Mathis/llamactl
1
0
Fork 0
mirror of https://github.com/lordmathis/llamactl.git synced 2025-12-23 09:34:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove unnecessary canviewlogs permission

Browse Source
This commit is contained in:
Matúš Námešný
2025-12-04 22:18:29 +01:00
parent d9c666a245
commit 991ce3c678
6 changed files with 14 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/auth/key.go
View File

@@ -27,10 +27,9 @@ type APIKey struct {
} }
type KeyPermission struct { type KeyPermission struct {
KeyID int KeyID int
InstanceID int InstanceID int
CanInfer bool CanInfer bool
CanViewLogs bool
} }
// GenerateKey generates a cryptographically secure API key with the given prefix // GenerateKey generates a cryptographically secure API key with the given prefix

6
pkg/database/apikeys.go
View File

@@ -45,10 +45,10 @@ func (db *sqliteDB) CreateKey(ctx context.Context, key *auth.APIKey, permissions
if key.PermissionMode == auth.PermissionModePerInstance { if key.PermissionMode == auth.PermissionModePerInstance {
for _, perm := range permissions { for _, perm := range permissions {
query := ` query := `
INSERT INTO key_permissions (key_id, instance_id, can_infer, can_view_logs) INSERT INTO key_permissions (key_id, instance_id, can_infer)
VALUES (?, ?, ?, ?) VALUES (?, ?, ?)
` `
_, err := tx.ExecContext(ctx, query, perm.KeyID, perm.InstanceID, perm.CanInfer, perm.CanViewLogs) _, err := tx.ExecContext(ctx, query, key.ID, perm.InstanceID, perm.CanInfer)
if err != nil { if err != nil {
return fmt.Errorf("failed to insert permission for instance %d: %w", perm.InstanceID, err) return fmt.Errorf("failed to insert permission for instance %d: %w", perm.InstanceID, err)
} }

1
pkg/database/migrations/001_initial_schema.up.sql
View File

@@ -49,7 +49,6 @@ CREATE TABLE IF NOT EXISTS key_permissions (
key_id INTEGER NOT NULL, key_id INTEGER NOT NULL,
instance_id INTEGER NOT NULL, instance_id INTEGER NOT NULL,
can_infer INTEGER NOT NULL DEFAULT 0, can_infer INTEGER NOT NULL DEFAULT 0,
can_view_logs INTEGER NOT NULL DEFAULT 0,
PRIMARY KEY (key_id, instance_id), PRIMARY KEY (key_id, instance_id),
FOREIGN KEY (key_id) REFERENCES api_keys (id) ON DELETE CASCADE, FOREIGN KEY (key_id) REFERENCES api_keys (id) ON DELETE CASCADE,
FOREIGN KEY (instance_id) REFERENCES instances (id) ON DELETE CASCADE FOREIGN KEY (instance_id) REFERENCES instances (id) ON DELETE CASCADE

4
pkg/database/permissions.go
View File

@@ -10,7 +10,7 @@ import (
// GetPermissions retrieves all permissions for a key // GetPermissions retrieves all permissions for a key
func (db *sqliteDB) GetPermissions(ctx context.Context, keyID int) ([]auth.KeyPermission, error) { func (db *sqliteDB) GetPermissions(ctx context.Context, keyID int) ([]auth.KeyPermission, error) {
query := ` query := `
SELECT key_id, instance_id, can_infer, can_view_logs SELECT key_id, instance_id, can_infer
FROM key_permissions FROM key_permissions
WHERE key_id = ? WHERE key_id = ?
ORDER BY instance_id ORDER BY instance_id
@@ -25,7 +25,7 @@ func (db *sqliteDB) GetPermissions(ctx context.Context, keyID int) ([]auth.KeyPe
var permissions []auth.KeyPermission var permissions []auth.KeyPermission
for rows.Next() { for rows.Next() {
var perm auth.KeyPermission var perm auth.KeyPermission
err := rows.Scan(&perm.KeyID, &perm.InstanceID, &perm.CanInfer, &perm.CanViewLogs) err := rows.Scan(&perm.KeyID, &perm.InstanceID, &perm.CanInfer)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to scan key permission: %w", err) return nil, fmt.Errorf("failed to scan key permission: %w", err)
} }

14
pkg/server/handlers_auth.go
View File

@@ -13,9 +13,8 @@ import (
// InstancePermission defines the permissions for an API key on a specific instance. // InstancePermission defines the permissions for an API key on a specific instance.
type InstancePermission struct { type InstancePermission struct {
InstanceID int `json:"instance_id"` InstanceID int `json:"instance_id"`
CanInfer bool `json:"can_infer"` CanInfer bool `json:"can_infer"`
CanViewLogs bool `json:"can_view_logs"`
} }
// CreateKeyRequest represents the request body for creating a new API key. // CreateKeyRequest represents the request body for creating a new API key.
@@ -58,7 +57,6 @@ type KeyPermissionResponse struct {
InstanceID int `json:"instance_id"` InstanceID int `json:"instance_id"`
InstanceName string `json:"instance_name"` InstanceName string `json:"instance_name"`
CanInfer bool `json:"can_infer"` CanInfer bool `json:"can_infer"`
CanViewLogs bool `json:"can_view_logs"`
} }
// CreateKey godoc // CreateKey godoc
@@ -153,10 +151,9 @@ func (h *Handler) CreateKey() http.HandlerFunc {
var keyPermissions []auth.KeyPermission var keyPermissions []auth.KeyPermission
for _, perm := range req.InstancePermissions { for _, perm := range req.InstancePermissions {
keyPermissions = append(keyPermissions, auth.KeyPermission{ keyPermissions = append(keyPermissions, auth.KeyPermission{
KeyID: 0, // Will be set by database after key creation KeyID: 0, // Will be set by database after key creation
InstanceID: perm.InstanceID, InstanceID: perm.InstanceID,
CanInfer: perm.CanInfer, CanInfer: perm.CanInfer,
CanViewLogs: perm.CanViewLogs,
}) })
} }
@@ -363,7 +360,6 @@ func (h *Handler) GetKeyPermissions() http.HandlerFunc {
InstanceID: perm.InstanceID, InstanceID: perm.InstanceID,
InstanceName: instanceNameMap[perm.InstanceID], InstanceName: instanceNameMap[perm.InstanceID],
CanInfer: perm.CanInfer, CanInfer: perm.CanInfer,
CanViewLogs: perm.CanViewLogs,
}) })
} }

2
pkg/server/routes.go
View File

@@ -78,7 +78,7 @@ func SetupRouter(handler *Handler) *chi.Mux {
r.Get("/", handler.ListNodes()) // List all nodes r.Get("/", handler.ListNodes()) // List all nodes
r.Route("/{name}", func(r chi.Router) { r.Route("/{name}", func(r chi.Router) {
r.Get("/", handler.GetNode()) r.Get("/", handler.GetNode()) // Get node details
}) })
}) })