llms-py 3.0.24__py3-none-any.whl → 3.0.26__py3-none-any.whl

llms/main.py

@@ -17,7 +17,6 @@ import json
 import mimetypes
 import os
 import re
-import secrets
 import shlex
 import shutil
 import site
@@ -45,7 +44,7 @@ from typing import (
     get_origin,
     get_type_hints,
 )
-from urllib.parse import parse_qs, urlencode, urljoin
+from urllib.parse import parse_qs, urljoin
 
 import aiohttp
 from aiohttp import web
@@ -57,12 +56,16 @@ try:
 except ImportError:
     HAS_PIL = False
 
-VERSION = "3.0.24"
 _ROOT = None
+VERSION = "3.0.26"
 DEBUG = os.getenv("DEBUG") == "1"
 MOCK = os.getenv("MOCK") == "1"
 MOCK_DIR = os.getenv("MOCK_DIR")
 DISABLE_EXTENSIONS = (os.getenv("LLMS_DISABLE") or "").split(",")
+DEFAULT_LIMITS = {
+    "client_timeout": 120,
+    "client_max_size": 20971520,
+}
 g_config_path = None
 g_config = None
 g_providers = None
@@ -70,8 +73,6 @@ g_handlers = {}
 g_verbose = False
 g_logprefix = ""
 g_default_model = ""
-g_sessions = {}  # OAuth session storage: {session_token: {userId, userName, displayName, profileUrl, email, created}}
-g_oauth_states = {}  # CSRF protection: {state: {created, redirect_uri}}
 g_app = None  # ExtensionsContext Singleton
 
 
@@ -478,7 +479,7 @@ async def download_file(url):
 
 async def session_download_file(session, url, default_mimetype="application/octet-stream"):
     try:
-        async with session.get(url, timeout=aiohttp.ClientTimeout(total=120)) as response:
+        async with session.get(url, timeout=get_client_timeout()) as response:
             response.raise_for_status()
             content = await response.read()
             mimetype = response.headers.get("Content-Type")
@@ -1297,7 +1298,7 @@ class OpenAiCompatible:
         async with aiohttp.ClientSession() as session:
             started_at = time.time()
             async with session.post(
-                self.chat_url, headers=self.headers, data=json.dumps(chat), timeout=aiohttp.ClientTimeout(total=120)
+                self.chat_url, headers=self.headers, data=json.dumps(chat), timeout=get_client_timeout()
             ) as response:
                 chat["metadata"] = metadata
                 return self.to_response(await response_json(response), chat, started_at, context=context)
@@ -1364,7 +1365,7 @@ class OllamaProvider(OpenAiCompatible):
             async with aiohttp.ClientSession() as session:
                 _log(f"GET {self.api}/api/tags")
                 async with session.get(
-                    f"{self.api}/api/tags", headers=self.headers, timeout=aiohttp.ClientTimeout(total=120)
+                    f"{self.api}/api/tags", headers=self.headers, timeout=get_client_timeout()
                 ) as response:
                     data = await response_json(response)
                     for model in data.get("models", []):
@@ -1425,7 +1426,7 @@ class LMStudioProvider(OllamaProvider):
             async with aiohttp.ClientSession() as session:
                 _log(f"GET {self.api}/models")
                 async with session.get(
-                    f"{self.api}/models", headers=self.headers, timeout=aiohttp.ClientTimeout(total=120)
+                    f"{self.api}/models", headers=self.headers, timeout=get_client_timeout()
                 ) as response:
                     data = await response_json(response)
                     for model in data.get("data", []):
@@ -1762,6 +1763,15 @@ def convert_tool_args(function_name, function_args):
 
     return function_args
 
+def get_tool_property(function_name, prop_name):
+    tool_def = g_app.get_tool_definition(function_name)
+    if not tool_def:
+        return None
+    if "function" in tool_def and "parameters" in tool_def["function"]:
+        parameters = tool_def.get("function", {}).get("parameters")
+        properties = parameters.get("properties", {})
+        return properties.get(prop_name)
+    return None
 
 async def g_exec_tool(function_name, function_args):
     _log(f"g_exec_tool: {function_name}")
@@ -1916,6 +1926,8 @@ async def g_chat_completion(chat, context=None):
                         except Exception as e:
                             tool_result = f"Error: Failed to parse JSON arguments for tool '{function_name}': {to_error_message(e)}"
                         else:
+                            if "user" in context and get_tool_property(function_name, "user"):
+                                function_args["user"] = context["user"]
                             tool_result, resources = await g_exec_tool(function_name, function_args)
 
