mirror of
https://github.com/danielmiessler/fabric
synced 2024-11-10 07:10:31 +00:00
use jwt auth
This commit is contained in:
parent
8a391102c8
commit
0dd7d1dc9d
2
server/.env.example
Normal file
2
server/.env.example
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
FLASK_SECRET_KEY=
|
||||||
|
OPENAI_API_KEY=
|
@ -1,5 +1,6 @@
|
|||||||
{
|
{
|
||||||
"/extwis": {
|
"/extwis": {
|
||||||
"eJ4f1e0b-25wO-47f9-97ec-6b5335b2": "Daniel Miessler"
|
"eJ4f1e0b-25wO-47f9-97ec-6b5335b2": "Daniel Miessler",
|
||||||
|
"test": "user2"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,14 +1,24 @@
|
|||||||
# Imports
|
import jwt
|
||||||
import openai
|
|
||||||
import json
|
import json
|
||||||
|
import openai
|
||||||
from flask import Flask, request, jsonify
|
from flask import Flask, request, jsonify
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
import re
|
import re
|
||||||
import requests
|
import requests
|
||||||
|
import os
|
||||||
|
from dotenv import load_dotenv
|
||||||
|
|
||||||
## Define Flask app
|
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
|
|
||||||
|
@app.errorhandler(404)
|
||||||
|
def not_found(e):
|
||||||
|
return jsonify({"error": "The requested resource was not found."}), 404
|
||||||
|
|
||||||
|
@app.errorhandler(500)
|
||||||
|
def server_error(e):
|
||||||
|
return jsonify({"error": "An internal server error occurred."}), 500
|
||||||
|
|
||||||
|
|
||||||
##################################################
|
##################################################
|
||||||
##################################################
|
##################################################
|
||||||
#
|
#
|
||||||
@ -25,10 +35,8 @@ app = Flask(__name__)
|
|||||||
|
|
||||||
## Set authentication on your APIs
|
## Set authentication on your APIs
|
||||||
## Let's at least have some kind of auth
|
## Let's at least have some kind of auth
|
||||||
|
load_dotenv()
|
||||||
# Load your OpenAI API key from a file
|
openai.api_key = os.getenv("OPENAI_API_KEY")
|
||||||
with open("openai.key", "r") as key_file:
|
|
||||||
openai.api_key = key_file.read().strip()
|
|
||||||
|
|
||||||
## Define our own client
|
## Define our own client
|
||||||
client = openai.OpenAI(api_key = openai.api_key)
|
client = openai.OpenAI(api_key = openai.api_key)
|
||||||
@ -39,6 +47,11 @@ with open("fabric_api_keys.json", "r") as tokens_file:
|
|||||||
valid_tokens = json.load(tokens_file)
|
valid_tokens = json.load(tokens_file)
|
||||||
|
|
||||||
|
|
||||||
|
# Read users from the users.json file
|
||||||
|
with open("users.json", "r") as users_file:
|
||||||
|
users = json.load(users_file)
|
||||||
|
|
||||||
|
|
||||||
# The function to check if the token is valid
|
# The function to check if the token is valid
|
||||||
def auth_required(f):
|
def auth_required(f):
|
||||||
@wraps(f)
|
@wraps(f)
|
||||||
@ -67,7 +80,7 @@ def auth_required(f):
|
|||||||
def check_auth_token(token, route):
|
def check_auth_token(token, route):
|
||||||
# Check if token is valid for the given route and return corresponding user
|
# Check if token is valid for the given route and return corresponding user
|
||||||
if route in valid_tokens and token in valid_tokens[route]:
|
if route in valid_tokens and token in valid_tokens[route]:
|
||||||
return valid_tokens[route][token]
|
return users[valid_tokens[route][token]]
|
||||||
else:
|
else:
|
||||||
return "Unauthorized: You are not authorized for this API"
|
return "Unauthorized: You are not authorized for this API"
|
||||||
|
|
||||||
@ -132,8 +145,47 @@ def extwis():
|
|||||||
assistant_message = response.choices[0].message.content
|
assistant_message = response.choices[0].message.content
|
||||||
return jsonify({"response": assistant_message})
|
return jsonify({"response": assistant_message})
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify({"error": str(e)}), 500
|
app.logger.error(f"Error occurred: {str(e)}")
|
||||||
|
return jsonify({"error": "An error occurred while processing the request."}), 500
|
||||||
|
|
||||||
|
|
||||||
|
@app.route("/register", methods=["POST"])
|
||||||
|
def register():
|
||||||
|
data = request.get_json()
|
||||||
|
|
||||||
|
username = data["username"]
|
||||||
|
password = data["password"]
|
||||||
|
|
||||||
|
if username in users:
|
||||||
|
return jsonify({"error": "Username already exists"}), 400
|
||||||
|
|
||||||
|
new_user = {
|
||||||
|
"username": username,
|
||||||
|
"password": password
|
||||||
|
}
|
||||||
|
|
||||||
|
users[username] = new_user
|
||||||
|
|
||||||
|
token = jwt.encode({"username": username}, os.getenv("JWT_SECRET"), algorithm="HS256")
