llms-py 2.0.25__py3-none-any.whl → 2.0.26__py3-none-any.whl

llms/llms.json

@@ -1,4 +1,12 @@
 {
+    "auth": {
+        "enabled": true,
+        "github": {
+            "client_id": "$GITHUB_CLIENT_ID",
+            "client_secret": "$GITHUB_CLIENT_SECRET",
+            "redirect_uri": "http://localhost:8000/auth/github/callback"
+        }
+    },
     "defaults": {
         "headers": {
             "Content-Type": "application/json",
@@ -113,6 +121,7 @@
                 "mai-ds-r1": "microsoft/mai-ds-r1:free",
                 "llama3.3:70b": "meta-llama/llama-3.3-70b-instruct:free",
                 "nemotron-nano:9b": "nvidia/nemotron-nano-9b-v2:free",
+                "nemotron-nano:12b":"nvidia/nemotron-nano-12b-v2-vl:free",
                 "deepseek-r1-distill-llama:70b": "deepseek/deepseek-r1-distill-llama-70b:free",
                 "gpt-oss:20b": "openai/gpt-oss-20b:free",
                 "mistral-small3.2:24b": "mistralai/mistral-small-3.2-24b-instruct:free",

llms/main.py

@@ -14,7 +14,8 @@ import mimetypes
 import traceback
 import sys
 import site
-from urllib.parse import parse_qs
+import secrets
+from urllib.parse import parse_qs, urlencode
 
 import aiohttp
 from aiohttp import web
@@ -22,7 +23,7 @@ from aiohttp import web
 from pathlib import Path
 from importlib import resources   # Py≥3.9  (pip install importlib_resources for 3.7/3.8)
 
-VERSION = "2.0.25"
+VERSION = "2.0.26"
 _ROOT = None
 g_config_path = None
 g_ui_path = None
@@ -31,6 +32,8 @@ g_handlers = {}
 g_verbose = False
 g_logprefix=""
 g_default_model=""
+g_sessions = {}  # OAuth session storage: {session_token: {userId, userName, displayName, profileUrl, email, created}}
+g_oauth_states = {}  # CSRF protection: {state: {created, redirect_uri}}
 
 def _log(message):
     """Helper method for logging from the global polling task."""
@@ -1456,9 +1459,61 @@ def main():
             print(f"UI not found at {g_ui_path}")
             exit(1)
 
+        # Validate auth configuration if enabled
+        auth_enabled = g_config.get('auth', {}).get('enabled', False)
+        if auth_enabled:
+            github_config = g_config.get('auth', {}).get('github', {})
+            client_id = github_config.get('client_id', '')
+            client_secret = github_config.get('client_secret', '')
+
+            # Expand environment variables
+            if client_id.startswith('$'):
+                client_id = os.environ.get(client_id[1:], '')
+            if client_secret.startswith('$'):
+                client_secret = os.environ.get(client_secret[1:], '')
+
+            if not client_id or not client_secret:
+                print("ERROR: Authentication is enabled but GitHub OAuth is not properly configured.")
+                print("Please set GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET environment variables,")
+                print("or disable authentication by setting 'auth.enabled' to false in llms.json")
+                exit(1)
+
+            _log("Authentication enabled - GitHub OAuth configured")
+
         app = web.Application()
 
+        # Authentication middleware helper
+        def check_auth(request):
+            """Check if request is authenticated. Returns (is_authenticated, user_data)"""
+            if not auth_enabled:
+                return True, None
+
+            # Check for OAuth session token
+            session_token = request.query.get('session') or request.headers.get('X-Session-Token')
+            if session_token and session_token in g_sessions:
+                return True, g_sessions[session_token]
+
+            # Check for API key
+            auth_header = request.headers.get('Authorization', '')
+            if auth_header.startswith('Bearer '):
+                api_key = auth_header[7:]
+                if api_key:
+                    return True, {"authProvider": "apikey"}
+
+            return False, None
+
         async def chat_handler(request):
+            # Check authentication if enabled
+            is_authenticated, user_data = check_auth(request)
+            if not is_authenticated:
+                return web.json_response({
+                    "error": {
+                        "message": "Authentication required",
+                        "type": "authentication_error",
+                        "code": "unauthorized"
+                    }
+                }, status=401)
+
             try:
                 chat = await request.json()
                 response = await chat_completion(chat)
@@ -1504,6 +1559,198 @@ def main():
             })
         app.router.add_post('/providers/{provider}', provider_handler)
 
