open-webui/backend/apps/webui/routers/auths.py

376 lines
11 KiB
Python
Raw Normal View History

import logging
2024-05-02 02:02:25 +00:00
from fastapi import Request, UploadFile, File
2024-03-26 10:22:17 +00:00
from fastapi import Depends, HTTPException, status
2023-11-19 00:47:12 +00:00
2024-03-26 10:22:17 +00:00
from fastapi import APIRouter
2023-11-19 00:47:12 +00:00
from pydantic import BaseModel
2024-02-20 04:44:00 +00:00
import re
2024-04-02 16:18:36 +00:00
import uuid
2024-05-02 02:02:25 +00:00
import csv
2023-11-19 00:47:12 +00:00
2024-05-26 08:15:48 +00:00
from apps.webui.models.auths import (
2023-11-19 00:47:12 +00:00
SigninForm,
SignupForm,
2024-05-02 00:55:18 +00:00
AddUserForm,
UpdateProfileForm,
2023-12-29 08:12:30 +00:00
UpdatePasswordForm,
2023-11-19 00:47:12 +00:00
UserResponse,
SigninResponse,
Auths,
2024-04-02 16:18:36 +00:00
ApiKey,
2023-11-19 00:47:12 +00:00
)
2024-05-26 08:15:48 +00:00
from apps.webui.models.users import Users
2023-11-19 00:47:12 +00:00
2024-02-14 09:17:43 +00:00
from utils.utils import (
get_password_hash,
get_current_user,
get_admin_user,
create_token,
2024-04-02 16:18:36 +00:00
create_api_key,
2024-02-14 09:17:43 +00:00
)
2024-02-20 04:44:00 +00:00
from utils.misc import parse_duration, validate_email_format
2024-03-21 01:35:02 +00:00
from utils.webhook import post_webhook
from constants import ERROR_MESSAGES, WEBHOOK_MESSAGES
from config import WEBUI_AUTH, WEBUI_AUTH_TRUSTED_EMAIL_HEADER
2023-11-19 00:47:12 +00:00
2023-11-19 08:13:59 +00:00
router = APIRouter()
2023-11-19 00:47:12 +00:00
############################
# GetSessionUser
############################
@router.get("/", response_model=UserResponse)
async def get_session_user(user=Depends(get_current_user)):
return {
"id": user.id,
"email": user.email,
"name": user.name,
"role": user.role,
"profile_image_url": user.profile_image_url,
}
2023-11-19 00:47:12 +00:00
2024-01-27 04:27:45 +00:00
############################
# Update Profile
2024-01-27 04:27:45 +00:00
############################
@router.post("/update/profile", response_model=UserResponse)
async def update_profile(
form_data: UpdateProfileForm, session_user=Depends(get_current_user)
2024-01-27 04:27:45 +00:00
):
if session_user:
user = Users.update_user_by_id(
session_user.id,
{"profile_image_url": form_data.profile_image_url, "name": form_data.name},
2024-01-27 04:27:45 +00:00
)
if user:
return user
else:
raise HTTPException(400, detail=ERROR_MESSAGES.DEFAULT())
else:
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
2023-12-29 08:12:30 +00:00
############################
# Update Password
############################
@router.post("/update/password", response_model=bool)
2024-01-27 04:27:45 +00:00
async def update_password(
form_data: UpdatePasswordForm, session_user=Depends(get_current_user)
):
if WEBUI_AUTH_TRUSTED_EMAIL_HEADER:
raise HTTPException(400, detail=ERROR_MESSAGES.ACTION_PROHIBITED)
2023-12-29 08:26:47 +00:00
if session_user:
user = Auths.authenticate_user(session_user.email, form_data.password)
2023-12-29 08:12:30 +00:00
2023-12-29 08:26:47 +00:00
if user:
hashed = get_password_hash(form_data.new_password)
2023-12-29 08:29:18 +00:00
return Auths.update_user_password_by_id(user.id, hashed)
2023-12-29 08:26:47 +00:00
else:
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_PASSWORD)
2023-12-29 08:12:30 +00:00
else:
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
2023-11-19 00:47:12 +00:00
############################
# SignIn
############################
@router.post("/signin", response_model=SigninResponse)
2024-02-20 04:44:00 +00:00
async def signin(request: Request, form_data: SigninForm):
if WEBUI_AUTH_TRUSTED_EMAIL_HEADER:
if WEBUI_AUTH_TRUSTED_EMAIL_HEADER not in request.headers:
2024-03-29 20:06:18 +00:00
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)
trusted_email = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER].lower()
if not Users.get_user_by_email(trusted_email.lower()):
