Spaces:
No application file
No application file
Create shield.py
Browse files
shield.py
ADDED
|
@@ -0,0 +1,65 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import os, requests, mysql.connector
|
| 2 |
+
from flask import Flask, request, Response
|
| 3 |
+
|
| 4 |
+
app = Flask(__name__)
|
| 5 |
+
|
| 6 |
+
# YOUR OPENAI PROJECT KEY (Already inserted)
|
| 7 |
+
OPENAI_KEY = "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"
|
| 8 |
+
|
| 9 |
+
# TiDB Credentials from Environment Variables
|
| 10 |
+
TIDB_CONFIG = {
|
| 11 |
+
"host": os.getenv("TIDB_HOST"),
|
| 12 |
+
"port": 4000,
|
| 13 |
+
"user": os.getenv("TIDB_USER"),
|
| 14 |
+
"password": os.getenv("TIDB_PASSWORD"),
|
| 15 |
+
"database": os.getenv("TIDB_DB_NAME", "test"),
|
| 16 |
+
"ssl_verify_cert": True,
|
| 17 |
+
"ssl_ca": "/etc/ssl/certs/ca-certificates.crt" # Standard for Debian/HF
|
| 18 |
+
}
|
| 19 |
+
|
| 20 |
+
def log_to_tidb(user, prompt):
|
| 21 |
+
try:
|
| 22 |
+
conn = mysql.connector.connect(**TIDB_CONFIG)
|
| 23 |
+
cursor = conn.cursor()
|
| 24 |
+
cursor.execute("INSERT INTO safety_violations (user_id, prompt_content) VALUES (%s, %s)", (user, prompt[:1000]))
|
| 25 |
+
conn.commit()
|
| 26 |
+
cursor.close()
|
| 27 |
+
conn.close()
|
| 28 |
+
except Exception as e:
|
| 29 |
+
print(f"TiDB Error: {e}")
|
| 30 |
+
|
| 31 |
+
@app.route('/v1/chat/completions', methods=['POST'])
|
| 32 |
+
def protect_and_proxy():
|
| 33 |
+
data = request.json
|
| 34 |
+
messages = data.get('messages', [])
|
| 35 |
+
text_to_check = " ".join([m.get('content', '') for m in messages])
|
| 36 |
+
|
| 37 |
+
# 1. OpenAI Moderation Check (FREE)
|
| 38 |
+
res = requests.post(
|
| 39 |
+
"https://api.openai.com/v1/moderations",
|
| 40 |
+
headers={"Authorization": f"Bearer {OPENAI_KEY}"},
|
| 41 |
+
json={"input": text_to_check}
|
| 42 |
+
).json()
|
| 43 |
+
|
| 44 |
+
# 2. Block only for 'sexual/minors' (CSAM)
|
| 45 |
+
results = res['results'][0]
|
| 46 |
+
if results['categories'].get('sexual/minors'):
|
| 47 |
+
user_auth = request.headers.get('Authorization', 'Anonymous')
|
| 48 |
+
log_to_tidb(user_auth, text_to_check)
|
| 49 |
+
return {"error": {"message": "Policy Violation: CSAM is strictly prohibited.", "type": "safety_error"}}, 403
|
| 50 |
+
|
| 51 |
+
# 3. Pass through to NewAPI running on internal port 3000
|
| 52 |
+
resp = requests.post("http://127.0.0.1:3000/v1/chat/completions",
|
| 53 |
+
json=data, headers=dict(request.headers))
|
| 54 |
+
return Response(resp.content, resp.status_code, resp.headers.items())
|
| 55 |
+
|
| 56 |
+
# Proxy all other routes (login, admin, etc.) to the real API
|
| 57 |
+
@app.route('/<path:path>', methods=['GET', 'POST', 'PUT', 'DELETE'])
|
| 58 |
+
def catch_all(path):
|
| 59 |
+
resp = requests.request(method=request.method, url=f"http://127.0.0.1:3000/{path}",
|
| 60 |
+
headers={k: v for k, v in request.headers if k.lower() != 'host'},
|
| 61 |
+
data=request.get_data(), allow_redirects=False)
|
| 62 |
+
return Response(resp.content, resp.status_code, resp.headers.items())
|
| 63 |
+
|
| 64 |
+
if __name__ == '__main__':
|
| 65 |
+
app.run(host='0.0.0.0', port=7860) # HF required port
|