+        # OAuth handlers
+        async def github_auth_handler(request):
+            """Initiate GitHub OAuth flow"""
+            if 'auth' not in g_config or 'github' not in g_config['auth']:
+                return web.json_response({"error": "GitHub OAuth not configured"}, status=500)
+
+            auth_config = g_config['auth']['github']
+            client_id = auth_config.get('client_id', '')
+            redirect_uri = auth_config.get('redirect_uri', '')
+
+            # Expand environment variables
+            if client_id.startswith('$'):
+                client_id = os.environ.get(client_id[1:], '')
+            if redirect_uri.startswith('$'):
+                redirect_uri = os.environ.get(redirect_uri[1:], '')
+
+            if not client_id:
+                return web.json_response({"error": "GitHub client_id not configured"}, status=500)
+
+            # Generate CSRF state token
+            state = secrets.token_urlsafe(32)
+            g_oauth_states[state] = {
+                'created': time.time(),
+                'redirect_uri': redirect_uri
+            }
+
+            # Clean up old states (older than 10 minutes)
+            current_time = time.time()
+            expired_states = [s for s, data in g_oauth_states.items() if current_time - data['created'] > 600]
+            for s in expired_states:
+                del g_oauth_states[s]
+
+            # Build GitHub authorization URL
+            params = {
+                'client_id': client_id,
+                'redirect_uri': redirect_uri,
+                'state': state,
+                'scope': 'read:user user:email'
+            }
+            auth_url = f"https://github.com/login/oauth/authorize?{urlencode(params)}"
+
+            return web.HTTPFound(auth_url)
+
+        async def github_callback_handler(request):
+            """Handle GitHub OAuth callback"""
+            code = request.query.get('code')
+            state = request.query.get('state')
+
+            if not code or not state:
+                return web.Response(text="Missing code or state parameter", status=400)
+
+            # Verify state token (CSRF protection)
+            if state not in g_oauth_states:
+                return web.Response(text="Invalid state parameter", status=400)
+
+            state_data = g_oauth_states.pop(state)
+
+            if 'auth' not in g_config or 'github' not in g_config['auth']:
+                return web.json_response({"error": "GitHub OAuth not configured"}, status=500)
+
+            auth_config = g_config['auth']['github']
+            client_id = auth_config.get('client_id', '')
+            client_secret = auth_config.get('client_secret', '')
+            redirect_uri = auth_config.get('redirect_uri', '')
+
+            # Expand environment variables
+            if client_id.startswith('$'):
+                client_id = os.environ.get(client_id[1:], '')
+            if client_secret.startswith('$'):
+                client_secret = os.environ.get(client_secret[1:], '')
+            if redirect_uri.startswith('$'):
+                redirect_uri = os.environ.get(redirect_uri[1:], '')
+
+            if not client_id or not client_secret:
+                return web.json_response({"error": "GitHub OAuth credentials not configured"}, status=500)
+
+            # Exchange code for access token
+            async with aiohttp.ClientSession() as session:
+                token_url = "https://github.com/login/oauth/access_token"
+                token_data = {
+                    'client_id': client_id,
+                    'client_secret': client_secret,
+                    'code': code,
+                    'redirect_uri': redirect_uri
+                }
+                headers = {'Accept': 'application/json'}
+
+                async with session.post(token_url, data=token_data, headers=headers) as resp:
+                    token_response = await resp.json()
+                    access_token = token_response.get('access_token')
+
+                    if not access_token:
+                        error = token_response.get('error_description', 'Failed to get access token')
+                        return web.Response(text=f"OAuth error: {error}", status=400)
+
+                # Fetch user info
+                user_url = "https://api.github.com/user"
+                headers = {
+                    "Authorization": f"Bearer {access_token}",
+                    "Accept": "application/json"
+                }
+
+                async with session.get(user_url, headers=headers) as resp:
+                    user_data = await resp.json()
+
+            # Create session
+            session_token = secrets.token_urlsafe(32)
+            g_sessions[session_token] = {
+                "userId": str(user_data.get('id', '')),
+                "userName": user_data.get('login', ''),
+                "displayName": user_data.get('name', ''),
+                "profileUrl": user_data.get('avatar_url', ''),
+                "email": user_data.get('email', ''),
+                "created": time.time()
+            }
+
+            # Redirect to UI with session token
+            return web.HTTPFound(f"/?session={session_token}")
+
+        async def session_handler(request):
+            """Validate and return session info"""
+            session_token = request.query.get('session') or request.headers.get('X-Session-Token')
+
+            if not session_token or session_token not in g_sessions:
+                return web.json_response({"error": "Invalid or expired session"}, status=401)
+
+            session_data = g_sessions[session_token]
+
+            # Clean up old sessions (older than 24 hours)
+            current_time = time.time()
+            expired_sessions = [token for token, data in g_sessions.items() if current_time - data['created'] > 86400]
+            for token in expired_sessions:
+                del g_sessions[token]
+
+            return web.json_response({
+                **session_data,
+                "sessionToken": session_token
+            })
+
+        async def logout_handler(request):
+            """End OAuth session"""
+            session_token = request.query.get('session') or request.headers.get('X-Session-Token')
+
+            if session_token and session_token in g_sessions:
+                del g_sessions[session_token]
+
+            return web.json_response({"success": True})
+
+        async def auth_handler(request):
+            """Check authentication status and return user info"""
+            # Check for OAuth session token
+            session_token = request.query.get('session') or request.headers.get('X-Session-Token')
+
+            if session_token and session_token in g_sessions:
+                session_data = g_sessions[session_token]
+                return web.json_response({
+                    "userId": session_data.get("userId", ""),
+                    "userName": session_data.get("userName", ""),
+                    "displayName": session_data.get("displayName", ""),
+                    "profileUrl": session_data.get("profileUrl", ""),
+                    "authProvider": "github"
+                })
+
+            # Check for API key in Authorization header
+            # auth_header = request.headers.get('Authorization', '')
+            # if auth_header.startswith('Bearer '):
+            #     # For API key auth, return a basic response
+            #     # You can customize this based on your API key validation logic
+            #     api_key = auth_header[7:]
+            #     if api_key:  # Add your API key validation logic here
+            #         return web.json_response({
+            #             "userId": "1",
+            #             "userName": "apiuser",
+            #             "displayName": "API User",
+            #             "profileUrl": "",
+            #             "authProvider": "apikey"
+            #         })
+
+            # Not authenticated - return error in expected format
+            return web.json_response({
+                "responseStatus": {
+                    "errorCode": "Unauthorized",
+                    "message": "Not authenticated"
+                }
+            }, status=401)
+
+        app.router.add_get('/auth', auth_handler)
+        app.router.add_get('/auth/github', github_auth_handler)
+        app.router.add_get('/auth/github/callback', github_callback_handler)
+        app.router.add_get('/auth/session', session_handler)
+        app.router.add_post('/auth/logout', logout_handler)
+
         async def ui_static(request: web.Request) -> web.Response:
             path = Path(request.match_info["path"])
 
@@ -1543,9 +1790,12 @@ def main():
                 enabled, disabled = provider_status()
                 ui['status'] = {
                     "all": list(g_config['providers'].keys()),
-                    "enabled": enabled, 
-                    "disabled": disabled 
+                    "enabled": enabled,
+                    "disabled": disabled
                 }
+                # Add auth configuration
+                ui['requiresAuth'] = auth_enabled
+                ui['authType'] = 'oauth' if auth_enabled else 'apikey'
                 return web.json_response(ui)
         app.router.add_get('/config', ui_config_handler)
 

llms/ui/App.mjs

@@ -1,13 +1,18 @@
+import { inject } from "vue"
 import Sidebar from "./Sidebar.mjs"
 
 export default {
     components: {
         Sidebar,
     },
+    setup() {
+        const ai = inject('ai')
+        return { ai }
+    },
     template: `
         <div class="flex h-screen bg-white">
-            <!-- Sidebar -->
-            <div class="w-72 xl:w-80 flex-shrink-0">
+            <!-- Sidebar (hidden when auth required and not authenticated) -->
+            <div v-if="!(ai.requiresAuth && !ai.auth)" class="w-72 xl:w-80 flex-shrink-0">
                 <Sidebar />
             </div>
 

llms/ui/Avatar.mjs

@@ -1,13 +1,40 @@
-import { computed, inject } from "vue"
+import { computed, inject, ref, onMounted, onUnmounted } from "vue"
 
 export default {
     template:`
-        <div v-if="$ai.auth?.profileUrl" :title="authTitle">
-            <img :src="$ai.auth.profileUrl" class="size-8 rounded-full" />
+        <div v-if="$ai.auth?.profileUrl" class="relative" ref="avatarContainer">
+            <img
+                @click.stop="toggleMenu"
+                :src="$ai.auth.profileUrl"
+                :title="authTitle"
+                class="size-8 rounded-full cursor-pointer hover:ring-2 hover:ring-gray-300"
+            />
+            <div
+                v-if="showMenu"
+                @click.stop
+                class="absolute right-0 mt-2 w-48 bg-white dark:bg-gray-800 rounded-md shadow-lg py-1 z-50 border border-gray-200 dark:border-gray-700"
+            >
+                <div class="px-4 py-2 text-sm text-gray-700 dark:text-gray-300 border-b border-gray-200 dark:border-gray-700">
+                    <div class="font-medium whitespace-nowrap overflow-hidden text-ellipsis">{{ $ai.auth.displayName || $ai.auth.userName }}</div>
+                    <div class="text-xs text-gray-500 dark:text-gray-400 whitespace-nowrap overflow-hidden text-ellipsis">{{ $ai.auth.email }}</div>
+                </div>
+                <button type="button"
+                    @click="handleLogout"
+                    class="w-full text-left px-4 py-2 text-sm text-gray-700 dark:text-gray-300 hover:bg-gray-100 dark:hover:bg-gray-700 flex items-center whitespace-nowrap"
+                >
+                    <svg class="w-4 h-4 mr-2 flex-shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M17 16l4-4m0 0l-4-4m4 4H7m6 4v1a3 3 0 01-3 3H6a3 3 0 01-3-3V7a3 3 0 013-3h4a3 3 0 013 3v1"></path>
+                    </svg>
+                    Sign Out
+                </button>
+            </div>
         </div>
     `,
     setup() {
         const ai = inject('ai')
+        const showMenu = ref(false)
+        const avatarContainer = ref(null)
+
         const authTitle = computed(() => {
             if (!ai.auth) return ''
             const { userId, userName, displayName, bearerToken, roles } = ai.auth
@@ -20,9 +47,39 @@ export default {
             ]
             return sb.filter(x => x).join('\n')
         })
-        
+
+        function toggleMenu() {
+            showMenu.value = !showMenu.value
+        }
+
+        async function handleLogout() {
+            showMenu.value = false
+            await ai.signOut()
+            // Reload the page to show sign-in screen
+            window.location.reload()
+        }
+
+        // Close menu when clicking outside
+        const handleClickOutside = (event) => {
+            if (showMenu.value && avatarContainer.value && !avatarContainer.value.contains(event.target)) {
+                showMenu.value = false
+            }
+        }
+
+        onMounted(() => {
+            document.addEventListener('click', handleClickOutside)
+        })
+
+        onUnmounted(() => {
+            document.removeEventListener('click', handleClickOutside)
+        })
+
         return {
             authTitle,
+            handleLogout,
+            showMenu,
+            toggleMenu,
+            avatarContainer,
         }
     }
 }