2024-03-29 20:06:18 +00:00
await signup(
request,
SignupForm(
email=trusted_email, password=str(uuid.uuid4()), name=trusted_email
),
)
user = Auths.authenticate_user_by_trusted_header(trusted_email)
2024-05-09 00:17:21 +00:00
elif WEBUI_AUTH == False:
admin_email = "admin@localhost"
admin_password = "admin"
2024-05-08 23:19:59 +00:00
2024-05-09 00:17:21 +00:00
if Users.get_user_by_email(admin_email.lower()):
user = Auths.authenticate_user(admin_email.lower(), admin_password)
else:
if Users.get_num_users() != 0:
raise HTTPException(400, detail=ERROR_MESSAGES.EXISTING_USERS)
2024-05-09 00:15:54 +00:00
2024-05-09 00:17:21 +00:00
await signup(
request,
SignupForm(email=admin_email, password=admin_password, name="User"),
)
2024-05-08 23:42:41 +00:00
2024-05-09 00:17:21 +00:00
user = Auths.authenticate_user(admin_email.lower(), admin_password)
else:
user = Auths.authenticate_user(form_data.email.lower(), form_data.password)
2023-11-19 00:47:12 +00:00
if user:
2024-02-20 04:44:00 +00:00
token = create_token(
data={"id": user.id},
expires_delta=parse_duration(request.app.state.config.JWT_EXPIRES_IN),
2024-02-20 04:44:00 +00:00
)
2023-11-19 00:47:12 +00:00
return {
"token": token,
"token_type": "Bearer",
"id": user.id,
"email": user.email,
"name": user.name,
"role": user.role,
2023-11-19 05:41:43 +00:00
"profile_image_url": user.profile_image_url,
2023-11-19 00:47:12 +00:00
}
else:
2023-11-19 05:41:43 +00:00
raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
2023-11-19 00:47:12 +00:00
############################
# SignUp
############################
@router.post("/signup", response_model=SigninResponse)
async def signup(request: Request, form_data: SignupForm):
if not request.app.state.config.ENABLE_SIGNUP and WEBUI_AUTH:
2024-02-14 09:17:43 +00:00
raise HTTPException(
status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.ACCESS_PROHIBITED
)
2024-01-27 04:27:45 +00:00
if not validate_email_format(form_data.email.lower()):
2024-02-14 09:17:43 +00:00
raise HTTPException(
status.HTTP_400_BAD_REQUEST, detail=ERROR_MESSAGES.INVALID_EMAIL_FORMAT
)
2024-01-27 04:27:45 +00:00
if Users.get_user_by_email(form_data.email.lower()):
raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)
2024-01-27 04:27:45 +00:00
try:
2024-02-14 09:17:43 +00:00
role = (
"admin"
if Users.get_num_users() == 0
else request.app.state.config.DEFAULT_USER_ROLE
2024-02-14 09:17:43 +00:00
)
hashed = get_password_hash(form_data.password)
2024-01-27 04:27:45 +00:00
user = Auths.insert_new_auth(
2024-04-04 08:10:51 +00:00
form_data.email.lower(),
hashed,
form_data.name,
form_data.profile_image_url,
role,
2024-01-27 04:27:45 +00:00
)
if user:
2024-02-20 04:44:00 +00:00
token = create_token(
data={"id": user.id},
expires_delta=parse_duration(request.app.state.config.JWT_EXPIRES_IN),
2024-02-20 04:44:00 +00:00
)
# response.set_cookie(key='token', value=token, httponly=True)
if request.app.state.config.WEBHOOK_URL:
2024-03-21 01:35:02 +00:00
post_webhook(
request.app.state.config.WEBHOOK_URL,
2024-03-21 01:47:13 +00:00
WEBHOOK_MESSAGES.USER_SIGNUP(user.name),
2024-03-21 01:35:02 +00:00
{
"action": "signup",
"message": WEBHOOK_MESSAGES.USER_SIGNUP(user.name),
"user": user.model_dump_json(exclude_none=True),
},
)
return {
"token": token,
"token_type": "Bearer",
"id": user.id,
"email": user.email,
"name": user.name,
"role": user.role,
"profile_image_url": user.profile_image_url,
}
else:
2024-01-27 04:27:45 +00:00
raise HTTPException(500, detail=ERROR_MESSAGES.CREATE_USER_ERROR)
2024-05-02 00:55:18 +00:00
except Exception as err:
raise HTTPException(500, detail=ERROR_MESSAGES.DEFAULT(err))
############################
# AddUser
############################
@router.post("/add", response_model=SigninResponse)
2024-05-02 02:02:25 +00:00
async def add_user(form_data: AddUserForm, user=Depends(get_admin_user)):
2024-05-02 00:55:18 +00:00
if not validate_email_format(form_data.email.lower()):
raise HTTPException(
