Commit Graph

400 Commits

Author SHA1 Message Date
Timothy Jaeryang Baek
c951b4f262 chore: format 2026-05-11 02:29:13 +09:00
Timothy Jaeryang Baek
1388f4568b refac 2026-05-11 01:46:33 +09:00
Classic298
fc94118b2d fix: prevent mass-assignment user_id spoofing in POST /api/v1/evaluations/feedback (#24508)
* fix: prevent mass-assignment user_id spoofing in POST /api/v1/evaluations/feedback

Two independent gaps in backend/open_webui/models/feedbacks.py let an
authenticated caller forge the `user_id` (and `id`, `version`) on a new
feedback record submitted to POST /api/v1/evaluations/feedback:

1. `FeedbackForm` declared `model_config = ConfigDict(extra='allow')`,
   so Pydantic preserved any extra fields supplied in the request body —
   including `user_id`, `id`, `version`. The form is the public input
   boundary for the endpoint and should not accept unknown fields.

2. In `insert_new_feedback`, the dict literal placed
   `**form_data.model_dump()` AFTER `'id': id`, `'user_id': user_id`,
   `'version': 0`. Python dict-literal duplicate-key resolution is
   last-wins, so any of those fields present in `form_data` overwrote
   the server-derived values.

Combined effect: a regular user could POST a feedback record with an
arbitrary `user_id`, attributing the rating to any other user. The Elo
leaderboard at backend/open_webui/routers/evaluations.py computes model
rankings from these records, and the admin export
(GET /api/v1/evaluations/feedbacks/export) and admin list
(GET /api/v1/evaluations/feedbacks/all) display the spoofed attribution.

Two fixes, defense-in-depth:

- FeedbackForm: switch `extra='allow'` to `extra='ignore'` so Pydantic
  drops unknown fields at parse time. Sub-models (RatingData / MetaData /
  SnapshotData) intentionally keep `extra='allow'` because their contents
  are deliberately schema-flexible — the spoofing surface was the form,
  not the sub-payloads.

- insert_new_feedback: spread `form_data.model_dump()` first, then
  overlay server-controlled fields (`id`, `user_id`, `version`,
  `created_at`, `updated_at`) so the explicit keys win on duplicate-key
  resolution regardless of what reaches the function. Matches the secure
  pattern already used in backend/open_webui/models/functions.py:120.

Reported by yantongggg in GHSA-rjmp-vjf2-qf4g. Same root-cause class as
the prior published GHSA-hr43-rjmr-7wmm (folder mass-assignment, fixed
in v0.9.0); that fix did not generalize across the codebase, this fix
closes the feedback variant.

Co-authored-by: yantongggg <yantongggg@users.noreply.github.com>

* chore: trim comments

---------

Co-authored-by: yantongggg <yantongggg@users.noreply.github.com>
2026-05-11 01:16:17 +09:00
Classic298
a0268e51fc Merge pull request #24486 from Classic298/fix/notes-is-pinned-typeerror
fix: notes is_pinned TypeError on create/get
2026-05-09 20:56:06 +09:00
Timothy Jaeryang Baek
7bcc0e2e5c chore: format 2026-05-09 15:25:27 +09:00
Timothy Jaeryang Baek
485d689cfd refac 2026-05-09 07:52:15 +09:00
Timothy Jaeryang Baek
11e076817a refac 2026-05-09 07:34:46 +09:00
Timothy Jaeryang Baek
1d892ce2c5 refac 2026-05-09 06:33:26 +09:00
Timothy Jaeryang Baek
38a382ef88 refac 2026-05-09 06:23:51 +09:00
Classic298
1a3e5ef4c1 perf(prompts): make /tags fetch only the tags column with SQL access filter (#24287)
Non-admin GET /api/v1/prompts/tags went through get_prompts_by_user_id,
which loaded every active prompt with its full content/data/meta plus
owner records and all access grants, then ran one has_access query per
prompt that wasn't owned by the caller - all so the endpoint could
collapse the result to a sorted tag list. With 600 prompts this took
several seconds while the admin path (a single SELECT) returned in <1s.

