feat: enforce api key authentication and update table header
- Added proper API key validation in router.py with 401 response when key is missing - Implemented CORS headers for authentication requests - Updated table header from "Until" to "Unload" in static/index.html - Improved security by preventing API key leakage in access logs
This commit is contained in:
parent
b718d575b7
commit
bd0d210b2a
2 changed files with 13 additions and 7 deletions
18
router.py
18
router.py
|
|
@ -250,13 +250,19 @@ async def enforce_router_api_key(request: Request, call_next):
|
|||
# Strip the api_key query param from scope so access logs do not leak it
|
||||
_strip_api_key_from_scope(request)
|
||||
if provided_key is None:
|
||||
response = await call_next(request)
|
||||
# Add CORS headers for API key authentication requests
|
||||
# No key provided but authentication is required - return 401
|
||||
headers = {}
|
||||
if "/api/" in path and path != "/api/usage-stream":
|
||||
response.headers["Access-Control-Allow-Origin"] = "*"
|
||||
response.headers["Access-Control-Allow-Headers"] = "Authorization, Content-Type"
|
||||
response.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS"
|
||||
return response
|
||||
headers = {
|
||||
"Access-Control-Allow-Origin": "*",
|
||||
"Access-Control-Allow-Headers": "Authorization, Content-Type",
|
||||
"Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
|
||||
}
|
||||
return JSONResponse(
|
||||
content={"detail": "Missing NOMYO Router API key"},
|
||||
status_code=401,
|
||||
headers=headers,
|
||||
)
|
||||
|
||||
if not secrets.compare_digest(str(provided_key), str(expected_key)):
|
||||
return JSONResponse(
|
||||
|
|
|
|||
|
|
@ -379,7 +379,7 @@
|
|||
<th>Quant</th>
|
||||
<th>Ctx</th>
|
||||
<th>Size</th>
|
||||
<th>Until</th>
|
||||
<th>Unload</th>
|
||||
<th>Digest</th>
|
||||
<th>Tokens</th>
|
||||
</tr>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue