forked from open-webui/open-webui
refac: use dependencies to verify token
- feat: added new util to get the current user when needed. Middleware was adding authentication logic to all the routes. let's revisit if we can move the non-auth endpoints to a separate route. - refac: update the routes to use new helpers for verification and retrieving user - chore: added black for local formatting of py code
This commit is contained in:
Anuraag Jain
parent
a01b112f7f
commit
bdd153d8f5
10 changed files with 167 additions and 251 deletions
|
|
@ -8,7 +8,7 @@ import json
|
|||
|
||||
from apps.web.models.users import Users
|
||||
from constants import ERROR_MESSAGES
|
||||
from utils.utils import extract_token_from_auth_header
|
||||
from utils.utils import decode_token
|
||||
from config import OLLAMA_API_BASE_URL, WEBUI_AUTH
|
||||
|
||||
app = Flask(__name__)
|
||||
|
|
@ -34,8 +34,12 @@ def proxy(path):
|
|||
# Basic RBAC support
|
||||
if WEBUI_AUTH:
|
||||
if "Authorization" in headers:
|
||||
token = extract_token_from_auth_header(headers["Authorization"])
|
||||
user = Users.get_user_by_token(token)
|
||||
_, credentials = headers["Authorization"].split()
|
||||
token_data = decode_token(credentials)
|
||||
if token_data is None or "email" not in token_data:
|
||||
return jsonify({"detail": ERROR_MESSAGES.UNAUTHORIZED}), 401
|
||||
|
||||
user = Users.get_user_by_email(token_data["email"])
|
||||
if user:
|
||||
# Only user and admin roles can access
|
||||
if user.role in ["user", "admin"]:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue