ExternalVendorCode/lollms-webui
1
0
Fork 0
mirror of https://github.com/ParisNeo/lollms-webui.git synced 2024-12-18 20:17:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed sql injection + enhanced ui

Browse Source
This commit is contained in:
Saifeddine ALOUI 2024-02-16 22:44:44 +01:00
parent b477ab3239
commit f0bc8f2bab
17 changed files with 126 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app.py
View File

@ -24,7 +24,7 @@ import webbrowser
import threading
import os
app = FastAPI()
app = FastAPI(title="LoLLMS", description="This is the LoLLMS-Webui API documentation")

6
configs/config.yaml
View File

@ -1,11 +1,15 @@
# =================== Lord Of Large Language Multimodal Systems Configuration file ===========================
version: 60
version: 61
binding_name: null
model_name: null
show_news_panel: True
# Execution protection
turn_on_code_execution: True
turn_on_code_validation: False
# Server information
headless_server_mode: False
allowed_origins: []

6
endpoints/lollms_advanced.py
View File

@ -149,12 +149,6 @@ class OpenCodeFolderInVsCodeRequestModel(BaseModel):
@router.post("/open_code_folder_in_vs_code")
async def open_code_folder_in_vs_code(request: OpenCodeFolderInVsCodeRequestModel):
"""
Opens code folder.
:param request: The HTTP request object.
:return: A JSON response with the status of the operation.
"""
if lollmsElfServer.config.headless_server_mode:
return {"status":False,"error":"Open code folder in vscode is blocked when in headless mode for obvious security reasons!"}

91
endpoints/lollms_discussion.py
View File

@ -15,6 +15,7 @@ from lollms.types import MSG_TYPE
from lollms.utilities import detect_antiprompt, remove_text_from_string, trace_exception
from ascii_colors import ASCIIColors
from api.db import DiscussionsDB, Discussion
from typing import List
from safe_store.text_vectorizer import TextVectorizer, VectorizationMethod, VisualizationMethod
import tqdm
@ -114,20 +115,17 @@ def export_discussion():
return {"discussion_text":lollmsElfServer.get_discussion_to()}
class DiscussionEditTitle(BaseModel):
client_id: str
title: str
id: int
@router.post("/edit_title")
async def edit_title(request: Request):
"""
Executes Python code and returns the output.
:param request: The HTTP request object.
:return: A JSON response with the status of the operation.
"""
async def edit_title(discussion_edit_title: DiscussionEditTitle):
try:
data = (await request.json())
client_id = data.get("client_id")
title = data.get("title")
discussion_id = data.get("id")
client_id = discussion_edit_title.client_id
title = discussion_edit_title.title
discussion_id = discussion_edit_title.id
lollmsElfServer.connections[client_id]["current_discussion"] = Discussion(discussion_id, lollmsElfServer.db)
lollmsElfServer.connections[client_id]["current_discussion"].rename(title)
return {'status':True}
@ -135,21 +133,15 @@ async def edit_title(request: Request):
trace_exception(ex)
lollmsElfServer.error(ex)
return {"status":False,"error":str(ex)}
class DiscussionTitle(BaseModel):
id: int
@router.post("/make_title")
async def make_title(request: Request):
"""
Executes Python code and returns the output.
:param request: The HTTP request object.
:return: A JSON response with the status of the operation.
"""
async def make_title(discussion_title: DiscussionTitle):
try:
data = (await request.json())
ASCIIColors.info("Making title")
discussion_id = data.get("id")
discussion_id = discussion_title.id
discussion = Discussion(discussion_id, lollmsElfServer.db)
title = lollmsElfServer.make_discussion_title(discussion)
discussion.rename(title)
@ -159,13 +151,19 @@ async def make_title(request: Request):
lollmsElfServer.error(ex)
return {"status":False,"error":str(ex)}
@router.get("/export")
def export():
return lollmsElfServer.db.export_to_json()
class DiscussionDelete(BaseModel):
client_id: str
id: int
@router.post("/delete_discussion")
async def delete_discussion(request: Request):
async def delete_discussion(discussion: DiscussionDelete):
"""
Executes Python code and returns the output.
@ -174,10 +172,9 @@ async def delete_discussion(request: Request):
"""
try:
data = (await request.json())
client_id = data.get("client_id")
discussion_id = data.get("id")
client_id = discussion.client_id
discussion_id = discussion.id
lollmsElfServer.connections[client_id]["current_discussion"] = Discussion(discussion_id, lollmsElfServer.db)
lollmsElfServer.connections[client_id]["current_discussion"].delete_discussion()
lollmsElfServer.connections[client_id]["current_discussion"] = None
@ -189,20 +186,15 @@ async def delete_discussion(request: Request):
# ----------------------------- import/export --------------------
class DiscussionExport(BaseModel):
discussion_ids: List[int]
export_format: str
@router.post("/export_multiple_discussions")
async def export_multiple_discussions(request: Request):
"""
Opens code in vs code.
:param request: The HTTP request object.
:return: A JSON response with the status of the operation.
"""
async def export_multiple_discussions(discussion_export: DiscussionExport):
try:
data = (await request.json())
discussion_ids = data["discussion_ids"]
export_format = data["export_format"]
discussion_ids = discussion_export.discussion_ids
export_format = discussion_export.export_format
if export_format=="json":
discussions = lollmsElfServer.db.export_discussions_to_json(discussion_ids)
@ -215,18 +207,19 @@ async def export_multiple_discussions(request: Request):
trace_exception(ex)
lollmsElfServer.error(ex)
return {"status":False,"error":str(ex)}
class Discussion(BaseModel):
id: int
content: str
class DiscussionImport(BaseModel):
jArray: List[Discussion]
@router.post("/import_multiple_discussions")
async def import_multiple_discussions(request: Request):
"""
Opens code in vs code.
:param request: The HTTP request object.
:return: A JSON response with the status of the operation.
"""
async def import_multiple_discussions(discussion_import: DiscussionImport):
try:
discussions = (await request.json())["jArray"]
discussions = discussion_import.jArray
lollmsElfServer.db.import_from_json(discussions)
return discussions
except Exception as ex:

