Spaces:

cotcotquedec
/

openwebui-anthropic

Paused

cotcotquedec commited on Oct 26, 2024

Commit

17e63a8

1 Parent(s): 1ce4699

feat(auth): implement token-based authentication middleware

Added a new authentication middleware to handle token-based authorization for all endpoints. This middleware checks for the presence of an authorization header, validates the bearer token, and stores it in a context variable for subsequent requests. This change enhances security by ensuring that only requests with valid tokens can access the API endpoints.

Additionally, modified the existing functions to utilize the token context for creating Anthropic clients, ensuring that the correct token is used for API interactions.

ref #123: enhance security with token-based auth middleware

Files changed (1) hide show

main.py +55 -9

main.py CHANGED Viewed

@@ -1,16 +1,57 @@
-import os
-from fastapi import FastAPI, HTTPException
 from fastapi.responses import JSONResponse, StreamingResponse
 from pydantic import BaseModel
 from typing import List, Optional
 from anthropic import Anthropic
 import json
 import time
 app = FastAPI()
-# Initialize Anthropic client with environment variable
-client = Anthropic(api_key=os.getenv('ANTHROPIC_API_KEY'))
 # Available models
 AVAILABLE_MODELS = [
@@ -31,12 +72,15 @@ class ChatCompletionRequest(BaseModel):
     max_tokens: Optional[int] = 1024
 @app.get("/")
-def read_root():
     return {"Hello": "World!"}
 @app.get("/models")
 async def get_models():
     """Get available Anthropic models."""
     models = [
         {
             "id": model_id,
@@ -57,8 +101,6 @@ async def get_models():
         }
     )
-    return {"data": models, "object": "list"}
 @app.post("/v1/chat/completions")
 async def create_chat_completion(request: ChatCompletionRequest):
     """Generate chat completions using Anthropic models."""
@@ -73,12 +115,13 @@ async def create_chat_completion(request: ChatCompletionRequest):
     except Exception as e:
         raise HTTPException(status_code=500, detail=str(e))
 async def generate_completion(request: ChatCompletionRequest):
     """Generate a non-streaming completion."""
     messages = [{"role": m.role, "content": m.content} for m in request.messages]
     response = client.messages.create(
         model=request.model,
         max_tokens=request.max_tokens,
@@ -109,6 +152,9 @@ async def stream_response(request: ChatCompletionRequest):
     """Stream the completion response."""
     messages = [{"role": m.role, "content": m.content} for m in request.messages]
     response = client.messages.create(
         model=request.model,
         max_tokens=request.max_tokens,

+from fastapi import FastAPI, HTTPException, Request
 from fastapi.responses import JSONResponse, StreamingResponse
+from fastapi.security import HTTPBearer
+from fastapi.middleware.base import BaseHTTPMiddleware
 from pydantic import BaseModel
 from typing import List, Optional
 from anthropic import Anthropic
 import json
 import time
+from contextvars import ContextVar
 app = FastAPI()
+security = HTTPBearer()
+# Context variable to store the token
+token_context = ContextVar('token', default=None)
+# Middleware pour récupérer et vérifier le token sur tous les endpoints
+class AuthMiddleware(BaseHTTPMiddleware):
+    async def dispatch(self, request: Request, call_next):
+        try:
+            auth_header = request.headers.get('Authorization')
+            if not auth_header:
+                raise HTTPException(status_code=401, detail="No authorization header")
+            scheme, token = auth_header.split()
+            if scheme.lower() != 'bearer':
+                raise HTTPException(status_code=401, detail="Invalid authentication scheme")
+            # Store token in context
+            token_context.set(token)
+        except HTTPException as e:
+            return JSONResponse(
+                status_code=e.status_code,
+                content={"detail": e.detail}
+            )
+        except Exception as e:
+            return JSONResponse(
+                status_code=401,
+                content={"detail": "Invalid authorization header"}
+            )
+        return await call_next(request)
+# Ajouter le middleware à l'application
+app.add_middleware(AuthMiddleware)
+# Function to get Anthropic client with current token
+def get_anthropic_client():
+    token = token_context.get()
+    if not token:
+        raise HTTPException(status_code=401, detail="No authorization token found")
+    return Anthropic(api_key=token)
 # Available models
 AVAILABLE_MODELS = [
     max_tokens: Optional[int] = 1024
 @app.get("/")
+async def read_root():
     return {"Hello": "World!"}
 @app.get("/models")
 async def get_models():
     """Get available Anthropic models."""
+    # Test the token by creating a client
+    get_anthropic_client()
     models = [
         {
             "id": model_id,
         }
     )
 @app.post("/v1/chat/completions")
 async def create_chat_completion(request: ChatCompletionRequest):
     """Generate chat completions using Anthropic models."""
     except Exception as e:
         raise HTTPException(status_code=500, detail=str(e))
 async def generate_completion(request: ChatCompletionRequest):
     """Generate a non-streaming completion."""
     messages = [{"role": m.role, "content": m.content} for m in request.messages]
+    # Get client with current token
+    client = get_anthropic_client()
     response = client.messages.create(
         model=request.model,
         max_tokens=request.max_tokens,
     """Stream the completion response."""
     messages = [{"role": m.role, "content": m.content} for m in request.messages]
+    # Get client with current token
+    client = get_anthropic_client()
     response = client.messages.create(
         model=request.model,
         max_tokens=request.max_tokens,