upgraded security

This commit is contained in:
Saifeddine ALOUI 2024-03-31 17:58:10 +02:00
parent a0c8e29b37
commit 7b065cbba5
2 changed files with 18 additions and 7 deletions

View File

@ -14,7 +14,7 @@ import pkg_resources
from lollms.server.elf_server import LOLLMSElfServer from lollms.server.elf_server import LOLLMSElfServer
from lollms.binding import BindingBuilder, InstallOption from lollms.binding import BindingBuilder, InstallOption
from ascii_colors import ASCIIColors from ascii_colors import ASCIIColors
from lollms.utilities import load_config, trace_exception, gc from lollms.utilities import load_config, trace_exception, gc, show_yes_no_dialog
from lollms.security import check_access from lollms.security import check_access
from pathlib import Path from pathlib import Path
from typing import List from typing import List
@ -58,6 +58,7 @@ async def update_setting(request: Request):
check_access(lollmsElfServer, config_data["client_id"]) check_access(lollmsElfServer, config_data["client_id"])
if "config" in config_data.keys(): if "config" in config_data.keys():
config_data = config_data["config"] config_data = config_data["config"]
setting_name = config_data["setting_name"] setting_name = config_data["setting_name"]
setting_value = sanitize_path(config_data["setting_value"]) setting_value = sanitize_path(config_data["setting_value"])
@ -150,6 +151,12 @@ async def apply_settings(request: Request):
try: try:
for key in lollmsElfServer.config.config.keys(): for key in lollmsElfServer.config.config.keys():
if key=="host" and lollmsElfServer.config.config[key] in ["127.0.0.1","localhost"] and config.get(key, lollmsElfServer.config.config[key]) not in ["127.0.0.1","localhost"]:
if not show_yes_no_dialog("WARNING!!!","You are changing the host value to something else than the localhost which is dangerous if you do not trust the network you are on.\nIt is adviced not to do this as it may expose your own PC to remote access which may be dangerous.\nDo you want to ignore this message and continue changing the host to the nex value?"):
config["host"]=lollmsElfServer.config.config[key]
if key=="turn_on_code_validation" and lollmsElfServer.config.config[key]==True and config.get(key, lollmsElfServer.config.config[key])==False:
if not show_yes_no_dialog("WARNING!!!","I received a request to deactivate code execution validation.\nAre you sure?\nThis is a very bad idea especially if you activate remote access.\nDo this only if you are certain of the security of your system.\nDo you want to continue despite the warning?"):
config["turn_on_code_validation"]=False
lollmsElfServer.config.config[key] = config.get(key, lollmsElfServer.config.config[key]) lollmsElfServer.config.config[key] = config.get(key, lollmsElfServer.config.config[key])
ASCIIColors.success("OK") ASCIIColors.success("OK")
lollmsElfServer.rebuild_personalities() lollmsElfServer.rebuild_personalities()

View File

@ -16,6 +16,7 @@ from lollms.server.elf_server import LOLLMSElfServer
from lollms.personality import AIPersonality, InstallOption from lollms.personality import AIPersonality, InstallOption
from ascii_colors import ASCIIColors from ascii_colors import ASCIIColors
from lollms.utilities import load_config, trace_exception, gc from lollms.utilities import load_config, trace_exception, gc
from lollms.security import check_access
from pathlib import Path from pathlib import Path
from typing import List, Optional from typing import List, Optional
import psutil import psutil
@ -177,6 +178,7 @@ def get_current_personality_path_infos():
class PersonalityIn(BaseModel): class PersonalityIn(BaseModel):
client_id:str
name: str = Field(None) name: str = Field(None)
@router.post("/reinstall_personality") @router.post("/reinstall_personality")
@ -187,6 +189,7 @@ async def reinstall_personality(personality_in: PersonalityIn):
:param personality_in: PersonalityIn contans personality name. :param personality_in: PersonalityIn contans personality name.
:return: A JSON response with the status of the operation. :return: A JSON response with the status of the operation.
""" """
check_access(lollmsElfServer, personality_in.client_id)
try: try:
sanitize_path(personality_in.name) sanitize_path(personality_in.name)
if not personality_in.name: if not personality_in.name:
@ -241,12 +244,9 @@ def remove_file(data:RemoveFileData):
return {"state":False, "error":"No personality selected"} return {"state":False, "error":"No personality selected"}
lollmsElfServer.personality.remove_file(data.name) lollmsElfServer.personality.remove_file(data.name)
return {"state":True} return {"state":True}
# ------------------------------------------- Mounting/Unmounting/Remounting ------------------------------------------------ # ------------------------------------------- Mounting/Unmounting/Remounting ------------------------------------------------
class PersonalityDataRequest(BaseModel): class PersonalityDataRequest(BaseModel):
client_id:str
category:str category:str
name:str name:str
@ -271,14 +271,14 @@ def get_personality_config(data:PersonalityDataRequest):
return {"status":False, "error":"Not found"} return {"status":False, "error":"Not found"}
class PersonalityConfig(BaseModel): class PersonalityConfig(BaseModel):
client_id:str
category:str category:str
name:str name:str
config:dict config:dict
@router.post("/set_personality_config") @router.post("/set_personality_config")
def set_personality_config(data:PersonalityConfig): def set_personality_config(data:PersonalityConfig):
check_access(lollmsElfServer, data.client_id)
print("- Recovering personality config") print("- Recovering personality config")
category = sanitize_path(data.category) category = sanitize_path(data.category)
name = sanitize_path(data.name) name = sanitize_path(data.name)
@ -302,12 +302,14 @@ def set_personality_config(data:PersonalityConfig):
return {"status":False, "error":"Not found"} return {"status":False, "error":"Not found"}
class PersonalityMountingInfos(BaseModel): class PersonalityMountingInfos(BaseModel):
client_id:str
category:str category:str
folder:str folder:str
language:Optional[str] = None language:Optional[str] = None
@router.post("/mount_personality") @router.post("/mount_personality")
def mount_personality(data:PersonalityMountingInfos): def mount_personality(data:PersonalityMountingInfos):
check_access(lollmsElfServer, data.client_id)
print("- Mounting personality") print("- Mounting personality")
category = sanitize_path(data.category) category = sanitize_path(data.category)
name = sanitize_path(data.folder) name = sanitize_path(data.folder)
@ -362,6 +364,7 @@ def mount_personality(data:PersonalityMountingInfos):
@router.post("/remount_personality") @router.post("/remount_personality")
def remount_personality(data:PersonalityMountingInfos): def remount_personality(data:PersonalityMountingInfos):
check_access(lollmsElfServer, data.client_id)
category = sanitize_path(data.category) category = sanitize_path(data.category)
name = sanitize_path(data.folder) name = sanitize_path(data.folder)
language = data.language #.get('language', None) language = data.language #.get('language', None)
@ -414,6 +417,7 @@ def remount_personality(data:PersonalityMountingInfos):
@router.post("/unmount_personality") @router.post("/unmount_personality")
def unmount_personality(data:PersonalityMountingInfos): def unmount_personality(data:PersonalityMountingInfos):
check_access(lollmsElfServer, data.client_id)
print("- Unmounting personality ...") print("- Unmounting personality ...")
category = sanitize_path(data.category) category = sanitize_path(data.category)
name = sanitize_path(data.folder) name = sanitize_path(data.folder)