Spaces:
Paused
Paused
File size: 9,763 Bytes
dff1e71 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 | from datetime import timedelta
import os
import secrets
import time
import socket
import struct
from functools import wraps
import threading
from flask import Flask, request, Response, session, redirect, url_for, render_template_string
from werkzeug.wrappers.response import Response as BaseResponse
import initialize
from python.helpers import files, git, mcp_server, fasta2a_server
from python.helpers.files import get_abs_path
from python.helpers import runtime, dotenv, process
from python.helpers.extract_tools import load_classes_from_folder
from python.helpers.api import ApiHandler
from python.helpers.print_style import PrintStyle
from python.helpers import login
# UATU MODE CHECK - Emergency detection
UATU_MODE = os.environ.get('UATU_MODE', 'normal')
if UATU_MODE == 'emergency':
PrintStyle.header("EMERGENCY MODE DETECTED")
PrintStyle.warning("Hardware fallback aesthetic will be loaded")
PrintStyle.warning("Persona lock is DISABLED")
print()
# disable logging
import logging
logging.getLogger().setLevel(logging.WARNING)
# Set the new timezone to 'UTC'
os.environ["TZ"] = "UTC"
os.environ["TOKENIZERS_PARALLELISM"] = "false"
# Apply the timezone change
if hasattr(time, 'tzset'):
time.tzset()
# initialize the internal Flask server
webapp = Flask("app", static_folder=get_abs_path("./webui"), static_url_path="/")
webapp.secret_key = os.getenv("FLASK_SECRET_KEY") or secrets.token_hex(32)
webapp.config.update(
JSON_SORT_KEYS=False,
SESSION_COOKIE_NAME="session_" + runtime.get_runtime_id(), # bind the session cookie name to runtime id to prevent session collision on same host
SESSION_COOKIE_SAMESITE="Strict",
SESSION_PERMANENT=True,
PERMANENT_SESSION_LIFETIME=timedelta(days=1)
)
lock = threading.Lock()
# Set up basic authentication for UI and API but not MCP
# basic_auth = BasicAuth(webapp)
def is_loopback_address(address):
loopback_checker = {
socket.AF_INET: lambda x: struct.unpack("!I", socket.inet_aton(x))[0]
>> (32 - 8)
== 127,
socket.AF_INET6: lambda x: x == "::1",
}
address_type = "hostname"
try:
socket.inet_pton(socket.AF_INET6, address)
address_type = "ipv6"
except socket.error:
try:
socket.inet_pton(socket.AF_INET, address)
address_type = "ipv4"
except socket.error:
address_type = "hostname"
if address_type == "ipv4":
return loopback_checker[socket.AF_INET](address)
elif address_type == "ipv6":
return loopback_checker[socket.AF_INET6](address)
else:
for family in (socket.AF_INET, socket.AF_INET6):
try:
r = socket.getaddrinfo(address, None, family, socket.SOCK_STREAM)
except socket.gaierror:
return False
for family, _, _, _, sockaddr in r:
if not loopback_checker[family](sockaddr[0]):
return False
return True
def requires_api_key(f):
@wraps(f)
async def decorated(*args, **kwargs):
# Use the auth token from settings (same as MCP server)
from python.helpers.settings import get_settings
valid_api_key = get_settings()["mcp_server_token"]
if api_key := request.headers.get("X-API-KEY"):
if api_key != valid_api_key:
return Response("Invalid API key", 401)
elif request.json and request.json.get("api_key"):
api_key = request.json.get("api_key")
if api_key != valid_api_key:
return Response("Invalid API key", 401)
else:
return Response("API key required", 401)
return await f(*args, **kwargs)
return decorated
# allow only loopback addresses
def requires_loopback(f):
@wraps(f)
async def decorated(*args, **kwargs):
if not is_loopback_address(request.remote_addr):
return Response(
"Access denied.",
403,
{},
)
return await f(*args, **kwargs)
return decorated
# require authentication for handlers
def requires_auth(f):
@wraps(f)
async def decorated(*args, **kwargs):
user_pass_hash = login.get_credentials_hash()
# If no auth is configured, just proceed
if not user_pass_hash:
return await f(*args, **kwargs)
if session.get('authentication') != user_pass_hash:
return redirect(url_for('login_handler'))
return await f(*args, **kwargs)
return decorated
def csrf_protect(f):
@wraps(f)
async def decorated(*args, **kwargs):
token = session.get("csrf_token")
header = request.headers.get("X-CSRF-Token")
cookie = request.cookies.get("csrf_token_" + runtime.get_runtime_id())
sent = header or cookie
if not token or not sent or token != sent:
return Response("CSRF token missing or invalid", 403)
return await f(*args, **kwargs)
return decorated
@webapp.route("/login", methods=["GET", "POST"])
async def login_handler():
error = None
if request.method == 'POST':
user = dotenv.get_dotenv_value("AUTH_LOGIN")
password = dotenv.get_dotenv_value("AUTH_PASSWORD")
if request.form['username'] == user and request.form['password'] == password:
session['authentication'] = login.get_credentials_hash()
return redirect(url_for('serve_index'))
else:
error = 'Invalid Credentials. Please try again.'
