jamesf/Perplexica
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Finalizes option to secure backend http endpoints with a token

Browse source 
- Also fixes to build commands in makefile
This commit is contained in:
Hristo 2024-05-10 18:11:23 -04:00
parent e6c2042df6
commit 4e20c4ac56
7 changed files with 24 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Makefile
View file

@ -5,7 +5,8 @@ run:
.PHONY: rebuild-run
rebuild-run:
docker compose -f docker-compose.yaml up --build
docker compose -f docker-compose.yaml build --no-cache \
&& docker compose -f docker-compose.yaml up
.PHONY: run-app-only
@ -15,4 +16,5 @@ run-app-only:
.PHONY: rebuild-run-app-only
rebuild-run-app-only:
docker compose -f app-docker-compose.yaml up --build
docker compose -f app-docker-compose.yaml build --no-cache \
&& docker compose -f app-docker-compose.yaml up

2
app-docker-compose.yaml
View file

@ -4,7 +4,7 @@ services:
context: .
dockerfile: app.dockerfile
args:
- SUPER_SECRET_KEY=${SUPER_SECRET_KEY}
- NEXT_PUBLIC_SUPER_SECRET_KEY=${SUPER_SECRET_KEY}
- NEXT_PUBLIC_API_URL=http://${REMOTE_BACKEND_ADDRESS}/api
- NEXT_PUBLIC_WS_URL=ws://${REMOTE_BACKEND_ADDRESS}
expose:

4
app.dockerfile
View file

@ -2,11 +2,11 @@ FROM node:alpine
ARG NEXT_PUBLIC_WS_URL
ARG NEXT_PUBLIC_API_URL
ARG SUPER_SECRET_KEY
ARG NEXT_PUBLIC_SUPER_SECRET_KEY
ENV NEXT_PUBLIC_WS_URL=${NEXT_PUBLIC_WS_URL}
ENV NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL}
ENV SUPER_SECRET_KEY=${SUPER_SECRET_KEY}
ENV NEXT_PUBLIC_SUPER_SECRET_KEY=${NEXT_PUBLIC_SUPER_SECRET_KEY}
WORKDIR /home/perplexica

7
docker-compose.yaml
View file

@ -18,6 +18,7 @@ services:
- SEARXNG_API_URL=null
environment:
SEARXNG_API_URL: "http://searxng:8080"
SUPER_SECRET_KEY: ${SUPER_SECRET_KEY}
OPENAI: ${OPENAI}
GROQ: ${GROQ}
OLLAMA_API_URL: ${OLLAMA_API_URL}
@ -35,9 +36,9 @@ services:
context: .
dockerfile: app.dockerfile
args:
- SUPER_SECRET_KEY=${SUPER_SECRET_KEY}
- NEXT_PUBLIC_API_URL=http://${REMOTE_BACKEND_ADDRESS}/api
- NEXT_PUBLIC_WS_URL=ws://${REMOTE_BACKEND_ADDRESS}
- NEXT_PUBLIC_SUPER_SECRET_KEY=${SUPER_SECRET_KEY}
- NEXT_PUBLIC_API_URL=http://127.0.0.1:3001/api
- NEXT_PUBLIC_WS_URL=ws://127.0.0.1:3001
depends_on:
- perplexica-backend
expose:

10
src/app.ts
View file

@ -14,9 +14,15 @@ const server = http.createServer(app);
const corsOptions = {
origin: '*',
allowedHeaders: ['Authorization', 'Content-Type'],
};
app.use(cors(corsOptions));
if (getAccessKey()) {
app.all('*', requireAccessKey);
};
app.use(express.json());
app.use('/api', routes);
@ -24,10 +30,6 @@ app.get('/api', (_, res) => {
res.status(200).json({ status: 'ok' });
});
if (getAccessKey()) {
app.all('*', requireAccessKey);
};
server.listen(port, () => {
logger.info(`Server is running on port ${port}`);
});

5
src/auth.ts
View file

@ -1,8 +1,8 @@
import {
getAccessKey,
} from '../config';
} from './config';
const requireAccessKey = (req, res, next) => {
export const requireAccessKey = (req, res, next) => {
const authHeader = req.headers.authorization;
if (authHeader) {
@ -11,6 +11,7 @@ const requireAccessKey = (req, res, next) => {
if (token !== getAccessKey()) {
return res.sendStatus(403);
}
next();
} else {
res.sendStatus(401);

7
ui/lib/config.ts
View file

@ -1,20 +1,21 @@
interface Config {
GENERAL: {
SUPER_SECRET_KEY: string;
NEXT_PUBLIC_SUPER_SECRET_KEY: string;
NEXT_PUBLIC_API_URL: string;
NEXT_PUBLIC_WS_URL: string;
};
}
const loadEnv = () => {
return {
GENERAL: {
SUPER_SECRET_KEY: process.env.SUPER_SECRET_KEY!,
NEXT_PUBLIC_SUPER_SECRET_KEY: process.env.NEXT_PUBLIC_SUPER_SECRET_KEY!,
NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL!,
NEXT_PUBLIC_WS_URL: process.env.NEXT_PUBLIC_WS_URL!
},
} as Config;
};
export const getAccessKey = () => loadEnv().GENERAL.SUPER_SECRET_KEY;
export const getAccessKey = () => loadEnv().GENERAL.NEXT_PUBLIC_SUPER_SECRET_KEY;
export const getBackendURL = () => loadEnv().GENERAL.NEXT_PUBLIC_API_URL;