jamesf/Perplexica
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Finalizes option to secure backend http endpoints with a token

Browse source 
- Also fixes to build commands in makefile
This commit is contained in:
Hristo 2024-05-10 18:11:23 -04:00
parent e6c2042df6
commit 4e20c4ac56
7 changed files with 24 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Makefile
View file

@ -5,7 +5,8 @@ run:
.PHONY: rebuild-run .PHONY: rebuild-run
rebuild-run: rebuild-run:
docker compose -f docker-compose.yaml up --build docker compose -f docker-compose.yaml build --no-cache \
&& docker compose -f docker-compose.yaml up
.PHONY: run-app-only .PHONY: run-app-only
@ -15,4 +16,5 @@ run-app-only:
.PHONY: rebuild-run-app-only .PHONY: rebuild-run-app-only
rebuild-run-app-only: rebuild-run-app-only:
docker compose -f app-docker-compose.yaml up --build docker compose -f app-docker-compose.yaml build --no-cache \
&& docker compose -f app-docker-compose.yaml up

2
app-docker-compose.yaml
View file

@ -4,7 +4,7 @@ services:
context: . context: .
dockerfile: app.dockerfile dockerfile: app.dockerfile
args: args:
- SUPER_SECRET_KEY=${SUPER_SECRET_KEY} - NEXT_PUBLIC_SUPER_SECRET_KEY=${SUPER_SECRET_KEY}
- NEXT_PUBLIC_API_URL=http://${REMOTE_BACKEND_ADDRESS}/api - NEXT_PUBLIC_API_URL=http://${REMOTE_BACKEND_ADDRESS}/api
- NEXT_PUBLIC_WS_URL=ws://${REMOTE_BACKEND_ADDRESS} - NEXT_PUBLIC_WS_URL=ws://${REMOTE_BACKEND_ADDRESS}
expose: expose:

4
app.dockerfile
View file

@ -2,11 +2,11 @@ FROM node:alpine
ARG NEXT_PUBLIC_WS_URL ARG NEXT_PUBLIC_WS_URL
ARG NEXT_PUBLIC_API_URL ARG NEXT_PUBLIC_API_URL
ARG SUPER_SECRET_KEY ARG NEXT_PUBLIC_SUPER_SECRET_KEY
ENV NEXT_PUBLIC_WS_URL=${NEXT_PUBLIC_WS_URL} ENV NEXT_PUBLIC_WS_URL=${NEXT_PUBLIC_WS_URL}
ENV NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL} ENV NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL}
ENV SUPER_SECRET_KEY=${SUPER_SECRET_KEY} ENV NEXT_PUBLIC_SUPER_SECRET_KEY=${NEXT_PUBLIC_SUPER_SECRET_KEY}
WORKDIR /home/perplexica WORKDIR /home/perplexica

7
docker-compose.yaml
View file

@ -18,6 +18,7 @@ services:
- SEARXNG_API_URL=null - SEARXNG_API_URL=null
environment: environment:
SEARXNG_API_URL: "http://searxng:8080" SEARXNG_API_URL: "http://searxng:8080"
SUPER_SECRET_KEY: ${SUPER_SECRET_KEY}
OPENAI: ${OPENAI} OPENAI: ${OPENAI}
GROQ: ${GROQ} GROQ: ${GROQ}
OLLAMA_API_URL: ${OLLAMA_API_URL} OLLAMA_API_URL: ${OLLAMA_API_URL}
@ -35,9 +36,9 @@ services:
context: . context: .
dockerfile: app.dockerfile dockerfile: app.dockerfile
args: args:
- SUPER_SECRET_KEY=${SUPER_SECRET_KEY} - NEXT_PUBLIC_SUPER_SECRET_KEY=${SUPER_SECRET_KEY}
- NEXT_PUBLIC_API_URL=http://${REMOTE_BACKEND_ADDRESS}/api - NEXT_PUBLIC_API_URL=http://127.0.0.1:3001/api
- NEXT_PUBLIC_WS_URL=ws://${REMOTE_BACKEND_ADDRESS} - NEXT_PUBLIC_WS_URL=ws://127.0.0.1:3001
depends_on: depends_on:
- perplexica-backend - perplexica-backend
expose: expose:

10
src/app.ts
View file

@ -14,9 +14,15 @@ const server = http.createServer(app);
const corsOptions = { const corsOptions = {
origin: '*', origin: '*',
allowedHeaders: ['Authorization', 'Content-Type'],
}; };
app.use(cors(corsOptions)); app.use(cors(corsOptions));
if (getAccessKey()) {
app.all('*', requireAccessKey);
};
app.use(express.json()); app.use(express.json());
app.use('/api', routes); app.use('/api', routes);
@ -24,10 +30,6 @@ app.get('/api', (_, res) => {
res.status(200).json({ status: 'ok' }); res.status(200).json({ status: 'ok' });
}); });
if (getAccessKey()) {
app.all('*', requireAccessKey);
};
server.listen(port, () => { server.listen(port, () => {
logger.info(`Server is running on port ${port}`); logger.info(`Server is running on port ${port}`);
}); });

5
src/auth.ts
View file

@ -1,8 +1,8 @@
import { import {
getAccessKey, getAccessKey,
} from '../config'; } from './config';
const requireAccessKey = (req, res, next) => { export const requireAccessKey = (req, res, next) => {
const authHeader = req.headers.authorization; const authHeader = req.headers.authorization;
if (authHeader) { if (authHeader) {
@ -11,6 +11,7 @@ const requireAccessKey = (req, res, next) => {
if (token !== getAccessKey()) { if (token !== getAccessKey()) {
return res.sendStatus(403); return res.sendStatus(403);
} }
next(); next();
} else { } else {
res.sendStatus(401); res.sendStatus(401);

7
ui/lib/config.ts
View file

@ -1,20 +1,21 @@
interface Config { interface Config {
GENERAL: { GENERAL: {
SUPER_SECRET_KEY: string; NEXT_PUBLIC_SUPER_SECRET_KEY: string;
NEXT_PUBLIC_API_URL: string; NEXT_PUBLIC_API_URL: string;
NEXT_PUBLIC_WS_URL: string;
}; };
} }
const loadEnv = () => { const loadEnv = () => {
return { return {
GENERAL: { GENERAL: {
SUPER_SECRET_KEY: process.env.SUPER_SECRET_KEY!, NEXT_PUBLIC_SUPER_SECRET_KEY: process.env.NEXT_PUBLIC_SUPER_SECRET_KEY!,
NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL!, NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL!,
NEXT_PUBLIC_WS_URL: process.env.NEXT_PUBLIC_WS_URL! NEXT_PUBLIC_WS_URL: process.env.NEXT_PUBLIC_WS_URL!
}, },
} as Config; } as Config;
}; };
export const getAccessKey = () => loadEnv().GENERAL.SUPER_SECRET_KEY; export const getAccessKey = () => loadEnv().GENERAL.NEXT_PUBLIC_SUPER_SECRET_KEY;
export const getBackendURL = () => loadEnv().GENERAL.NEXT_PUBLIC_API_URL; export const getBackendURL = () => loadEnv().GENERAL.NEXT_PUBLIC_API_URL;