diff --git a/__tests__/manualREST/ollama.rest b/__tests__/manualREST/ollama.rest index 3e91442ea516461c06d0c68be9f355d1e02fac9b..f6f4df78d68906e013584fb29bf4363bfabfcc66 100644 --- a/__tests__/manualREST/ollama.rest +++ b/__tests__/manualREST/ollama.rest @@ -125,7 +125,7 @@ Accept: application/json Content-Type: application/json { - "input": "John has five apples. He eats one of them himself. How many apples does John have now?", + "input": "Was muss getan werden um mit den Druckern aus der GUI zu drucken?", "model": "llama3" } diff --git a/__tests__/manualREST/rag.rest b/__tests__/manualREST/rag.rest index 10f3384b4cbbd4965a2eec455b35204c0fc87b9d..e636245e7a6dc14a0879f7970aed381af4fd93f2 100644 --- a/__tests__/manualREST/rag.rest +++ b/__tests__/manualREST/rag.rest @@ -7,37 +7,17 @@ ################# # SET VARS ################# -@host = https://localhost:8080 - -#user -@email = embruch@zbh.uni-hamburg.de -@password = 8z44tcZa! -# admin -@email_admin = ge@reigncode.de -@password_admin = A9z44tcZa! -# JWT -@token = {{login.response.body.token}} - +# in VSCode press ctrl+alt+e to switch between admin and user +# vars are stored in /.vscode/settings.json +@token = {{login.response.body.accessToken}} ################# # HANDLE LOGIN ################# -### admin login -# @name adminLogin -POST {{host}}/users/adminlogin -Accept: application/json -Content-Type: application/json - -{ - "password": "{{password_admin}}", - "email": "{{email_admin}}" -} - - ### login # @name login -POST {{host}}/users/login +POST {{host}}/auth/login Accept: application/json Content-Type: application/json diff --git a/__tests__/manualREST/users.rest b/__tests__/manualREST/users.rest index 8dee343bbc7445e33a6c28ec26477d302edbd192..fb4e4121872e753f7de3648cc799be00adcbc692 100644 --- a/__tests__/manualREST/users.rest +++ b/__tests__/manualREST/users.rest @@ -10,23 +10,10 @@ ################# # SET VARS ################# -@host = https://localhost:8080 -# user -@name = Carl Benz -@username = cbenz -@password = 8z55tcZa! -@email = embruch@zbh.uni-hamburg.de -@newEmail = gerd.embruch@uni-hamburg.de - -# admin -@email_admin = ge@reigncode.de -@password_admin = A9z44tcZa! - -# token -@confirmToken = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjY2YTE1NGQ2MDVhMDBkNzFlODAwYTVhNSIsImVtYWlsIjoiZW1icnVjaEB6YmgudW5pLWhhbWJ1cmcuZGUiLCJpYXQiOjE3MjE4ODkxMjUsImV4cCI6MTcyMTg5MjcyNX0.6sus-EudvmU_h5hlz0I74XyjJf7_xe9_VztUqgV1Zpw -@token = {{login.response.body.token}} -@token = {{adminLogin.response.body.token}} -@token = {{refreshJWT.response.body.token}} +# in VSCode press ctrl+alt+e to switch between admin and user +# vars are stored in /.vscode/settings.json +@token = {{login.response.body.accessToken}} +@token = {{refreshJWT.response.body.accessToken}} ################# # HANDLE SIGNUP @@ -81,17 +68,6 @@ Content-Type: application/json "email": "{{email}}" } -### admin login -# @name adminLogin -POST {{host}}/auth/login -Accept: application/json -Content-Type: application/json - -{ - "password": "{{password_admin}}", - "email": "{{email_admin}}" -} - ### refresh jwt # @name refreshJWT GET {{host}}/auth diff --git a/controllers/Auth.js b/controllers/Auth.js index fa21b32cb35cf6b42308404ad69488c761d6aedf..3462bd36e8b467bc901ffe3d7df93e1646151e7b 100644 --- a/controllers/Auth.js +++ b/controllers/Auth.js @@ -182,7 +182,28 @@ export const passwordReset = async (req, res, next) => { } catch (error) { next(error); } -} +}; + +/** + * VERIFY ACCESS RIGHTS + * check if user is alllowed to access route + */ +export const gateKeeper = async (req, res, next) => { + // admins are allowed to access anything + if (global.currentUserRole >= 4) return next(); + + // FEATURE + // - check for custom field role (which has to be created via settings before) + // - create a access config, which exports an array of allowed roles for each route + // - fetch array of called route an compare + // const allowed = []; + // if (allowed.includes(pb.authStore.model.role)) { + // return next(); + // } + + // deny access for others + return res.status(403).json({ message: 'Access Forbidden' }); +}; diff --git a/controllers/Embeddings.js b/controllers/Embeddings.js index 02d9eb451a8ad2a97e676fc09b40b085fb903e87..cf485a073840f4d300fe1b1022f7821b67d801bb 100644 --- a/controllers/Embeddings.js +++ b/controllers/Embeddings.js @@ -99,9 +99,9 @@ export const getStatus = async (req, res) => { } // get collection count const itemCount = await collection.count(); - const items = await collection.get(); + // const items = await collection.get(); // return status - return res.json({ vectorDBrunning, collection, itemCount, items }); + return res.json({ vectorDBrunning, collection, itemCount }); }; /** ******************************************************* diff --git a/routes/ai.js b/routes/ai.js index