const fs = require('fs'); const path = require('path'); const express = require('express'); const { getConfigValue } = require('../util'); const writeFileAtomicSync = require('write-file-atomic').sync; const { jsonParser } = require('../express-common'); const SECRETS_FILE = 'secrets.json'; const SECRET_KEYS = { HORDE: 'api_key_horde', MANCER: 'api_key_mancer', VLLM: 'api_key_vllm', APHRODITE: 'api_key_aphrodite', TABBY: 'api_key_tabby', OPENAI: 'api_key_openai', NOVEL: 'api_key_novel', CLAUDE: 'api_key_claude', DEEPL: 'deepl', LIBRE: 'libre', LIBRE_URL: 'libre_url', LINGVA_URL: 'lingva_url', OPENROUTER: 'api_key_openrouter', SCALE: 'api_key_scale', AI21: 'api_key_ai21', SCALE_COOKIE: 'scale_cookie', ONERING_URL: 'oneringtranslator_url', DEEPLX_URL: 'deeplx_url', MAKERSUITE: 'api_key_makersuite', SERPAPI: 'api_key_serpapi', TOGETHERAI: 'api_key_togetherai', MISTRALAI: 'api_key_mistralai', CUSTOM: 'api_key_custom', OOBA: 'api_key_ooba', INFERMATICAI: 'api_key_infermaticai', DREAMGEN: 'api_key_dreamgen', NOMICAI: 'api_key_nomicai', KOBOLDCPP: 'api_key_koboldcpp', LLAMACPP: 'api_key_llamacpp', COHERE: 'api_key_cohere', PERPLEXITY: 'api_key_perplexity', GROQ: 'api_key_groq', AZURE_TTS: 'api_key_azure_tts', FEATHERLESS: 'api_key_featherless', ZEROONEAI: 'api_key_01ai', HUGGINGFACE: 'api_key_huggingface', STABILITY: 'api_key_stability', BLOCKENTROPY: 'api_key_blockentropy', CUSTOM_OPENAI_TTS: 'api_key_custom_openai_tts', }; // These are the keys that are safe to expose, even if allowKeysExposure is false const EXPORTABLE_KEYS = [ SECRET_KEYS.LIBRE_URL, SECRET_KEYS.LINGVA_URL, SECRET_KEYS.ONERING_URL, SECRET_KEYS.DEEPLX_URL, ]; /** * Writes a secret to the secrets file * @param {import('../users').UserDirectoryList} directories User directories * @param {string} key Secret key * @param {string} value Secret value */ function writeSecret(directories, key, value) { const filePath = path.join(directories.root, SECRETS_FILE); if (!fs.existsSync(filePath)) { const emptyFile = JSON.stringify({}); writeFileAtomicSync(filePath, emptyFile, 'utf-8'); } const fileContents = fs.readFileSync(filePath, 'utf-8'); const secrets = JSON.parse(fileContents); secrets[key] = value; writeFileAtomicSync(filePath, JSON.stringify(secrets, null, 4), 'utf-8'); } /** * Deletes a secret from the secrets file * @param {import('../users').UserDirectoryList} directories User directories * @param {string} key Secret key * @returns */ function deleteSecret(directories, key) { const filePath = path.join(directories.root, SECRETS_FILE); if (!fs.existsSync(filePath)) { return; } const fileContents = fs.readFileSync(filePath, 'utf-8'); const secrets = JSON.parse(fileContents); delete secrets[key]; writeFileAtomicSync(filePath, JSON.stringify(secrets, null, 4), 'utf-8'); } /** * Reads a secret from the secrets file * @param {import('../users').UserDirectoryList} directories User directories * @param {string} key Secret key * @returns {string} Secret value */ function readSecret(directories, key) { const filePath = path.join(directories.root, SECRETS_FILE); if (!fs.existsSync(filePath)) { return ''; } const fileContents = fs.readFileSync(filePath, 'utf-8'); const secrets = JSON.parse(fileContents); return secrets[key]; } /** * Reads the secret state from the secrets file * @param {import('../users').UserDirectoryList} directories User directories * @returns {object} Secret state */ function readSecretState(directories) { const filePath = path.join(directories.root, SECRETS_FILE); if (!fs.existsSync(filePath)) { return {}; } const fileContents = fs.readFileSync(filePath, 'utf8'); const secrets = JSON.parse(fileContents); const state = {}; for (const key of Object.values(SECRET_KEYS)) { state[key] = !!secrets[key]; // convert to boolean } return state; } /** * Reads all secrets from the secrets file * @param {import('../users').UserDirectoryList} directories User directories * @returns {Record | undefined} Secrets */ function getAllSecrets(directories) { const filePath = path.join(directories.root, SECRETS_FILE); if (!fs.existsSync(filePath)) { console.log('Secrets file does not exist'); return undefined; } const fileContents = fs.readFileSync(filePath, 'utf8'); const secrets = JSON.parse(fileContents); return secrets; } const router = express.Router(); router.post('/write', jsonParser, (request, response) => { const key = request.body.key; const value = request.body.value; writeSecret(request.user.directories, key, value); return response.send('ok'); }); router.post('/read', jsonParser, (request, response) => { try { const state = readSecretState(request.user.directories); return response.send(state); } catch (error) { console.error(error); return response.send({}); } }); router.post('/view', jsonParser, async (request, response) => { const allowKeysExposure = getConfigValue('allowKeysExposure', false); if (!allowKeysExposure) { console.error('secrets.json could not be viewed unless the value of allowKeysExposure in config.yaml is set to true'); return response.sendStatus(403); } try { const secrets = getAllSecrets(request.user.directories); if (!secrets) { return response.sendStatus(404); } return response.send(secrets); } catch (error) { console.error(error); return response.sendStatus(500); } }); router.post('/find', jsonParser, (request, response) => { const allowKeysExposure = getConfigValue('allowKeysExposure', false); const key = request.body.key; if (!allowKeysExposure && !EXPORTABLE_KEYS.includes(key)) { console.error('Cannot fetch secrets unless allowKeysExposure in config.yaml is set to true'); return response.sendStatus(403); } try { const secret = readSecret(request.user.directories, key); if (!secret) { response.sendStatus(404); } return response.send({ value: secret }); } catch (error) { console.error(error); return response.sendStatus(500); } }); module.exports = { writeSecret, readSecret, deleteSecret, readSecretState, getAllSecrets, SECRET_KEYS, router, };