diff --git a/backend/open_webui/config.py b/backend/open_webui/config.py index 7fff81ed3..3e08dbb72 100644 --- a/backend/open_webui/config.py +++ b/backend/open_webui/config.py @@ -588,20 +588,6 @@ load_oauth_providers() STATIC_DIR = Path(os.getenv("STATIC_DIR", OPEN_WEBUI_DIR / "static")).resolve() - -def override_static(path: str, content: str): - # Ensure path is safe - if "/" in path or ".." in path: - log.error(f"Invalid path: {path}") - return - - file_path = os.path.join(STATIC_DIR, path) - os.makedirs(os.path.dirname(file_path), exist_ok=True) - - with open(file_path, "wb") as f: - f.write(base64.b64decode(content)) # Convert Base64 back to raw binary - - frontend_favicon = FRONTEND_BUILD_DIR / "static" / "favicon.png" if frontend_favicon.exists(): diff --git a/backend/open_webui/utils/auth.py b/backend/open_webui/utils/auth.py index e4ad27c84..e478284a6 100644 --- a/backend/open_webui/utils/auth.py +++ b/backend/open_webui/utils/auth.py @@ -5,6 +5,7 @@ import base64 import hmac import hashlib import requests +import os from datetime import UTC, datetime, timedelta @@ -13,8 +14,7 @@ from typing import Optional, Union, List, Dict from open_webui.models.users import Users from open_webui.constants import ERROR_MESSAGES -from open_webui.config import override_static -from open_webui.env import WEBUI_SECRET_KEY, TRUSTED_SIGNATURE_KEY +from open_webui.env import WEBUI_SECRET_KEY, TRUSTED_SIGNATURE_KEY, STATIC_DIR from fastapi import Depends, HTTPException, Request, Response, status from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer @@ -47,6 +47,19 @@ def verify_signature(payload: str, signature: str) -> bool: return False +def override_static(path: str, content: str): + # Ensure path is safe + if "/" in path or ".." in path: + print(f"Invalid path: {path}") + return + + file_path = os.path.join(STATIC_DIR, path) + os.makedirs(os.path.dirname(file_path), exist_ok=True) + + with open(file_path, "wb") as f: + f.write(base64.b64decode(content)) # Convert Base64 back to raw binary + + def get_license_data(app, key): if key: try: