Spaces:

Baraaqasem
/

Chat

Configuration error

App Files Files Community

Chat / core /http /middleware /auth.go

Baraaqasem

Upload 711 files

651d019 verified about 1 year ago

raw

history blame contribute delete

3.25 kB

	package middleware

	import (
	"crypto/subtle"
	"errors"

	"github.com/dave-gray101/v2keyauth"
	"github.com/gofiber/fiber/v2"
	"github.com/gofiber/fiber/v2/middleware/keyauth"
	"github.com/microcosm-cc/bluemonday"
	"github.com/mudler/LocalAI/core/config"
	)

	// This file contains the configuration generators and handler functions that are used along with the fiber/keyauth middleware
	// Currently this requires an upstream patch - and feature patches are no longer accepted to v2
	// Therefore `dave-gray101/v2keyauth` contains the v2 backport of the middleware until v3 stabilizes and we migrate.

	func GetKeyAuthConfig(applicationConfig config.ApplicationConfig) (v2keyauth.Config, error) {
	customLookup, err := v2keyauth.MultipleKeySourceLookup([]string{"header:Authorization", "header:x-api-key", "header:xi-api-key"}, keyauth.ConfigDefault.AuthScheme)
	if err != nil {
	return nil, err
	}

	return &v2keyauth.Config{
	CustomKeyLookup: customLookup,
	Next: getApiKeyRequiredFilterFunction(applicationConfig),
	Validator: getApiKeyValidationFunction(applicationConfig),
	ErrorHandler: getApiKeyErrorHandler(applicationConfig),
	AuthScheme: "Bearer",
	}, nil
	}

	func getApiKeyErrorHandler(applicationConfig *config.ApplicationConfig) fiber.ErrorHandler {
	return func(ctx *fiber.Ctx, err error) error {
	if errors.Is(err, v2keyauth.ErrMissingOrMalformedAPIKey) {
	if len(applicationConfig.ApiKeys) == 0 {
	return ctx.Next() // if no keys are set up, any error we get here is not an error.
	}
	if applicationConfig.OpaqueErrors {
	return ctx.SendStatus(403)
	}
	return ctx.Status(403).SendString(bluemonday.StrictPolicy().Sanitize(err.Error()))
	}
	if applicationConfig.OpaqueErrors {
	return ctx.SendStatus(500)
	}
	return err
	}
	}

	func getApiKeyValidationFunction(applicationConfig config.ApplicationConfig) func(fiber.Ctx, string) (bool, error) {

	if applicationConfig.UseSubtleKeyComparison {
	return func(ctx *fiber.Ctx, apiKey string) (bool, error) {
	if len(applicationConfig.ApiKeys) == 0 {
	return true, nil // If no keys are setup, accept everything
	}
	for _, validKey := range applicationConfig.ApiKeys {
	if subtle.ConstantTimeCompare([]byte(apiKey), []byte(validKey)) == 1 {
	return true, nil
	}
	}
	return false, v2keyauth.ErrMissingOrMalformedAPIKey
	}
	}

	return func(ctx *fiber.Ctx, apiKey string) (bool, error) {
	if len(applicationConfig.ApiKeys) == 0 {
	return true, nil // If no keys are setup, accept everything
	}
	for _, validKey := range applicationConfig.ApiKeys {
	if apiKey == validKey {
	return true, nil
	}
	}
	return false, v2keyauth.ErrMissingOrMalformedAPIKey
	}
	}

	func getApiKeyRequiredFilterFunction(applicationConfig config.ApplicationConfig) func(fiber.Ctx) bool {
	if applicationConfig.DisableApiKeyRequirementForHttpGet {
	return func(c *fiber.Ctx) bool {
	if c.Method() != "GET" {
	return false
	}
	for _, rx := range applicationConfig.HttpGetExemptedEndpoints {
	if rx.MatchString(c.Path()) {
	return true
	}
	}
	return false
	}
	}
	return func(c *fiber.Ctx) bool { return false }
	}