From 8ad0f59f19d9b5d20748403f2b2aadd18ed422d5 Mon Sep 17 00:00:00 2001 From: Pavel Date: Mon, 19 May 2025 21:12:14 +0400 Subject: [PATCH] jwt update --- docs/pages/Deploying/DocsGPT-Settings.mdx | 43 ++++++++++++++++++++++ docs/public/jwt-input.png | Bin 0 -> 11638 bytes 2 files changed, 43 insertions(+) create mode 100644 docs/public/jwt-input.png diff --git a/docs/pages/Deploying/DocsGPT-Settings.mdx b/docs/pages/Deploying/DocsGPT-Settings.mdx index ce1e46ba..239b35d7 100644 --- a/docs/pages/Deploying/DocsGPT-Settings.mdx +++ b/docs/pages/Deploying/DocsGPT-Settings.mdx @@ -95,6 +95,49 @@ EMBEDDINGS_NAME=huggingface_sentence-transformers/all-mpnet-base-v2 # You can al In this case, even though you are using Ollama locally, `LLM_NAME` is set to `openai` because Ollama (and many other local inference engines) are designed to be API-compatible with OpenAI. `OPENAI_BASE_URL` points DocsGPT to the local Ollama server. +## Authentication Settings + +DocsGPT includes a JWT (JSON Web Token) based authentication feature for managing sessions or securing local deployments while allowing access. + +- **`AUTH_TYPE`**: This setting in your `.env` file or `settings.py` determines the authentication method. + + - **Possible values:** + - `None` (or not set): No authentication is used. + - `simple_jwt`: A single, long-lived JWT token is generated and used for all authenticated requests. This is useful for securing a local deployment with a shared secret. + - `session_jwt`: Unique JWT tokens are generated for sessions, typically for individual users or temporary access. + - If `AUTH_TYPE` is set to `simple_jwt` or `session_jwt`, then a `JWT_SECRET_KEY` is required. +- **`JWT_SECRET_KEY`**: This is a crucial secret key used to sign and verify JWTs. + + - It can be set directly in your `.env` file or `settings.py`. + - **Automatic Key Generation**: If `AUTH_TYPE` is `simple_jwt` or `session_jwt` and `JWT_SECRET_KEY` is _not_ set in your environment variables or `settings.py`, DocsGPT will attempt to: + 1. Read the key from a file named `.jwt_secret_key` in the project's root directory. + 2. If the file doesn't exist, it will generate a new 32-byte random key, save it to `.jwt_secret_key`, and use it for the session. This ensures that the key persists across application restarts. + - **Security Note**: It's vital to keep this key secure. If you set it manually, choose a strong, random string. + +**How it works:** + +- When `AUTH_TYPE` is set to `simple_jwt`, a token is generated at startup (if not already present or configured) and printed to the console. This token should be included in the `Authorization` header of your API requests as a Bearer token (e.g., `Authorization: Bearer YOUR_SIMPLE_JWT_TOKEN`). +- When `AUTH_TYPE` is set to `session_jwt`: + - Clients can request a new token from the `/api/generate_token` endpoint. + - This token should then be included in the `Authorization` header for subsequent requests. +- The backend verifies the JWT token provided in the `Authorization` header for protected routes. +- The `/api/config` endpoint can be used to check the current `auth_type` and whether authentication is required. + +**Frontend Token Input for `simple_jwt`:** + +Frontend prompt for JWT Token + +If you have configured `AUTH_TYPE=simple_jwt`, the DocsGPT frontend will prompt you to enter the JWT token if it's not already set or is invalid. You'll need to paste the `SIMPLE_JWT_TOKEN` (which is printed to your console when the backend starts) into this field to access the application. + ## Exploring More Settings These are just the basic settings to get you started. The `settings.py` file contains many more advanced options that you can explore to further customize DocsGPT, such as: diff --git a/docs/public/jwt-input.png b/docs/public/jwt-input.png new file mode 100644 index 0000000000000000000000000000000000000000..494d974474d7ee714dc6f04a6e2d8773cc57caf0 GIT binary patch literal 11638 zcmeHtcT`hN*Ds(bs0a$Es7RzrjT9-N1t}qd0VyI~kQQl52@oKFjTh-fkP<+Oh#2sH?y+(W?Ueb>GJ-n-WQ*7vzqH91qNZpo#&nYILf6n! z3&rNmeG^xMjfvI0KkkIpRbM#;vuxZc%`SCWmcV~y#op;6ougNos26*~-1|5}fXC+K z_>kcj>9Vr1_7%gJRK5E?A9c{{NkL0(Lrde^iC3Fu=-zF-gk+11o-|T0FSinDAO0?f zy?cS+EHvQNDrLLwVa@$6=;Am7eWo%OY**=e6KealP)?LYZ|*sn>ahOqmb53o7*#>1 zE+D&^BEs@sNM6d{=s=VeGAc8lGwjUwqk4OL;f2z9MHY|Wl476UEBi{m0&U71Y!cWY zCdHHjod-KhAu+NP?I_;a>Z$uTs9s8cUAUv|GBa106FvMW>Fl6@5=BRs=vKd(#a?OK2u&k9H^kJ2!{iIwVyayS~@t}IJyw5nF9b;eMp^0 zE|2c3L!LO=3z=Csnp+CF+dn%bp^$Nh0FU;TE@mKidpiebh`TI1c?1M_K70*k2a$)k z*vhg$x~~aRbab)=i3{Bpy3HGYA;$=H@2kCMx9U zWDORUl9B@776FTh2m&Jnojn{}%-jVXoH>q|{NHNeA`OF3B=m0w8Yi91~>LSa| zemK!T|BmFebVvSsCI{!^WdREWANGKSg>HlY;SG?=9KMBUBHb#A7uk7eP*@6coIna3uvDcS`)|>Gwu@-dn2&L=nRxzRHN~u|UH- zBgbrKsETNco&|PU3n``P^7D4Kwo=Ej8sy z1}FvaAI&GI6?93t_^1WE;)f1QLdjiF3P0#s1{Bq3mCpI&;WX0MPtbsTDX3^b3^tT? zh~)T~pEt=(UkWq-Cx;9VNvQ;(1GFydT2jZ8fN;;w9Z~s0lc{N>{TxjA{12G`q_0>* z{*k4K!i=Z0O>O2_7~i~l;bZ1hewRSFlNBDB*N>=Z7*LX@j)#Fdsa|2B65w}=$Me^n z|8dNm=A?md9^?FMy3?`Lz~Zj_|Gzj3QY=W6L(ysd45x&IMnR!-t44{1MOeq~h!yVI zp#q?J)H^%q^vcTNT^G3I2=8P&Y5~8r?wT%oSGl2PSds3|>(>ohnha}qZb<)CG&>&u zrMs`sPBDy4*6T9rZQ#B1+d4QHKauuW|0)bNw)WAp(Tx}SR%W@z6B@g_5+Wj+BO)W0 zf=?#BJyvN3XYxyCDXT@ewl+3b#luUOl3RjDgIhz0XFj3(W@G#XvU*ocpr-|kH2P~s z!42zqsT`2VpC50p4uD}NNq%HTUwO~WHz*C2+OiS+e|rpcY3mu8&G;+&c^_E^9Z`3B&)Ql~=?XD?x^c!Ph2T`wgcjfm*yZ8i-Ob_Dq3(|b>+*Hf<YSWeL1-o9Y@t?e`;TP<9UG^o*1V(-{&idl{x(4EPx-Qg;qjoU;GGV7UeeEDME z)$i==JX3Bh0oTw7HF8>jcx;59PS4I3*g>b99^V_IpT1oCr#CD{K5w6|oU~kfwLk`= zU{O02!-L*$YCLVZHZ4+avuPRd(2VSV&^THhUDj2LP?kYqoP^IJk%7m zjDMgoJ29MqNtI1gMxt{&DWxT+${f49<;WHyXIhC0_V!wts3a2HYPU2{E{$@+wGO+H zp{ht^fZfnW)OD{dO^f`hjqaANANlm+wZw|ub^3!l6{@gzIkkur53^)e*8LvDRt#0l zLu8J&hsW%|DWc-}j`p;-w|93}7q6&wdtOG`)2AUkcK$e=U97xMB5t@;1MLaBaphV| z1+DzE_m>wJ7t_nj_1^{tDxYY~fAS6`$V%C*trqSyXh~pWLJ65xHr8zX4p>?H&ZwdC zu-GT}QEA^BERXtt$IQF7mnPSi10Z`F8T3k~-95HfQE_o`rv*cE7}g(ud$FDJA*-}h z!fK(3-qnInR8+BUa)rT@4g(9l!73KPJZONyB(k(E1}CQca;3j6d24iZG+g&j;9(py zXj0DAxA*Fq@&YLrYOF=tb1NV*x_mn_Da^Cx`9Tl z&(1j8Sg@RTP1XEEVx2+t&Ru=S#g!=^Qmprn^cWMnE&SJSFGYODWb|vi7Lo$JLNH{N@0c&nxE_1k!PC=GV;UBmO*OX_YQ;umRtWMXky)-6|13FHA-5jDKGr;;3LE0)W7}@> zPf?h2PO9xa#Y!h2Pa3Rk>P`=|$GQ}hoXX(U=5CS45DdG}uo8Va`?zd<=S-Wg0qTo= z7ZQES4icOAc9jpea++k{9y6F?bBgj=yy~|np|WPV;@uDYQc~EZ_BP(Vj3c#}R@8^E zR#r z!czTmI~!&NJ@{-`umoGP@|td~&rlkNb{lz~r4tns*f+PhDbZwKI?Bbivl6_vA=&|d z_%M1GKaO$jB)W(#CpzxF+}-9mxGT3hmlQrMK4NJqzxUmyKlz=<3$l-1q0Fdn|KU*4 zb?Tj$D58kbqYX8>Zy8Wmx*lx~Zf6?eN z>xV860q42)3)q;HR7rHRhoa(3nVtD5RAG!!!O(v1wzNSadJ#!-OYy;aqkI^KpOGFH z=KAbiLkYFDvWULHb-VUspvx7uFJ;>{s2M}dHC*?;4O$OwN{sBMD-cLS{WWGuV58d% zRIYyQ9Uee*q%1j%?N(q(+K(PxF>X9@n1lLF&`Qc$!w80{>HH&>vkP7$a(x#l1?Q4{ za6^t7IuS{DA(Ce!`2Aj{DvPXv*`pX+dmb-S}%C7d*2H##K0 zrOb0>Ne&DVUMn=;7LmSKw4jtMJ=h^LxV0d|J(^VSA9`-+)m1%R-Qk``742QAKT>ji zX889~!K5v=s4v`6jhBq|TBbtx#8J;T@=bIv85*=Qo3ASKcxc3mSZW&n$gOuK3%zma z%KV3(${SC{Jh5yMNlA|5Zr`Zq0`|YhZ0ea>YUFje>c>ZNyfYq;D`1Re#k($~Q}MydPh8D5y3!X)~qIaxVI z);wMN0p&Zexk#JL%uHduM{Pwhu1mL+(wLZE@Yq z^G~GINPpK~uzG#F^8GjR5qAi+I?Gk-;^j;2bSMnM!s)q%*gVSFAiJbQoM-C3%(H_O9Wi+3l*2Ys#L5KpRrfR)i?pm44^lXzSL3xgC0Zos6pDN-wW<)A!l1cny zul{}Aet5iq&H2FFM}B@v+^(!4q(E0!m(CzZW8>w{8+D&3O$Uk|Xdo?