llms-py 2.0.24__py3-none-any.whl → 2.0.26__py3-none-any.whl

llms/llms.json

@@ -1,4 +1,12 @@
 {
+    "auth": {
+        "enabled": true,
+        "github": {
+            "client_id": "$GITHUB_CLIENT_ID",
+            "client_secret": "$GITHUB_CLIENT_SECRET",
+            "redirect_uri": "http://localhost:8000/auth/github/callback"
+        }
+    },
     "defaults": {
         "headers": {
             "Content-Type": "application/json",
@@ -113,6 +121,7 @@
                 "mai-ds-r1": "microsoft/mai-ds-r1:free",
                 "llama3.3:70b": "meta-llama/llama-3.3-70b-instruct:free",
                 "nemotron-nano:9b": "nvidia/nemotron-nano-9b-v2:free",
+                "nemotron-nano:12b":"nvidia/nemotron-nano-12b-v2-vl:free",
                 "deepseek-r1-distill-llama:70b": "deepseek/deepseek-r1-distill-llama-70b:free",
                 "gpt-oss:20b": "openai/gpt-oss-20b:free",
                 "mistral-small3.2:24b": "mistralai/mistral-small-3.2-24b-instruct:free",
@@ -163,7 +172,7 @@
             }
         },
         "google_free": {
-            "enabled": false,
+            "enabled": true,
             "type": "GoogleProvider",
             "api_key": "$GOOGLE_FREE_API_KEY",
             "models": {

llms/main.py

@@ -14,7 +14,8 @@ import mimetypes
 import traceback
 import sys
 import site
-from urllib.parse import parse_qs
+import secrets
+from urllib.parse import parse_qs, urlencode
 
 import aiohttp
 from aiohttp import web
@@ -22,7 +23,7 @@ from aiohttp import web
 from pathlib import Path
 from importlib import resources   # Py≥3.9  (pip install importlib_resources for 3.7/3.8)
 
-VERSION = "2.0.24"
+VERSION = "2.0.26"
 _ROOT = None
 g_config_path = None
 g_ui_path = None
@@ -31,6 +32,8 @@ g_handlers = {}
 g_verbose = False
 g_logprefix=""
 g_default_model=""
+g_sessions = {}  # OAuth session storage: {session_token: {userId, userName, displayName, profileUrl, email, created}}
+g_oauth_states = {}  # CSRF protection: {state: {created, redirect_uri}}
 
 def _log(message):
     """Helper method for logging from the global polling task."""
@@ -354,7 +357,7 @@ class OpenAiProvider:
 
     @classmethod
     def test(cls, base_url=None, api_key=None, models={}, **kwargs):
-        return base_url is not None and api_key is not None and len(models) > 0
+        return base_url and api_key and len(models) > 0
 
     async def load(self):
         pass
@@ -467,7 +470,7 @@ class OllamaProvider(OpenAiProvider):
 
     @classmethod
     def test(cls, base_url=None, models={}, all_models=False, **kwargs):
-        return base_url is not None and (len(models) > 0 or all_models)
+        return base_url and (len(models) > 0 or all_models)
 
 class GoogleOpenAiProvider(OpenAiProvider):
     def __init__(self, api_key, models, **kwargs):
@@ -476,7 +479,7 @@ class GoogleOpenAiProvider(OpenAiProvider):
 
     @classmethod
     def test(cls, api_key=None, models={}, **kwargs):
-        return api_key is not None and len(models) > 0
+        return api_key and len(models) > 0
 
 class GoogleProvider(OpenAiProvider):
     def __init__(self, models, api_key, safety_settings=None, thinking_config=None, curl=False, **kwargs):
@@ -912,7 +915,7 @@ async def load_llms():
         await provider.load()
 
 def save_config(config):
-    global g_config
+    global g_config, g_config_path
     g_config = config
     with open(g_config_path, "w") as f:
         json.dump(g_config, f, indent=4)
@@ -921,21 +924,25 @@ def save_config(config):
 def github_url(filename):
     return f"https://raw.githubusercontent.com/ServiceStack/llms/refs/heads/main/llms/{filename}"
 
