changes

.github/workflows/release-aws-ecr.yml

@@ -0,0 +1,51 @@
+name: Release to AWS MLPoC ECR
+
+on: 
+  workflow_dispatch:
+    inputs:
+      source_docker_tag:
+        description: 'Source Image Tag'     
+        required: true
+        default: 'latest'
+      destination_docker_tag:
+        description: 'Destination Image Tag'  
+        required: true
+        default: 'latest'
+      account_id:
+        description: 'AWS Account ID'
+      region:
+        description: 'AWS Region'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    environment:
+      name: aws-ecr
+      url: https://aws.amazon.com/ecr/
+    permissions:
+      id-token: write
+    steps:
+      - name: 👨‍💻 Checkout repository
+        uses: actions/checkout@v4
+      - name: 'Login to GitHub Container Registry'
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{github.actor}}
+          password: ${{vars.DOCKER_CONTAINER_REGISTRY_TOKEN}}
+      - name: 🐳 Pull Image
+        run: |
+          docker pull ghcr.io/rio-tinto/open-webui:${{ github.event.inputs.source_docker_tag }}
+      - name: ☁️ Authenticate To AWS 
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ vars.MLPOC_BRUKER_GH_ROLE_ARN }}
+          role-session-name: DNA-Automation-Github-Actions-Session
+          aws-region: ${{ github.even.inputs.region }}
+      - name: ☁️ Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+      - name: 🐳 Tag and push docker image to Amazon ECR
+        run: |
+          docker tag ghcr.io/rio-tinto/open-webui:${{  github.event.inputs.source_docker_tag }} ${{ github.even.inputs.account_id }}.dkr.ecr.${{ github.even.inputs.region }}.amazonaws.com/open-webui:${{ github.event.inputs.destination_docker_tag }}
+          docker push ${{ github.even.inputs.account_id }}.dkr.ecr.${{ github.even.inputs.region }}.amazonaws.com/open-webui:${{ github.event.inputs.destination_docker_tag }}

backend/apps/webui/routers/auths.py

@@ -29,6 +29,7 @@
     get_admin_user,
     create_token,
     create_api_key,
+    decode_token_from_alb,
 )
 from utils.misc import parse_duration, validate_email_format
 from utils.webhook import post_webhook
@@ -127,8 +128,11 @@ async def signin(request: Request, response: Response, form_data: SigninForm):
         if WEBUI_AUTH_TRUSTED_EMAIL_HEADER not in request.headers:
             raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)
 
-        trusted_email = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER].lower()
+        jwt = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER]
+        trusted_email = decode_token_from_alb(jwt)["email"]
+        trusted_email = trusted_email.lower()
         trusted_name = trusted_email
+
         if WEBUI_AUTH_TRUSTED_NAME_HEADER:
             trusted_name = request.headers.get(
                 WEBUI_AUTH_TRUSTED_NAME_HEADER, trusted_email

backend/config.py

@@ -88,8 +88,8 @@ def filter(self, record: logging.LogRecord) -> bool:
 
 
 WEBUI_NAME = os.environ.get("WEBUI_NAME", "Open WebUI")
-if WEBUI_NAME != "Open WebUI":
-    WEBUI_NAME += " (Open WebUI)"
+# if WEBUI_NAME != "Open WebUI":
+#     WEBUI_NAME += " (Open WebUI)"
 
 WEBUI_URL = os.environ.get("WEBUI_URL", "http://localhost:3000")
 

backend/utils/utils.py

@@ -54,6 +54,17 @@ def decode_token(token: str) -> Optional[dict]:
     except Exception:
         return None
 
+
+def decode_token_from_alb(token: str) -> Optional[dict]:
+    try:
+        payload = jwt.decode(token, options={"verify_signature": False})
+        logging.info(payload)
+        return payload
+    except Exception as e:
+        print(e)
+        logging.info(e)
+        return None
+
 
 def extract_token_from_auth_header(auth_header: str):
     return auth_header[len("Bearer ") :]