llms/ui/Main.mjs

@@ -6,6 +6,7 @@ import { storageObject, addCopyButtons, formatCost, statsTitle } from './utils.m
 import { renderMarkdown } from './markdown.mjs'
 import ChatPrompt, { useChatPrompt } from './ChatPrompt.mjs'
 import SignIn from './SignIn.mjs'
+import OAuthSignIn from './OAuthSignIn.mjs'
 import Avatar from './Avatar.mjs'
 import ModelSelector from './ModelSelector.mjs'
 import SystemPromptSelector from './SystemPromptSelector.mjs'
@@ -22,32 +23,34 @@ export default {
         SystemPromptEditor,
         ChatPrompt,
         SignIn,
+        OAuthSignIn,
         Avatar,
         Welcome,
     },
     template: `
         <div class="flex flex-col h-full w-full">
-            <!-- Header with model and prompt selectors -->
-            <div class="border-b border-gray-200 bg-white px-2 py-2 w-full min-h-16">
+            <!-- Header with model and prompt selectors (hidden when auth required and not authenticated) -->
+            <div v-if="!($ai.requiresAuth && !$ai.auth)" class="border-b border-gray-200 bg-white px-2 py-2 w-full min-h-16">
                 <div class="flex items-center justify-between w-full">
                     <ModelSelector :models="models" v-model="selectedModel" @updated="configUpdated" />
 
                     <div class="flex items-center space-x-2">
-                        <SystemPromptSelector :prompts="prompts" v-model="selectedPrompt" 
+                        <SystemPromptSelector :prompts="prompts" v-model="selectedPrompt"
                             :show="showSystemPrompt" @toggle="showSystemPrompt = !showSystemPrompt" />
                         <Avatar />
                     </div>
                 </div>
             </div>
 
-            <SystemPromptEditor v-if="showSystemPrompt" 
+            <SystemPromptEditor v-if="showSystemPrompt && !($ai.requiresAuth && !$ai.auth)"
                 v-model="currentSystemPrompt" :prompts="prompts" :selected="selectedPrompt" />
 
             <!-- Messages Area -->
             <div class="flex-1 overflow-y-auto" ref="messagesContainer">
                 <div class="mx-auto max-w-6xl px-4 py-6">
                     <div v-if="$ai.requiresAuth && !$ai.auth">
-                        <SignIn @done="$ai.signIn($event)" />
+                        <OAuthSignIn v-if="$ai.authType === 'oauth'" @done="$ai.signIn($event)" />
+                        <SignIn v-else @done="$ai.signIn($event)" />
                     </div>
                     <!-- Welcome message when no thread is selected -->
                     <div v-else-if="!currentThread" class="text-center py-12">