-async def save_text(url, save_path):
+async def get_text(url):
     async with aiohttp.ClientSession() as session:
         _log(f"GET {url}")
         async with session.get(url) as resp:
             text = await resp.text()
             if resp.status >= 400:
                 raise HTTPError(resp.status, reason=resp.reason, body=text, headers=dict(resp.headers))
-            os.makedirs(os.path.dirname(save_path), exist_ok=True)
-            with open(save_path, "w") as f:
-                f.write(text)
             return text
 
+async def save_text_url(url, save_path):
+    text = await get_text(url)
+    os.makedirs(os.path.dirname(save_path), exist_ok=True)
+    with open(save_path, "w") as f:
+        f.write(text)
+    return text
+
 async def save_default_config(config_path):
     global g_config
-    config_json = await save_text(github_url("llms.json"), config_path)
+    config_json = await save_text_url(github_url("llms.json"), config_path)
     g_config = json.loads(config_json)
 
 def provider_status():
@@ -1256,8 +1263,59 @@ async def check_models(provider_name, model_names=None):
 
     print()
 
+def text_from_resource(filename):
+    global _ROOT
+    resource_path = _ROOT / filename
+    if resource_exists(resource_path):
+        try:
+            return read_resource_text(resource_path)
+        except (OSError, AttributeError) as e:
+            _log(f"Error reading resource config {filename}: {e}")
+    return None
+
+def text_from_file(filename):
+    if os.path.exists(filename):
+        with open(filename, "r") as f:
+            return f.read()
+    return None
+
+async def text_from_resource_or_url(filename):
+    text = text_from_resource(filename)
+    if not text:
+        try:
+            resource_url = github_url(filename)
+            text = await get_text(resource_url)
+        except Exception as e:
+            _log(f"Error downloading JSON from {resource_url}: {e}")
+            raise e
+    return text
+
+async def save_home_configs():
+    home_config_path = home_llms_path("llms.json")
+    home_ui_path = home_llms_path("ui.json")
+    if os.path.exists(home_config_path) and os.path.exists(home_ui_path):
+        return
+
+    llms_home = os.path.dirname(home_config_path)
+    os.makedirs(llms_home, exist_ok=True)
+    try:
+        if not os.path.exists(home_config_path):
+            config_json = await text_from_resource_or_url("llms.json")
+            with open(home_config_path, "w") as f:
+                f.write(config_json)
+            _log(f"Created default config at {home_config_path}")
+
+        if not os.path.exists(home_ui_path):
+            ui_json = await text_from_resource_or_url("ui.json")
+            with open(home_ui_path, "w") as f:
+                f.write(ui_json)
+            _log(f"Created default ui config at {home_ui_path}")
+    except Exception as e:
+        print("Could not create llms.json. Create one with --init or use --config <path>")
+        exit(1)
+
 def main():
-    global _ROOT, g_verbose, g_default_model, g_logprefix, g_config_path, g_ui_path
+    global _ROOT, g_verbose, g_default_model, g_logprefix, g_config, g_config_path, g_ui_path
 
     parser = argparse.ArgumentParser(description=f"llms v{VERSION}")
     parser.add_argument('--config',       default=None, help='Path to config file', metavar='FILE')
@@ -1295,24 +1353,13 @@ def main():
     if cli_args.logprefix:
         g_logprefix = cli_args.logprefix
 
-    if cli_args.config is not None:
-        g_config_path = os.path.join(os.path.dirname(__file__), cli_args.config)
-
-    _ROOT = resolve_root()
-    if cli_args.root:
-        _ROOT = Path(cli_args.root)
-
+    _ROOT = Path(cli_args.root) if cli_args.root else resolve_root()
     if not _ROOT:
         print("Resource root not found")
         exit(1)
 
