mirror of
https://github.com/danielmiessler/fabric
synced 2024-11-10 07:10:31 +00:00
use jwt auth
This commit is contained in:
parent
8a391102c8
commit
0dd7d1dc9d
2
server/.env.example
Normal file
2
server/.env.example
Normal file
@ -0,0 +1,2 @@
|
||||
FLASK_SECRET_KEY=
|
||||
OPENAI_API_KEY=
|
@ -1,5 +1,6 @@
|
||||
{
|
||||
"/extwis": {
|
||||
"eJ4f1e0b-25wO-47f9-97ec-6b5335b2": "Daniel Miessler"
|
||||
"eJ4f1e0b-25wO-47f9-97ec-6b5335b2": "Daniel Miessler",
|
||||
"test": "user2"
|
||||
}
|
||||
}
|
||||
|
@ -1,14 +1,24 @@
|
||||
# Imports
|
||||
import openai
|
||||
import jwt
|
||||
import json
|
||||
import openai
|
||||
from flask import Flask, request, jsonify
|
||||
from functools import wraps
|
||||
import re
|
||||
import requests
|
||||
import os
|
||||
from dotenv import load_dotenv
|
||||
|
||||
## Define Flask app
|
||||
app = Flask(__name__)
|
||||
|
||||
@app.errorhandler(404)
|
||||
def not_found(e):
|
||||
return jsonify({"error": "The requested resource was not found."}), 404
|
||||
|
||||
@app.errorhandler(500)
|
||||
def server_error(e):
|
||||
return jsonify({"error": "An internal server error occurred."}), 500
|
||||
|
||||
|
||||
##################################################
|
||||
##################################################
|
||||
#
|
||||
@ -25,10 +35,8 @@ app = Flask(__name__)
|
||||
|
||||
## Set authentication on your APIs
|
||||
## Let's at least have some kind of auth
|
||||
|
||||
# Load your OpenAI API key from a file
|
||||
with open("openai.key", "r") as key_file:
|
||||
openai.api_key = key_file.read().strip()
|
||||
load_dotenv()
|
||||
openai.api_key = os.getenv("OPENAI_API_KEY")
|
||||
|
||||
## Define our own client
|
||||
client = openai.OpenAI(api_key = openai.api_key)
|
||||
@ -39,6 +47,11 @@ with open("fabric_api_keys.json", "r") as tokens_file:
|
||||
valid_tokens = json.load(tokens_file)
|
||||
|
||||
|
||||
# Read users from the users.json file
|
||||
with open("users.json", "r") as users_file:
|
||||
users = json.load(users_file)
|
||||
|
||||
|
||||
# The function to check if the token is valid
|
||||
def auth_required(f):
|
||||
@wraps(f)
|
||||
@ -67,7 +80,7 @@ def auth_required(f):
|
||||
def check_auth_token(token, route):
|
||||
# Check if token is valid for the given route and return corresponding user
|
||||
if route in valid_tokens and token in valid_tokens[route]:
|
||||
return valid_tokens[route][token]
|
||||
return users[valid_tokens[route][token]]
|
||||
else:
|
||||
return "Unauthorized: You are not authorized for this API"
|
||||
|
||||
@ -132,8 +145,47 @@ def extwis():
|
||||
assistant_message = response.choices[0].message.content
|
||||
return jsonify({"response": assistant_message})
|
||||
except Exception as e:
|
||||
return jsonify({"error": str(e)}), 500
|
||||
app.logger.error(f"Error occurred: {str(e)}")
|
||||
return jsonify({"error": "An error occurred while processing the request."}), 500
|
||||
|
||||
|
||||
@app.route("/register", methods=["POST"])
|
||||
def register():
|
||||
data = request.get_json()
|
||||
|
||||
username = data["username"]
|
||||
password = data["password"]
|
||||
|
||||
if username in users:
|
||||
return jsonify({"error": "Username already exists"}), 400
|
||||
|
||||
new_user = {
|
||||
"username": username,
|
||||
"password": password
|
||||
}
|
||||
|
||||
users[username] = new_user
|
||||
|
||||
token = jwt.encode({"username": username}, os.getenv("JWT_SECRET"), algorithm="HS256")
|
||||
|
||||
return jsonify({"token": token.decode("utf-8")})
|
||||
|
||||
|
