jalr/tabbyAPI-ollama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

OAI: Restrict list permissions for API keys

Browse source 
API keys are not allowed to view all the admin's models, templates,
draft models, loras, etc. Basically anything that can be viewed
on the filesystem outside of anything that's currently loaded is
not allowed to be returned unless an admin key is present.

This change helps preserve user privacy while not erroring out on
list endpoints that the OAI spec requires.

Signed-off-by: kingbri <bdashore3@proton.me>
This commit is contained in:
kingbri 2024-07-11 14:06:03 -04:00
parent 10890913b8
commit 1f46a1130c
5 changed files with 119 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

3
common/auth.py
View file

@ -106,8 +106,7 @@ def get_key_permission(request: Request):
async def check_api_key(
x_api_key: str = Header(None),
authorization: str = Header(None)
x_api_key: str = Header(None), authorization: str = Header(None)
):
"""Check if the API key is valid."""