Spaces:

ResearchEngineering
/

AGI_Assistant

Paused

App Files Files Community

Dmitry Beresnev commited on Mar 4

Commit

c376717

1 Parent(s): 2a70ca5

add auth form, fix dockerfile and supervisord conf

Browse files

Files changed (3) hide show

Dockerfile +6 -0
app.py +71 -0
supervisord.conf +1 -1

Dockerfile CHANGED Viewed

@@ -44,6 +44,9 @@ ENV OPENCLAW_CUSTOM_BASE_URL=https://researchengineering-agi.hf.space/v1
 ENV OPENCLAW_CUSTOM_MODEL_ID=deepseek-chat
 ENV OPENCLAW_CUSTOM_PROVIDER_ID=researchengineering-agi-hf-space
 ENV OPENCLAW_CUSTOM_COMPATIBILITY=anthropic
 ENV OPENCLAW_GATEWAY_BIND=lan
 ENV OPENCLAW_BOOTSTRAP_ONBOARD=1
 ENV OPENCLAW_CONTROL_UI_BASE_PATH=/openclaw
@@ -51,6 +54,9 @@ ENV OPENCLAW_ALLOWED_ORIGINS=https://researchengineering-agi-assistant.hf.space,
 ENV OPENCLAW_TRUSTED_PROXIES=127.0.0.1,::1
 ENV OPENCLAW_CONTROL_UI_ALLOW_INSECURE_AUTH=1
 ENV OPENCLAW_CONTROL_UI_DISABLE_DEVICE_AUTH=1
 RUN mkdir -p /app/vault /app/.openclaw/state

 ENV OPENCLAW_CUSTOM_MODEL_ID=deepseek-chat
 ENV OPENCLAW_CUSTOM_PROVIDER_ID=researchengineering-agi-hf-space
 ENV OPENCLAW_CUSTOM_COMPATIBILITY=anthropic
+ENV OPENCLAW_CUSTOM_API_KEY=
+ENV OPENCLAW_CUSTOM_API_KEY_OPTIONAL=1
+ENV OPENCLAW_CUSTOM_API_KEY_PLACEHOLDER=no-key
 ENV OPENCLAW_GATEWAY_BIND=lan
 ENV OPENCLAW_BOOTSTRAP_ONBOARD=1
 ENV OPENCLAW_CONTROL_UI_BASE_PATH=/openclaw
 ENV OPENCLAW_TRUSTED_PROXIES=127.0.0.1,::1
 ENV OPENCLAW_CONTROL_UI_ALLOW_INSECURE_AUTH=1
 ENV OPENCLAW_CONTROL_UI_DISABLE_DEVICE_AUTH=1
+ENV STREAMLIT_AUTH_ENABLED=1
+ENV STREAMLIT_AUTH_USERNAME=
+ENV STREAMLIT_AUTH_PASSWORD=
 RUN mkdir -p /app/vault /app/.openclaw/state

app.py CHANGED Viewed

@@ -1,4 +1,5 @@
 import json
 import os
 import re
 import shutil
@@ -46,6 +47,9 @@ STREAMLIT_ERR_LOG_PATH = Path("/tmp/streamlit.err.log")
 STREAMLIT_LOG_PATH = Path("/tmp/streamlit.log")
 CADDY_ERR_LOG_PATH = Path("/tmp/caddy.err.log")
 CADDY_LOG_PATH = Path("/tmp/caddy.log")
 def resolve_openclaw_bin() -> str | None:
@@ -516,10 +520,77 @@ def render_backtest_visuals(result, data: pd.DataFrame, params: dict) -> None:
         st.dataframe(result.trades, use_container_width=True)
 st.set_page_config(page_title="OpenClaw Control Center", layout="wide")
 st.title("OpenClaw Control Center")
 st.caption("Manage gateway runtime, config, environment, and test calls from one UI.")
 init_state()
 pull_logs()

