From b658e68e650e5e17aaa95dee9dd4118a4119420e Mon Sep 17 00:00:00 2001 From: Josako Date: Fri, 29 Nov 2024 11:24:32 +0100 Subject: [PATCH] - Minor bugfixes --- CHANGELOG.md | 12 ++--- docker/compose_dev.yaml | 2 + .../templates/document/edit_catalog.html | 2 +- eveai_chat/__init__.py | 45 +++++++++++++++++-- .../eveai-chat/assets/js/eveai-chat-widget.js | 3 +- .../Wordpress/eveai-chat/eveai-chat.php | 8 ++-- .../eveai-chat/includes/class-assets.php | 2 + .../includes/class-rest-controller.php | 3 +- nginx/nginx.conf | 7 +++ 9 files changed, 64 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 39f651f..a75b01f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,21 +32,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Introduction of dynamic Processors - Introduction of caching system - Introduction of a better template manager +- Modernisation of external API/Socket authentication using projects +- Creation of new eveai_chat WordPress plugin to support specialists ### Changed -- For changes in existing functionality. - -### Deprecated -- For soon-to-be removed features. - -### Removed -- For now removed features. +- Update of eveai_sync WordPress plugin ### Fixed - Set default language when registering Documents or URLs. ### Security -- In case of vulnerabilities. +- Security improvements to Docker images ## [1.0.14-alfa] diff --git a/docker/compose_dev.yaml b/docker/compose_dev.yaml index aa43d9f..e0dac5e 100644 --- a/docker/compose_dev.yaml +++ b/docker/compose_dev.yaml @@ -24,6 +24,8 @@ x-common-variables: &common-variables MAIL_PORT: 465 REDIS_URL: redis REDIS_PORT: '6379' + FLOWER_USER: 'Felucia' + FLOWER_PASSWORD: 'Jungles' OPENAI_API_KEY: 'sk-proj-8R0jWzwjL7PeoPyMhJTZT3BlbkFJLb6HfRB2Hr9cEVFWEhU7' GROQ_API_KEY: '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' ANTHROPIC_API_KEY: 'sk-ant-api03-c2TmkzbReeGhXBO5JxNH6BJNylRDonc9GmZd0eRbrvyekec2' diff --git a/eveai_app/templates/document/edit_catalog.html b/eveai_app/templates/document/edit_catalog.html index 86d1c05..77e3c22 100644 --- a/eveai_app/templates/document/edit_catalog.html +++ b/eveai_app/templates/document/edit_catalog.html @@ -26,7 +26,7 @@ When you change chunking of embedding information, you'll need to manually refre {{ render_field(field, disabled_fields, exclude_fields) }} {% endfor %} {% endfor %} - + {% endblock %} diff --git a/eveai_chat/__init__.py b/eveai_chat/__init__.py index 21f24ed..bf9fcad 100644 --- a/eveai_chat/__init__.py +++ b/eveai_chat/__init__.py @@ -1,12 +1,14 @@ import logging import logging.config -from flask import Flask, jsonify +from flask import Flask, jsonify, request import os +from flask_jwt_extended import verify_jwt_in_request, get_jwt_identity + from common.extensions import db, socketio, jwt, cors, session, simple_encryption, metrics from config.logging_config import LOGGING from eveai_chat.socket_handlers import chat_handler -from common.utils.cors_utils import create_cors_after_request +from common.utils.cors_utils import create_cors_after_request, get_allowed_origins from common.utils.celery_utils import make_celery, init_celery from config.config import get_config @@ -32,6 +34,32 @@ def create_app(config_file=None): app.celery = make_celery(app.name, app.config) init_celery(app.celery, app) + @app.before_request + def check_cors(): + app.logger.debug('Checking CORS') + if request.method == 'OPTIONS': + app.logger.debug("Handling OPTIONS request") + return '', 200 # Allow OPTIONS to pass through + + origin = request.headers.get('Origin') + if not origin: + return # Not a CORS request + + # Get tenant ID from request + if verify_jwt_in_request(): + tenant_id = get_jwt_identity() + if