|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
|
- import { env } from "$env/dynamic/private";
- import { env as envPublic } from "$env/dynamic/public";
- import type { Handle, HandleServerError } from "@sveltejs/kit";
- import { collections } from "$lib/server/database";
- import { base } from "$app/paths";
- import { findUser, refreshSessionCookie, requiresUser } from "$lib/server/auth";
- import { ERROR_MESSAGES } from "$lib/stores/errors";
- import { sha256 } from "$lib/utils/sha256";
- import { addWeeks } from "date-fns";
- import { checkAndRunMigrations } from "$lib/migrations/migrations";
- import { building } from "$app/environment";
- import { refreshAssistantsCounts } from "$lib/assistantStats/refresh-assistants-counts";
- import { logger } from "$lib/server/logger";
- import { AbortedGenerations } from "$lib/server/abortedGenerations";
- import { MetricsServer } from "$lib/server/metrics";
- // TODO: move this code on a started server hook, instead of using a "building" flag
- if (!building) {
- await checkAndRunMigrations();
- if (env.ENABLE_ASSISTANTS) {
- refreshAssistantsCounts();
- }
- // Init metrics server
- MetricsServer.getInstance();
- // Init AbortedGenerations refresh process
- AbortedGenerations.getInstance();
- }
- export const handleError: HandleServerError = async ({ error, event }) => {
- // handle 404
- if (building) {
- throw error;
- }
- if (event.route.id === null) {
- return {
- message: `Page ${event.url.pathname} not found`,
- };
- }
- const errorId = crypto.randomUUID();
- logger.error({
- locals: event.locals,
- url: event.request.url,
- params: event.params,
- request: event.request,
- error,
- errorId,
- });
- return {
- message: "An error occurred",
- errorId,
- };
- };
- export const handle: Handle = async ({ event, resolve }) => {
- logger.debug({
- locals: event.locals,
- url: event.url.pathname,
- params: event.params,
- request: event.request,
- });
- if (event.url.pathname.startsWith(`${base}/api/`) && env.EXPOSE_API !== "true") {
- return new Response("API is disabled", { status: 403 });
- }
- function errorResponse(status: number, message: string) {
- const sendJson =
- event.request.headers.get("accept")?.includes("application/json") ||
- event.request.headers.get("content-type")?.includes("application/json");
- return new Response(sendJson ? JSON.stringify({ error: message }) : message, {
- status,
- headers: {
- "content-type": sendJson ? "application/json" : "text/plain",
- },
- });
- }
- if (event.url.pathname.startsWith(`${base}/admin/`) || event.url.pathname === `${base}/admin`) {
- const ADMIN_SECRET = env.ADMIN_API_SECRET || env.PARQUET_EXPORT_SECRET;
- if (!ADMIN_SECRET) {
- return errorResponse(500, "Admin API is not configured");
- }
- if (event.request.headers.get("Authorization") !== `Bearer ${ADMIN_SECRET}`) {
- return errorResponse(401, "Unauthorized");
- }
- }
- const token = event.cookies.get(env.COOKIE_NAME);
- let secretSessionId: string;
- let sessionId: string;
- if (token) {
- secretSessionId = token;
- sessionId = await sha256(token);
- const user = await findUser(sessionId);
- if (user) {
- event.locals.user = user;
- }
- } else {
- // if the user doesn't have any cookie, we generate one for him
- secretSessionId = crypto.randomUUID();
- sessionId = await sha256(secretSessionId);
- if (await collections.sessions.findOne({ sessionId })) {
- return errorResponse(500, "Session ID collision");
- }
- }
- event.locals.sessionId = sessionId;
- // CSRF protection
- const requestContentType = event.request.headers.get("content-type")?.split(";")[0] ?? "";
- /** https://developer.mozilla.org/en-US/docs/Web/HTML/Element/form#attr-enctype */
- const nativeFormContentTypes = [
- "multipart/form-data",
- "application/x-www-form-urlencoded",
- "text/plain",
- ];
- if (event.request.method === "POST") {
- refreshSessionCookie(event.cookies, event.locals.sessionId);
- if (nativeFormContentTypes.includes(requestContentType)) {
- const origin = event.request.headers.get("origin");
- if (!origin) {
- return errorResponse(403, "Non-JSON form requests need to have an origin");
- }
- const validOrigins = [
- new URL(event.request.url).host,
- ...(envPublic.PUBLIC_ORIGIN ? [new URL(envPublic.PUBLIC_ORIGIN).host] : []),
- ];
- if (!validOrigins.includes(new URL(origin).host)) {
- return errorResponse(403, "Invalid referer for POST request");
- }
- }
- }
- if (event.request.method === "POST") {
- // if the request is a POST request we refresh the cookie
- refreshSessionCookie(event.cookies, secretSessionId);
- await collections.sessions.updateOne(
- { sessionId },
- { $set: { updatedAt: new Date(), expiresAt: addWeeks(new Date(), 2) } }
- );
- }
- if (
- !event.url.pathname.startsWith(`${base}/login`) &&
- !event.url.pathname.startsWith(`${base}/admin`) &&
- !["GET", "OPTIONS", "HEAD"].includes(event.request.method)
- ) {
- if (
- !event.locals.user &&
- requiresUser &&
- !((env.MESSAGES_BEFORE_LOGIN ? parseInt(env.MESSAGES_BEFORE_LOGIN) : 0) > 0)
- ) {
- return errorResponse(401, ERROR_MESSAGES.authOnly);
- }
- // if login is not required and the call is not from /settings and we display the ethics modal with PUBLIC_APP_DISCLAIMER
- // we check if the user has accepted the ethics modal first.
- // If login is required, `ethicsModalAcceptedAt` is already true at this point, so do not pass this condition. This saves a DB call.
- if (
- !requiresUser &&
- !event.url.pathname.startsWith(`${base}/settings`) &&
- !!envPublic.PUBLIC_APP_DISCLAIMER
- ) {
- const hasAcceptedEthicsModal = await collections.settings.countDocuments({
- sessionId: event.locals.sessionId,
- ethicsModalAcceptedAt: { $exists: true },
- });
- if (!hasAcceptedEthicsModal) {
- return errorResponse(405, "You need to accept the welcome modal first");
- }
- }
- }
- let replaced = false;
- const response = await resolve(event, {
- transformPageChunk: (chunk) => {
- // For some reason, Sveltekit doesn't let us load env variables from .env in the app.html template
- if (replaced || !chunk.html.includes("%gaId%")) {
- return chunk.html;
- }
- replaced = true;
- return chunk.html.replace("%gaId%", envPublic.PUBLIC_GOOGLE_ANALYTICS_ID);
- },
- });
- return response;
- };
|
Models
Annotations
Connect to our Discord channel