                         # Append tool result to history
@@ -2790,8 +2802,45 @@ async def watch_config_files(config_path, providers_path, interval=1):
             pass
 
 
-def get_session_token(request):
-    return request.query.get("session") or request.headers.get("X-Session-Token") or request.cookies.get("llms-token")
+class AuthProvider:
+    def __init__(self, app):
+        self.app = app
+
+    def get_session_token(self, request: web.Request):
+        return (
+            request.query.get("session") or request.headers.get("X-Session-Token") or request.cookies.get("llms-token")
+        )
+
+    def get_session(self, request: web.Request) -> Optional[Dict[str, Any]]:
+        session_token = self.get_session_token(request)
+        # _dbg(
+        #     f"Session token: {session_token} / {len(self.app.sessions)} sessions = {session_token in self.app.sessions}"
+        # )
+
+        if not session_token or session_token not in self.app.sessions:
+            return None
+
+        session_data = self.app.sessions[session_token]
+        return session_data
+
+    def get_username(self, request: web.Request) -> Optional[str]:
+        session = self.get_session(request)
+        if session:
+            return session.get("userName")
+        return None
+
+    def check_auth(self, request: web.Request) -> Tuple[bool, Optional[Dict[str, Any]]]:
+        """Check if request is authenticated. Returns (is_authenticated, user_data)"""
+        session = self.get_session(request)
+        if session:
+            return True, session
+        return False, None
+
+
+def get_client_timeout(app=None):
+    app = app or g_app
+    timeout = app.limits.get("client_timeout", 120) if app else 120
+    return aiohttp.ClientTimeout(total=timeout)
 
 
 class AppExtensions:
@@ -2803,6 +2852,7 @@ class AppExtensions:
         self.cli_args = cli_args
         self.extra_args = extra_args
         self.config = None
+        self.limits = DEFAULT_LIMITS
         self.error_auth_required = create_error_response("Authentication required", "Unauthorized")
         self.ui_extensions = []
         self.chat_request_filters = []
@@ -2824,6 +2874,9 @@ class AppExtensions:
         self.index_headers = []
         self.index_footers = []
         self.allowed_directories = []
+        self.auth_providers = []
+        self.sessions = {}  # OAuth session storage: {session_token: {userId, userName, displayName, profileUrl, email, created}}
+        self.oauth_states = {}  # CSRF protection: {state: {created, redirect_uri}}
         self.request_args = {
             "image_config": dict,  # e.g. { "aspect_ratio": "1:1" }
             "temperature": float,  # e.g: 0.7
@@ -2879,7 +2932,12 @@ class AppExtensions:
 
     def set_config(self, config: Dict[str, Any]):
         self.config = config
-        self.auth_enabled = self.config.get("auth", {}).get("enabled", False)
+        self.limits = self.config.get("limits", DEFAULT_LIMITS)
+        self.limits["client_timeout"] = self.limits.get("client_timeout", 120)
+        self.limits["client_max_size"] = self.limits.get("client_max_size", 20971520)
+
+    def get_client_timeout(self):
+        return get_client_timeout(self)
 
     def set_allowed_directories(
         self, directories: List[Annotated[str, "List of absolute paths that are allowed to be accessed."]]
@@ -2897,40 +2955,46 @@ class AppExtensions:
         """Get the list of allowed directories."""
         return self.allowed_directories
 
-    # Authentication middleware helper
-    def check_auth(self, request: web.Request) -> Tuple[bool, Optional[Dict[str, Any]]]:
-        """Check if request is authenticated. Returns (is_authenticated, user_data)"""
-        if not self.auth_enabled:
-            return True, None
+    def add_auth_provider(self, auth_provider: AuthProvider) -> None:
+        """Add an authentication provider."""
+        self.auth_providers.append(auth_provider)
 