not tenant_id: + return + else: + return + + # Check if origin is allowed for this tenant + allowed_origins = get_allowed_origins(tenant_id) + + if origin not in allowed_origins: + app.logger.warning(f'Origin {origin} not allowed for tenant {tenant_id}') + return {'error': 'Origin not allowed'}, 403 + app.logger.info("EveAI Chat Server Started Successfully") app.logger.info("-------------------------------------------------------------------------------------------------") return app @@ -54,8 +82,17 @@ def register_extensions(app): metrics.init_app(app) # Cors setup - cors.init_app(app, resources={r"/chat/*": {"origins": "*"}}) - app.after_request(create_cors_after_request('/chat')) + cors.init_app(app, resources={ + r"/*": { # Make sure this matches your setup + "origins": "*", + "methods": ["GET", "POST", "PUT", "OPTIONS"], + "allow_headers": ["Content-Type", "Authorization", "X-Requested-With"], + "expose_headers": ["Content-Length", "Content-Range"], + "supports_credentials": True, + "max_age": 1728000, + "allow_credentials": True + } + }) session.init_app(app) diff --git a/integrations/Wordpress/eveai-chat/assets/js/eveai-chat-widget.js b/integrations/Wordpress/eveai-chat/assets/js/eveai-chat-widget.js index 5f9a6de..78c2374 100644 --- a/integrations/Wordpress/eveai-chat/assets/js/eveai-chat-widget.js +++ b/integrations/Wordpress/eveai-chat/assets/js/eveai-chat-widget.js @@ -40,7 +40,6 @@ class EveAIChatWidget extends HTMLElement { console.log('Chat Widget Connected'); this.innerHTML = this.getTemplate(); this.setupElements() - this.populateLanguageDropdown() this.addEventListeners() if (this.areAllAttributesSet()) { @@ -194,7 +193,7 @@ class EveAIChatWidget extends HTMLElement { } this.socket = io(this.serverUrl, { - path: '/socket.io/', + path: '/chat/socket.io/', transports: ['websocket'], query: { // Change from auth to query token: this.sessionToken diff --git a/integrations/Wordpress/eveai-chat/eveai-chat.php b/integrations/Wordpress/eveai-chat/eveai-chat.php index 6ebca8f..36b43cb 100644 --- a/integrations/Wordpress/eveai-chat/eveai-chat.php +++ b/integrations/Wordpress/eveai-chat/eveai-chat.php @@ -1,9 +1,9 @@ wp_create_nonce('wp_rest'), 'settings' => $this->get_public_settings() ]); + error_log('EveAI assets loaded'); } private function get_public_settings() { diff --git a/integrations/Wordpress/eveai-chat/includes/class-rest-controller.php b/integrations/Wordpress/eveai-chat/includes/class-rest-controller.php index 97e593d..3f84d58 100644 --- a/integrations/Wordpress/eveai-chat/includes/class-rest-controller.php +++ b/integrations/Wordpress/eveai-chat/includes/class-rest-controller.php @@ -6,10 +6,10 @@ class RESTController implements Loadable { public function init() { add_action('rest_api_init', [$this, 'register_routes']); - error_log('REST routes registered for EveAI Chat'); } public function register_routes() { + error_log('Attempting to register EveAI REST routes'); register_rest_route( self::API_NAMESPACE, '/token', @@ -39,6 +39,7 @@ class RESTController implements Loadable { 'permission_callback' => [$this, 'verify_request'], ] ); + error_log('EveAI REST routes Registered'); } public function verify_request(\WP_REST_Request $request): bool { diff --git a/nginx/nginx.conf b/nginx/nginx.conf index b5450aa..d2c2e0a 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -76,6 +76,7 @@ http { location /chat/ { proxy_pass http://eveai_chat:5002/; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -84,6 +85,12 @@ http { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_buffering off; + + # Add CORS headers + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; } location /admin/ {