From 213c5fe6a7e68e5f7eb742f3bd52f51c9a281741 Mon Sep 17 00:00:00 2001
From: nitinkr0411 <nitin.kumar@riotinto.com>
Date: Sun, 18 Aug 2024 19:15:52 +0000
Subject: [PATCH] changes

---
 .github/workflows/release-aws-ecr.yml | 51 +++++++++++++++++++++++++++
 backend/apps/webui/routers/auths.py   |  6 +++-
 backend/config.py                     |  4 +--
 backend/utils/utils.py                | 11 ++++++
 4 files changed, 69 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/release-aws-ecr.yml

diff --git a/.github/workflows/release-aws-ecr.yml b/.github/workflows/release-aws-ecr.yml
new file mode 100644
index 0000000000..4ab1fa010e
--- /dev/null
+++ b/.github/workflows/release-aws-ecr.yml
@@ -0,0 +1,51 @@
+name: Release to AWS MLPoC ECR
+
+on: 
+  workflow_dispatch:
+    inputs:
+      source_docker_tag:
+        description: 'Source Image Tag'     
+        required: true
+        default: 'latest'
+      destination_docker_tag:
+        description: 'Destination Image Tag'  
+        required: true
+        default: 'latest'
+      account_id:
+        description: 'AWS Account ID'
+      region:
+        description: 'AWS Region'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    environment:
+      name: aws-ecr
+      url: https://aws.amazon.com/ecr/
+    permissions:
+      id-token: write
+    steps:
+      - name: 👨‍💻 Checkout repository
+        uses: actions/checkout@v4
+      - name: 'Login to GitHub Container Registry'
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{github.actor}}
+          password: ${{vars.DOCKER_CONTAINER_REGISTRY_TOKEN}}
+      - name: 🐳 Pull Image
+        run: |
+          docker pull ghcr.io/rio-tinto/open-webui:${{ github.event.inputs.source_docker_tag }}
+      - name: ☁️ Authenticate To AWS 
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ vars.MLPOC_BRUKER_GH_ROLE_ARN }}
+          role-session-name: DNA-Automation-Github-Actions-Session
+          aws-region: ${{ github.even.inputs.region }}
+      - name: ☁️ Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+      - name: 🐳 Tag and push docker image to Amazon ECR
+        run: |
+          docker tag ghcr.io/rio-tinto/open-webui:${{  github.event.inputs.source_docker_tag }} ${{ github.even.inputs.account_id }}.dkr.ecr.${{ github.even.inputs.region }}.amazonaws.com/open-webui:${{ github.event.inputs.destination_docker_tag }}
+          docker push ${{ github.even.inputs.account_id }}.dkr.ecr.${{ github.even.inputs.region }}.amazonaws.com/open-webui:${{ github.event.inputs.destination_docker_tag }}
\ No newline at end of file
diff --git a/backend/apps/webui/routers/auths.py b/backend/apps/webui/routers/auths.py
index e2d6a5036f..9676f78b56 100644
--- a/backend/apps/webui/routers/auths.py
+++ b/backend/apps/webui/routers/auths.py
@@ -29,6 +29,7 @@
     get_admin_user,
     create_token,
     create_api_key,
+    decode_token_from_alb,
 )
 from utils.misc import parse_duration, validate_email_format
 from utils.webhook import post_webhook
@@ -127,8 +128,11 @@ async def signin(request: Request, response: Response, form_data: SigninForm):
         if WEBUI_AUTH_TRUSTED_EMAIL_HEADER not in request.headers:
             raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER)
 
-        trusted_email = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER].lower()
+        jwt = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER]
+        trusted_email = decode_token_from_alb(jwt)["email"]
+        trusted_email = trusted_email.lower()
         trusted_name = trusted_email
+        
         if WEBUI_AUTH_TRUSTED_NAME_HEADER:
             trusted_name = request.headers.get(
                 WEBUI_AUTH_TRUSTED_NAME_HEADER, trusted_email
diff --git a/backend/config.py b/backend/config.py
index 07ee06a58c..d564aed2ce 100644
--- a/backend/config.py
+++ b/backend/config.py
@@ -88,8 +88,8 @@ def filter(self, record: logging.LogRecord) -> bool:
 
 
 WEBUI_NAME = os.environ.get("WEBUI_NAME", "Open WebUI")
-if WEBUI_NAME != "Open WebUI":
-    WEBUI_NAME += " (Open WebUI)"
+# if WEBUI_NAME != "Open WebUI":
+#     WEBUI_NAME += " (Open WebUI)"
 
 WEBUI_URL = os.environ.get("WEBUI_URL", "http://localhost:3000")
 
diff --git a/backend/utils/utils.py b/backend/utils/utils.py
index 288db1fb54..ddac6f2181 100644
--- a/backend/utils/utils.py
+++ b/backend/utils/utils.py
@@ -54,6 +54,17 @@ def decode_token(token: str) -> Optional[dict]:
     except Exception:
         return None
 
+    
+def decode_token_from_alb(token: str) -> Optional[dict]:
+    try:
+        payload = jwt.decode(token, options={"verify_signature": False})
+        logging.info(payload)
+        return payload
+    except Exception as e:
+        print(e)
+        logging.info(e)
+        return None
+
 
 def extract_token_from_auth_header(auth_header: str):
     return auth_header[len("Bearer ") :]