forked from open-webui/open-webui
feat: basic RBAC support
This commit is contained in:
Timothy J. Baek
parent
921eef03b3
commit
8547b7807d
13 changed files with 266 additions and 44 deletions
15
backend/utils/misc.py
Normal file
15
backend/utils/misc.py
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
import hashlib
|
||||
|
||||
|
||||
def get_gravatar_url(email):
|
||||
# Trim leading and trailing whitespace from
|
||||
# an email address and force all characters
|
||||
# to lower case
|
||||
address = str(email).strip().lower()
|
||||
|
||||
# Create a SHA256 hash of the final string
|
||||
hash_object = hashlib.sha256(address.encode())
|
||||
hash_hex = hash_object.hexdigest()
|
||||
|
||||
# Grab the actual image URL
|
||||
return f"https://www.gravatar.com/avatar/{hash_hex}"
|
||||
68
backend/utils/utils.py
Normal file
68
backend/utils/utils.py
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
from fastapi.security import HTTPBasicCredentials, HTTPBearer
|
||||
from pydantic import BaseModel
|
||||
from typing import Union, Optional
|
||||
|
||||
from passlib.context import CryptContext
|
||||
from datetime import datetime, timedelta
|
||||
import requests
|
||||
import jwt
|
||||
|
||||
import config
|
||||
|
||||
JWT_SECRET_KEY = config.OLLAMA_WEBUI_JWT_SECRET_KEY
|
||||
ALGORITHM = "HS256"
|
||||
|
||||
##############
|
||||
# Auth Utils
|
||||
##############
|
||||
|
||||
bearer_scheme = HTTPBearer()
|
||||
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
||||
|
||||
|
||||
def verify_password(plain_password, hashed_password):
|
||||
return (
|
||||
pwd_context.verify(plain_password, hashed_password) if hashed_password else None
|
||||
)
|
||||
|
||||
|
||||
def get_password_hash(password):
|
||||
return pwd_context.hash(password)
|
||||
|
||||
|
||||
def create_token(data: dict, expires_delta: Union[timedelta, None] = None) -> str:
|
||||
payload = data.copy()
|
||||
|
||||
if expires_delta:
|
||||
expire = datetime.utcnow() + expires_delta
|
||||
payload.update({"exp": expire})
|
||||
|
||||
encoded_jwt = jwt.encode(payload, JWT_SECRET_KEY, algorithm=ALGORITHM)
|
||||
return encoded_jwt
|
||||
|
||||
|
||||
def decode_token(token: str) -> Optional[dict]:
|
||||
try:
|
||||
decoded = jwt.decode(token, JWT_SECRET_KEY, options={"verify_signature": False})
|
||||
return decoded
|
||||
except Exception as e:
|
||||
return None
|
||||
|
||||
|
||||
def extract_token_from_auth_header(auth_header: str):
|
||||
return auth_header[len("Bearer ") :]
|
||||
|
||||
|
||||
def verify_token(request):
|
||||
try:
|
||||
bearer = request.headers["authorization"]
|
||||
if bearer:
|
||||
token = bearer[len("Bearer ") :]
|
||||
decoded = jwt.decode(
|
||||
token, JWT_SECRET_KEY, options={"verify_signature": False}
|
||||
)
|
||||
return decoded
|
||||
else:
|
||||
return None
|
||||
except Exception as e:
|
||||
return None
|
||||
Loading…
Add table
Add a link
Reference in a new issue