use jwt auth

This commit is contained in:
technicca 2024-02-05 05:37:00 +03:00
parent 8a391102c8
commit 0dd7d1dc9d
8 changed files with 92 additions and 21 deletions

2
server/.env.example Normal file
View File

@ -0,0 +1,2 @@
FLASK_SECRET_KEY=
OPENAI_API_KEY=

View File

@ -1,5 +1,6 @@
{ {
"/extwis": { "/extwis": {
"eJ4f1e0b-25wO-47f9-97ec-6b5335b2": "Daniel Miessler" "eJ4f1e0b-25wO-47f9-97ec-6b5335b2": "Daniel Miessler",
"test": "user2"
} }
} }

View File

@ -1,14 +1,24 @@
# Imports import jwt
import openai
import json import json
import openai
from flask import Flask, request, jsonify from flask import Flask, request, jsonify
from functools import wraps from functools import wraps
import re import re
import requests import requests
import os
from dotenv import load_dotenv
## Define Flask app
app = Flask(__name__) app = Flask(__name__)
@app.errorhandler(404)
def not_found(e):
return jsonify({"error": "The requested resource was not found."}), 404
@app.errorhandler(500)
def server_error(e):
return jsonify({"error": "An internal server error occurred."}), 500
################################################## ##################################################
################################################## ##################################################
# #
@ -25,10 +35,8 @@ app = Flask(__name__)
## Set authentication on your APIs ## Set authentication on your APIs
## Let's at least have some kind of auth ## Let's at least have some kind of auth
load_dotenv()
# Load your OpenAI API key from a file openai.api_key = os.getenv("OPENAI_API_KEY")
with open("openai.key", "r") as key_file:
openai.api_key = key_file.read().strip()
## Define our own client ## Define our own client
client = openai.OpenAI(api_key = openai.api_key) client = openai.OpenAI(api_key = openai.api_key)
@ -39,6 +47,11 @@ with open("fabric_api_keys.json", "r") as tokens_file:
valid_tokens = json.load(tokens_file) valid_tokens = json.load(tokens_file)
# Read users from the users.json file
with open("users.json", "r") as users_file:
users = json.load(users_file)
# The function to check if the token is valid # The function to check if the token is valid
def auth_required(f): def auth_required(f):
@wraps(f) @wraps(f)
@ -67,7 +80,7 @@ def auth_required(f):
def check_auth_token(token, route): def check_auth_token(token, route):
# Check if token is valid for the given route and return corresponding user # Check if token is valid for the given route and return corresponding user
if route in valid_tokens and token in valid_tokens[route]: if route in valid_tokens and token in valid_tokens[route]:
return valid_tokens[route][token] return users[valid_tokens[route][token]]
else: else:
return "Unauthorized: You are not authorized for this API" return "Unauthorized: You are not authorized for this API"
@ -132,8 +145,47 @@ def extwis():
assistant_message = response.choices[0].message.content assistant_message = response.choices[0].message.content
return jsonify({"response": assistant_message}) return jsonify({"response": assistant_message})
except Exception as e: except Exception as e:
return jsonify({"error": str(e)}), 500 app.logger.error(f"Error occurred: {str(e)}")
return jsonify({"error": "An error occurred while processing the request."}), 500
@app.route("/register", methods=["POST"])
def register():
data = request.get_json()
username = data["username"]
password = data["password"]
if username in users:
return jsonify({"error": "Username already exists"}), 400
new_user = {
"username": username,
"password": password
}
users[username] = new_user
token = jwt.encode({"username": username}, os.getenv("JWT_SECRET"), algorithm="HS256")
return jsonify({"token": token.decode("utf-8")})
@app.route("/login", methods=["POST"])
def login():
data = request.get_json()
username = data["username"]
password = data["password"]
if username in users and users[username]["password"] == password:
# Generate a JWT token
token = jwt.encode({"username": username}, os.getenv("JWT_SECRET"), algorithm="HS256")
return jsonify({"token": token.decode("utf-8")})
return jsonify({"error": "Invalid username or password"}), 401
# Run the application
if __name__ == "__main__": if __name__ == "__main__":
app.run(host="127.0.0.1", port=13337, debug=True) app.run(host="127.0.0.1", port=13337, debug=True)

View File

@ -20,19 +20,23 @@ def send_request(prompt, endpoint):
url = f"{base_url}{endpoint}" url = f"{base_url}{endpoint}"
headers = { headers = {
"Content-Type": "application/json", "Content-Type": "application/json",
"Authorization": "eJ4f1e0b-25wO-47f9-97ec-6b5335b2", "Authorization": f"Bearer {session['token']}",
} }
data = json.dumps({"input": prompt}) data = json.dumps({"input": prompt})
response = requests.post(url, headers=headers, data=data, verify=False) response = requests.post(url, headers=headers, data=data, verify=False)
try: try:
return response.json()["response"] response = requests.post(url, headers=headers, data=data)
except KeyError: response.raise_for_status() # raises HTTPError if the response status isn't 200
return f"Error: You're not authorized for this application." except requests.ConnectionError:
return "Error: Unable to connect to the server."
except requests.HTTPError as e:
return f"Error: An HTTP error occurred: {str(e)}"
app = Flask(__name__) app = Flask(__name__)
app.secret_key = "your_secret_key" app.secret_key = os.getenv("FLASK_SECRET_KEY")
@app.route("/favicon.ico") @app.route("/favicon.ico")

View File

@ -17,7 +17,7 @@
<h1 class="text-4xl font-bold"><code>fabric</code></h1> <h1 class="text-4xl font-bold"><code>fabric</code></h1>
</div> </div>
<p>Enter your content and the API you want to send it to.</p> <p>Please enter your content and select the API you want to use:</p>
<br /> <br />
<form method="POST" class="space-y-4"> <form method="POST" class="space-y-4">
<div> <div>
@ -31,13 +31,13 @@
<!-- Add more API endpoints here... --> <!-- Add more API endpoints here... -->
</select> </select>
</div> </div>
<button type="submit" class="px-4 py-2 bg-blue-600 hover:bg-blue-700 rounded-md text-white font-medium">Submit</button> <button type="submit" class="px-4 py-2 bg-blue-600 hover:bg-blue-700 rounded-md text-white font-medium">Send Request</button>
</form> </form>
{% if response %} {% if response %}
<div class="mt-8"> <div class="mt-8">
<div class="flex justify-between items-center mb-4"> <div class="flex justify-between items-center mb-4">
<h2 class="text-2xl font-bold">Response:</h2> <h2 class="text-2xl font-bold">API Response:</h2>
<button id="copy-button" class="bg-green-600 hover:bg-green-700 text-white px-4 py-2 rounded-md">Copy</button> <button id="copy-button" class="bg-green-600 hover:bg-green-700 text-white px-4 py-2 rounded-md">Copy to Clipboard</button>
</div> </div>
<pre id="response-output" class="bg-gray-800 p-4 rounded-md whitespace-pre-wrap">{{ response }}</pre> <pre id="response-output" class="bg-gray-800 p-4 rounded-md whitespace-pre-wrap">{{ response }}</pre>
</div> </div>

View File

@ -1 +0,0 @@
sk-somethingsomethingnumbersandstuff

View File

@ -1,3 +1,5 @@
openai openai
requests requests
flask flask
python-dotenv
jwt

11
server/users.json Normal file
View File

@ -0,0 +1,11 @@
{
"user1": {
"username": "user1",
"password": "password1"
},
"user2": {
"username": "user2",
"password": "password2"
}
}