Add Prompts.get_tags_by_user_id which selects only the tags column and
applies the same EXISTS-based access filter used by /list. Also tighten
the admin get_tags to project just the tags column instead of full rows.
The endpoint is now one DB query (plus one for groups), no row hydration,
no N+1.

Co-authored-by: Claude <noreply@anthropic.com>
2026-05-09 05:20:13 +09:00
Classic298
41107a34ca perf(prompts): filter prompt list in SQL instead of N+1 has_access loop (#24288)
get_prompts_by_user_id used to fetch every active prompt (with users +
all access grants), then call AccessGrants.has_access() once per prompt
that the user did not own. With 600+ prompts this issued ~600 extra
round-trips per request and explained the multi-second delay reported in
the GET /api/v1/prompts and /api/v1/prompts/tags endpoints for non-admin
users.

Push the access check into a single SQL query via the existing
AccessGrants.has_permission_filter (EXISTS subquery), so only accessible
rows come back from the DB. Users and access grants for the surviving
rows are still batch-fetched, no N+1 anywhere on this path.

Co-authored-by: Claude <noreply@anthropic.com>
2026-05-09 05:12:51 +09:00
Timothy Jaeryang Baek
33e588cf09 refac 2026-05-09 04:39:44 +09:00
Timothy Jaeryang Baek
4d766a3edf refac 2026-05-09 03:19:48 +09:00
Classic298
d06e6d6ddc Apply validate_profile_image_url to ChannelWebhookForm.profile_image_url (#24370) 2026-05-09 03:19:25 +09:00
Timothy Jaeryang Baek
a32d26e61d refac 2026-05-05 04:21:23 +09:00
Timothy Jaeryang Baek
8ff7ff459b chore: format 2026-04-24 18:48:21 +09:00
Constantine
3560d2f630 perf(chats): drop redundant db.refresh after commit in update_chat_by_id (#24024)
The chat table has no computed columns (no DEFAULT, SERIAL/IDENTITY,
or TRIGGER that populate server-side values on UPDATE), and every
column modified by update_chat_by_id is set explicitly from Python
values earlier in the function. db.refresh therefore issues a SELECT
that replaces those just-written Python values with the round-tripped
database representation of the same values, which is a no-op for
functional purposes but pulls the entire chat.chat JSON blob back over
the network and through the driver's JSON decoder.

On large, active chats where chat.chat can reach tens of megabytes,
skipping the refresh measurably reduces latency and eliminates one
~JSON-sized transient allocation per write.
2026-04-24 18:34:57 +09:00
Timothy Jaeryang Baek
3d1e355df7 refac 2026-04-24 18:20:10 +09:00
Timothy Jaeryang Baek
a7a92d2d9b refac 2026-04-24 17:49:22 +09:00
Timothy Jaeryang Baek
678c44c7cd refac 2026-04-24 16:17:46 +09:00
Timothy Jaeryang Baek
6cc799b1bb chore: format 2026-04-21 15:52:00 +09:00
Tim Baek
51627555bf refac 2026-04-20 03:35:17 -04:00
Timothy Jaeryang Baek
e29d145a1c refac 2026-04-20 08:48:35 +09:00
Timothy Jaeryang Baek
1d501cfa3f refac 2026-04-20 00:07:34 +09:00
Timothy Jaeryang Baek
e5b5a17426 refac 2026-04-19 23:38:58 +09:00
Timothy Jaeryang Baek
37eba1c5a6 chore: format 2026-04-19 22:45:54 +09:00
Timothy Jaeryang Baek
4a5401b417 refac 2026-04-19 21:48:27 +09:00
Timothy Jaeryang Baek
8d739e2aba feat: calendar 2026-04-19 19:15:05 +09:00
Timothy Jaeryang Baek
a4d62253df refac 2026-04-18 06:23:50 +09:00
Timothy Jaeryang Baek
4113b15a60 chore: format 2026-04-17 14:28:18 +09:00
Timothy Jaeryang Baek
e7e752f8e7 refac 2026-04-17 14:09:35 +09:00
Classic298
32cfb5788a perf(chats): select only meta column in get_chat_tags_by_id_and_user_id (#23798)
Avoid loading the full Chat row (including the potentially large `chat`
JSON column) just to read tag IDs from `meta.tags`. Issue a narrow
SELECT on `Chat.meta` instead, which is much cheaper for chats with
large message histories.