|
||||||
|
|
||||||
|
return jsonify({"token": token.decode("utf-8")})
|
||||||
|
|
||||||
|
|
||||||
|
@app.route("/login", methods=["POST"])
|
||||||
|
def login():
|
||||||
|
data = request.get_json()
|
||||||
|
|
||||||
|
username = data["username"]
|
||||||
|
password = data["password"]
|
||||||
|
|
||||||
|
if username in users and users[username]["password"] == password:
|
||||||
|
# Generate a JWT token
|
||||||
|
token = jwt.encode({"username": username}, os.getenv("JWT_SECRET"), algorithm="HS256")
|
||||||
|
|
||||||
|
return jsonify({"token": token.decode("utf-8")})
|
||||||
|
|
||||||
|
return jsonify({"error": "Invalid username or password"}), 401
|
||||||
|
|
||||||
|
|
||||||
# Run the application
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
app.run(host="127.0.0.1", port=13337, debug=True)
|
app.run(host="127.0.0.1", port=13337, debug=True)
|
||||||
|
@ -20,19 +20,23 @@ def send_request(prompt, endpoint):
|
|||||||
url = f"{base_url}{endpoint}"
|
url = f"{base_url}{endpoint}"
|
||||||
headers = {
|
headers = {
|
||||||
"Content-Type": "application/json",
|
"Content-Type": "application/json",
|
||||||
"Authorization": "eJ4f1e0b-25wO-47f9-97ec-6b5335b2",
|
"Authorization": f"Bearer {session['token']}",
|
||||||
}
|
}
|
||||||
data = json.dumps({"input": prompt})
|
data = json.dumps({"input": prompt})
|
||||||
response = requests.post(url, headers=headers, data=data, verify=False)
|
response = requests.post(url, headers=headers, data=data, verify=False)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
return response.json()["response"]
|
response = requests.post(url, headers=headers, data=data)
|
||||||
except KeyError:
|
response.raise_for_status() # raises HTTPError if the response status isn't 200
|
||||||
return f"Error: You're not authorized for this application."
|
except requests.ConnectionError:
|
||||||
|
return "Error: Unable to connect to the server."
|
||||||
|
except requests.HTTPError as e:
|
||||||
|
return f"Error: An HTTP error occurred: {str(e)}"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
app.secret_key = "your_secret_key"
|
app.secret_key = os.getenv("FLASK_SECRET_KEY")
|
||||||
|
|
||||||
|
|
||||||
@app.route("/favicon.ico")
|
@app.route("/favicon.ico")
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
<h1 class="text-4xl font-bold"><code>fabric</code></h1>
|
<h1 class="text-4xl font-bold"><code>fabric</code></h1>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<p>Enter your content and the API you want to send it to.</p>
|
<p>Please enter your content and select the API you want to use:</p>
|
||||||
<br />
|
<br />
|
||||||
<form method="POST" class="space-y-4">
|
<form method="POST" class="space-y-4">
|
||||||
<div>
|
<div>
|
||||||
@ -31,13 +31,13 @@
|
|||||||
<!-- Add more API endpoints here... -->
|
<!-- Add more API endpoints here... -->
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
<button type="submit" class="px-4 py-2 bg-blue-600 hover:bg-blue-700 rounded-md text-white font-medium">Submit</button>
|
<button type="submit" class="px-4 py-2 bg-blue-600 hover:bg-blue-700 rounded-md text-white font-medium">Send Request</button>
|
||||||
</form>
|
</form>
|
||||||
{% if response %}
|
{% if response %}
|
||||||
<div class="mt-8">
|
<div class="mt-8">
|
||||||
<div class="flex justify-between items-center mb-4">
|
<div class="flex justify-between items-center mb-4">
|
||||||
<h2 class="text-2xl font-bold">Response:</h2>
|
<h2 class="text-2xl font-bold">API Response:</h2>
|
||||||
<button id="copy-button" class="bg-green-600 hover:bg-green-700 text-white px-4 py-2 rounded-md">Copy</button>
|
<button id="copy-button" class="bg-green-600 hover:bg-green-700 text-white px-4 py-2 rounded-md">Copy to Clipboard</button>
|
||||||
</div>
|
</div>
|
||||||
<pre id="response-output" class="bg-gray-800 p-4 rounded-md whitespace-pre-wrap">{{ response }}</pre>
|
<pre id="response-output" class="bg-gray-800 p-4 rounded-md whitespace-pre-wrap">{{ response }}</pre>
|
||||||
</div>
|
</div>
|
||||||
|
@ -1 +0,0 @@
|
|||||||
sk-somethingsomethingnumbersandstuff
|
|
@ -1,3 +1,5 @@
|
|||||||
openai
|
openai
|
||||||
requests
|
requests
|
||||||
flask
|
flask
|
||||||
|
python-dotenv
|
||||||
|
jwt
|
11
server/users.json
Normal file
11
server/users.json
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
{
|
||||||
|
"user1": {
|
||||||
|
"username": "user1",
|
||||||
|
"password": "password1"
|
||||||
|
},
|
||||||
|
"user2": {
|
||||||
|
"username": "user2",
|
||||||
|
"password": "password2"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user