phoenix/litellm-mirror
0
0
Fork 1
mirror of https://github.com/BerriAI/litellm.git synced 2025-04-27 11:43:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

LiteLLM Minor Fixes & Improvements (11/27/2024) (#6943)

Browse source 
* fix(http_parsing_utils.py): remove `ast.literal_eval()` from http utils

Security fix - https://huntr.com/bounties/96a32812-213c-4819-ba4e-36143d35e95b?token=bf414bbd77f8b346556e
64ab2dd9301ea44339910877ea50401c76f977e36cdd78272f5fb4ca852a88a7e832828aae1192df98680544ee24aa98f3cf6980d8
bab641a66b7ccbc02c0e7d4ddba2db4dbe7318889dc0098d8db2d639f345f574159814627bb084563bad472e2f990f825bff0878a9
e281e72c88b4bc5884d637d186c0d67c9987c57c3f0caf395aff07b89ad2b7220d1dd7d1b427fd2260b5f01090efce5250f8b56ea2
c0ec19916c24b23825d85ce119911275944c840a1340d69e23ca6a462da610

* fix(converse/transformation.py): support bedrock apac cross region inference

Fixes https://github.com/BerriAI/litellm/issues/6905

* fix(user_api_key_auth.py): add auth check for websocket endpoint

Fixes https://github.com/BerriAI/litellm/issues/6926

* fix(user_api_key_auth.py): use `model` from query param

* fix: fix linting error

* test: run flaky tests first
This commit is contained in:
Krish Dholakia 2024-11-28 00:32:46 +05:30 committed by GitHub
parent 2d2931a215
commit 21156ff5d0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
12 changed files with 210 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

6
litellm/proxy/_new_secret_config.yaml
View file

@ -11,7 +11,11 @@ model_list:
model: vertex_ai/claude-3-5-sonnet-v2
vertex_ai_project: "adroit-crow-413218"
vertex_ai_location: "us-east5"
- model_name: openai-gpt-4o-realtime-audio
litellm_params:
model: openai/gpt-4o-realtime-preview-2024-10-01
api_key: os.environ/OPENAI_API_KEY
router_settings:
routing_strategy: usage-based-routing-v2
#redis_url: "os.environ/REDIS_URL"

48
litellm/proxy/auth/user_api_key_auth.py
View file

@ -28,6 +28,8 @@ from fastapi import (
Request,
Response,
UploadFile,
WebSocket,
WebSocketDisconnect,
status,
)
from fastapi.middleware.cors import CORSMiddleware
@ -195,6 +197,52 @@ def _is_allowed_route(
)
async def user_api_key_auth_websocket(websocket: WebSocket):
# Accept the WebSocket connection
request = Request(scope={"type": "http"})
request._url = websocket.url
query_params = websocket.query_params
model = query_params.get("model")
async def return_body():
return_string = f'{{"model": "{model}"}}'
# return string as bytes
return return_string.encode()
request.body = return_body # type: ignore
# Extract the Authorization header
authorization = websocket.headers.get("authorization")
# If no Authorization header, try the api-key header
if not authorization:
api_key = websocket.headers.get("api-key")
if not api_key:
await websocket.close(code=status.WS_1008_POLICY_VIOLATION)
raise HTTPException(status_code=403, detail="No API key provided")
else:
# Extract the API key from the Bearer token
if not authorization.startswith("Bearer "):
await websocket.close(code=status.WS_1008_POLICY_VIOLATION)
raise HTTPException(
status_code=403, detail="Invalid Authorization header format"
)
api_key = authorization[len("Bearer ") :].strip()
# Call user_api_key_auth with the extracted API key
# Note: You'll need to modify this to work with WebSocket context if needed
try:
return await user_api_key_auth(request=request, api_key=f"Bearer {api_key}")
except Exception as e:
verbose_proxy_logger.exception(e)
await websocket.close(code=status.WS_1008_POLICY_VIOLATION)
raise HTTPException(status_code=403, detail=str(e))
async def user_api_key_auth( # noqa: PLR0915
request: Request,
api_key: str = fastapi.Security(api_key_header),

40
litellm/proxy/common_utils/http_parsing_utils.py
View file

@ -1,6 +1,6 @@
import ast
import json
from typing import List, Optional
from typing import Dict, List, Optional
from fastapi import Request, UploadFile, status
@ -8,31 +8,43 @@ from litellm._logging import verbose_proxy_logger
from litellm.types.router import Deployment
async def _read_request_body(request: Optional[Request]) -> dict:
async def _read_request_body(request: Optional[Request]) -> Dict:
"""
Asynchronous function to read the request body and parse it as JSON or literal data.
Safely read the request body and parse it as JSON.
Parameters:
- request: The request object to read the body from
Returns:
- dict: Parsed request data as a dictionary
- dict: Parsed request data as a dictionary or an empty dictionary if parsing fails
"""
try:
request_data: dict = {}
if request is None:
return request_data
return {}
# Read the request body
body = await request.body()
if body == b"" or body is None:
return request_data
# Return empty dict if body is empty or None
if not body:
return {}
# Decode the body to a string
body_str = body.decode()
try:
request_data = ast.literal_eval(body_str)
except Exception:
request_data = json.loads(body_str)
return request_data
except Exception:
# Attempt JSON parsing (safe for untrusted input)
return json.loads(body_str)
except json.JSONDecodeError:
# Log detailed information for debugging
verbose_proxy_logger.exception("Invalid JSON payload received.")
return {}
except Exception as e:
# Catch unexpected errors to avoid crashes
verbose_proxy_logger.exception(
"Unexpected error reading request body - {}".format(e)
)
return {}

11
litellm/proxy/proxy_server.py
View file

@ -134,7 +134,10 @@ from litellm.proxy.auth.model_checks import (
get_key_models,
get_team_models,
)
from litellm.proxy.auth.user_api_key_auth import user_api_key_auth
from litellm.proxy.auth.user_api_key_auth import (
user_api_key_auth,
user_api_key_auth_websocket,
)
## Import All Misc routes here ##
from litellm.proxy.caching_routes import router as caching_router
@ -4339,7 +4342,11 @@ from litellm import _arealtime
@app.websocket("/v1/realtime")
async def websocket_endpoint(websocket: WebSocket, model: str):
async def websocket_endpoint(
websocket: WebSocket,
model: str,
user_api_key_dict=Depends(user_api_key_auth_websocket),
):
import websockets
await websocket.accept()