 import json
+import hmac
 import os
 import re
 import shutil
 STREAMLIT_LOG_PATH = Path("/tmp/streamlit.log")
 CADDY_ERR_LOG_PATH = Path("/tmp/caddy.err.log")
 CADDY_LOG_PATH = Path("/tmp/caddy.log")
+STREAMLIT_AUTH_ENABLED = os.getenv("STREAMLIT_AUTH_ENABLED", "1") == "1"
+STREAMLIT_AUTH_USERNAME = os.getenv("STREAMLIT_AUTH_USERNAME", "").strip()
+STREAMLIT_AUTH_PASSWORD = os.getenv("STREAMLIT_AUTH_PASSWORD", "").strip()
 def resolve_openclaw_bin() -> str | None:
         st.dataframe(result.trades, use_container_width=True)
+def login_enabled() -> bool:
+    return STREAMLIT_AUTH_ENABLED
+def has_login_credentials() -> bool:
+    return bool(STREAMLIT_AUTH_USERNAME and STREAMLIT_AUTH_PASSWORD)
+def validate_login(username: str, password: str) -> bool:
+    return hmac.compare_digest(username, STREAMLIT_AUTH_USERNAME) and hmac.compare_digest(
+        password, STREAMLIT_AUTH_PASSWORD
+    )
+def render_login_form() -> None:
+    st.markdown(
+        """
+        <style>
+          .auth-wrap {display:flex; justify-content:center; margin-top:4vh;}
+          .auth-card {
+            width: 420px; max-width: 92vw; padding: 1.1rem 1.2rem 1rem 1.2rem;
+            border-radius: 14px; border: 1px solid #d8dee9; background: #ffffff;
+            box-shadow: 0 8px 24px rgba(16, 24, 40, 0.08);
+          }
+          .auth-title {font-size:1.2rem; font-weight:700; color:#0f172a; margin-bottom:.25rem;}
+          .auth-sub {font-size:.92rem; color:#475467; margin-bottom:.8rem;}
+        </style>
+        <div class="auth-wrap">
+          <div class="auth-card">
+            <div class="auth-title">OpenClaw Control Login</div>
+            <div class="auth-sub">Sign in to access the control center.</div>
+          </div>
+        </div>
+        """,
+        unsafe_allow_html=True,
+    )
+    with st.form("streamlit_auth_form", clear_on_submit=False):
+        username = st.text_input("Username")
+        password = st.text_input("Password", type="password")
+        submit = st.form_submit_button("Sign in", use_container_width=True)
+    if submit:
+        if validate_login(username.strip(), password):
+            st.session_state["authenticated"] = True
+            st.rerun()
+        st.error("Invalid username or password.")
 st.set_page_config(page_title="OpenClaw Control Center", layout="wide")
+st.session_state.setdefault("authenticated", False)
+if login_enabled():
+    if not has_login_credentials():
+        st.error(
+            "UI auth is enabled, but credentials are missing. "
+            "Set `STREAMLIT_AUTH_USERNAME` and `STREAMLIT_AUTH_PASSWORD` in Hugging Face Secrets."
+        )
+        st.stop()
+    if not st.session_state.get("authenticated", False):
+        render_login_form()
+        st.stop()
 st.title("OpenClaw Control Center")
 st.caption("Manage gateway runtime, config, environment, and test calls from one UI.")
+if login_enabled():
+    with st.sidebar:
+        st.success("Authenticated")
+        if st.button("Sign out", use_container_width=True):
+            st.session_state["authenticated"] = False
+            st.rerun()
 init_state()
 pull_logs()

supervisord.conf CHANGED Viewed

@@ -5,7 +5,7 @@ pidfile=/tmp/supervisord.pid
 user=root
 [program:openclaw]
-command=/bin/sh -lc "GATEWAY_BIND=${OPENCLAW_GATEWAY_BIND:-lan}; AUTH_FILE_MAIN=/app/.openclaw/state/agents/main/agent/auth-profiles.json; ONBOARD_MARKER=/app/.openclaw/state/.onboard_custom_done; if [ \"${OPENCLAW_BOOTSTRAP_ONBOARD:-1}\" = \"1\" ] && [ ! -s \"$AUTH_FILE_MAIN\" ] && [ ! -f \"$ONBOARD_MARKER\" ]; then echo '[onboard] bootstrapping custom provider'; openclaw onboard --non-interactive --mode local --auth-choice custom-api-key --custom-base-url \"${OPENCLAW_CUSTOM_BASE_URL}\" --custom-model-id \"${OPENCLAW_CUSTOM_MODEL_ID}\" --custom-provider-id \"${OPENCLAW_CUSTOM_PROVIDER_ID:-researchengineering-agi-hf-space}\" --custom-compatibility \"${OPENCLAW_CUSTOM_COMPATIBILITY:-anthropic}\" --gateway-port 18789 --gateway-bind \"$GATEWAY_BIND\" --skip-skills --accept-risk --secret-input-mode plaintext || true; touch \"$ONBOARD_MARKER\"; fi; python /app/scripts/bootstrap_gateway_token.py; exec openclaw gateway run --port 18789 --bind \"$GATEWAY_BIND\" --allow-unconfigured --dev"
 autorestart=true
 startsecs=5
 startretries=20

 user=root
 [program:openclaw]
+command=/bin/sh -lc "GATEWAY_BIND=${OPENCLAW_GATEWAY_BIND:-lan}; AUTH_FILE_MAIN=/app/.openclaw/state/agents/main/agent/auth-profiles.json; API_KEY_RAW=${OPENCLAW_CUSTOM_API_KEY:-${CUSTOM_API_KEY:-}}; API_KEY=\"$API_KEY_RAW\"; if [ -z \"$API_KEY\" ] && [ \"${OPENCLAW_CUSTOM_API_KEY_OPTIONAL:-1}\" = \"1\" ]; then API_KEY=\"${OPENCLAW_CUSTOM_API_KEY_PLACEHOLDER:-no-key}\"; echo '[onboard] using placeholder custom API key'; fi; if [ \"${OPENCLAW_BOOTSTRAP_ONBOARD:-1}\" = \"1\" ] && [ ! -s \"$AUTH_FILE_MAIN\" ]; then if [ -n \"$API_KEY\" ]; then echo '[onboard] bootstrapping custom provider with API key'; openclaw onboard --non-interactive --mode local --auth-choice custom-api-key --custom-base-url \"${OPENCLAW_CUSTOM_BASE_URL}\" --custom-model-id \"${OPENCLAW_CUSTOM_MODEL_ID}\" --custom-provider-id \"${OPENCLAW_CUSTOM_PROVIDER_ID:-researchengineering-agi-hf-space}\" --custom-compatibility \"${OPENCLAW_CUSTOM_COMPATIBILITY:-anthropic}\" --custom-api-key \"$API_KEY\" --secret-input-mode plaintext --gateway-port 18789 --gateway-bind \"$GATEWAY_BIND\" --skip-skills --accept-risk || true; else echo '[onboard] skipped: no API key or placeholder'; fi; fi; python /app/scripts/bootstrap_gateway_token.py; exec openclaw gateway run --port 18789 --bind \"$GATEWAY_BIND\" --allow-unconfigured --dev"
 autorestart=true
 startsecs=5
 startretries=20