-        # Check for OAuth session token
-        session_token = get_session_token(request)
-        if session_token and session_token in g_sessions:
-            return True, g_sessions[session_token]
-
-        # Check for API key
-        auth_header = request.headers.get("Authorization", "")
-        if auth_header.startswith("Bearer "):
-            api_key = auth_header[7:]
-            if api_key:
-                return True, {"authProvider": "apikey"}
-
-        return False, None
+    def is_auth_enabled(self) -> bool:
+        return len(self.auth_providers) > 0
 
     def get_session(self, request: web.Request) -> Optional[Dict[str, Any]]:
-        session_token = get_session_token(request)
+        for auth_provider in self.auth_providers:
+            session = auth_provider.get_session(request)
+            if session:
+                return session
+            return None
 
-        if not session_token or session_token not in g_sessions:
+    def get_username(self, request: web.Request) -> Optional[str]:
+        for auth_provider in self.auth_providers:
+            username = auth_provider.get_username(request)
+            if username:
+                return username
             return None
 
-        session_data = g_sessions[session_token]
-        return session_data
+    def assert_username(self, request: web.Request) -> str:
+        if not self.is_auth_enabled():
+            return None
+        username = self.get_username(request)
+        if not username:
+            raise Exception("Authentication required")
+        return username
 
-    def get_username(self, request: web.Request) -> Optional[str]:
-        session = self.get_session(request)
-        if session:
-            return session.get("userName")
-        return None
+    def check_auth(self, request: web.Request) -> Tuple[bool, Optional[Dict[str, Any]]]:
+        """Check if request is authenticated. Returns (is_authenticated, user_data)"""
+        if len(self.auth_providers) == 0:
+            return True, None
+
+        for auth_provider in self.auth_providers:
+            is_authenticated, user_data = auth_provider.check_auth(request)
+            if is_authenticated:
+                return True, user_data
+
+        return False, None
 
     def get_user_path(self, username: Optional[str] = None) -> str:
         if username:
@@ -3032,6 +3096,8 @@ def handler_name(handler):
 class ExtensionContext:
     def __init__(self, app: AppExtensions, path: str):
         self.app = app
+        self.config = app.config
+        self.limits = app.limits
         self.cli_args = app.cli_args
         self.extra_args = app.extra_args
         self.error_auth_required = app.error_auth_required
@@ -3046,8 +3112,33 @@ class ExtensionContext:
         self.verbose = g_verbose
         self.aspect_ratios = app.aspect_ratios
         self.request_args = app.request_args
+        self.sessions = app.sessions
+        self.oauth_states = app.oauth_states
         self.disabled = False
 
+    def get_client_timeout(self):
+        return self.app.get_client_timeout()
+
+    def add_auth_provider(self, auth_provider: AuthProvider) -> None:
+        """Add an authentication provider."""
+        self.app.add_auth_provider(auth_provider)
+        self.log(f"Added Auth Provider: {auth_provider.__class__.__name__}, Authentication is now enabled")
+
+    def is_auth_enabled(self) -> bool:
+        return self.app.is_auth_enabled()
+
+    def get_session(self, request: web.Request) -> Optional[Dict[str, Any]]:
+        return self.app.get_session(request)
+
+    def get_username(self, request: web.Request) -> Optional[str]:
+        return self.app.get_username(request)
+
+    def assert_username(self, request: web.Request) -> Optional[str]:
+        return self.app.assert_username(request)
+
+    def check_auth(self, request: web.Request) -> Tuple[bool, Optional[Dict[str, Any]]]:
+        return self.app.check_auth(request)
+
     def set_allowed_directories(
         self, directories: List[Annotated[str, "List of absolute paths that are allowed to be accessed."]]
     ) -> None:
@@ -3129,6 +3220,9 @@ class ExtensionContext:
     def error_response(self, e: Exception, stacktrace: bool = False) -> Dict[str, Any]:
         return to_error_response(e, stacktrace=stacktrace)
 
+    def create_error_response(self, message, error_code="Error", stack_trace=None):
+        return create_error_response(message, error_code, stack_trace)
+
     def add_provider(self, provider: Any):
         self.log(f"Registered provider: {provider.__name__}")
         self.app.all_providers.append(provider)
@@ -3983,33 +4077,11 @@ def cli_exec(cli_args, extra_args):
         port = int(cli_args.serve)
 