2
events/lollms_chatbox_events.py
View File

@ -40,7 +40,7 @@ def add_events(sio:socketio):
@sio.on('create_empty_message')
def create_empty_message(sid, data):
client_id = sid
type = data.get("type",0)
type = int(data.get("type",0))
message = data.get("message","")
if type==0:
ASCIIColors.info(f"Building empty User message requested by : {client_id}")

2
lollms_core

@ -1 +1 @@
Subproject commit deea005c4d880256dacea7f22da3d3b690c26cd0
Subproject commit 56a53bb35e56a294d4917bd568fbd9667a7c31f9

8
requirements.txt
View File

@ -1,21 +1,13 @@
colorama
datasets
einops
jinja2==3.1.3
numpy==1.24.*
pandas
Pillow>=9.5.0
pyyaml
requests
rich
safetensors==0.4.1
scipy
sentencepiece
tensorboard
transformers==4.37.*
tqdm
setuptools
tqdm
psutil
pytest
GitPython

2
scripts/python/lollms_installer/main.py
View File

@ -44,7 +44,7 @@ ASCIIColors.red(" LoLLMS configuratoin tool")
ASCIIColors.yellow(f"Root dir : {root_path}")
sio = socketio.AsyncServer(async_mode='asgi')
app = FastAPI(debug=True)
app = FastAPI(title="LoLLMS", description="This is the LoLLMS-Webui documentation")
lollms_app = LollmsApplication(
"lollms_installer",

11
tests/pentests/sql_injection/test_sql_injection.py Normal file
View File

@ -0,0 +1,11 @@
import requests
IP_ADDRESS = "https://localhost" #replace me
PORT = 9600
data = {
"id": "0 OR 1=1",
"client_id": 0
}
response = requests.post(f"http://{IP_ADDRESS}:{str(PORT)}/delete_discussion", json=data)
print(response.json())

2
utilities/safe_store

@ -1 +1 @@
Subproject commit 6af3b565993b361bd6d5d2a282d8f69361ff2d6f
Subproject commit 3dd1693b1900228eee4a314ae303180f73ed0256

2
web/dist/assets/index-6a5a4887.css → web/dist/assets/index-015056f5.css vendored
View File

File diff suppressed because one or more lines are too long

90
web/dist/assets/index-a9ba20fe.js → web/dist/assets/index-524e92f5.js vendored
View File

File diff suppressed because one or more lines are too long

4
web/dist/index.html vendored
View File

@ -6,8 +6,8 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>LoLLMS WebUI - Welcome</title>
<script type="module" crossorigin src="/assets/index-a9ba20fe.js"></script>
<link rel="stylesheet" href="/assets/index-6a5a4887.css">
<script type="module" crossorigin src="/assets/index-524e92f5.js"></script>
<link rel="stylesheet" href="/assets/index-015056f5.css">
</head>
<body>
<div id="app"></div>