|TC73etYj>KwW z#B997&ZphZk(+-KJ(nZTwq*)cufc17KAvkgE^u#V_q?Nt`xN3}C$MyW`&r?{ptUIj zoy65MsQ9pVk&&#`+G{WA&tsF;M%KYfJj%7ZYX|3t(h!gPa-Vj>%ODC{Z4#yD(cbJy zBc23_nUu2~r5yJ|V?D%&+q_@=5*3M=Q!}lRo?IT;lQ_`BRNG}5Z^7huVcP>qqjrSX zE;Y!=cl9#WXyvg+RpzXQPq3f4W`)k*gcj94mDw(mr{au5RcNNtYZdN(}M z4({<)7pM`adwP4h#&?KY)8%ufLB_punD0hbH+b`%4cJ@8Ai`8mD-#piO5y!a4pg`; zeh6J_nF?Q4&Az$T(b`5q&nhRtHEZR2xCOnrTs?BoURfhz^XoI=`}M?uj{S`cdF#1r z3rHzex^8VW8)<+CpP5@w053q{uSyX{bcs4+8kilZffpWTx91*oxJTZWqw=~i4=-D6 z+kW^SOg~y+8BceU!`>XQL@6tNKzc}edOqKeKkAJkcr=%`4LElzQ4%kF#rl)bcOt) zItFnUf%e6(c~_2`FKz-zTt!;z>@gBo1wjYk6!qrEO`10V;=Y1c75odO{eU**xuck8 zfP$_7$og>+NAX|Cd=hA%ye)7PU=)7;Gx`55wL?)aW&{u*&4=RfdusPMb#ypiQ*TGa z$MXaE8Ev1H@DT#!0eANFa7;dXG&CfgR-CSUH9ii=lqRPo=I5nprQu>;0kjf5{68%L z_|x4z#1~8#tfjBdi^t=;2U#x3Ug150m1zdh15s>D3_mqBwU*s}q^xzjoqoPo?5|(f zV}5>qiWHgj7pZ`%eEL-8xY4UssiNGF{mbE5LdnOQ)>SRVi!M)F)ZSCrAWQ0B` zJjUI8$<|DKKQo#)7MN${M_HZbSHg>EWp#C7DqqIkvjL||u6Xv%OFCkG`9r-E?vdq- z;z#7T@%441617r~DYq(u!O%p!{KRMo=XUceEa!(t&tlD6oN6%w1sPdHy!2Pz&#R}b zN#yx}B1A^TC7}ec^2Y_1vi5+A;>h|n#kP7?X~n6j>&mR?q}UD7)pIF9HuzMNv?kRex*R8LT1oj!QK zCt99N{6?oTAbbP8c+a|&Fi@`c)OP9A+0}F80P_>O(0RxT-&5q6x&ai+f?l?F4f;%g z6#RXd$&w<$$$l`B7=HNH9#y+PYxUwi0=Ax6Z#R-0QZ#RUiO8W+Bpd9)a|mwU+hs$= z58carRGsq!(b|lE^iCkU=3EByuj|hB(CX0hddB7Z9lkq<1%q#loi+DKlGRcI@%Fl2qb%Bi5^0idFn&P?BLd!{`F=t!-*B-`h+CtsB_$=vpG-u>Fko2 zxESQwzqFN)XulIZhPKKL63$6~NMT1hAfFevWl9`6uJ047p*iIE+|%bGxcSx%A`zuG zoPa)J$(`(-Nc7IR#8Z!OaL92%iJ1QAeVIt^%%QbO%J5FgYG}@jeD|&)_@uGyZ!*J) zWZ$vJnj|^Bz(}(ny^SBoj(o7})`Z2tbJ@uX_hfBrK%}phl>Hqxk}Rl=#1kGK%ZZgP z+iWtfhlt#WsS{YcXNwdI3W%iEEpz5F_bM_C1?6d=B-B&W(fiwC0C{KY+AY){%!!;E zxL?-*gFn-Sl4S5CBSFL)Y~x36UaZdI(|B!1^74P2{D&?x*D)+bvuVNed>Q&Hx%=xK z%IeyXfAljnaOcjC^c1hSEIgu`oL^nP&{=~Z$;1Q}nq?GxHu$KK`>Y(FDNWYi396xf zWYV0|b8(zltaA)R)VncgL8w%oyc7nSJYV8-{KtQ+sUq+7=U=T@(cuL{n@X=0Z8tzV zP!koJLjgZ^KDMTP^S8@DS6bGb@MWO{!p?KDrvMdOzz*@m=Q*K^HiZyY6w~AJ{S&BY zNJgQ~%OePIk`mvuaYg_?b?X(Y=eeqC>s*2N@){r2V_Suf3VKk3vo@w5z2k`XQ5ecO z7%J*Raj`CHc}S37Pk?7-1$^Q#U_kcN0POr{SY3Mnhk|2C(cTx<0=tEaIi0^vPaiHB zIz&64$&aru0y}S?dQpGpx*3m(GJObuJzCB=YrNo6yY&3s!yr0(vg&qull6>|N$K7( zM6;9F4|t`40MRb9T8Xg{KG{)Or{&LE!ao`3>b1#MI-r@i2_fnZStG|AGP5R!xjA%n zMkIFCrb>%a%=`Y>%e*!e;^hsODzt_xDAedYdWDAmpRwEX0TXVS{wbnax1 zyTEpT0Db$o`lwp$yKimKaciCik+rRXN-bw`fOIsk^5HBpD$HKg$jUZ#Z$reOv(5wgYXWHnCim>nOhU;c%?