-
-
Notifications
You must be signed in to change notification settings - Fork 10.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Request] Ability to require auth #1406
Comments
Thank you for raising an issue. We will investigate into the matter and get back to you as soon as possible. |
@cy948 what's your idea about this? |
Perhaps we can restrict access to all routes by non-authenticated users and set up a login page. |
I think the current protection of resources is sufficient. By specifying
export const checkAuthMethod = (
accessCode?: string,
apiKey?: string,
oauthAuthorized?: boolean,
) => {
const { ACCESS_CODES, ENABLE_OAUTH_SSO } = getServerConfig();
// if OAuth 2 header is provided
if (ENABLE_OAUTH_SSO && oauthAuthorized) return;
// if apiKey exist
- if (apiKey) return;
// if accessCode doesn't exist
if (!ACCESS_CODES.length) return;
if (!accessCode || !ACCESS_CODES.includes(accessCode)) {
console.warn('tracked an invalid access code, 检查到输入的错误密码:', accessCode);
throw AgentRuntimeError.createError(ChatErrorType.InvalidAccessCode);
}
}; |
To give some context, the type of auth we are looking for is what OpenAI have implemented, where you need to authenticate BEFORE seeing the front end, we are looking to use this for internal users, but will be using public cloud infrastructure so having that auth in front of the application reduces the possible impact of any vulnerabilities. The current implementation will load the front end without any auth, and then request auth to use any of the functions. |
This feature may require community discussion before being implemented. In the meantime, you can use the access control features provided by the public cloud you are using, such as |
I think we need to use something like an admin that can register users. To be able to open Lobe Chat on any device on the web under your user (with your own data about chats and settings) |
We are considering this seriously. And you will see the change happen 😄 |
I look forward to it) |
This issue is closed, If you have any questions, you can comment and reply. |
🎉 This issue has been resolved in version 0.154.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
🥰 Feature Description
It appears there is no way to enforce auth, instead the user is presented the application and the auth option is added to settings.
🧐 Proposed Solution
There should be a configuration item to enforce auth preventing access to the app unless a user is logged in.
📝 Additional Information
No response
The text was updated successfully, but these errors were encountered: