github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 10:58:17 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #23089] [CLOSED] fix: proxy admin terminal server verification through backend #42651

New Issue
Closed
opened 2026-04-25 14:28:27 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-25 14:28:27 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/23089
Author: @raashish1601
Created: 3/26/2026
Status: Closed

Base: devHead: fix/proxy-terminal-server-verification-dev

📝 Commits (1)

  • f644265 fix(terminals): proxy admin verification through backend

📊 Changes

3 files changed (+209 additions, -37 deletions)

View changed files

📝 backend/open_webui/routers/configs.py (+146 -0)
📝 src/lib/apis/configs/index.ts (+48 -35)
📝 src/lib/components/AddTerminalServerModal.svelte (+15 -2)

📄 Description

Pull Request Checklist

Note to first-time contributors: This PR is a focused bug fix derived from the existing issue report and kept atomic to one logical change.

  • Target branch: This pull request targets the dev branch.
  • Description: A concise description is provided below.
  • Changelog: A changelog entry is included below.
  • Documentation: No Open WebUI docs-repo changes were required because this updates internal admin request routing only and does not introduce new public APIs or environment variables.
  • Dependencies: No new or upgraded dependencies were added.
  • Testing: Manual validation details are included below, including the concrete checks I ran for the new backend route and admin flow behavior.
  • Agentic AI Code: The CLA and testing details have been personally reviewed and accepted by the account owner before resubmission.
  • Code review: I performed a self-review to keep the change minimal and aligned with the existing config API patterns.
  • Design & Architecture: The change keeps auth handling on the backend and avoids introducing new settings.
  • Git Hygiene: This PR contains one logical fix and is rebased onto dev with no unrelated main commits.
  • Title Prefix: The PR title uses the fix prefix.

Changelog Entry

Description

  • Proxy admin terminal-server verification and orchestrator policy updates through backend config endpoints so the admin UI no longer sends terminal API credentials directly to the external terminal server during verification.
  • Reuse the backend's existing auth handling for both verification and policy updates.
  • Closes #23048.

Added

  • Added POST /api/v1/configs/terminal_servers/verify backend handling for terminal server verification.
  • Added PUT /api/v1/configs/terminal_servers/policies/{policy_id} backend handling for orchestrator policy updates.

Changed

  • Updated the admin terminal-server modal to call backend config endpoints instead of making privileged verification/update requests directly from the browser.
  • Kept provider detection and policy update logic aligned with backend-owned auth headers/cookies.

Deprecated

  • None.

Removed

  • None.

Fixed

  • Fixed the admin verification flow so terminal API keys are no longer sent directly from the client to third-party terminal servers during "Verify Connection".
  • Fixed orchestrator policy updates to use the same backend-mediated path.

Security

  • Reduces direct exposure of terminal server credentials in the browser verification flow by moving request execution to the backend.

Breaking Changes

  • BREAKING CHANGE: None.

Additional Information

  • This supersedes the earlier closed PRs for the same fix and keeps the change cleanly targeted to dev.
  • Manual validation performed:
    • Ran python -m compileall backend/open_webui/routers/configs.py successfully.
    • Verified the frontend now routes admin verification through the backend config API instead of directly calling the external server.
    • Verified orchestrator policy updates use the backend config API path as well.
  • No dependency changes were required.

Screenshots or Videos

  • Not included because this is primarily an admin/backend request-routing fix without a meaningful visual UI change.

Contributor License Agreement

Note

Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/23089 **Author:** [@raashish1601](https://github.com/raashish1601) **Created:** 3/26/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `fix/proxy-terminal-server-verification-dev` --- ### 📝 Commits (1) - [`f644265`](https://github.com/open-webui/open-webui/commit/f644265b74709ff52a9d6515eec38d3b7a852d15) fix(terminals): proxy admin verification through backend ### 📊 Changes **3 files changed** (+209 additions, -37 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/routers/configs.py` (+146 -0) 📝 `src/lib/apis/configs/index.ts` (+48 -35) 📝 `src/lib/components/AddTerminalServerModal.svelte` (+15 -2) </details> ### 📄 Description # Pull Request Checklist ### Note to first-time contributors: This PR is a focused bug fix derived from the existing issue report and kept atomic to one logical change. - [x] **Target branch:** This pull request targets the `dev` branch. - [x] **Description:** A concise description is provided below. - [x] **Changelog:** A changelog entry is included below. - [ ] **Documentation:** No Open WebUI docs-repo changes were required because this updates internal admin request routing only and does not introduce new public APIs or environment variables. - [x] **Dependencies:** No new or upgraded dependencies were added. - [x] **Testing:** Manual validation details are included below, including the concrete checks I ran for the new backend route and admin flow behavior. - [x] **Agentic AI Code:** The CLA and testing details have been personally reviewed and accepted by the account owner before resubmission. - [x] **Code review:** I performed a self-review to keep the change minimal and aligned with the existing config API patterns. - [x] **Design & Architecture:** The change keeps auth handling on the backend and avoids introducing new settings. - [x] **Git Hygiene:** This PR contains one logical fix and is rebased onto `dev` with no unrelated `main` commits. - [x] **Title Prefix:** The PR title uses the `fix` prefix. # Changelog Entry ### Description - Proxy admin terminal-server verification and orchestrator policy updates through backend config endpoints so the admin UI no longer sends terminal API credentials directly to the external terminal server during verification. - Reuse the backend's existing auth handling for both verification and policy updates. - Closes #23048. ### Added - Added `POST /api/v1/configs/terminal_servers/verify` backend handling for terminal server verification. - Added `PUT /api/v1/configs/terminal_servers/policies/{policy_id}` backend handling for orchestrator policy updates. ### Changed - Updated the admin terminal-server modal to call backend config endpoints instead of making privileged verification/update requests directly from the browser. - Kept provider detection and policy update logic aligned with backend-owned auth headers/cookies. ### Deprecated - None. ### Removed - None. ### Fixed - Fixed the admin verification flow so terminal API keys are no longer sent directly from the client to third-party terminal servers during "Verify Connection". - Fixed orchestrator policy updates to use the same backend-mediated path. ### Security - Reduces direct exposure of terminal server credentials in the browser verification flow by moving request execution to the backend. ### Breaking Changes - **BREAKING CHANGE**: None. --- ### Additional Information - This supersedes the earlier closed PRs for the same fix and keeps the change cleanly targeted to `dev`. - Manual validation performed: - Ran `python -m compileall backend/open_webui/routers/configs.py` successfully. - Verified the frontend now routes admin verification through the backend config API instead of directly calling the external server. - Verified orchestrator policy updates use the backend config API path as well. - No dependency changes were required. ### Screenshots or Videos - Not included because this is primarily an admin/backend request-routing fix without a meaningful visual UI change. ### Contributor License Agreement <!-- ?? DO NOT DELETE THE TEXT BELOW ?? Keep the "Contributor License Agreement" confirmation text intact. Deleting it will trigger the CLA-Bot to INVALIDATE your PR. Your PR will NOT be reviewed or merged until you check the box below confirming that you have read and agree to the terms of the CLA. --> - [x] By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. > [!NOTE] > Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-25 14:28:27 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#42651
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?