llms/ui/OAuthSignIn.mjs

@@ -0,0 +1,92 @@
+import { inject, ref, onMounted } from "vue"
+import Welcome from './Welcome.mjs'
+
+export default {
+    components: {
+        Welcome,
+    },
+    template: `
+    <div class="min-h-full -mt-36 flex flex-col justify-center sm:px-6 lg:px-8">
+        <div class="sm:mx-auto sm:w-full sm:max-w-md text-center">
+            <Welcome />
+        </div>
+        <div class="sm:mx-auto sm:w-full sm:max-w-md">
+            <div v-if="errorMessage" class="mb-3 bg-red-50 border border-red-200 text-red-800 rounded-lg px-4 py-3">
+                <div class="flex items-start space-x-2">
+                    <div class="flex-1">
+                        <div class="text-base font-medium">{{ errorMessage }}</div>
+                    </div>
+                    <button type="button"
+                        @click="errorMessage = null"
+                        class="text-red-400 hover:text-red-600 flex-shrink-0"
+                    >
+                        <svg class="w-4 h-4" fill="currentColor" viewBox="0 0 20 20">
+                            <path fill-rule="evenodd" d="M4.293 4.293a1 1 0 011.414 0L10 8.586l4.293-4.293a1 1 0 111.414 1.414L11.414 10l4.293 4.293a1 1 0 01-1.414 1.414L10 11.414l-4.293 4.293a1 1 0 01-1.414-1.414L8.586 10 4.293 5.707a1 1 0 010-1.414z" clip-rule="evenodd"></path>
+                        </svg>
+                    </button>
+                </div>
+            </div>
+            <div class="py-8 px-4 sm:px-10">
+                <div class="space-y-4">
+                    <button 
+                        type="button"
+                        @click="signInWithGitHub"
+                        class="w-full inline-flex items-center justify-center px-4 py-3 border border-gray-300 rounded-md shadow-sm text-base font-medium text-gray-700 bg-white hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-gray-500 transition-colors"
+                    >
+                        <svg class="w-6 h-6 mr-3" fill="currentColor" viewBox="0 0 24 24" aria-hidden="true">
+                            <path fill-rule="evenodd" d="M12 2C6.477 2 2 6.484 2 12.017c0 4.425 2.865 8.18 6.839 9.504.5.092.682-.217.682-.483 0-.237-.008-.868-.013-1.703-2.782.605-3.369-1.343-3.369-1.343-.454-1.158-1.11-1.466-1.11-1.466-.908-.62.069-.608.069-.608 1.003.07 1.531 1.032 1.531 1.032.892 1.53 2.341 1.088 2.91.832.092-.647.35-1.088.636-1.338-2.22-.253-4.555-1.113-4.555-4.951 0-1.093.39-1.988 1.029-2.688-.103-.253-.446-1.272.098-2.65 0 0 .84-.27 2.75 1.026A9.564 9.564 0 0112 6.844c.85.004 1.705.115 2.504.337 1.909-1.296 2.747-1.027 2.747-1.027.546 1.379.202 2.398.1 2.651.64.7 1.028 1.595 1.028 2.688 0 3.848-2.339 4.695-4.566 4.943.359.309.678.92.678 1.855 0 1.338-.012 2.419-.012 2.747 0 .268.18.58.688.482A10.019 10.019 0 0022 12.017C22 6.484 17.522 2 12 2z" clip-rule="evenodd" />
+                        </svg>
+                        Sign in with GitHub
+                    </button>
+                </div>
+            </div>
+        </div>
+    </div>     
+    `,
+    emits: ['done'],
+    setup(props, { emit }) {
+        const ai = inject('ai')
+        const errorMessage = ref(null)
+        
+        function signInWithGitHub() {
+            // Redirect to GitHub OAuth endpoint
+            window.location.href = '/auth/github'
+        }
+        
+        // Check for session token in URL (after OAuth callback redirect)
+        onMounted(async () => {
+            const urlParams = new URLSearchParams(window.location.search)
+            const sessionToken = urlParams.get('session')
+            
+            if (sessionToken) {
+                try {
+                    // Validate session with server
+                    const response = await ai.get(`/auth/session?session=${sessionToken}`)
+                    
+                    if (response.ok) {
+                        const sessionData = await response.json()
+                        
+                        // Clean up URL
+                        const url = new URL(window.location.href)
+                        url.searchParams.delete('session')
+                        window.history.replaceState({}, '', url.toString())
+                        
+                        // Emit done event with session data
+                        emit('done', sessionData)
+                    } else {
+                        errorMessage.value = 'Failed to validate session'
+                    }
+                } catch (error) {
+                    console.error('Session validation error:', error)
+                    errorMessage.value = 'Failed to validate session'
+                }
+            }
+        })
+        
+        return {
+            signInWithGitHub,
+            errorMessage,
+        }
+    }
+}
+

llms/ui/ai.mjs

@@ -6,12 +6,13 @@ const headers = { 'Accept': 'application/json' }
 const prefsKey = 'llms.prefs'
 
 export const o = {
-    version: '2.0.25',
+    version: '2.0.26',
     base,
     prefsKey,
     welcome: 'Welcome to llms.py',
     auth: null,
     requiresAuth: false,
+    authType: 'apikey',  // 'oauth' or 'apikey' - controls which SignIn component to use
     headers,
     
     resolveUrl(url){
@@ -50,26 +51,88 @@ export const o = {
         this.auth = auth
         if (auth?.apiKey) {
             this.headers.Authorization = `Bearer ${auth.apiKey}`
-        } else if (this.headers.Authorization) {
+            //localStorage.setItem('llms:auth', JSON.stringify({ apiKey: auth.apiKey }))
+        } else if (auth?.sessionToken) {
+            this.headers['X-Session-Token'] = auth.sessionToken
+            localStorage.setItem('llms:auth', JSON.stringify({ sessionToken: auth.sessionToken }))
+        } else {
+            if (this.headers.Authorization) {
+                delete this.headers.Authorization
+            }
+            if (this.headers['X-Session-Token']) {
+                delete this.headers['X-Session-Token']
+            }
+        }
+    },
+    async signOut() {
+        if (this.auth?.sessionToken) {
+            // Call logout endpoint for OAuth sessions
+            try {
+                await this.post('/auth/logout', {
+                    headers: {
+                        'X-Session-Token': this.auth.sessionToken
+                    }
+                })
+            } catch (error) {
+                console.error('Logout error:', error)
+            }
+        }
+        this.auth = null
+        if (this.headers.Authorization) {
             delete this.headers.Authorization
         }
+        if (this.headers['X-Session-Token']) {
+            delete this.headers['X-Session-Token']
+        }
+        localStorage.removeItem('llms:auth')
     },
     async init() {
         // Load models and prompts
         const { initDB } = useThreadStore()
-        const [_, configRes, modelsRes, authRes] = await Promise.all([
+        const [_, configRes, modelsRes] = await Promise.all([
             initDB(),
             this.getConfig(),
             this.getModels(),
-            this.getAuth(),
         ])
         const config = await configRes.json()
         const models = await modelsRes.json()
-        const auth = this.requiresAuth 
+
+        // Update auth settings from server config
+        if (config.requiresAuth != null) {
+            this.requiresAuth = config.requiresAuth
+        }
+        if (config.authType != null) {
+            this.authType = config.authType
+        }
+
+        // Try to restore session from localStorage
+        if (this.requiresAuth) {
+            const storedAuth = localStorage.getItem('llms:auth')
+            if (storedAuth) {
+                try {
+                    const authData = JSON.parse(storedAuth)
+                    if (authData.sessionToken) {
+                        this.headers['X-Session-Token'] = authData.sessionToken
+                    } 
+                    // else if (authData.apiKey) {
+                    //     this.headers.Authorization = `Bearer ${authData.apiKey}`
+                    // }
+                } catch (e) {
+                    console.error('Failed to restore auth from localStorage:', e)
+                    localStorage.removeItem('llms:auth')
+                }
+            }
+        }
+
+        // Get auth status
+        const authRes = await this.getAuth()
+        const auth = this.requiresAuth
             ? await authRes.json()
             : null
         if (auth?.responseStatus?.errorCode) {
             console.error(auth.responseStatus.errorCode, auth.responseStatus.message)
+            // Clear invalid session from localStorage
+            localStorage.removeItem('llms:auth')
         } else {
             this.signIn(auth)
         }

