github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 03:18:23 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #7322] [CLOSED] Feat: API Keys allow limited endpoints vs all endpoints (configurable) #37672

New Issue
Closed
opened 2026-04-25 11:02:21 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-25 11:02:21 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/7322
Author: @DmitriyAlergant
Created: 11/25/2024
Status: Closed

Base: devHead: feat/api_key_limited_endpoints

📝 Commits (4)

  • f8f3cea Feat: API Keys allow limited endpoints vs all endpoints (configurable)
  • 9f802d2 Frontend formatted (fix to the previous commit, failed formatting CI)
  • fd3c880 Adding code formatting to PR template checklist
  • e49341b Fix to previous: npm run i18n:parse (after adding API_KEY_ALLOW_ALL_ENDPOINTS option)

📊 Changes

56 files changed (+147 additions, -7 deletions)

View changed files

📝 .github/pull_request_template.md (+1 -0)
📝 backend/open_webui/apps/audio/main.py (+5 -5)
📝 backend/open_webui/apps/webui/main.py (+3 -0)
📝 backend/open_webui/apps/webui/routers/auths.py (+6 -0)
📝 backend/open_webui/config.py (+6 -0)
📝 backend/open_webui/constants.py (+3 -0)
📝 backend/open_webui/main.py (+4 -0)
📝 backend/open_webui/utils/utils.py (+13 -1)
📝 src/app.css (+0 -1)
📝 src/lib/components/admin/Settings/General.svelte (+14 -0)
📝 src/lib/i18n/locales/ar-BH/translation.json (+2 -0)
📝 src/lib/i18n/locales/bg-BG/translation.json (+2 -0)
📝 src/lib/i18n/locales/bn-BD/translation.json (+2 -0)
📝 src/lib/i18n/locales/ca-ES/translation.json (+2 -0)
📝 src/lib/i18n/locales/ceb-PH/translation.json (+2 -0)
📝 src/lib/i18n/locales/cs-CZ/translation.json (+2 -0)
📝 src/lib/i18n/locales/da-DK/translation.json (+2 -0)
📝 src/lib/i18n/locales/de-DE/translation.json (+2 -0)
📝 src/lib/i18n/locales/dg-DG/translation.json (+2 -0)
📝 src/lib/i18n/locales/en-GB/translation.json (+2 -0)

...and 36 more files

📄 Description

By default, only allow API keys authentication to /chat/completions and /models endpoints (LLM invocation). Admin can configure the app to allow API Keys for All Endpoints (default: false) - but this has security implications that are likely unwanted in many contexts. See https://github.com/open-webui/open-webui/discussions/7018 for justification.

Also adding [ ] Code formatting step to the default GitHub PR template, based on recent experience of a new contributor (failed formatting CIs on backend and frontend) - it would be better to be informed of the formatting requirements via this checklist rather then failing CIs.

Pull Request Checklist

Note to first-time contributors: Please open a discussion post in Discussions and describe your changes before submitting a pull request.

Before submitting, make sure you've checked the following:

  • Target branch: Please verify that the pull request targets the dev branch.
  • Description: Provide a concise description of the changes made in this pull request.
  • Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
  • Documentation: Have you updated relevant documentation Open WebUI Docs, or other documentation sources?
  • Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?
  • Testing: Have you written and run sufficient tests for validating the changes?
  • Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
  • Prefix: To cleary categorize this pull request, prefix the pull request title, using one of the following:
    • BREAKING CHANGE: Significant changes that may affect compatibility
    • build: Changes that affect the build system or external dependencies
    • ci: Changes to our continuous integration processes or workflows
    • chore: Refactor, cleanup, or other non-functional code changes
    • docs: Documentation update or addition
    • feat: Introduces a new feature or enhancement to the codebase
    • fix: Bug fix or error correction
    • i18n: Internationalization or localization changes
    • perf: Performance improvement
    • refactor: Code restructuring for better maintainability, readability, or scalability
    • style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)
    • test: Adding missing tests or correcting existing tests
    • WIP: Work in progress, a temporary label for incomplete or ongoing work

Changelog Entry

Description

  • Limit API Key authentication to only /api/chat/completions and /api/models endpoints by default, unless a config option was enabled to allow all endpoints to be accessed

Added

  • Configurable option "API Key allow access to all endpoints"

Security

  • Limit API Key authentication to only /api/chat/completions and /api/models endpoints by default, unless a config option was enabled to allow all endpoints to be accessed