         # Validate auth configuration if enabled
-        auth_enabled = g_config.get("auth", {}).get("enabled", False)
-        if auth_enabled:
-            github_config = g_config.get("auth", {}).get("github", {})
-            client_id = github_config.get("client_id", "")
-            client_secret = github_config.get("client_secret", "")
-
-            # Expand environment variables
-            if client_id.startswith("$"):
-                client_id = client_id[1:]
-            if client_secret.startswith("$"):
-                client_secret = client_secret[1:]
-
-            client_id = os.getenv(client_id, client_id)
-            client_secret = os.getenv(client_secret, client_secret)
-
-            if (
-                not client_id
-                or not client_secret
-                or client_id == "GITHUB_CLIENT_ID"
-                or client_secret == "GITHUB_CLIENT_SECRET"
-            ):
-                print("ERROR: Authentication is enabled but GitHub OAuth is not properly configured.")
-                print("Please set GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET environment variables,")
-                print("or disable authentication by setting 'auth.enabled' to false in llms.json")
-                return ExitCode.FAILED
-
-            _log("Authentication enabled - GitHub OAuth configured")
+        if g_config.get("auth", {}).get("enabled", False):
+            print("ERROR: GitHub Authentication has moved to the github_auth extension.")
+            print("Please remove the auth configuration from llms.json.")
+            print("Learn more: https://llmspy.org/docs/deployment/github-oauth")
+            return ExitCode.FAILED
 
         client_max_size = g_config.get("limits", {}).get(
             "client_max_size", 20 * 1024 * 1024
@@ -4226,236 +4298,6 @@ def cli_exec(cli_args, extra_args):
 
         app.router.add_get("/~cache/{tail:.*}", cache_handler)
 
