIL_HEADER = os.environ.get(
-    "WEBUI_AUTH_TRUSTED_EMAIL_HEADER", None)
+    "WEBUI_AUTH_TRUSTED_EMAIL_HEADER", None
+)
 
 ####################################
 # WEBUI_SECRET_KEY