Additional Information

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/7322 **Author:** [@DmitriyAlergant](https://github.com/DmitriyAlergant) **Created:** 11/25/2024 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `feat/api_key_limited_endpoints` --- ### 📝 Commits (4) - [`f8f3cea`](https://github.com/open-webui/open-webui/commit/f8f3cea3430091059d2eab0ee34bb6f0ed1a5254) Feat: API Keys allow limited endpoints vs all endpoints (configurable) - [`9f802d2`](https://github.com/open-webui/open-webui/commit/9f802d2256ad42ba50ff208f632c5e0115f5aa7c) Frontend formatted (fix to the previous commit, failed formatting CI) - [`fd3c880`](https://github.com/open-webui/open-webui/commit/fd3c880f1adb7cdd6ed2a54175d52d33b13cec7f) Adding code formatting to PR template checklist - [`e49341b`](https://github.com/open-webui/open-webui/commit/e49341b1a6c814f7d201cd44d49aa56a3df3b656) Fix to previous: npm run i18n:parse (after adding API_KEY_ALLOW_ALL_ENDPOINTS option) ### 📊 Changes **56 files changed** (+147 additions, -7 deletions) <details> <summary>View changed files</summary> 📝 `.github/pull_request_template.md` (+1 -0) 📝 `backend/open_webui/apps/audio/main.py` (+5 -5) 📝 `backend/open_webui/apps/webui/main.py` (+3 -0) 📝 `backend/open_webui/apps/webui/routers/auths.py` (+6 -0) 📝 `backend/open_webui/config.py` (+6 -0) 📝 `backend/open_webui/constants.py` (+3 -0) 📝 `backend/open_webui/main.py` (+4 -0) 📝 `backend/open_webui/utils/utils.py` (+13 -1) 📝 `src/app.css` (+0 -1) 📝 `src/lib/components/admin/Settings/General.svelte` (+14 -0) 📝 `src/lib/i18n/locales/ar-BH/translation.json` (+2 -0) 📝 `src/lib/i18n/locales/bg-BG/translation.json` (+2 -0) 📝 `src/lib/i18n/locales/bn-BD/translation.json` (+2 -0) 📝 `src/lib/i18n/locales/ca-ES/translation.json` (+2 -0) 📝 `src/lib/i18n/locales/ceb-PH/translation.json` (+2 -0) 📝 `src/lib/i18n/locales/cs-CZ/translation.json` (+2 -0) 📝 `src/lib/i18n/locales/da-DK/translation.json` (+2 -0) 📝 `src/lib/i18n/locales/de-DE/translation.json` (+2 -0) 📝 `src/lib/i18n/locales/dg-DG/translation.json` (+2 -0) 📝 `src/lib/i18n/locales/en-GB/translation.json` (+2 -0) _...and 36 more files_ </details> ### 📄 Description By default, only allow API keys authentication to /chat/completions and /models endpoints (LLM invocation). Admin can configure the app to allow API Keys for All Endpoints (default: false) - but this has security implications that are likely unwanted in many contexts. See https://github.com/open-webui/open-webui/discussions/7018 for justification. Also adding **[ ] Code formatting** step to the default GitHub PR template, based on recent experience of a new contributor (failed formatting CIs on backend and frontend) - it would be better to be informed of the formatting requirements via this checklist rather then failing CIs. # Pull Request Checklist ### Note to first-time contributors: Please open a discussion post in [Discussions](https://github.com/open-webui/open-webui/discussions) and describe your changes before submitting a pull request. **Before submitting, make sure you've checked the following:** - [X] **Target branch:** Please verify that the pull request targets the `dev` branch. - [X] **Description:** Provide a concise description of the changes made in this pull request. - [X] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [ ] **Documentation:** Have you updated relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs), or other documentation sources? - [X] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? - [X] **Testing:** Have you written and run sufficient tests for validating the changes? - [X] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? - [X] **Prefix:** To cleary categorize this pull request, prefix the pull request title, using one of the following: - **BREAKING CHANGE**: Significant changes that may affect compatibility - **build**: Changes that affect the build system or external dependencies - **ci**: Changes to our continuous integration processes or workflows - **chore**: Refactor, cleanup, or other non-functional code changes - **docs**: Documentation update or addition - **feat**: Introduces a new feature or enhancement to the codebase - **fix**: Bug fix or error correction - **i18n**: Internationalization or localization changes - **perf**: Performance improvement - **refactor**: Code restructuring for better maintainability, readability, or scalability - **style**: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.) - **test**: Adding missing tests or correcting existing tests - **WIP**: Work in progress, a temporary label for incomplete or ongoing work # Changelog Entry ### Description - Limit API Key authentication to only /api/chat/completions and /api/models endpoints by default, unless a config option was enabled to allow all endpoints to be accessed ### Added - Configurable option "API Key allow access to all endpoints" ### Security - Limit API Key authentication to only /api/chat/completions and /api/models endpoints by default, unless a config option was enabled to allow all endpoints to be accessed --- ### Additional Information - https://github.com/open-webui/open-webui/discussions/7018 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-25 11:02:21 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#37672
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?