-        # OAuth handlers
-        async def github_auth_handler(request):
-            """Initiate GitHub OAuth flow"""
-            if "auth" not in g_config or "github" not in g_config["auth"]:
-                return web.json_response(create_error_response("GitHub OAuth not configured"), status=500)
-
-            auth_config = g_config["auth"]["github"]
-            client_id = auth_config.get("client_id", "")
-            redirect_uri = auth_config.get("redirect_uri", "")
-
-            # Expand environment variables
-            if client_id.startswith("$"):
-                client_id = client_id[1:]
-            if redirect_uri.startswith("$"):
-                redirect_uri = redirect_uri[1:]
-
-            client_id = os.getenv(client_id, client_id)
-            redirect_uri = os.getenv(redirect_uri, redirect_uri)
-
-            if not client_id:
-                return web.json_response(create_error_response("GitHub client_id not configured"), status=500)
-
-            # Generate CSRF state token
-            state = secrets.token_urlsafe(32)
-            g_oauth_states[state] = {"created": time.time(), "redirect_uri": redirect_uri}
-
-            # Clean up old states (older than 10 minutes)
-            current_time = time.time()
-            expired_states = [s for s, data in g_oauth_states.items() if current_time - data["created"] > 600]
-            for s in expired_states:
-                del g_oauth_states[s]
-
-            # Build GitHub authorization URL
-            params = {
-                "client_id": client_id,
-                "redirect_uri": redirect_uri,
-                "state": state,
-                "scope": "read:user user:email",
-            }
-            auth_url = f"https://github.com/login/oauth/authorize?{urlencode(params)}"
-
-            return web.HTTPFound(auth_url)
-
-        def validate_user(github_username):
-            auth_config = g_config["auth"]["github"]
-            # Check if user is restricted
-            restrict_to = auth_config.get("restrict_to", "")
-
-            # Expand environment variables
-            if restrict_to.startswith("$"):
-                restrict_to = restrict_to[1:]
-
-            restrict_to = os.getenv(restrict_to, None if restrict_to == "GITHUB_USERS" else restrict_to)
-
-            # If restrict_to is configured, validate the user
-            if restrict_to:
-                # Parse allowed users (comma or space delimited)
-                allowed_users = [u.strip() for u in re.split(r"[,\s]+", restrict_to) if u.strip()]
-
-                # Check if user is in the allowed list
-                if not github_username or github_username not in allowed_users:
-                    _log(f"Access denied for user: {github_username}. Not in allowed list: {allowed_users}")
-                    return web.Response(
-                        text=f"Access denied. User '{github_username}' is not authorized to access this application.",
-                        status=403,
-                    )
-            return None
-
-        async def github_callback_handler(request):
-            """Handle GitHub OAuth callback"""
-            code = request.query.get("code")
-            state = request.query.get("state")
-
-            # Handle malformed URLs where query params are appended with & instead of ?
-            if not code and "tail" in request.match_info:
-                tail = request.match_info["tail"]
-                if tail.startswith("&"):
-                    params = parse_qs(tail[1:])
-                    code = params.get("code", [None])[0]
-                    state = params.get("state", [None])[0]
-
-            if not code or not state:
-                return web.Response(text="Missing code or state parameter", status=400)
-
-            # Verify state token (CSRF protection)
-            if state not in g_oauth_states:
-                return web.Response(text="Invalid state parameter", status=400)
-
-            g_oauth_states.pop(state)
-
-            if "auth" not in g_config or "github" not in g_config["auth"]:
-                return web.json_response(create_error_response("GitHub OAuth not configured"), status=500)
-
-            auth_config = g_config["auth"]["github"]
-            client_id = auth_config.get("client_id", "")
-            client_secret = auth_config.get("client_secret", "")
-            redirect_uri = auth_config.get("redirect_uri", "")
-
-            # Expand environment variables
-            if client_id.startswith("$"):
-                client_id = client_id[1:]
-            if client_secret.startswith("$"):
-                client_secret = client_secret[1:]
-            if redirect_uri.startswith("$"):
-                redirect_uri = redirect_uri[1:]
-
-            client_id = os.getenv(client_id, client_id)
-            client_secret = os.getenv(client_secret, client_secret)
-            redirect_uri = os.getenv(redirect_uri, redirect_uri)
-
-            if not client_id or not client_secret:
-                return web.json_response(create_error_response("GitHub OAuth credentials not configured"), status=500)
-
-            # Exchange code for access token
-            async with aiohttp.ClientSession() as session:
-                token_url = "https://github.com/login/oauth/access_token"
-                token_data = {
-                    "client_id": client_id,
-                    "client_secret": client_secret,
-                    "code": code,
-                    "redirect_uri": redirect_uri,
-                }
-                headers = {"Accept": "application/json"}
-
-                async with session.post(token_url, data=token_data, headers=headers) as resp:
-                    token_response = await resp.json()
-                    access_token = token_response.get("access_token")
-
-                    if not access_token:
-                        error = token_response.get("error_description", "Failed to get access token")
-                        return web.json_response(create_error_response(f"OAuth error: {error}"), status=400)
-
-                # Fetch user info
-                user_url = "https://api.github.com/user"
-                headers = {"Authorization": f"Bearer {access_token}", "Accept": "application/json"}
-
-                async with session.get(user_url, headers=headers) as resp:
-                    user_data = await resp.json()
-
-                # Validate user
-                error_response = validate_user(user_data.get("login", ""))
-                if error_response:
-                    return error_response
-
-            # Create session
-            session_token = secrets.token_urlsafe(32)
-            g_sessions[session_token] = {
-                "userId": str(user_data.get("id", "")),
-                "userName": user_data.get("login", ""),
-                "displayName": user_data.get("name", ""),
-                "profileUrl": user_data.get("avatar_url", ""),
-                "email": user_data.get("email", ""),
-                "created": time.time(),
-            }
-
-            # Redirect to UI with session token
-            response = web.HTTPFound(f"/?session={session_token}")
-            response.set_cookie("llms-token", session_token, httponly=True, path="/", max_age=86400)
-            return response
-
-        async def session_handler(request):
-            """Validate and return session info"""
-            session_token = get_session_token(request)
-
-            if not session_token or session_token not in g_sessions:
-                return web.json_response(create_error_response("Invalid or expired session"), status=401)
-
-            session_data = g_sessions[session_token]
-
-            # Clean up old sessions (older than 24 hours)
-            current_time = time.time()
-            expired_sessions = [token for token, data in g_sessions.items() if current_time - data["created"] > 86400]
-            for token in expired_sessions:
-                del g_sessions[token]
-
-            return web.json_response({**session_data, "sessionToken": session_token})
-
-        async def logout_handler(request):
-            """End OAuth session"""
-            session_token = get_session_token(request)
-
-            if session_token and session_token in g_sessions:
-                del g_sessions[session_token]
-
-            response = web.json_response({"success": True})
-            response.del_cookie("llms-token")
-            return response
-
-        async def auth_handler(request):
-            """Check authentication status and return user info"""
-            # Check for OAuth session token
-            session_token = get_session_token(request)
-
-            if session_token and session_token in g_sessions:
-                session_data = g_sessions[session_token]
-                return web.json_response(
-                    {
-                        "userId": session_data.get("userId", ""),
-                        "userName": session_data.get("userName", ""),
-                        "displayName": session_data.get("displayName", ""),
-                        "profileUrl": session_data.get("profileUrl", ""),
-                        "authProvider": "github",
-                    }
-                )
-
-            # Check for API key in Authorization header
-            # auth_header = request.headers.get('Authorization', '')
-            # if auth_header.startswith('Bearer '):
-            #     # For API key auth, return a basic response
-            #     # You can customize this based on your API key validation logic
-            #     api_key = auth_header[7:]
-            #     if api_key:  # Add your API key validation logic here
-            #         return web.json_response({
-            #             "userId": "1",
-            #             "userName": "apiuser",
-            #             "displayName": "API User",
-            #             "profileUrl": "",
-            #             "authProvider": "apikey"
-            #         })
-
-            # Not authenticated - return error in expected format
-            return web.json_response(g_app.error_auth_required, status=401)
-
-        app.router.add_get("/auth", auth_handler)
-        app.router.add_get("/auth/github", github_auth_handler)
-        app.router.add_get("/auth/github/callback", github_callback_handler)
-        app.router.add_get("/auth/github/callback{tail:.*}", github_callback_handler)
-        app.router.add_get("/auth/session", session_handler)
-        app.router.add_post("/auth/logout", logout_handler)
-
         async def ui_static(request: web.Request) -> web.Response:
             path = Path(request.match_info["path"])
 
