AI/open-webui
1
0
Fork 1
mirror of https://git.mirrors.martin98.com/https://github.com/open-webui/open-webui synced 2025-08-19 06:55:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12433 from gaby/fix-allowed-endpoints

Browse Source 
fix: API Key Endpoint Restrictions for Dynamic Paths
This commit is contained in:
Timothy Jaeryang Baek 2025-04-04 08:24:10 -07:00 committed by GitHub
commit 793aa307ef
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
backend/open_webui/utils/auth.py
View File

@ -182,7 +182,11 @@ def get_current_user(
).split(",") ).split(",")
] ]
if request.url.path not in allowed_paths: # Check if the request path matches any allowed endpoint.
if not any(
request.url.path == allowed or request.url.path.startswith(allowed + "/")
for allowed in allowed_paths
):
raise HTTPException( raise HTTPException(
status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED
) )