diff --git a/.github/workflows/docker-build.yaml b/.github/workflows/docker-build.yaml index 03dcf84556..f7aa81ec13 100644 --- a/.github/workflows/docker-build.yaml +++ b/.github/workflows/docker-build.yaml @@ -6,6 +6,7 @@ on: branches: - main - dev + - changes tags: - v* diff --git a/.github/workflows/release-aws-ecr.yml b/.github/workflows/release-aws-ecr.yml new file mode 100644 index 0000000000..bf6d6fb4c2 --- /dev/null +++ b/.github/workflows/release-aws-ecr.yml @@ -0,0 +1,51 @@ +name: Release to AWS MLPoC ECR + +on: + workflow_dispatch: + inputs: + source_docker_tag: + description: 'Source Image Tag' + required: true + default: 'latest' + destination_docker_tag: + description: 'Destination Image Tag' + required: true + default: 'latest' + account_id: + description: 'AWS Account ID' + region: + description: 'AWS Region' + +jobs: + release: + runs-on: ubuntu-latest + environment: + name: aws-ecr + url: https://aws.amazon.com/ecr/ + permissions: + id-token: write + steps: + - name: 👨‍💻 Checkout repository + uses: actions/checkout@v4 + - name: 'Login to GitHub Container Registry' + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{github.actor}} + password: ${{vars.DOCKER_CONTAINER_REGISTRY_TOKEN}} + - name: 🐳 Pull Image + run: | + docker pull ghcr.io/rio-tinto/open-webui:${{ github.event.inputs.source_docker_tag }} + - name: ☁️ Authenticate To AWS + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: ${{ vars.MLPOC_BRUKER_GH_ROLE_ARN }} + role-session-name: DNA-Automation-Github-Actions-Session + aws-region: ap-southeast-2 + - name: ☁️ Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + - name: 🐳 Tag and push docker image to Amazon ECR + run: | + docker tag ghcr.io/rio-tinto/open-webui:${{ github.event.inputs.source_docker_tag }} ${{ github.event.inputs.account_id }}.dkr.ecr.${{ github.event.inputs.region }}.amazonaws.com/open-webui:${{ github.event.inputs.destination_docker_tag }} + docker push ${{ github.event.inputs.account_id }}.dkr.ecr.${{ github.event.inputs.region }}.amazonaws.com/open-webui:${{ github.event.inputs.destination_docker_tag }} \ No newline at end of file diff --git a/backend/open_webui/apps/webui/routers/auths.py b/backend/open_webui/apps/webui/routers/auths.py index 563fc145f1..5e1033f1ff 100644 --- a/backend/open_webui/apps/webui/routers/auths.py +++ b/backend/open_webui/apps/webui/routers/auths.py @@ -29,6 +29,7 @@ get_admin_user, get_current_user, get_password_hash, + decode_token_from_alb, ) from open_webui.utils.webhook import post_webhook @@ -120,8 +121,11 @@ async def signin(request: Request, response: Response, form_data: SigninForm): if WEBUI_AUTH_TRUSTED_EMAIL_HEADER not in request.headers: raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_TRUSTED_HEADER) - trusted_email = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER].lower() + jwt = request.headers[WEBUI_AUTH_TRUSTED_EMAIL_HEADER] + trusted_email = decode_token_from_alb(jwt)["email"] + trusted_email = trusted_email.lower() trusted_name = trusted_email + if WEBUI_AUTH_TRUSTED_NAME_HEADER: trusted_name = request.headers.get( WEBUI_AUTH_TRUSTED_NAME_HEADER, trusted_email diff --git a/backend/open_webui/env.py b/backend/open_webui/env.py index fbf22d84d2..b043edce59 100644 --- a/backend/open_webui/env.py +++ b/backend/open_webui/env.py @@ -100,8 +100,8 @@ WEBUI_NAME = os.environ.get("WEBUI_NAME", "Open WebUI") -if WEBUI_NAME != "Open WebUI": - WEBUI_NAME += " (Open WebUI)" +# if WEBUI_NAME != "Open WebUI": +# WEBUI_NAME += " (Open WebUI)" WEBUI_URL = os.environ.get("WEBUI_URL", "http://localhost:3000") diff --git a/backend/open_webui/static/favicon.png b/backend/open_webui/static/favicon.png index 2b20747808..fa631112ae 100644 Binary files a/backend/open_webui/static/favicon.png and b/backend/open_webui/static/favicon.png differ diff --git a/backend/open_webui/static/logo.png b/backend/open_webui/static/logo.png index 519af1db62..362c2540c6 100644 Binary files a/backend/open_webui/static/logo.png and b/backend/open_webui/static/logo.png differ diff --git a/backend/open_webui/static/splash.png b/backend/open_webui/static/splash.png index 389196ca6a..87a86b7208 100644 Binary files a/backend/open_webui/static/splash.png and b/backend/open_webui/static/splash.png differ diff --git a/backend/open_webui/utils/utils.py b/backend/open_webui/utils/utils.py index 45a7eef305..dd90c65d6c 100644 --- a/backend/open_webui/utils/utils.py +++ b/backend/open_webui/utils/utils.py @@ -54,6 +54,17 @@ def decode_token(token: str) -> Optional[dict]: return None +def decode_token_from_alb(token: str) -> Optional[dict]: + try: + payload = jwt.decode(token, options={"verify_signature": False}) + logging.info(payload) + return payload + except Exception as e: + print(e) + logging.info(e) + return None + + def extract_token_from_auth_header(auth_header: str): return auth_header[len("Bearer ") :] diff --git a/static/favicon.png b/static/favicon.png index 2b20747808..fa631112ae 100644 Binary files a/static/favicon.png and b/static/favicon.png differ diff --git a/static/static/favicon.png b/static/static/favicon.png index 2b20747808..fa631112ae 100644 Binary files a/static/static/favicon.png and b/static/static/favicon.png differ diff --git a/static/static/splash-dark.png b/static/static/splash-dark.png index 202c03f8e4..87a86b7208 100644 Binary files a/static/static/splash-dark.png and b/static/static/splash-dark.png differ diff --git a/static/static/splash.png b/static/static/splash.png index 389196ca6a..87a86b7208 100644 Binary files a/static/static/splash.png and b/static/static/splash.png differ