@@ -4494,8 +4336,8 @@ def cli_exec(cli_args, extra_args):
             enabled, disabled = provider_status()
             ret["status"] = {"all": list(g_config["providers"].keys()), "enabled": enabled, "disabled": disabled}
             # Add auth configuration
-            ret["requiresAuth"] = auth_enabled
-            ret["authType"] = "oauth" if auth_enabled else "apikey"
+            ret["requiresAuth"] = g_app.is_auth_enabled()
+            ret["authTypes"] = [provider.__class__.__name__ for provider in g_app.auth_providers]
             return web.json_response(ret)
 
         app.router.add_get("/config", config_handler)

llms/ui/App.mjs

@@ -173,7 +173,10 @@ export default {
                         <div>
                             <ModelSelector :models="$state.models" v-model="$state.selectedModel" />
                         </div>
-                        <TopBar id="top-bar" />
+                        <div class="flex items-center gap-2">
+                            <TopBar id="top-bar" />
+                            <Avatar />
+                        </div>
                     </div>
                     <TopPanel v-if="$ai.hasAccess" id="top-panel" :class="$ctx.cls('top-panel', 'shrink-0')" />
                     <div id="page" :class="$ctx.cls('page', 'flex-1 overflow-y-auto min-h-0 flex flex-col')">

llms/ui/ai.mjs

@@ -6,7 +6,7 @@ const headers = { 'Accept': 'application/json' }
 const prefsKey = 'llms.prefs'
 
 export const o = {
-    version: '3.0.24',
+    version: '3.0.26',
     base,
     prefsKey,
     welcome: 'Welcome to llms.py',
@@ -165,7 +165,6 @@ export const o = {
         return { config, models, extensions, auth }
     },
 
-
     async uploadFile(file) {
         const formData = new FormData()
         formData.append('file', file)

llms/ui/modules/chat/ChatBody.mjs

@@ -643,8 +643,7 @@ export const ChatBody = {
                 <div class="mx-auto max-w-6xl px-4 py-6">
 
                     <div v-if="!$ai.hasAccess">
-                        <OAuthSignIn v-if="$ai.authType === 'oauth'" @done="$ai.signIn($event)" />
-                        <SignIn v-else @done="$ai.signIn($event)" />
+                        <SignIn @done="$ai.signIn($event)" />
                     </div>
                     <!-- Welcome message when no thread is selected -->
                     <div v-else-if="!currentThread" class="text-center py-12">