login_page_content = files.read_file("webui/login.html")
return render_template_string(login_page_content, error=error)
@webapp.route("/logout")
async def logout_handler():
session.pop('authentication', None)
return redirect(url_for('login_handler'))
# handle default address, load index
@webapp.route("/", methods=["GET"])
@requires_auth
async def serve_index():
gitinfo = None
try:
gitinfo = git.get_git_info()
except Exception:
gitinfo = {
"version": "unknown",
"commit_time": "unknown",
}
index = files.read_file("webui/index.html")
index = files.replace_placeholders_text(
_content=index,
version_no=gitinfo["version"],
version_time=gitinfo["commit_time"]
)
return index
def run():
PrintStyle().print("Initializing framework...")
# Suppress only request logs but keep the startup messages
from werkzeug.serving import WSGIRequestHandler
from werkzeug.serving import make_server
from werkzeug.middleware.dispatcher import DispatcherMiddleware
from a2wsgi import ASGIMiddleware
PrintStyle().print("Starting server...")
class NoRequestLoggingWSGIRequestHandler(WSGIRequestHandler):
def log_request(self, code="-", size="-"):
pass # Override to suppress request logging
# Get configuration from environment
port = runtime.get_web_ui_port()
host = (
runtime.get_arg("host") or dotenv.get_dotenv_value("WEB_UI_HOST") or "localhost"
)
server = None
def register_api_handler(app, handler: type[ApiHandler]):
name = handler.__module__.split(".")[-1]
instance = handler(app, lock)
async def handler_wrap() -> BaseResponse:
return await instance.handle_request(request=request)
# Production security: Default-Deny Policy
is_production = os.getenv("SPACE_ID") is not None or os.getenv("ENVIRONMENT") == "production"
if is_production and not handler.requires_loopback():
handler_wrap = requires_api_key(handler_wrap)
elif handler.requires_api_key():
handler_wrap = requires_api_key(handler_wrap)
if handler.requires_loopback():
handler_wrap = requires_loopback(handler_wrap)
if handler.requires_auth():
handler_wrap = requires_auth(handler_wrap)
if handler.requires_csrf():
handler_wrap = csrf_protect(handler_wrap)
app.add_url_rule(
f"/{name}",
f"/{name}",
handler_wrap,
methods=handler.get_methods(),
)
# initialize and register API handlers
handlers = load_classes_from_folder("python/api", "*.py", ApiHandler)
for handler in handlers:
register_api_handler(webapp, handler)
# add the webapp, mcp, and a2a to the app
middleware_routes = {
"/mcp": ASGIMiddleware(app=mcp_server.DynamicMcpProxy.get_instance()), # type: ignore
"/a2a": ASGIMiddleware(app=fasta2a_server.DynamicA2AProxy.get_instance()), # type: ignore
}
app = DispatcherMiddleware(webapp, middleware_routes) # type: ignore
PrintStyle().debug(f"Starting server at http://{host}:{port} ...")
server = make_server(
host=host,
port=port,
app=app,
request_handler=NoRequestLoggingWSGIRequestHandler,
threaded=True,
)
process.set_server(server)
server.log_startup()
# Start init_a0 in a background thread when server starts
# threading.Thread(target=init_a0, daemon=True).start()
init_a0()
# run the server
server.serve_forever()
def init_a0():
# initialize contexts and MCP
init_chats = initialize.initialize_chats()
# only wait for init chats, otherwise they would seem to disappear for a while on restart
init_chats.result_sync()
initialize.initialize_mcp()
# start job loop
initialize.initialize_job_loop()
# preload
initialize.initialize_preload()
# --- FOX'S PATCH: ALIAS MAIN TO RUN ---
main = run
# --------------------------------------
# run the internal server
if __name__ == "__main__":
runtime.initialize()
dotenv.load_dotenv()
run()
|