LocalAI
LocalAI copied to clipboard
mudler
refactor: auth and metrics middlewares
This refactor PR contains the following changes:
core/http/middlewarehas been created to hold non-endpoint specific HTTP code, rather than leaving it loose withinapp.go, as much as possible.core/http/middleware/metrics.gois a file move - there should be no changes other than renames, but it belongs here now.core/http/middleware/auth.gohandles the creation of keyauth configuration data and contains the validation function specific to LocalAI.- actual implementation of auth has been temporarily moved to my keyauth v2 backport - I submitted and merged the required feature changes to fiber upstream, but v3 is not quite yet stable enough for us to target... hence this backport I made for us and future projects.
pkg/model/initializer.go- logging change that is helpful while debugging
Notably this does not include the common request infrastructure yet - that depends on #2773 but nothing in this PR does
Deploy Preview for localai ready!
| Name | Link |
|---|---|
| Latest commit | 78e5bd36f10a75d8c98457a6a7d27c0e55fec760 |
| Latest deploy log | https://app.netlify.com/sites/localai/deploys/66bcc4ef13a24100095c3f35 |
| Deploy Preview | https://deploy-preview-2894--localai.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
This PR diff contains changes to the comment-pr.yaml workflow file, which appears to handle commenting on pull requests. The changes seem to be updating the pull_request_target event to be triggered instead of the original pull_request event.
The changes to the llama/llama.go file seem to be importing the correct protobuf file for the proto package and updating the import paths for the go-llama.cpp package.
Finally, the go.mod file has been updated to include new versions of dependencies and remove old ones. Specifically, the github.com/go-skynet/LocalAI dependency has been downgraded from version 1.40.0 to an unspecified version, and the github.com/go-skynet/go-llama.cpp dependency has been updated to a different version.
Overall, these changes seem to be updating dependencies and import paths to ensure compatibility and stability in the project. However, further context or explanation from the PR author may be necessary to fully understand the impact of these changes.
@mudler - cleaned up some things based on your comments. By default, the UI is once again fully protected. Endpoint skipping is now regex based, and fully configurable. The relevant new configuration settings are:
DisableApiKeyRequirementForHttpGet - defaults to false, meaning API Keys are required to access the UI. If the user explicitly provides --disable-api-key-requirement-for-http-get=true, the following parameter is activated - allowing the user to view sensitive information and set the API key via the web interface itself for further requests. This should only be enabled in secure development environments, never production.
HttpGetExemptedEndpoints - this can be overridden by end users in the situation that their security posture demands a different usecase or if a temporary issue or bug demands an immediate fix. However, in most cases, this variable should be left at the default value, which exempts the main pages of the UI as needed:
- ^/$
- ^/browse/?$
- ^/talk/?$
- ^/p2p/?$
- ^/chat/?$
- ^/text2image/?$
- ^/tts/?$
- ^/static/.*$
- ^/swagger.*$
This is split into two parameters to easily default to "off" with a sane default for "on" as well.