phoenix/litellm-mirror
0
0
Fork 1
mirror of https://github.com/BerriAI/litellm.git synced 2025-04-26 11:14:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

(fix) prisma using: secrets.compare_digest

Browse source
This commit is contained in:
ishaan-jaff 2023-11-24 10:02:08 -08:00
parent d98ac9a757
commit b1db3a38d7
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
litellm/proxy/proxy_server.py
View file

@ -152,7 +152,9 @@ async def user_api_key_auth(request: Request, api_key: str = fastapi.Security(ap
return
try:
route = request.url.path
is_master_key_valid = secrets.compare_digest(api_key, master_key) or secrets.compare_digest(api_key == "Bearer " + master_key)
# note: never string compare api keys, this is vulenerable to a time attack. Use secrets.compare_digest instead
is_master_key_valid = secrets.compare_digest(api_key, master_key) or secrets.compare_digest(api_key, "Bearer " + master_key)
if is_master_key_valid:
return
@ -164,9 +166,11 @@ async def user_api_key_auth(request: Request, api_key: str = fastapi.Security(ap
valid_token = user_api_key_cache.get_cache(key=api_key)
if valid_token is None:
## check db
if "Bearer " in api_key:
cleaned_api_key = api_key[len("Bearer "):]
valid_token = await prisma_client.litellm_verificationtoken.find_first(
where={
"token": api_key,
"token": cleaned_api_key,
"expires": {"gte": datetime.utcnow()} # Check if the token is not expired
}
)