upgraded security

lollms/server/endpoints/lollms_configuration_infos.py

@@ -14,7 +14,7 @@ import pkg_resources
 from lollms.server.elf_server import LOLLMSElfServer
 from lollms.binding import BindingBuilder, InstallOption
 from ascii_colors import ASCIIColors
-from lollms.utilities import load_config, trace_exception, gc
+from lollms.utilities import load_config, trace_exception, gc, show_yes_no_dialog
 from lollms.security import check_access
 from pathlib import Path
 from typing import List
@@ -58,6 +58,7 @@ async def update_setting(request: Request):
         check_access(lollmsElfServer, config_data["client_id"])
         if "config" in config_data.keys():
             config_data = config_data["config"]
+
         setting_name = config_data["setting_name"]
         setting_value = sanitize_path(config_data["setting_value"])
 
@@ -150,6 +151,12 @@ async def apply_settings(request: Request):
 
         try:
             for key in lollmsElfServer.config.config.keys():
+                if key=="host" and lollmsElfServer.config.config[key] in ["127.0.0.1","localhost"] and config.get(key, lollmsElfServer.config.config[key]) not in ["127.0.0.1","localhost"]:
+                    if not show_yes_no_dialog("WARNING!!!","You are changing the host value to something else than the localhost which is dangerous if you do not trust the network you are on.\nIt is adviced not to do this as it may expose your own PC to remote access which may be dangerous.\nDo you want to ignore this message and continue changing the host to the nex value?"):
+                        config["host"]=lollmsElfServer.config.config[key]
+                if key=="turn_on_code_validation" and lollmsElfServer.config.config[key]==True and config.get(key, lollmsElfServer.config.config[key])==False:
+                    if not show_yes_no_dialog("WARNING!!!","I received a request to deactivate code execution validation.\nAre you sure?\nThis is a very bad idea especially if you activate remote access.\nDo this only if you are certain of the security of your system.\nDo you want to continue despite the warning?"):
+                        config["turn_on_code_validation"]=False
                 lollmsElfServer.config.config[key] = config.get(key, lollmsElfServer.config.config[key])
             ASCIIColors.success("OK")
             lollmsElfServer.rebuild_personalities()

lollms/server/endpoints/lollms_personalities_infos.py

@@ -16,6 +16,7 @@ from lollms.server.elf_server import LOLLMSElfServer
 from lollms.personality import AIPersonality, InstallOption
 from ascii_colors import ASCIIColors
 from lollms.utilities import load_config, trace_exception, gc
+from lollms.security import check_access
 from pathlib import Path
 from typing import List, Optional
 import psutil
@@ -177,6 +178,7 @@ def get_current_personality_path_infos():
 
 
 class PersonalityIn(BaseModel):
+    client_id:str
     name: str = Field(None)
 
 @router.post("/reinstall_personality")
@@ -187,6 +189,7 @@ async def reinstall_personality(personality_in: PersonalityIn):
     :param personality_in: PersonalityIn contans personality name.
     :return: A JSON response with the status of the operation.
     """
+    check_access(lollmsElfServer, personality_in.client_id)
     try:
         sanitize_path(personality_in.name)
         if not personality_in.name:
@@ -241,12 +244,9 @@ def remove_file(data:RemoveFileData):
         return {"state":False, "error":"No personality selected"}
     lollmsElfServer.personality.remove_file(data.name)
     return {"state":True}
-
-
-
-
 # ------------------------------------------- Mounting/Unmounting/Remounting ------------------------------------------------
 class PersonalityDataRequest(BaseModel):
+    client_id:str
     category:str
     name:str
 
@@ -271,14 +271,14 @@ def get_personality_config(data:PersonalityDataRequest):
         return {"status":False, "error":"Not found"}
     
 class PersonalityConfig(BaseModel):
+    client_id:str
     category:str
     name:str
     config:dict
 
-
-
 @router.post("/set_personality_config")
 def set_personality_config(data:PersonalityConfig):
+    check_access(lollmsElfServer, data.client_id)
     print("- Recovering personality config")
     category = sanitize_path(data.category)
     name = sanitize_path(data.name)
@@ -302,12 +302,14 @@ def set_personality_config(data:PersonalityConfig):
         return {"status":False, "error":"Not found"}
 
 class PersonalityMountingInfos(BaseModel):
+    client_id:str
     category:str
     folder:str
     language:Optional[str] = None
 
 @router.post("/mount_personality")
 def mount_personality(data:PersonalityMountingInfos):
+    check_access(lollmsElfServer, data.client_id)
     print("- Mounting personality")
     category = sanitize_path(data.category)
     name = sanitize_path(data.folder)
@@ -362,6 +364,7 @@ def mount_personality(data:PersonalityMountingInfos):
 
 @router.post("/remount_personality")
 def remount_personality(data:PersonalityMountingInfos):
+    check_access(lollmsElfServer, data.client_id)
     category = sanitize_path(data.category)
     name = sanitize_path(data.folder)
     language = data.language #.get('language', None)
@@ -414,6 +417,7 @@ def remount_personality(data:PersonalityMountingInfos):
 
 @router.post("/unmount_personality")
 def unmount_personality(data:PersonalityMountingInfos):
+    check_access(lollmsElfServer, data.client_id)
     print("- Unmounting personality ...")
     category = sanitize_path(data.category)
     name = sanitize_path(data.folder)