-    g_config_path = os.path.join(os.path.dirname(__file__), cli_args.config) if cli_args.config else get_config_path()
-    g_ui_path = get_ui_path()
-
     home_config_path = home_llms_path("llms.json")
-    resource_config_path = _ROOT / "llms.json"
     home_ui_path = home_llms_path("ui.json")
-    resource_ui_path = _ROOT / "ui.json"
 
     if cli_args.init:
         if os.path.exists(home_config_path):
@@ -1324,74 +1371,38 @@ def main():
         if os.path.exists(home_ui_path):
             print(f"ui.json already exists at {home_ui_path}")
         else:
-            asyncio.run(save_text(github_url("ui.json"), home_ui_path))
+            asyncio.run(save_text_url(github_url("ui.json"), home_ui_path))
             print(f"Created default ui config at {home_ui_path}")
         exit(0)
 
-    if not g_config_path or not os.path.exists(g_config_path):
-        # copy llms.json and ui.json to llms_home
- 
-        if not os.path.exists(home_config_path):
-            llms_home = os.path.dirname(home_config_path)
-            os.makedirs(llms_home, exist_ok=True)
-
-            if resource_exists(resource_config_path):
-                try:
-                    # Read config from resource (handle both Path and Traversable objects)
-                    config_json = read_resource_text(resource_config_path)
-                except (OSError, AttributeError) as e:
-                    _log(f"Error reading resource config: {e}")
-            if not config_json:
-                try:
-                    config_json = asyncio.run(save_text(github_url("llms.json"), home_config_path))
-                except Exception as e:
-                    _log(f"Error downloading llms.json: {e}")
-                    print("Could not create llms.json. Create one with --init or use --config <path>")
-                    exit(1)
-
-            with open(home_config_path, "w") as f:
-                f.write(config_json)
-                _log(f"Created default config at {home_config_path}")
-            # Update g_config_path to point to the copied file
-            g_config_path = home_config_path
-    if not g_config_path or not os.path.exists(g_config_path):
-        print("llms.json not found. Create one with --init or use --config <path>")
-        exit(1)
-
-    if not g_ui_path or not os.path.exists(g_ui_path):
-        # Read UI config from resource
-        if not os.path.exists(home_ui_path):
-            llms_home = os.path.dirname(home_ui_path)
-            os.makedirs(llms_home, exist_ok=True)
-            if resource_exists(resource_ui_path):
-                try:
-                    # Read config from resource (handle both Path and Traversable objects)
-                    ui_json = read_resource_text(resource_ui_path)
-                except (OSError, AttributeError) as e:
-                    _log(f"Error reading resource ui config: {e}")
-            if not ui_json:
-                try:
-                    ui_json = asyncio.run(save_text(github_url("ui.json"), home_ui_path))
-                except Exception as e:
-                    _log(f"Error downloading ui.json: {e}")
-                    print("Could not create ui.json. Create one with --init or use --config <path>")
-                    exit(1)
+    if cli_args.config:
+        # read contents
+        g_config_path = os.path.join(os.path.dirname(__file__), cli_args.config) 
+        with open(g_config_path, "r") as f:
+            config_json = f.read()
+            g_config = json.loads(config_json)
 
-            with open(home_ui_path, "w") as f:
-                f.write(ui_json)
+        config_dir = os.path.dirname(g_config_path)
+        # look for ui.json in same directory as config
+        ui_path = os.path.join(config_dir, "ui.json")
+        if os.path.exists(ui_path):
+            g_ui_path = ui_path
+        else:
+            if not os.path.exists(home_ui_path):
+                ui_json = text_from_resource("ui.json")
+                with open(home_ui_path, "w") as f:
+                    f.write(ui_json)
                 _log(f"Created default ui config at {home_ui_path}")
-        
-        # Update g_config_path to point to the copied file
+            g_ui_path = home_ui_path
+    else:
+        # ensure llms.json and ui.json exist in home directory
+        asyncio.run(save_home_configs())
+        g_config_path = home_config_path
         g_ui_path = home_ui_path
-    if not g_ui_path or not os.path.exists(g_ui_path):
-        print("ui.json not found. Create one with --init or use --config <path>")
-        exit(1)
+        g_config = json.loads(text_from_file(g_config_path))
 
