use jwt auth

This commit is contained in:
technicca 2024-02-05 05:37:00 +03:00
parent 8a391102c8
commit 0dd7d1dc9d
8 changed files with 92 additions and 21 deletions

2
server/.env.example Normal file
View File

@ -0,0 +1,2 @@
FLASK_SECRET_KEY=
OPENAI_API_KEY=

View File

@ -1,5 +1,6 @@
{
"/extwis": {
"eJ4f1e0b-25wO-47f9-97ec-6b5335b2": "Daniel Miessler"
"eJ4f1e0b-25wO-47f9-97ec-6b5335b2": "Daniel Miessler",
"test": "user2"
}
}

View File

@ -1,14 +1,24 @@
# Imports
import openai
import jwt
import json
import openai
from flask import Flask, request, jsonify
from functools import wraps
import re
import requests
import os
from dotenv import load_dotenv
## Define Flask app
app = Flask(__name__)
@app.errorhandler(404)
def not_found(e):
return jsonify({"error": "The requested resource was not found."}), 404
@app.errorhandler(500)
def server_error(e):
return jsonify({"error": "An internal server error occurred."}), 500
##################################################
##################################################
#
@ -25,10 +35,8 @@ app = Flask(__name__)
## Set authentication on your APIs
## Let's at least have some kind of auth
# Load your OpenAI API key from a file
with open("openai.key", "r") as key_file:
openai.api_key = key_file.read().strip()
load_dotenv()
openai.api_key = os.getenv("OPENAI_API_KEY")
## Define our own client
client = openai.OpenAI(api_key = openai.api_key)
@ -39,6 +47,11 @@ with open("fabric_api_keys.json", "r") as tokens_file:
valid_tokens = json.load(tokens_file)
# Read users from the users.json file
with open("users.json", "r") as users_file:
users = json.load(users_file)
# The function to check if the token is valid
def auth_required(f):
@wraps(f)
@ -67,7 +80,7 @@ def auth_required(f):
def check_auth_token(token, route):
# Check if token is valid for the given route and return corresponding user
if route in valid_tokens and token in valid_tokens[route]:
return valid_tokens[route][token]
return users[valid_tokens[route][token]]
else:
return "Unauthorized: You are not authorized for this API"
@ -132,8 +145,47 @@ def extwis():
assistant_message = response.choices[0].message.content
return jsonify({"response": assistant_message})
except Exception as e:
return jsonify({"error": str(e)}), 500
app.logger.error(f"Error occurred: {str(e)}")
return jsonify({"error": "An error occurred while processing the request."}), 500
@app.route("/register", methods=["POST"])
def register():
data = request.get_json()
username = data["username"]
password = data["password"]
if username in users:
return jsonify({"error": "Username already exists"}), 400
new_user = {
"username": username,
"password": password
}
users[username] = new_user
token = jwt.encode({"username": username}, os.getenv("JWT_SECRET"), algorithm="HS256")
return jsonify({"token": token.decode("utf-8")})
@app.route("/login", methods=["POST"])
def login():
data = request.get_json()
username = data["username"]
password = data["password"]
if username in users and users[username]["password"] == password:
# Generate a JWT token
token = jwt.encode({"username": username}, os.getenv("JWT_SECRET"), algorithm="HS256")
return jsonify({"token": token.decode("utf-8")})
return jsonify({"error": "Invalid username or password"}), 401
# Run the application
if __name__ == "__main__":
app.run(host="127.0.0.1", port=13337, debug=True)

View File

@ -20,19 +20,23 @@ def send_request(prompt, endpoint):
url = f"{base_url}{endpoint}"
headers = {
"Content-Type": "application/json",
"Authorization": "eJ4f1e0b-25wO-47f9-97ec-6b5335b2",
"Authorization": f"Bearer {session['token']}",
}
data = json.dumps({"input": prompt})
response = requests.post(url, headers=headers, data=data, verify=False)
try:
return response.json()["response"]
except KeyError:
return f"Error: You're not authorized for this application."
response = requests.post(url, headers=headers, data=data)
response.raise_for_status() # raises HTTPError if the response status isn't 200
except requests.ConnectionError:
return "Error: Unable to connect to the server."
except requests.HTTPError as e:
return f"Error: An HTTP error occurred: {str(e)}"
app = Flask(__name__)
app.secret_key = "your_secret_key"
app.secret_key = os.getenv("FLASK_SECRET_KEY")
@app.route("/favicon.ico")

View File

@ -17,7 +17,7 @@
<h1 class="text-4xl font-bold"><code>fabric</code></h1>
</div>
<p>Enter your content and the API you want to send it to.</p>
<p>Please enter your content and select the API you want to use:</p>
<br />
<form method="POST" class="space-y-4">
<div>
@ -31,13 +31,13 @@
<!-- Add more API endpoints here... -->
</select>
</div>
<button type="submit" class="px-4 py-2 bg-blue-600 hover:bg-blue-700 rounded-md text-white font-medium">Submit</button>
<button type="submit" class="px-4 py-2 bg-blue-600 hover:bg-blue-700 rounded-md text-white font-medium">Send Request</button>
</form>
{% if response %}
<div class="mt-8">
<div class="flex justify-between items-center mb-4">
<h2 class="text-2xl font-bold">Response:</h2>
<button id="copy-button" class="bg-green-600 hover:bg-green-700 text-white px-4 py-2 rounded-md">Copy</button>
<h2 class="text-2xl font-bold">API Response:</h2>
<button id="copy-button" class="bg-green-600 hover:bg-green-700 text-white px-4 py-2 rounded-md">Copy to Clipboard</button>
</div>
<pre id="response-output" class="bg-gray-800 p-4 rounded-md whitespace-pre-wrap">{{ response }}</pre>
</div>

View File

@ -1 +0,0 @@
sk-somethingsomethingnumbersandstuff

View File

@ -1,3 +1,5 @@
openai
requests
flask
python-dotenv
jwt

11
server/users.json Normal file
View File

@ -0,0 +1,11 @@
{
"user1": {
"username": "user1",
"password": "password1"
},
"user2": {
"username": "user2",
"password": "password2"
}
}