From cf4a524988ba32908148791e5dc9643b0f30af8a Mon Sep 17 00:00:00 2001 From: Debanjum Singh Solanky Date: Wed, 14 Feb 2024 15:20:27 +0530 Subject: [PATCH] Move production dependencies to prod python packages group This will reduce khoj dependencies to install for self-hosting users - Move auth production dependencies to prod python packages group - Only enable authentication API router if not in anonymous mode - Improve error with requirements to enable authentication when not in anonymous mode --- prod.Dockerfile | 2 +- pyproject.toml | 10 ++++++---- src/khoj/configure.py | 22 ++++++++++++++++------ src/khoj/routers/auth.py | 26 +++++++++++++++++--------- src/khoj/routers/subscription.py | 8 +++++--- src/khoj/routers/twilio.py | 4 ++-- 6 files changed, 47 insertions(+), 25 deletions(-) diff --git a/prod.Dockerfile b/prod.Dockerfile index 8b21cb66..2471d9b8 100644 --- a/prod.Dockerfile +++ b/prod.Dockerfile @@ -13,7 +13,7 @@ COPY pyproject.toml . COPY README.md . ARG VERSION=0.0.0 RUN sed -i "s/dynamic = \\[\"version\"\\]/version = \"$VERSION\"/" pyproject.toml && \ - TMPDIR=/home/cache/ pip install --cache-dir=/home/cache/ -e . + TMPDIR=/home/cache/ pip install --cache-dir=/home/cache/ -e .[prod] # Copy Source Code COPY . . diff --git a/pyproject.toml b/pyproject.toml index cc4bdea9..aa52e06c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -69,17 +69,13 @@ dependencies = [ "httpx == 0.25.0", "pgvector == 0.2.4", "psycopg2-binary == 2.9.9", - "google-auth == 2.23.3", - "python-multipart == 0.0.6", "gunicorn == 21.2.0", "lxml == 4.9.3", "tzdata == 2023.3", "rapidocr-onnxruntime == 1.3.8", - "stripe == 7.3.0", "openai-whisper >= 20231117", "django-phonenumber-field == 7.3.0", "phonenumbers == 8.13.27", - "twilio == 8.11" ] dynamic = ["version"] @@ -93,6 +89,11 @@ Releases = "https://github.com/khoj-ai/khoj/releases" khoj = "khoj.main:run" [project.optional-dependencies] +prod = [ + "google-auth == 2.23.3", + "stripe == 7.3.0", + "twilio == 8.11", +] test = [ "pytest >= 7.1.2", "freezegun >= 1.2.0", @@ -103,6 +104,7 @@ test = [ ] dev = [ "khoj-assistant[test]", + "khoj-assistant[prod]", "mypy >= 1.0.1", "black >= 23.1.0", "pre-commit >= 3.0.4", diff --git a/src/khoj/configure.py b/src/khoj/configure.py index 4fdf6f99..95b32018 100644 --- a/src/khoj/configure.py +++ b/src/khoj/configure.py @@ -73,6 +73,7 @@ class UserAuthenticationBackend(AuthenticationBackend): Subscription.objects.create(user=default_user, type="standard", renewal_date=renewal_date) async def authenticate(self, request: HTTPConnection): + # Request from Web client current_user = request.session.get("user") if current_user and current_user.get("email"): user = ( @@ -93,6 +94,8 @@ class UserAuthenticationBackend(AuthenticationBackend): if subscribed: return AuthCredentials(["authenticated", "premium"]), AuthenticatedKhojUser(user) return AuthCredentials(["authenticated"]), AuthenticatedKhojUser(user) + + # Request from Desktop, Emacs, Obsidian clients if len(request.headers.get("Authorization", "").split("Bearer ")) == 2: # Get bearer token from header bearer_token = request.headers["Authorization"].split("Bearer ")[1] @@ -116,7 +119,8 @@ class UserAuthenticationBackend(AuthenticationBackend): if subscribed: return AuthCredentials(["authenticated", "premium"]), AuthenticatedKhojUser(user_with_token.user) return AuthCredentials(["authenticated"]), AuthenticatedKhojUser(user_with_token.user) - # Get query params for client_id and client_secret + + # Request from Whatsapp client client_id = request.query_params.get("client_id") if client_id: # Get the client secret, which is passed in the Authorization header @@ -163,6 +167,8 @@ class UserAuthenticationBackend(AuthenticationBackend): AuthenticatedKhojUser(user, client_application), ) return AuthCredentials(["authenticated"]), AuthenticatedKhojUser(user, client_application) + + # No auth required if server in anonymous mode if state.anonymous_mode: user = await self.khojuser_manager.filter(username="default").prefetch_related("subscription").afirst() if user: @@ -258,28 +264,32 @@ def configure_routes(app): from khoj.routers.api import api from khoj.routers.api_chat import api_chat from khoj.routers.api_config import api_config - from khoj.routers.auth import auth_router from khoj.routers.indexer import indexer from khoj.routers.web_client import web_client