-    # read contents
-    with open(g_config_path, "r") as f:
-        config_json = f.read()
-        init_llms(json.loads(config_json))
-        asyncio.run(load_llms())
+    init_llms(g_config)
+    asyncio.run(load_llms())
 
     # print names
     _log(f"enabled providers: {', '.join(g_handlers.keys())}")
@@ -1426,15 +1437,83 @@ def main():
         exit(0)
 
     if cli_args.serve is not None:
+        # Disable inactive providers and save to config before starting server
+        all_providers = g_config['providers'].keys()
+        enabled_providers = list(g_handlers.keys())
+        disable_providers = []
+        for provider in all_providers:
+            provider_config = g_config['providers'][provider]
+            if provider not in enabled_providers:
+                if 'enabled' in provider_config and provider_config['enabled']:
+                    provider_config['enabled'] = False
+                    disable_providers.append(provider)
+        
+        if len(disable_providers) > 0:
+            _log(f"Disabled unavailable providers: {', '.join(disable_providers)}")
+            save_config(g_config)
+
+        # Start server
         port = int(cli_args.serve)
 
         if not os.path.exists(g_ui_path):
             print(f"UI not found at {g_ui_path}")
             exit(1)
 
+        # Validate auth configuration if enabled
+        auth_enabled = g_config.get('auth', {}).get('enabled', False)
+        if auth_enabled:
+            github_config = g_config.get('auth', {}).get('github', {})
+            client_id = github_config.get('client_id', '')
+            client_secret = github_config.get('client_secret', '')
+
+            # Expand environment variables
+            if client_id.startswith('$'):
+                client_id = os.environ.get(client_id[1:], '')
+            if client_secret.startswith('$'):
+                client_secret = os.environ.get(client_secret[1:], '')
+
+            if not client_id or not client_secret:
+                print("ERROR: Authentication is enabled but GitHub OAuth is not properly configured.")
+                print("Please set GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET environment variables,")
+                print("or disable authentication by setting 'auth.enabled' to false in llms.json")
+                exit(1)
+
+            _log("Authentication enabled - GitHub OAuth configured")
+
         app = web.Application()
 
+        # Authentication middleware helper
+        def check_auth(request):
+            """Check if request is authenticated. Returns (is_authenticated, user_data)"""
+            if not auth_enabled:
+                return True, None
+
+            # Check for OAuth session token
+            session_token = request.query.get('session') or request.headers.get('X-Session-Token')
+            if session_token and session_token in g_sessions:
+                return True, g_sessions[session_token]
+
+            # Check for API key
+            auth_header = request.headers.get('Authorization', '')
+            if auth_header.startswith('Bearer '):
+                api_key = auth_header[7:]
+                if api_key:
+                    return True, {"authProvider": "apikey"}
+
+            return False, None
+
         async def chat_handler(request):
+            # Check authentication if enabled
+            is_authenticated, user_data = check_auth(request)
+            if not is_authenticated:
+                return web.json_response({
+                    "error": {
+                        "message": "Authentication required",
+                        "type": "authentication_error",
+                        "code": "unauthorized"
+                    }
+                }, status=401)
+
             try:
                 chat = await request.json()
                 response = await chat_completion(chat)
@@ -1480,6 +1559,198 @@ def main():
             })
         app.router.add_post('/providers/{provider}', provider_handler)
 