status.HTTP_400_BAD_REQUEST, detail=ERROR_MESSAGES.INVALID_EMAIL_FORMAT
)
if Users.get_user_by_email(form_data.email.lower()):
raise HTTPException(400, detail=ERROR_MESSAGES.EMAIL_TAKEN)
try:
2024-05-02 01:06:02 +00:00
print(form_data)
2024-05-02 00:55:18 +00:00
hashed = get_password_hash(form_data.password)
user = Auths.insert_new_auth(
form_data.email.lower(),
hashed,
form_data.name,
form_data.profile_image_url,
2024-05-02 01:06:02 +00:00
form_data.role,
2024-05-02 00:55:18 +00:00
)
if user:
token = create_token(data={"id": user.id})
return {
"token": token,
"token_type": "Bearer",
"id": user.id,
"email": user.email,
"name": user.name,
"role": user.role,
"profile_image_url": user.profile_image_url,
}
else:
raise HTTPException(500, detail=ERROR_MESSAGES.CREATE_USER_ERROR)
except Exception as err:
2024-01-27 04:27:45 +00:00
raise HTTPException(500, detail=ERROR_MESSAGES.DEFAULT(err))
############################
# ToggleSignUp
############################
@router.get("/signup/enabled", response_model=bool)
async def get_sign_up_status(request: Request, user=Depends(get_admin_user)):
return request.app.state.config.ENABLE_SIGNUP
@router.get("/signup/enabled/toggle", response_model=bool)
async def toggle_sign_up(request: Request, user=Depends(get_admin_user)):
request.app.state.config.ENABLE_SIGNUP = not request.app.state.config.ENABLE_SIGNUP
return request.app.state.config.ENABLE_SIGNUP
2024-02-14 09:17:43 +00:00
############################
# Default User Role
############################
@router.get("/signup/user/role")
async def get_default_user_role(request: Request, user=Depends(get_admin_user)):
return request.app.state.config.DEFAULT_USER_ROLE
2024-02-14 09:17:43 +00:00
class UpdateRoleForm(BaseModel):
role: str
@router.post("/signup/user/role")
async def update_default_user_role(
request: Request, form_data: UpdateRoleForm, user=Depends(get_admin_user)
):
if form_data.role in ["pending", "user", "admin"]:
request.app.state.config.DEFAULT_USER_ROLE = form_data.role
return request.app.state.config.DEFAULT_USER_ROLE
2024-02-20 04:44:00 +00:00
############################
# JWT Expiration
############################
@router.get("/token/expires")
async def get_token_expires_duration(request: Request, user=Depends(get_admin_user)):
return request.app.state.config.JWT_EXPIRES_IN
2024-02-20 04:44:00 +00:00
class UpdateJWTExpiresDurationForm(BaseModel):
duration: str
@router.post("/token/expires/update")
async def update_token_expires_duration(
request: Request,
form_data: UpdateJWTExpiresDurationForm,
user=Depends(get_admin_user),
):
pattern = r"^(-1|0|(-?\d+(\.\d+)?)(ms|s|m|h|d|w))$"
# Check if the input string matches the pattern
if re.match(pattern, form_data.duration):
request.app.state.config.JWT_EXPIRES_IN = form_data.duration
return request.app.state.config.JWT_EXPIRES_IN
2024-02-20 04:44:00 +00:00
else:
return request.app.state.config.JWT_EXPIRES_IN
2024-03-26 10:22:17 +00:00
############################
# API Key
############################
# create api key
@router.post("/api_key", response_model=ApiKey)
async def create_api_key_(user=Depends(get_current_user)):
api_key = create_api_key()
2024-04-02 16:27:35 +00:00
success = Users.update_user_api_key_by_id(user.id, api_key)
2024-03-26 10:22:17 +00:00
if success:
return {
"api_key": api_key,
}
else:
raise HTTPException(500, detail=ERROR_MESSAGES.CREATE_API_KEY_ERROR)
# delete api key
@router.delete("/api_key", response_model=bool)
async def delete_api_key(user=Depends(get_current_user)):
2024-04-02 16:27:35 +00:00
success = Users.update_user_api_key_by_id(user.id, None)
2024-03-26 10:22:17 +00:00
return success
# get api key
@router.get("/api_key", response_model=ApiKey)
async def get_api_key(user=Depends(get_current_user)):
2024-04-02 16:27:35 +00:00
api_key = Users.get_user_api_key_by_id(user.id)
2024-03-26 10:22:17 +00:00
if api_key:
return {
"api_key": api_key,
}
else:
raise HTTPException(404, detail=ERROR_MESSAGES.API_KEY_NOT_FOUND)