Co-authored-by: Claude <noreply@anthropic.com>
2026-04-17 12:35:58 +09:00
Classic298
2dca850cee perf: use set for O(1) lookup in insert_chat_files dedupe (#23800)
Convert chat_message_file_ids from list to set so the membership test
in the comprehension is O(1) instead of O(m), turning the dedupe from
O(n*m) into O(n+m). Also replace the redundant set([...]) with a set
comprehension.

https://claude.ai/code/session_01Le3NnqNhcgaJvFrDZGqmwe

Co-authored-by: Claude <noreply@anthropic.com>
2026-04-17 12:28:34 +09:00
Timothy Jaeryang Baek
2e52ad8ff2 refac: shared chat 2026-04-17 10:16:32 +09:00
Timothy Jaeryang Baek
ecd74f220c refac 2026-04-14 17:22:54 -05:00
Timothy Jaeryang Baek
cf4218e688 refac 2026-04-13 21:29:03 -05:00
Classic298
8979987eed fix: drop extra='allow' on FolderForm and FolderUpdateForm (#23648)
* fix: drop extra='allow' on FolderForm and FolderUpdateForm

These request models were configured to accept arbitrary extra fields,
which were then merged into the folder row via form_data.model_dump().
In insert_new_folder the server-assigned user_id is placed before the
form spread, so a client-supplied user_id in the request body would
override it and the folder would be persisted against another account.

Strictly typed inputs are the correct shape for these endpoints — the
client has no legitimate reason to send fields beyond the declared
ones, and dropping extra='allow' closes the mass-assignment sink at
the validation layer instead of relying on every callsite to merge
fields in the right order.

* fix: reject unknown fields on FolderForm and FolderUpdateForm

Address review feedback: dropping extra='allow' fell back to Pydantic
v2's default extra='ignore', which only silently drops unknown fields
instead of rejecting them. The intent for these request models is a
strict input contract — fail fast when a client sends anything the
server does not expect — so explicitly set extra='forbid'. This also
makes the hardening visible in the form definition rather than implicit
in the default.
2026-04-13 16:14:00 -05:00
Timothy Jaeryang Baek
31406caa79 refac 2026-04-13 15:13:14 -05:00
Timothy Jaeryang Baek
57784706e4 refac 2026-04-12 19:34:45 -05:00
Timothy Jaeryang Baek
3c2c611ba9 refac 2026-04-12 18:49:34 -05:00
Timothy Jaeryang Baek
a359262616 refac 2026-04-12 18:48:06 -05:00
Timothy Jaeryang Baek
25898116ea chore: format 2026-04-12 18:12:59 -05:00
Timothy Jaeryang Baek
27169124f2 refac: async db 2026-04-12 14:22:11 -05:00
Classic298
71a39dbac1 fix: filter on is_active in channel membership checks (#23623)
is_user_channel_member and is_user_channel_manager did not filter on is_active, allowing deactivated members to retain read/write access to group channels via direct API calls.
2026-04-12 11:13:51 -05:00
Timothy Jaeryang Baek
406251c2f3 enh: automation 2026-04-11 17:06:58 -06:00
Timothy Jaeryang Baek
09f6d7ba57 refac 2026-04-11 16:55:20 -06:00
Timothy Jaeryang Baek
53eadb7df7 refac 2026-04-02 22:34:51 -05:00
Timothy Jaeryang Baek
4dea4fdf54 refac 2026-04-02 08:34:49 -05:00
Timothy Jaeryang Baek
a71d927a0c chore: format 2026-04-02 08:11:06 -05:00
Timothy Jaeryang Baek
640dbb6a28 refac 2026-04-02 08:09:57 -05:00