+        # OAuth handlers
+        async def github_auth_handler(request):
+            """Initiate GitHub OAuth flow"""
+            if 'auth' not in g_config or 'github' not in g_config['auth']:
+                return web.json_response({"error": "GitHub OAuth not configured"}, status=500)
+
+            auth_config = g_config['auth']['github']
+            client_id = auth_config.get('client_id', '')
+            redirect_uri = auth_config.get('redirect_uri', '')
+
+            # Expand environment variables
+            if client_id.startswith('$'):
+                client_id = os.environ.get(client_id[1:], '')
+            if redirect_uri.startswith('$'):
+                redirect_uri = os.environ.get(redirect_uri[1:], '')
+
+            if not client_id:
+                return web.json_response({"error": "GitHub client_id not configured"}, status=500)
+
+            # Generate CSRF state token
+            state = secrets.token_urlsafe(32)
+            g_oauth_states[state] = {
+                'created': time.time(),
+                'redirect_uri': redirect_uri
+            }
+
+            # Clean up old states (older than 10 minutes)
+            current_time = time.time()
+            expired_states = [s for s, data in g_oauth_states.items() if current_time - data['created'] > 600]
+            for s in expired_states:
+                del g_oauth_states[s]
+
+            # Build GitHub authorization URL
+            params = {
+                'client_id': client_id,
+                'redirect_uri': redirect_uri,
+                'state': state,
+                'scope': 'read:user user:email'
+            }
+            auth_url = f"https://github.com/login/oauth/authorize?{urlencode(params)}"
+
+            return web.HTTPFound(auth_url)
+
+        async def github_callback_handler(request):
+            """Handle GitHub OAuth callback"""
+            code = request.query.get('code')
+            state = request.query.get('state')
+
+            if not code or not state:
+                return web.Response(text="Missing code or state parameter", status=400)
+
+            # Verify state token (CSRF protection)
+            if state not in g_oauth_states:
+                return web.Response(text="Invalid state parameter", status=400)
+
+            state_data = g_oauth_states.pop(state)
+
+            if 'auth' not in g_config or 'github' not in g_config['auth']:
+                return web.json_response({"error": "GitHub OAuth not configured"}, status=500)
+
+            auth_config = g_config['auth']['github']
+            client_id = auth_config.get('client_id', '')
+            client_secret = auth_config.get('client_secret', '')
+            redirect_uri = auth_config.get('redirect_uri', '')
+
+            # Expand environment variables
+            if client_id.startswith('$'):
+                client_id = os.environ.get(client_id[1:], '')
+            if client_secret.startswith('$'):
+                client_secret = os.environ.get(client_secret[1:], '')
+            if redirect_uri.startswith('$'):
+                redirect_uri = os.environ.get(redirect_uri[1:], '')
+
+            if not client_id or not client_secret:
+                return web.json_response({"error": "GitHub OAuth credentials not configured"}, status=500)
+
+            # Exchange code for access token
+            async with aiohttp.ClientSession() as session:
+                token_url = "https://github.com/login/oauth/access_token"
+                token_data = {
+                    'client_id': client_id,
+                    'client_secret': client_secret,
+                    'code': code,
+                    'redirect_uri': redirect_uri
+                }
+                headers = {'Accept': 'application/json'}
+
+                async with session.post(token_url, data=token_data, headers=headers) as resp:
+                    token_response = await resp.json()
+                    access_token = token_response.get('access_token')
+
+                    if not access_token:
+                        error = token_response.get('error_description', 'Failed to get access token')
+                        return web.Response(text=f"OAuth error: {error}", status=400)
+
+                # Fetch user info
+                user_url = "https://api.github.com/user"
+                headers = {
+                    "Authorization": f"Bearer {access_token}",
+                    "Accept": "application/json"
+                }
+
+                async with session.get(user_url, headers=headers) as resp:
+                    user_data = await resp.json()
+
+            # Create session
+            session_token = secrets.token_urlsafe(32)
+            g_sessions[session_token] = {
+                "userId": str(user_data.get('id', '')),
+                "userName": user_data.get('login', ''),
+                "displayName": user_data.get('name', ''),
+                "profileUrl": user_data.get('avatar_url', ''),