app.include_router(api, prefix="/api") + app.include_router(api_chat, prefix="/api/chat") app.include_router(api_config, prefix="/api/config") app.include_router(indexer, prefix="/api/v1/index") app.include_router(web_client) - app.include_router(auth_router, prefix="/auth") - app.include_router(api_chat, prefix="/api/chat") + + if not state.anonymous_mode: + from khoj.routers.auth import auth_router + + app.include_router(auth_router, prefix="/auth") + logger.info("🔑 Enabled Authentication") if state.billing_enabled: from khoj.routers.subscription import subscription_router - logger.info("💳 Enabled Billing") app.include_router(subscription_router, prefix="/api/subscription") + logger.info("💳 Enabled Billing") if is_twilio_enabled(): - logger.info("📞 Enabled Twilio") from khoj.routers.api_phone import api_phone app.include_router(api_phone, prefix="/api/config/phone") + logger.info("📞 Enabled Twilio") def configure_middleware(app): diff --git a/src/khoj/routers/auth.py b/src/khoj/routers/auth.py index 02cd073d..89fef85b 100644 --- a/src/khoj/routers/auth.py +++ b/src/khoj/routers/auth.py @@ -2,10 +2,7 @@ import logging import os from typing import Optional -from authlib.integrations.starlette_client import OAuth, OAuthError from fastapi import APIRouter -from google.auth.transport import requests as google_requests -from google.oauth2 import id_token from starlette.authentication import requires from starlette.config import Config from starlette.requests import Request @@ -17,7 +14,6 @@ from khoj.database.adapters import ( get_khoj_tokens, get_or_create_user, ) -from khoj.database.models import KhojApiUser from khoj.routers.helpers import update_telemetry_state from khoj.utils import state @@ -25,11 +21,23 @@ logger = logging.getLogger(__name__) auth_router = APIRouter() -if not state.anonymous_mode and not (os.environ.get("GOOGLE_CLIENT_ID") and os.environ.get("GOOGLE_CLIENT_SECRET")): - logger.warning( - "🚨 Use --anonymous-mode flag to disable Google OAuth or set GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET environment variables to enable it" - ) -else: + +if not state.anonymous_mode: + missing_requirements = [] + from authlib.integrations.starlette_client import OAuth, OAuthError + + try: + from google.auth.transport import requests as google_requests + from google.oauth2 import id_token + except ImportError: + missing_requirements += ["Install the Khoj production package with `pip install khoj-assistant[prod]`"] + if not os.environ.get("GOOGLE_CLIENT_ID") or not os.environ.get("GOOGLE_CLIENT_SECRET"): + missing_requirements += ["Set your GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET as environment variables"] + if missing_requirements: + requirements_string = "\n - " + "\n - ".join(missing_requirements) + error_msg = f"🚨 Start Khoj with --anonymous-mode flag or to enable authentication:{requirements_string}" + logger.error(error_msg) + config = Config(environ=os.environ) oauth = OAuth(config) diff --git a/src/khoj/routers/subscription.py b/src/khoj/routers/subscription.py index 1ce49e04..2730b775 100644 --- a/src/khoj/routers/subscription.py +++ b/src/khoj/routers/subscription.py @@ -2,16 +2,18 @@ import logging import os from datetime import datetime, timezone -import stripe from asgiref.sync import sync_to_async from fastapi import APIRouter, Request -from fastapi.responses import Response from starlette.authentication import requires from khoj.database import adapters +from khoj.utils import state # Stripe integration for Khoj Cloud Subscription -stripe.api_key = os.getenv("STRIPE_API_KEY") +if state.billing_enabled: + import stripe + + stripe.api_key = os.getenv("STRIPE_API_KEY") endpoint_secret = os.getenv("STRIPE_SIGNING_SECRET") logger = logging.getLogger(__name__) subscription_router = APIRouter() diff --git a/src/khoj/routers/twilio.py b/src/khoj/routers/twilio.py index da0f2c50..758c2722 100644 --- a/src/khoj/routers/twilio.py +++ b/src/khoj/routers/twilio.py @@ -1,8 +1,6 @@ import logging import os -from twilio.rest import Client - from khoj.database.models import KhojUser logger = logging.getLogger(__name__) @@ -13,6 +11,8 @@ verification_service_sid = os.getenv("TWILIO_VERIFICATION_SID") twilio_enabled = account_sid is not None and auth_token is not None and verification_service_sid is not None if twilio_enabled: + from twilio.rest import Client + client = Client(account_sid, auth_token)