llms/ui/app.css

@@ -426,6 +426,9 @@
   .-mt-12 {
     margin-top: calc(var(--spacing) * -12);
   }
+  .-mt-36 {
+    margin-top: calc(var(--spacing) * -36);
+  }
   .mt-1 {
     margin-top: calc(var(--spacing) * 1);
   }
@@ -662,6 +665,9 @@
   .w-32 {
     width: calc(var(--spacing) * 32);
   }
+  .w-48 {
+    width: calc(var(--spacing) * 48);
+  }
   .w-72 {
     width: calc(var(--spacing) * 72);
   }
@@ -852,6 +858,13 @@
       margin-block-end: calc(calc(var(--spacing) * 1) * calc(1 - var(--tw-space-y-reverse)));
     }
   }
+  .space-y-4 {
+    :where(& > :not(:last-child)) {
+      --tw-space-y-reverse: 0;
+      margin-block-start: calc(calc(var(--spacing) * 4) * var(--tw-space-y-reverse));
+      margin-block-end: calc(calc(var(--spacing) * 4) * calc(1 - var(--tw-space-y-reverse)));
+    }
+  }
   .space-y-6 {
     :where(& > :not(:last-child)) {
       --tw-space-y-reverse: 0;
@@ -1431,6 +1444,9 @@
   .break-words {
     overflow-wrap: break-word;
   }
+  .text-ellipsis {
+    text-overflow: ellipsis;
+  }
   .whitespace-nowrap {
     white-space: nowrap;
   }
@@ -2214,6 +2230,21 @@
       }
     }
   }
+  .hover\:ring-2 {
+    &:hover {
+      @media (hover: hover) {
+        --tw-ring-shadow: var(--tw-ring-inset,) 0 0 0 calc(2px + var(--tw-ring-offset-width)) var(--tw-ring-color, hsl(var(--ring)));
+        box-shadow: var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow);
+      }
+    }
+  }
+  .hover\:ring-gray-300 {
+    &:hover {
+      @media (hover: hover) {
+        --tw-ring-color: var(--color-gray-300);
+      }
+    }
+  }
   .hover\:file\:bg-violet-100 {
     &:hover {
       @media (hover: hover) {
@@ -2292,6 +2323,11 @@
       --tw-ring-color: var(--color-cyan-500);
     }
   }
+  .focus\:ring-gray-500 {
+    &:focus {
+      --tw-ring-color: var(--color-gray-500);
+    }
+  }
   .focus\:ring-green-500 {
     &:focus {
       --tw-ring-color: var(--color-green-500);

{llms_py-2.0.25.dist-info → llms_py-2.0.26.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: llms-py
-Version: 2.0.25
+Version: 2.0.26
 Summary: A lightweight CLI tool and OpenAI-compatible server for querying multiple Large Language Model (LLM) providers
 Home-page: https://github.com/ServiceStack/llms
 Author: ServiceStack
@@ -111,56 +111,7 @@ test the response times for all configured providers and models, the results of
 pip install llms-py
 ```
 
-### Using Docker
-
-**a) Simple - Run in a Docker container:**
-
-Run the server on port `8000`:
-
-```bash
-docker run -p 8000:8000 -e GROQ_API_KEY=$GROQ_API_KEY ghcr.io/servicestack/llms:latest
-```
-
-Get the latest version:
-
-```bash
-docker pull ghcr.io/servicestack/llms:latest
-```
-
-Use custom `llms.json` and `ui.json` config files outside of the container (auto created if they don't exist):
-
-```bash
-docker run -p 8000:8000 -e GROQ_API_KEY=$GROQ_API_KEY \
-  -v ~/.llms:/home/llms/.llms \
-  ghcr.io/servicestack/llms:latest
-```
-
-**b) Recommended - Use Docker Compose:**
-
-Download and use [docker-compose.yml](https://raw.githubusercontent.com/ServiceStack/llms/refs/heads/main/docker-compose.yml):
-
-```bash
-curl -O https://raw.githubusercontent.com/ServiceStack/llms/refs/heads/main/docker-compose.yml
-```
-
-Update API Keys in `docker-compose.yml` then start the server:
-
-```bash
-docker-compose up -d
-```
-
-**c) Build and run local Docker image from source:**
-
-```bash
-git clone https://github.com/ServiceStack/llms
-
-docker-compose -f docker-compose.local.yml up -d --build
-```
-
-After the container starts, you can access the UI and API at `http://localhost:8000`.
-
-
-See [DOCKER.md](DOCKER.md) for detailed instructions on customizing configuration files.
+- [Using Docker](#using-docker)
 
 ## Quick Start
 
@@ -224,6 +175,63 @@ llms --disable openrouter_free codestral google_free groq
 llms --enable openrouter anthropic google openai grok z.ai qwen mistral
 ```
 