18
web/src/components/ChatBox.vue
View File

@ -235,7 +235,7 @@
</button>
<div class="pointer-events-none absolute -top-10 left-1/2 w-max -translate-x-1/2 rounded-md bg-gray-100 p-2 opacity-0 transition-opacity group-hover:opacity-100 dark:bg-gray-800"><p class="max-w-sm text-sm text-gray-800 dark:text-gray-200">Press and talk.</p></div>
</div>
<div class="group relative w-max">
<div v-if="!loading" class="group relative w-max">
<input type="file" ref="fileDialog" style="display: none" @change="addFiles" multiple />
<button type="button" @click.prevent="add_file"
class="w-6 hover:text-secondary duration-75 active:scale-90 cursor-pointer transform transition-transform hover:translate-y-[-5px] active:scale-90">
@ -245,7 +245,7 @@
</div>
<div class="group relative w-max">
<button type="button" @click.stop="takePicture"
<button v-if="!loading" type="button" @click.stop="takePicture"
class="w-6 hover:text-secondary duration-75 active:scale-90 cursor-pointer transform transition-transform hover:translate-y-[-5px] active:scale-90">
<i data-feather="camera"></i>
</button>
@ -253,7 +253,7 @@
</div>
<div class="group relative w-max">
<button type="button" @click.stop="addWebLink"
<button v-if="!loading" type="button" @click.stop="addWebLink"
class="w-6 hover:text-secondary duration-75 active:scale-90 cursor-pointer transform transition-transform hover:translate-y-[-5px] active:scale-90">
<i data-feather="globe"></i>
</button>
@ -261,7 +261,7 @@
</div>
<div class="group relative w-max">
<button v-if="!loading" type="button" @click="makeAnEmptyUserMessage"
<button v-if="!loading" type="button" @click.stop="makeAnEmptyUserMessage"
class=" w-6 text-blue-400 hover:text-secondary duration-75 active:scale-90">
<i data-feather="message-square"></i>
</button>
@ -270,7 +270,7 @@
</div>
<div class="group relative w-max">
<button v-if="!loading" type="button" @click="makeAnEmptyAIMessage"
<button v-if="!loading" type="button" @click.stop="makeAnEmptyAIMessage"
class=" w-6 text-red-400 hover:text-secondary duration-75 active:scale-90">
<i data-feather="message-square"></i>
</button>
@ -325,8 +325,6 @@ import filesize from '../plugins/filesize'
import MountedPersonalities from '@/components/MountedPersonalities.vue'
import MountedPersonalitiesList from '@/components/MountedPersonalitiesList.vue'
import PersonalitiesCommands from '@/components/PersonalitiesCommands.vue';
import InteractiveMenu from '@/components/InteractiveMenu.vue';
import { inject } from 'vue';
import socket from '@/services/websocket.js'
import UniversalForm from '../components/UniversalForm.vue';
import modelImgPlaceholder from "../assets/default_model.png"
@ -340,7 +338,9 @@ export default {
props: {
onTalk: Function,
discussionList: Array,
loading: false,
loading: {
default:false
},
onShowToastMessage: Function
},
@ -349,8 +349,6 @@ export default {
MountedPersonalities,
MountedPersonalitiesList,
PersonalitiesCommands,
InteractiveMenu,
},
setup() {

7
web/src/views/DiscussionsView.vue
View File

@ -1062,10 +1062,12 @@ export default {
return true
},
new_message(msgObj) {
this.isGenerating = true
if(msgObj.sender_type==this.SENDER_TYPES_AI){
this.isGenerating = true
}
console.log("Making a new message")
console.log('New message', msgObj);
let responseMessage = {
sender: msgObj.sender,
message_type: msgObj.message_type,
@ -1091,6 +1093,7 @@ export default {
open : msgObj.open
}
responseMessage.status_message = "Warming up"
console.log(responseMessage)
this.discussionArr.push(responseMessage)

2
web/src/views/PlayGroundView.vue
View File

@ -856,7 +856,7 @@ export default {
this.is_recording = false;
this.pending = false;
console.log(response)
this.text += response.data
this.text += response.data.text
console.log(response.data)
this.presets=response.data

2
zoos/personalities_zoo

@ -1 +1 @@
Subproject commit e425cd419875492425de4c7f9e774f4b0f7f8ca5
Subproject commit 4f328753175352e2adb8a5222ffe7204a9484e04