Mirrors/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-16 20:07:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

refac/fix

Browse Source
This commit is contained in:
Timothy Jaeryang Baek
2025-11-16 01:13:35 -05:00
parent 80388855f4
commit 31fb34918f
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
backend/open_webui/main.py
View File

@@ -1272,9 +1272,13 @@ app.add_middleware(SecurityHeadersMiddleware)
class APIKeyRestrictionMiddleware(BaseHTTPMiddleware): class APIKeyRestrictionMiddleware(BaseHTTPMiddleware):
async def dispatch(self, request: Request, call_next): async def dispatch(self, request: Request, call_next):
auth_header = request.headers.get("Authorization") auth_header = request.headers.get("Authorization")
token = None
if auth_header:
scheme, token = auth_header.split(" ")
# Only apply restrictions if an sk- API key is used # Only apply restrictions if an sk- API key is used
if auth_header and auth_header.startswith("sk-"): if token and token.startswith("sk-"):
# Check if restrictions are enabled # Check if restrictions are enabled
if request.app.state.config.ENABLE_API_KEY_ENDPOINT_RESTRICTIONS: if request.app.state.config.ENABLE_API_KEY_ENDPOINT_RESTRICTIONS:
allowed_paths = [ allowed_paths = [
@@ -1294,9 +1298,11 @@ class APIKeyRestrictionMiddleware(BaseHTTPMiddleware):
) )
if not is_allowed: if not is_allowed:
raise HTTPException( return JSONResponse(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_403_FORBIDDEN,
detail="API key not allowed to access this endpoint.", content={
"detail": "API key not allowed to access this endpoint."
},
) )
response = await call_next(request) response = await call_next(request)