+                "email": user_data.get('email', ''),
+                "created": time.time()
+            }
+
+            # Redirect to UI with session token
+            return web.HTTPFound(f"/?session={session_token}")
+
+        async def session_handler(request):
+            """Validate and return session info"""
+            session_token = request.query.get('session') or request.headers.get('X-Session-Token')
+
+            if not session_token or session_token not in g_sessions:
+                return web.json_response({"error": "Invalid or expired session"}, status=401)
+
+            session_data = g_sessions[session_token]
+
+            # Clean up old sessions (older than 24 hours)
+            current_time = time.time()
+            expired_sessions = [token for token, data in g_sessions.items() if current_time - data['created'] > 86400]
+            for token in expired_sessions:
+                del g_sessions[token]
+
+            return web.json_response({
+                **session_data,
+                "sessionToken": session_token
+            })
+
+        async def logout_handler(request):
+            """End OAuth session"""
+            session_token = request.query.get('session') or request.headers.get('X-Session-Token')
+
+            if session_token and session_token in g_sessions:
+                del g_sessions[session_token]
+
+            return web.json_response({"success": True})
+
+        async def auth_handler(request):
+            """Check authentication status and return user info"""
+            # Check for OAuth session token
+            session_token = request.query.get('session') or request.headers.get('X-Session-Token')
+
+            if session_token and session_token in g_sessions:
+                session_data = g_sessions[session_token]
+                return web.json_response({
+                    "userId": session_data.get("userId", ""),
+                    "userName": session_data.get("userName", ""),
+                    "displayName": session_data.get("displayName", ""),
+                    "profileUrl": session_data.get("profileUrl", ""),
+                    "authProvider": "github"
+                })
+
+            # Check for API key in Authorization header
+            # auth_header = request.headers.get('Authorization', '')
+            # if auth_header.startswith('Bearer '):
+            #     # For API key auth, return a basic response
+            #     # You can customize this based on your API key validation logic
+            #     api_key = auth_header[7:]
+            #     if api_key:  # Add your API key validation logic here
+            #         return web.json_response({
+            #             "userId": "1",
+            #             "userName": "apiuser",
+            #             "displayName": "API User",
+            #             "profileUrl": "",
+            #             "authProvider": "apikey"
+            #         })
+
+            # Not authenticated - return error in expected format
+            return web.json_response({
+                "responseStatus": {
+                    "errorCode": "Unauthorized",
+                    "message": "Not authenticated"
+                }
+            }, status=401)
+
+        app.router.add_get('/auth', auth_handler)
+        app.router.add_get('/auth/github', github_auth_handler)
+        app.router.add_get('/auth/github/callback', github_callback_handler)
+        app.router.add_get('/auth/session', session_handler)
+        app.router.add_post('/auth/logout', logout_handler)
+
         async def ui_static(request: web.Request) -> web.Response:
             path = Path(request.match_info["path"])
 
@@ -1519,9 +1790,12 @@ def main():
                 enabled, disabled = provider_status()
                 ui['status'] = {
                     "all": list(g_config['providers'].keys()),
-                    "enabled": enabled, 
-                    "disabled": disabled 
+                    "enabled": enabled,
+                    "disabled": disabled
                 }
+                # Add auth configuration
+                ui['requiresAuth'] = auth_enabled
+                ui['authType'] = 'oauth' if auth_enabled else 'apikey'
                 return web.json_response(ui)
         app.router.add_get('/config', ui_config_handler)
 

llms/ui/App.mjs

@@ -1,13 +1,18 @@
+import { inject } from "vue"
 import Sidebar from "./Sidebar.mjs"
 
 export default {
     components: {
         Sidebar,
     },
+    setup() {
+        const ai = inject('ai')
+        return { ai }
+    },
     template: `
         <div class="flex h-screen bg-white">
-            <!-- Sidebar -->
-            <div class="w-72 xl:w-80 flex-shrink-0">
+            <!-- Sidebar (hidden when auth required and not authenticated) -->
+            <div v-if="!(ai.requiresAuth && !ai.auth)" class="w-72 xl:w-80 flex-shrink-0">
                 <Sidebar />
             </div>