首页 发现 帮助
注册 登录
OpenSource
/
open-webui
2
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 3af8d16e6a
分支列表 标签列表
open-webui
/
backend
/
utils
/
utils.py

utils.py 2.6 KB
文件历史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
    2. 

  2. from fastapi import HTTPException, status, Depends
    3. 

  3. from apps.web.models.users import Users
    4. 

  4. from pydantic import BaseModel
    5. 

  5. from typing import Union, Optional
    6. 

  6. from constants import ERROR_MESSAGES
    7. 

  7. from passlib.context import CryptContext
    8. 

  8. from datetime import datetime, timedelta
    9. 

  9. import requests
    10. 

  10. import jwt
    11. 

  11. import logging
    12. 

  12. import config
    13. 

  13. 

  14. logging.getLogger("passlib").setLevel(logging.ERROR)
    15. 

  15. 

  16. 

  17. SESSION_SECRET = config.WEBUI_SECRET_KEY
    18. 

  18. ALGORITHM = "HS256"
    19. 

  19. 

  20. ##############
    21. 

  21. # Auth Utils
    22. 

  22. ##############
    23. 

  23. 

  24. bearer_security = HTTPBearer()
    25. 

  25. pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
    26. 

  26. 

  27. 

  28. def verify_password(plain_password, hashed_password):
    29. 

  29.     return (
    30. 

  30.         pwd_context.verify(plain_password, hashed_password) if hashed_password else None
    31. 

  31.     )
    32. 

  32. 

  33. 

  34. def get_password_hash(password):
    35. 

  35.     return pwd_context.hash(password)
    36. 

  36. 

  37. 

  38. def create_token(data: dict, expires_delta: Union[timedelta, None] = None) -> str:
    39. 

  39.     payload = data.copy()
    40. 

  40. 

  41.     if expires_delta:
    42. 

  42.         expire = datetime.utcnow() + expires_delta
    43. 

  43.         payload.update({"exp": expire})
    44. 

  44. 

  45.     encoded_jwt = jwt.encode(payload, SESSION_SECRET, algorithm=ALGORITHM)
    46. 

  46.     return encoded_jwt
    47. 

  47. 

  48. 

  49. def decode_token(token: str) -> Optional[dict]:
    50. 

  50.     try:
    51. 

  51.         decoded = jwt.decode(token, SESSION_SECRET, algorithms=[ALGORITHM])
    52. 

  52.         return decoded
    53. 

  53.     except Exception as e:
    54. 

  54.         return None
    55. 

  55. 

  56. 

  57. def extract_token_from_auth_header(auth_header: str):
    58. 

  58.     return auth_header[len("Bearer ") :]
    59. 

  59. 

  60. 

  61. def get_current_user(
    62. 

  62.     auth_token: HTTPAuthorizationCredentials = Depends(bearer_security),
    63. 

  63. ):
    64. 

  64.     data = decode_token(auth_token.credentials)
    65. 

  65.     if data != None and "id" in data:
    66. 

  66.         user = Users.get_user_by_id(data["id"])
    67. 

  67.         if user is None:
    68. 

  68.             raise HTTPException(
    69. 

  69.                 status_code=status.HTTP_401_UNAUTHORIZED,
    70. 

  70.                 detail=ERROR_MESSAGES.INVALID_TOKEN,
    71. 

  71.             )
    72. 

  72.         return user
    73. 

  73.     else:
    74. 

  74.         raise HTTPException(
    75. 

  75.             status_code=status.HTTP_401_UNAUTHORIZED,
    76. 

  76.             detail=ERROR_MESSAGES.UNAUTHORIZED,
    77. 

  77.         )
    78. 

  78. 

  79. 

  80. def get_verified_user(user=Depends(get_current_user)):
    81. 

  81.     if user.role not in {"user", "admin"}:
    82. 

  82.         raise HTTPException(
    83. 

  83.             status_code=status.HTTP_401_UNAUTHORIZED,
    84. 

  84.             detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
    85. 

  85.         )
    86. 

  86.     return user
    87. 

  87. 

  88. 

  89. def get_admin_user(user=Depends(get_current_user)):
    90. 

  90.     if user.role != "admin":
    91. 

  91.         raise HTTPException(
    92. 

  92.             status_code=status.HTTP_401_UNAUTHORIZED,
    93. 

  93.             detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
    94. 

  94.         )
    95. 

  95.     return user
    96.