refac: api key auth allowed paths

2025-12-12 12:25:20 +00:00 · 2024-12-24 23:32:34 -07:00 · 2024-12-24 23:32:34 -07:00 · a2366a20ba
commit a2366a20ba
parent 326514be4e
1 changed files with 7 additions and 0 deletions
--- a/backend/open_webui/utils/auth.py
+++ b/backend/open_webui/utils/auth.py
@ -95,6 +95,13 @@ def get_current_user(
            raise HTTPException(
                status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED
            )
+
+        allowed_paths = ["/api/models", "/api/chat/completions"]
+        if request.url.path not in allowed_paths:
+            raise HTTPException(
+                status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED
+            )
+
        return get_current_user_by_api_key(token)

    # auth by jwt token