Sultan
/
Flowise
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bugfix/whitelist urls for non password protected instance (#3085) 

whitelist urls for non password protected instance
This commit is contained in:
Henry Heng 2024-08-26 11:29:46 +01:00 committed by GitHub
parent 759e07dfaa
commit 75f779f861
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 22 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
packages/server/src/index.ts
View File

@ -117,12 +117,6 @@ export class App {
next()
})
if (process.env.FLOWISE_USERNAME && process.env.FLOWISE_PASSWORD) {
const username = process.env.FLOWISE_USERNAME
const password = process.env.FLOWISE_PASSWORD
const basicAuthMiddleware = basicAuth({
users: { [username]: password }
})
const whitelistURLs = [
'/api/v1/verify/apikey/',
'/api/v1/chatflows/apikey/',
@ -141,6 +135,13 @@ export class App {
'/api/v1/ip',
'/api/v1/ping'
]
if (process.env.FLOWISE_USERNAME && process.env.FLOWISE_PASSWORD) {
const username = process.env.FLOWISE_USERNAME
const password = process.env.FLOWISE_PASSWORD
const basicAuthMiddleware = basicAuth({
users: { [username]: password }
})
this.app.use(async (req, res, next) => {
if (/\/api\/v1\//i.test(req.url)) {
if (whitelistURLs.some((url) => new RegExp(url, 'i').test(req.url))) {
@ -161,7 +162,9 @@ export class App {
} else {
this.app.use(async (req, res, next) => {
if (/\/api\/v1\//i.test(req.url)) {
if (req.headers['x-request-from'] === 'internal') {
if (whitelistURLs.some((url) => new RegExp(url, 'i').test(req.url))) {
next()
} else if (req.headers['x-request-from'] === 'internal') {
next()
} else {
const isKeyValidated = await validateAPIKey(req)