}O zOM6md6^0x}UaK&=GWfiFlf0{kz49GniH#Ve$|=3MH3%n6#Z(_2OpUtG+NGy5++1@r z*3BCp+gcDVJ%g(i(*xhmBOUQK`YXD8(Q=868k*&29w0uNK|q$g$y%@nT9WCylza)>ITJ$Ed2MyT{% ztO9T&BOn;DBzqNStFHZbp;}sX`f$G)%r?y)KEPsQ zc;n~;#$)P@;TCP0RFeRAc53{a8gL=7mB(y)DFCI=# z9bUFs3YSRCVrE@!{?(N@CdZo?#bIqE2|uG&z*QeqA|~O|vefbGUMLH#!MZ=Q(+0E> zhp85>u${{h%|Nzh=8wy3*~efV#-v?UYAog~R1KX=?YuKh4B`>{VzJ9DOoi3ixO0VI zWox}S!xo>JKY&kMoLaSM(H_kRK+7{m@!X5+ICSG~O%P8O zXvXu4*#~okpTHx1i~3*;)cgKGNFIWZRxf=R!b|IW6nsfA(6Pa zycijK_7ss{nn(NR#~Ju=z-{ODxMmS&%!i`5+gjdb#&@}I8$a7Dnzs%vzMIvD2xqbK zw4c@KT}@?0nYPzH{X9KOhrb&WpDb$oys1^;X{iFNe)#oLMspgnT+4Q`TXU3GTcagL zcj@EMXj5B9lmKH>^sYj{FFk+zFg|ftW6Q<3MUfl!v5VfJDkJ=!1lujU$jo4BufY%KV6TM02iQdV~d6>lRMTUgX7;8;AYN{l%b*W9x{ zJ>VxkxGzsfv`@EsHM^UY5$6pSUk^H^5)+NpW-q+o*|irakW`)486;`>lRrKLHn%Te zs>@dx^Xk-VuF7AwAjE%SIoocQup(W~@av}Xhtz0P+&z~rADnWI#^C^PAde=Qz z>PsYtbIhC8Ud`=-fgn4b*5;UlJ0GAhHx~jBzEhSjB(UR=K6@`m zwM$!vi`(mU+x0Z;?1pZd649)|BRyO>C1bS+*ygI_iT85QqC1Ry!jvHqBESdtpSK1X zfDDO2#&4`fh$Z&|C2M&=P;`PfGB&nW3q<|FZeeLDQY{B8;q2P#b%T&|_p>r-CQ{;lg`C3rIAMi<+tl?ACJ11S__jByyVGJ8It$wA?myxs2PUVjW#jJ zael>~@zo_H3<1dzi_GRw=3!piH`)1iM!S}GtX?qDjy`3c>$cDq z{-&bItUUMM6=s0ME#G-7`P2`yZ$Gh1^El+a1wCc4_W@0@`Yb8y4_%l(uDT!41e*k; z#iTCH2cDu7T#vpSOWQ0++=xc31XmvfClb55-W9CLh+Zf+tm9EJabZ%0-FG4B&pNyO zUcbl)uu#qQ?aoSV)DrtXpPAWUg$YNT>n1JCTbK(H;(Czb-95dw^}!~>sGL}@Y{nE* zuTMWu<&?MFE!Y`C7LbZnD%)8uzZ<-eIfv0^@gTk0?JaRBW9N22Ar8|T`xH2Qv$gyQXB>gbgi%1{?wx7>g!B4D-$d+zK@ zOQzK#pS@6iEDbF0HBwtlF-47Ug41VfWJ}&}vE4~kO{K;*Eu;=;BT$~9n~va%PGV7b z_u`w7$+82*9Ut2=^bhr%zAg~+a=8(4+0ti^AXEF& zNw@a`__I(D&b_YP{}Aji+)OqF1Br^X(0FLCJz{TORW&7r(H%zm{6>k;JA;l>BP>LI zP9Y6@pNU@*%jmD-8+wz2(R~$1U(FGrC-`mdxMGl;Ka~vL3dG(s`MN32iR1Li&f^9m za3T%*WbWny4&~-#TOm!DC?%aZn;e#FOD}$4&5*C07P<)w)@M^>lSoi)hsnn?T8!%2vCPu6d3%= z?~kT$-c-GcSGai}8c;0QN=D~o%KP&f*@vfCH%P5p}MgIqD24Wsz z3z(9)3HS8OB3ygJdUTJ5!cY5hr<^GXllzv(48}j)*N4-^ZW|qQdk>||C3$t!g|z>4 zu;p4&pU7{79jV~|S=x(>pQX~7k<9z#@CJo_qyh?iBp3Yfo|Xu3cWTV|ta#Af=MOTO-n{kqc&&V_ zy$NedY!J?03bLwFb5^?I<>26;)}u!P)YKpT?9Cis&!PFF4ke_f#>9|jigaZ{!Sx6W z9#K&dPKjKolk>Vd#n1ekw>auATaU3I!phaZUSAD(H9kJ<3^@jX$W#URg}b=Z9md#Uh6)q{B8m4^sgJ$xF(*(a zRfSZ&Ii3y)2BM0@op#I)bUT8=%$k$cf&1o(Mx4+6>-0mw ze$-t