Makes the web app honour the `X-Forwarded-Prefix` HTTP request header that may be sent by a reverse-proxy in order to inform the app that its public routes contain a path prefix.
For instance this allows to serve the webapp via a reverse-proxy/ingress controller under a path prefix/sub path such as e.g. `/localai/` while still being able to use the regular LocalAI routes/paths without prefix when directly connecting to the LocalAI server.
Changes:
* Add new `StripPathPrefix` middleware to strip the path prefix (provided with the `X-Forwarded-Prefix` HTTP request header) from the request path prior to matching the HTTP route.
* Add a `BaseURL` utility function to build the base URL, honouring the `X-Forwarded-Prefix` HTTP request header.
* Generate the derived base URL into the HTML (`head.html` template) as `<base/>` tag.
* Make all webapp-internal URLs (within HTML+JS) relative in order to make the browser resolve them against the `<base/>` URL specified within each HTML page's header.
* Make font URLs within the CSS files relative to the CSS file.
* Generate redirect location URLs using the new `BaseURL` function.
* Use the new `BaseURL` function to generate absolute URLs within gallery JSON responses.
Closes#3095
TL;DR:
The header-based approach allows to move the path prefix configuration concern completely to the reverse-proxy/ingress as opposed to having to align the path prefix configuration between LocalAI, the reverse-proxy and potentially other internal LocalAI clients.
The gofiber swagger handler already supports path prefixes this way, see e2d9e9916d/swagger.go (L79)
Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
* return 401 instead of 403, provide www-authenticate header, redirect to the login page, add cookie token support
* set cookies completely through js in auth page
* initial pass: roll out bluemonday sanitization more widely
Signed-off-by: Dave Lee <dave@gray101.com>
* add one additional sanitize - the overall modelslist used by the docs site
Signed-off-by: Dave Lee <dave@gray101.com>
---------
Signed-off-by: Dave Lee <dave@gray101.com>
* add api key to existing app tests, add preliminary auth test
Signed-off-by: Dave Lee <dave@gray101.com>
* small fix, run test
Signed-off-by: Dave Lee <dave@gray101.com>
* status on non-opaque
Signed-off-by: Dave Lee <dave@gray101.com>
* tweak auth error
Signed-off-by: Dave Lee <dave@gray101.com>
* exp
Signed-off-by: Dave Lee <dave@gray101.com>
* quick fix on real laptop
Signed-off-by: Dave Lee <dave@gray101.com>
* add downloader version that allows providing an auth header
Signed-off-by: Dave Lee <dave@gray101.com>
* stash some devcontainer fixes during testing
Signed-off-by: Dave Lee <dave@gray101.com>
* s2
Signed-off-by: Dave Lee <dave@gray101.com>
* s
Signed-off-by: Dave Lee <dave@gray101.com>
* done with experiment
Signed-off-by: Dave Lee <dave@gray101.com>
* done with experiment
Signed-off-by: Dave Lee <dave@gray101.com>
* after merge fix
Signed-off-by: Dave Lee <dave@gray101.com>
* rename and fix
Signed-off-by: Dave Lee <dave@gray101.com>
---------
Signed-off-by: Dave Lee <dave@gray101.com>
Co-authored-by: Ettore Di Giacinto <mudler@users.noreply.github.com>