||||
@app.route("/login", methods=["POST"])
|
||||
def login():
|
||||
data = request.get_json()
|
||||
|
||||
username = data["username"]
|
||||
password = data["password"]
|
||||
|
||||
if username in users and users[username]["password"] == password:
|
||||
# Generate a JWT token
|
||||
token = jwt.encode({"username": username}, os.getenv("JWT_SECRET"), algorithm="HS256")
|
||||
|
||||
return jsonify({"token": token.decode("utf-8")})
|
||||
|
||||
return jsonify({"error": "Invalid username or password"}), 401
|
||||
|
||||
|
||||
# Run the application
|
||||
if __name__ == "__main__":
|
||||
app.run(host="127.0.0.1", port=13337, debug=True)
|
||||
|
@ -20,19 +20,23 @@ def send_request(prompt, endpoint):
|
||||
url = f"{base_url}{endpoint}"
|
||||
headers = {
|
||||
"Content-Type": "application/json",
|
||||
"Authorization": "eJ4f1e0b-25wO-47f9-97ec-6b5335b2",
|
||||
"Authorization": f"Bearer {session['token']}",
|
||||
}
|
||||
data = json.dumps({"input": prompt})
|
||||
response = requests.post(url, headers=headers, data=data, verify=False)
|
||||
|
||||
try:
|
||||
return response.json()["response"]
|
||||
except KeyError:
|
||||
return f"Error: You're not authorized for this application."
|
||||
response = requests.post(url, headers=headers, data=data)
|
||||
response.raise_for_status() # raises HTTPError if the response status isn't 200
|
||||
except requests.ConnectionError:
|
||||
return "Error: Unable to connect to the server."
|
||||
except requests.HTTPError as e:
|
||||
return f"Error: An HTTP error occurred: {str(e)}"
|
||||
|
||||
|
||||
|
||||
app = Flask(__name__)
|
||||
app.secret_key = "your_secret_key"
|
||||
app.secret_key = os.getenv("FLASK_SECRET_KEY")
|
||||
|
||||
|
||||
@app.route("/favicon.ico")
|
||||
|
@ -17,7 +17,7 @@
|
||||
<h1 class="text-4xl font-bold"><code>fabric</code></h1>
|
||||
|
||||
</div>
|
||||
<p>Enter your content and the API you want to send it to.</p>
|
||||
<p>Please enter your content and select the API you want to use:</p>
|
||||
<br />
|
||||
<form method="POST" class="space-y-4">
|
||||
<div>
|
||||
@ -31,13 +31,13 @@
|
||||
<!-- Add more API endpoints here... -->
|
||||
</select>
|
||||
</div>
|
||||
<button type="submit" class="px-4 py-2 bg-blue-600 hover:bg-blue-700 rounded-md text-white font-medium">Submit</button>
|
||||
<button type="submit" class="px-4 py-2 bg-blue-600 hover:bg-blue-700 rounded-md text-white font-medium">Send Request</button>
|
||||
</form>
|
||||
{% if response %}
|
||||
<div class="mt-8">
|
||||
<div class="flex justify-between items-center mb-4">
|
||||
<h2 class="text-2xl font-bold">Response:</h2>
|
||||
<button id="copy-button" class="bg-green-600 hover:bg-green-700 text-white px-4 py-2 rounded-md">Copy</button>
|
||||
<h2 class="text-2xl font-bold">API Response:</h2>
|
||||
<button id="copy-button" class="bg-green-600 hover:bg-green-700 text-white px-4 py-2 rounded-md">Copy to Clipboard</button>
|
||||
</div>
|
||||
<pre id="response-output" class="bg-gray-800 p-4 rounded-md whitespace-pre-wrap">{{ response }}</pre>
|
||||
</div>
|
||||
|
@ -1 +0,0 @@
|
||||
sk-somethingsomethingnumbersandstuff
|
@ -1,3 +1,5 @@
|
||||
openai
|
||||
requests
|
||||
flask
|
||||
python-dotenv
|
||||
jwt
|
11
server/users.json
Normal file
11
server/users.json
Normal file
@ -0,0 +1,11 @@
|
||||
{
|
||||
"user1": {
|
||||
"username": "user1",
|
||||
"password": "password1"
|
||||
},
|
||||
"user2": {
|
||||
"username": "user2",
|
||||
"password": "password2"
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user