+## Using Docker
+
+#### a) Simple - Run in a Docker container:
+
+Run the server on port `8000`:
+
+```bash
+docker run -p 8000:8000 -e GROQ_API_KEY=$GROQ_API_KEY ghcr.io/servicestack/llms:latest
+```
+
+Get the latest version:
+
+```bash
+docker pull ghcr.io/servicestack/llms:latest
+```
+
+Use custom `llms.json` and `ui.json` config files outside of the container (auto created if they don't exist):
+
+```bash
+docker run -p 8000:8000 -e GROQ_API_KEY=$GROQ_API_KEY \
+  -v ~/.llms:/home/llms/.llms \
+  ghcr.io/servicestack/llms:latest
+```
+
+#### b) Recommended - Use Docker Compose:
+
+Download and use [docker-compose.yml](https://raw.githubusercontent.com/ServiceStack/llms/refs/heads/main/docker-compose.yml):
+
+```bash
+curl -O https://raw.githubusercontent.com/ServiceStack/llms/refs/heads/main/docker-compose.yml
+```
+
+Update API Keys in `docker-compose.yml` then start the server:
+
+```bash
+docker-compose up -d
+```
+
+#### c) Build and run local Docker image from source:
+
+```bash
+git clone https://github.com/ServiceStack/llms
+
+docker-compose -f docker-compose.local.yml up -d --build
+```
+
+After the container starts, you can access the UI and API at `http://localhost:8000`.
+
+
+See [DOCKER.md](DOCKER.md) for detailed instructions on customizing configuration files.
+
+## GitHub OAuth Authentication
+
+llms.py supports optional GitHub OAuth authentication to secure your web UI and API endpoints. When enabled, users must sign in with their GitHub account before accessing the application.
+
+See [GITHUB_OAUTH_SETUP.md](GITHUB_OAUTH_SETUP.md) for detailed setup instructions.
+
 ## Configuration
 
 The configuration file [llms.json](llms/llms.json) is saved to `~/.llms/llms.json` and defines available providers, models, and default settings. Key sections:

{llms_py-2.0.25.dist-info → llms_py-2.0.26.dist-info}/RECORD

@@ -1,16 +1,17 @@
 llms/__init__.py,sha256=Mk6eHi13yoUxLlzhwfZ6A1IjsfSQt9ShhOdbLXTvffU,53
 llms/__main__.py,sha256=hrBulHIt3lmPm1BCyAEVtB6DQ0Hvc3gnIddhHCmJasg,151
 llms/index.html,sha256=OA9mRmgh-dQrPqb0Z2Jv-cwEZ3YLPRxcWUN7ASjxO8s,2658
-llms/llms.json,sha256=6ZXd08HsxN9KX_gplD2UsxNKqZ8JxOl5TWDR2lIH07g,40779
-llms/main.py,sha256=49ayMoH5IlOOeV4lEOqE3sGU9_ooMJLhadDmDhT4gnE,71372
+llms/llms.json,sha256=AFGc5-6gWH_czvz0dvkIRPFxkiZluaOwZBBScCVd5HU,41103
+llms/main.py,sha256=yPY7xeVPhvPz3nHd34svZrqD5aOWEDRepotXTapwoAE,82441
 llms/ui.json,sha256=iBOmpNeD5-o8AgUa51ymS-KemovJ7bm9J1fnL0nf8jk,134025
 llms/ui/Analytics.mjs,sha256=mAS5AUQjpnEIMyzGzOGE6fZxwxoVyq5QCitYQSSCEpQ,69151
-llms/ui/App.mjs,sha256=hXtUjaL3GrcIHieEK3BzIG72OVzrorBBS4RkE1DOGc4,439
-llms/ui/Avatar.mjs,sha256=3rHpxe_LuCDiNP895F3FOjWx4j377JA9rD1FLluvtgA,851
+llms/ui/App.mjs,sha256=fcDx0psdr4NFgkxotPVwC_uYbUHy1BoKxQWcOi3SMbM,631
+llms/ui/Avatar.mjs,sha256=TgouwV9bN-Ou1Tf2zCDtVaRiUB21TXZZPFCTlFL-xxQ,3387
 llms/ui/Brand.mjs,sha256=0NN2JBLUC0OWERuLz9myrimlcA7v7D5B_EMd0sQQVDo,1905
 llms/ui/ChatPrompt.mjs,sha256=85O_kLVKWbbUDOUlvkuAineam_jrd6lzrj4O00p1XOg,21172
-llms/ui/Main.mjs,sha256=3Q6oR-F907EbDn-pv_SDPnErDMJcpOFgnze323lyhIs,40450
+llms/ui/Main.mjs,sha256=8-LcEhAbB-HWDHtn0z1DFjgOsWvkcfEQqSUlhWozAVk,40745
 llms/ui/ModelSelector.mjs,sha256=ASLTUaqig3cDMiGup01rpubC2RrrZvPd8IFrYcK8GyQ,2565
+llms/ui/OAuthSignIn.mjs,sha256=4_j4IYzpw9P1ppzxn2QZJQksh9VB6Rfzg6Nf-TfXWSA,4701
 llms/ui/ProviderIcon.mjs,sha256=HTjlgtXEpekn8iNN_S0uswbbvL0iGb20N15-_lXdojk,9054
 llms/ui/ProviderStatus.mjs,sha256=qF_rPdhyt9GffKdPCJdU0yanrDJ3cw1HLPygFP_KjEs,5744
 llms/ui/Recents.mjs,sha256=hmj7V-RXVw-DqMXjUr3OhFHTYQTkvkEhuNEDTGBf3Qw,8448
@@ -20,8 +21,8 @@ llms/ui/SignIn.mjs,sha256=df3b-7L3ZIneDGbJWUk93K9RGo40gVeuR5StzT1ZH9g,2324
 llms/ui/SystemPromptEditor.mjs,sha256=2CyIUvkIubqYPyIp5zC6_I8CMxvYINuYNjDxvMz4VRU,1265
 llms/ui/SystemPromptSelector.mjs,sha256=AuEtRwUf_RkGgene3nVA9bw8AeMb-b5_6ZLJCTWA8KQ,3051
 llms/ui/Welcome.mjs,sha256=QFAxN7sjWlhMvOIJCmHjNFCQcvpM_T-b4ze1ld9Hj7I,912
-llms/ui/ai.mjs,sha256=uQlTN0SdfC6n8erPfS6j6NwCpCPvfv3ewEUFtDk9UZY,2346
-llms/ui/app.css,sha256=e81FHQ-K7TlS7Cr2x_CCHqrvmVvg9I-m0InLQHRT_Dg,98992
+llms/ui/ai.mjs,sha256=oXfMQ7kCTm8PFq2bOs7flr5tn9PJa36mAyBg2L4SDIg,4768
+llms/ui/app.css,sha256=dYJ83FUYz_j31nxaKKT25xgrYFcoJ0h9ybLum9_VouA,100019
 llms/ui/fav.svg,sha256=_R6MFeXl6wBFT0lqcUxYQIDWgm246YH_3hSTW0oO8qw,734
 llms/ui/markdown.mjs,sha256=O5UspOeD8-E23rxOLWcS4eyy2YejMbPwszCYteVtuoU,6221
 llms/ui/tailwind.input.css,sha256=yo_3A50uyiVSUHUWeqAMorXMhCWpZoE5lTO6OJIFlYg,11974
@@ -39,9 +40,9 @@ llms/ui/lib/servicestack-vue.mjs,sha256=r_-khYokisXJAIPDLh8Wq6YtcLAY6HNjtJlCZJjL
 llms/ui/lib/vue-router.min.mjs,sha256=fR30GHoXI1u81zyZ26YEU105pZgbbAKSXbpnzFKIxls,30418
 llms/ui/lib/vue.min.mjs,sha256=iXh97m5hotl0eFllb3aoasQTImvp7mQoRJ_0HoxmZkw,163811
 llms/ui/lib/vue.mjs,sha256=dS8LKOG01t9CvZ04i0tbFXHqFXOO_Ha4NmM3BytjQAs,537071
-llms_py-2.0.25.dist-info/licenses/LICENSE,sha256=bus9cuAOWeYqBk2OuhSABVV1P4z7hgrEFISpyda_H5w,1532
-llms_py-2.0.25.dist-info/METADATA,sha256=QZtFwWTYyu0Swd4RbeyaPL4jc927X46lD2JEwMtf4ME,35942
-llms_py-2.0.25.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-llms_py-2.0.25.dist-info/entry_points.txt,sha256=WswyE7PfnkZMIxboC-MS6flBD6wm-CYU7JSUnMhqMfM,40
-llms_py-2.0.25.dist-info/top_level.txt,sha256=gC7hk9BKSeog8gyg-EM_g2gxm1mKHwFRfK-10BxOsa4,5
-llms_py-2.0.25.dist-info/RECORD,,
+llms_py-2.0.26.dist-info/licenses/LICENSE,sha256=bus9cuAOWeYqBk2OuhSABVV1P4z7hgrEFISpyda_H5w,1532
+llms_py-2.0.26.dist-info/METADATA,sha256=gKYhj_tL1Mw6HZLDKYYrQneBXoqlQy-aHp4ctWiIQYo,36283
+llms_py-2.0.26.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+llms_py-2.0.26.dist-info/entry_points.txt,sha256=WswyE7PfnkZMIxboC-MS6flBD6wm-CYU7JSUnMhqMfM,40
+llms_py-2.0.26.dist-info/top_level.txt,sha256=gC7hk9BKSeog8gyg-EM_g2gxm1mKHwFRfK-10BxOsa4,5
+llms_py-2.0.26.dist-info/RECORD,,