MCPcopy
hub / github.com/mudler/LocalAI / RequireRouteFeature

Function RequireRouteFeature

core/http/auth/middleware.go:237–297  ·  view source on GitHub ↗

RequireRouteFeature returns a global middleware that checks the user has access to the feature required by the matched route. It uses the RouteFeatureRegistry to look up the required feature for each route pattern + HTTP method. If no entry matches, the request passes through (no restriction).

(db *gorm.DB)

Source from the content-addressed store, hash-verified

235// to look up the required feature for each route pattern + HTTP method.
236// If no entry matches, the request passes through (no restriction).
237func RequireRouteFeature(db *gorm.DB) echo.MiddlewareFunc {
238 if db == nil {
239 return NoopMiddleware()
240 }
241 // Pre-build lookup map: "METHOD:pattern" -> feature
242 lookup := map[string]string{}
243 for _, rf := range RouteFeatureRegistry {
244 lookup[rf.Method+":"+rf.Pattern] = rf.Feature
245 }
246 return func(next echo.HandlerFunc) echo.HandlerFunc {
247 return func(c echo.Context) error {
248 path := c.Path() // Echo route pattern (e.g. "/v1/engines/:model/completions")
249 method := c.Request().Method
250 feature := lookup[method+":"+path]
251 if feature == "" {
252 feature = lookup["*:"+path]
253 }
254 if feature == "" {
255 return next(c) // no restriction for this route
256 }
257 user := GetUser(c)
258 if user == nil {
259 return next(c) // auth middleware handles unauthenticated
260 }
261 if user.Role == RoleAdmin {
262 return next(c)
263 }
264 perm, err := GetCachedUserPermissions(c, db, user.ID)
265 if err != nil {
266 return c.JSON(http.StatusInternalServerError, schema.ErrorResponse{
267 Error: &schema.APIError{
268 Message: "failed to check permissions",
269 Code: http.StatusInternalServerError,
270 Type: "server_error",
271 },
272 })
273 }
274 val, exists := perm.Permissions[feature]
275 if !exists {
276 if !isDefaultOnFeature(feature) {
277 return c.JSON(http.StatusForbidden, schema.ErrorResponse{
278 Error: &schema.APIError{
279 Message: "feature not enabled for your account: " + feature,
280 Code: http.StatusForbidden,
281 Type: "authorization_error",
282 },
283 })
284 }
285 } else if !val {
286 return c.JSON(http.StatusForbidden, schema.ErrorResponse{
287 Error: &schema.APIError{
288 Message: "feature not enabled for your account: " + feature,
289 Code: http.StatusForbidden,
290 Type: "authorization_error",
291 },
292 })
293 }
294 return next(c)

Callers 1

APIFunction · 0.92

Calls 7

NoopMiddlewareFunction · 0.85
GetUserFunction · 0.85
GetCachedUserPermissionsFunction · 0.85
isDefaultOnFeatureFunction · 0.85
JSONMethod · 0.80
RequestMethod · 0.65
nextFunction · 0.50

Tested by

no test coverage detected