diff --git a/litellm/proxy/_new_secret_config.yaml b/litellm/proxy/_new_secret_config.yaml new file mode 100644 index 000000000..0c88f7ddf --- /dev/null +++ b/litellm/proxy/_new_secret_config.yaml @@ -0,0 +1,10 @@ +model_list: +- model_name: fake_openai + litellm_params: + model: openai/my-fake-model + api_key: my-fake-key + api_base: http://0.0.0.0:8080 + +general_settings: + master_key: sk-1234 + database_url: "postgresql://krrishdholakia:9yQkKWiB8vVs@ep-icy-union-a5j4dwls.us-east-2.aws.neon.tech/neondb?sslmode=require" \ No newline at end of file diff --git a/litellm/proxy/proxy_server.py b/litellm/proxy/proxy_server.py index 930f81ef5..0327f2836 100644 --- a/litellm/proxy/proxy_server.py +++ b/litellm/proxy/proxy_server.py @@ -353,17 +353,32 @@ async def user_api_key_auth( ### CHECK IF ADMIN ### # note: never string compare api keys, this is vulenerable to a time attack. Use secrets.compare_digest instead + ### CHECK IF ADMIN ### + # note: never string compare api keys, this is vulenerable to a time attack. Use secrets.compare_digest instead + ## Check CACHE + valid_token = user_api_key_cache.get_cache(key=hash_token(api_key)) + if ( + valid_token is not None + and isinstance(valid_token, UserAPIKeyAuth) + and valid_token.user_role == "proxy_admin" + ): + return valid_token + try: is_master_key_valid = ph.verify(litellm_master_key_hash, api_key) except Exception as e: is_master_key_valid = False if is_master_key_valid: - return UserAPIKeyAuth( + _user_api_key_obj = UserAPIKeyAuth( api_key=master_key, user_role="proxy_admin", user_id=litellm_proxy_admin_name, ) + user_api_key_cache.set_cache( + key=hash_token(master_key), value=_user_api_key_obj + ) + return _user_api_key_obj if isinstance( api_key, str