fbb15ad6b12b54d9537776b13ed2c91cc9bb7bcb..28e901c4912f0b65b484969634a26008d190c0de 100644 --- a/routes/ai.js +++ b/routes/ai.js @@ -1,9 +1,10 @@ import { Router } from "express"; import { getStatus, getModel, getModels, deleteModel, installModel, checkRequestedModel, getChat, getChats } from "../controllers/AI.js"; import { chat } from "../utils/handleAI.js"; -import { pbVerifyAccessToken, gateKeeper } from "../utils/pocketbase/handlePocketBase.js"; +import { pbVerifyAccessToken } from "../utils/pocketbase/handlePocketBase.js"; import { chatSchema, deleteModelSchema, getModelSchema, getModelsSchema, installModelSchema } from "../validationSchemes/AI.js"; import { validate } from "../utils/handleValidations.js"; +import { gateKeeper } from "../controllers/Auth.js"; const router = Router(); diff --git a/routes/embeddings.js b/routes/embeddings.js index 7d17e57c13105e0e18157cfbc725e72b59529242..11db9c7e3af1373504a1c200e370fbf84d10d843 100644 --- a/routes/embeddings.js +++ b/routes/embeddings.js @@ -1,22 +1,24 @@ import { Router } from "express"; import { removeVectorDb, getStatus, createEmbeddings, updateEmbeddings } from "../controllers/Embeddings.js"; -import { gateKeeper, pbVerifyAccessToken } from "../utils/pocketbase/handlePocketBase.js"; +import { pbVerifyAccessToken } from "../utils/pocketbase/handlePocketBase.js"; +import { verifyAccessToken } from "../utils/handleTokens.js"; +import { gateKeeper } from "../controllers/Auth.js"; const router = Router(); // remove Vector DB -router.delete('/', pbVerifyAccessToken, gateKeeper, removeVectorDb); +// router.delete('/', verifyAccessToken, gateKeeper, removeVectorDb); // Vector DB status -router.get('/', getStatus); +router.get('/', verifyAccessToken, gateKeeper, getStatus); // createEmbeddings -router.put('/', pbVerifyAccessToken, gateKeeper, createEmbeddings); +// router.put('/', pbVerifyAccessToken, gateKeeper, createEmbeddings); // update embeddings // TODO test update & delete https://python.langchain.com/v0.1/docs/integrations/vectorstores/chroma/#update-and-delete // https://js.langchain.com/v0.1/docs/integrations/vectorstores/chroma/#usage-delete-docs -router.patch('/', pbVerifyAccessToken, gateKeeper, updateEmbeddings); +// router.patch('/', pbVerifyAccessToken, gateKeeper, updateEmbeddings); diff --git a/utils/handleDB.js b/utils/handleDB.js index 7ba45ed57cbd2519b733b77e5fc46dd1fa4983e5..cb127a40cc7e2dfb279b3e933bca70d53003da5e 100644 --- a/utils/handleDB.js +++ b/utils/handleDB.js @@ -19,7 +19,7 @@ export const dbConnection = async () => { console.log(chalk.green('DB connected successfully')); }); - dbConnection.on("error", (err) => { + dbConnection.on("error", (error) => { console.error(chalk.red(error)); }); return dbConnection; diff --git a/utils/handleTokens.js b/utils/handleTokens.js index 81807fd326e2771f4220ee78bd464526961b877c..3df4129c7ca8a00c36de2fdb12f425c441867ed8 100644 --- a/utils/handleTokens.js +++ b/utils/handleTokens.js @@ -45,6 +45,7 @@ export const verifyVerificationToken = async (req, res, next) => { * @return {token} */ export const createAccessToken = (payload) => { + console.log('create JWT payload', payload); return jwt.sign(payload, process.env.JWT_SECRET_KEY, { expiresIn: process.env.JWT_TTL }); }; @@ -139,7 +140,7 @@ export const verifyAccessToken = async (req, res, next) => { if (error) return res.status(403).json({ message: 'Access token is no longer valid. Access denied.' }); // if valid: remember current user id & role and go on global.currentUserId = payload.id; - global.currentUserRole = payload.role;; + global.currentUserRole = payload.role; next(); }); }; diff --git a/utils/pocketbase/handlePocketBase.js b/utils/pocketbase/handlePocketBase.js index 15439c2840cc764584381ca1fed315d88505d99c..e7c5ce2190e1c4eecf1b7baf801da2f577d272b0 100644 --- a/utils/pocketbase/handlePocketBase.js +++ b/utils/pocketbase/handlePocketBase.js @@ -225,33 +225,6 @@ export const pbVerifyAccessToken = async (req, res, next) => { next(); }; -/** - * VERIFY ACCESS RIGHTS - * check if user is alllowed to access route - * if allowed = [] only admins are allowed - * - * This setup is called "configurable middleware" - * https://expressjs.com/en/guide/writing-middleware.html - */ -export const gateKeeper = async (req, res, next) => { - // admins are allowed to access anything - if (pb.authStore.model.isAdmin) return next(); - - // FEATURE - // - check for custom field role (which has to be created via settings before) - // - create a access config, which exports an array of allowed roles for each route - // - fetch array of called route an compare - // const allowed = []; - // if (allowed.includes(pb.authStore.model.role)) { - // return next(); - // } - - // deny access for others - return res.status(403).json({ message: 'Access Forbidden' }); - -}; - - /** * CREATE RECORD IN PB