Home Explore Help
Register Sign In
lqb
/
open-webui
mirror of https://github.com/open-webui/open-webui.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #12433 from gaby/fix-allowed-endpoints

fix: API Key Endpoint Restrictions for Dynamic Paths
Timothy Jaeryang Baek 3 months ago
parent
7e46cc4562 1c57e3e02c
commit
793aa307ef
1 changed files with 5 additions and 1 deletions
Unified View Show Diff Stats
  1. 5 1
      backend/open_webui/utils/auth.py

+ 5 - 1
backend/open_webui/utils/auth.py
View File 

@@ -182,7 +182,11 @@ def get_current_user(
 
                 ).split(",")
 
                 ).split(",")
 
             ]
 
             ]
 
 
 
-            if request.url.path not in allowed_paths:
 
+            # Check if the request path matches any allowed endpoint.
 
+            if not any(
 
+                request.url.path == allowed or request.url.path.startswith(allowed + "/")
 
+                for allowed in allowed_paths
 
+            ):
 
                 raise HTTPException(
 
                 raise HTTPException(
 
                     status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED
 
                     status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED
 
                 )
 
                 )