phoenix/litellm-mirror
0
0
Fork 1
mirror of https://github.com/BerriAI/litellm.git synced 2025-04-27 03:34:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(proxy_server.py): prevent non-admins from creating new keys

Browse source
This commit is contained in:
Krrish Dholakia 2024-04-16 11:21:38 -07:00
parent 9de97a17aa
commit 8073155bdf
4 changed files with 50 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

9
litellm/proxy/auth/auth_checks.py
View file

@ -104,6 +104,13 @@ def common_checks(
def _allowed_routes_check(user_route: str, allowed_routes: list) -> bool:
"""
Return if a user is allowed to access route. Helper function for `allowed_routes_check`.
Parameters:
- user_route: str - the route the user is trying to call
- allowed_routes: List[str|LiteLLMRoutes] - the list of allowed routes for the user.
"""
for allowed_route in allowed_routes:
if (
allowed_route == LiteLLMRoutes.openai_routes.name
@ -126,7 +133,7 @@ def _allowed_routes_check(user_route: str, allowed_routes: list) -> bool:
def allowed_routes_check(
user_role: Literal["proxy_admin", "team"],
user_role: Literal["proxy_admin", "team", "user"],
user_route: str,
litellm_proxy_roles: LiteLLM_JWTAuth,
) -> bool: