phoenix/litellm-mirror
0
0
Fork 1
mirror of https://github.com/BerriAI/litellm.git synced 2025-04-26 19:24:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(proxy_server.py): check if team scope in jwt

Browse source
This commit is contained in:
Krrish Dholakia 2024-03-26 14:01:02 -07:00
parent 4d7f4550e2
commit d90f44fe8e
2 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
litellm/proxy/auth/handle_jwt.py
View file

@ -85,6 +85,11 @@ class JWTHandler:
return True return True
return False return False
def is_team(self, scopes: list) -> bool:
if self.litellm_proxy_roles.team_jwt_scope in scopes:
return True
return False
def get_end_user_id(self, token: dict, default_value: Optional[str]) -> str: def get_end_user_id(self, token: dict, default_value: Optional[str]) -> str:
try: try:
if self.litellm_proxy_roles.team_id_jwt_field is not None: if self.litellm_proxy_roles.team_id_jwt_field is not None:

6
litellm/proxy/proxy_server.py
View file

@ -390,6 +390,12 @@ async def user_api_key_auth(
raise Exception( raise Exception(
f"Admin not allowed to access this route. Route={route}, Allowed Routes={actual_routes}" f"Admin not allowed to access this route. Route={route}, Allowed Routes={actual_routes}"
) )
# check if team in scopes
is_team = jwt_handler.is_team(scopes=scopes)
if is_team == False:
raise Exception(
f"Missing both Admin and Team scopes from token. Either is required. Admin Scope={jwt_handler.litellm_proxy_roles.admin_jwt_scope}, Team Scope={jwt_handler.litellm_proxy_roles.team_jwt_scope}"
)
# get team id # get team id
team_id = jwt_handler.get_team_id(token=valid_token, default_value=None) team_id = jwt_handler.get_team_id(token=valid_token, default_value=None)