#Authentication

Hi,

So I added google auth and it appears to be working. But not capturing Accounts.
I click 'Continue with google' (I have two test users while I work out why SSL is broken, In a side note why is certbot not included in / added in your container? This would make life SO much easier)
It asks me to select My Google Account but then instead of login I get thrown back to login screen. As if Libre just said no session for you!

http://anathema.enchanting.digital/

Few things I've noticed to confirm:
It does try to forward to /c/new but fails as it has no session
Email login does work. But has a really annoying timeout that logs you out half way through a conversation.

Lastly as with the Open Chat I made sure I was the first person registered how do I tell if I'm in admin mode? There seems to be no useful settings or admin style panel anywhere?

(if the first user isn't promoted then how is this done)

(yes a simple UI for Certbot would make it EVEN better)

not sure about your google login issue, I can help with the admin thing tho

To see if you're the admin, you can look at your users db entry, but if you're not setup for that there's also a way in the UI

• Open the right hand sidebar
• select "Prompts"
• Click on "Manage"
• In the top right corner of the manage page you should have an admin menu

Oh... is that .. it?

Yes, you're the admin!

@exotic wagon ah cool ok... well guess thats something. So we have to write everything ourselves?
Guess at least the is a framework

Oh and does lead to another question. I noticed due to trying to lock it down there I've provided One LLM on Openrouter yet Multimodal automatically switches to an OpenAI model which isn't great as the LLM I've selected is also MultiModal

(Also it doesn't seem to ever switch the convo back to the original LLM so all of a sudden I'm talking to OpenAI (which no-body with half a brain wants) )

Soz if this turned into a novel ... I spent a frustrating week with LibreChat

@hallow tulip Again sorry for the TLDR. But I hope you can help. I like some of the changes you've made to Open Chat (But if you could explain the others I'd be forever grateful)

I believe this is related to : https://github.com/danny-avila/LibreChat/issues/4300#issuecomment-2387359064

P.S I know running multi containers is a cool docker thing to do. But also if this was composed as a live single VM it would again be so much easier..

(for example I know there is a mongoDB running "somewhere" but how to connect to atlas to actually see what's in it seems to be next to impossible)

mongodb is running on docker on your server, its data is stored in a folder and you can access it with mongo express for example: https://www.librechat.ai/blog/2023-11-30_mongoexpress

if you prefer to use mongo atlas it's also possible, you can specify an atlas URI in the env var and then manage the data with mongodb compass

I might be wrong. or reading this incorrectly but it doesn't appear to open port 27017 on the docker server? (Default)
and if I where to export it to my own server. Outside of the container... well reverse engineering vector index and container properties seems again tedious. And rather off-putting.

(and if it does open that port or another that scary as it appears its running in noauth mode.)

mongo express doesn't need to expose any port, it use the docker internal network

well I admit I'll have to look into it .. only ever used compass to manage mongo.

if you want to export your db from your server to Atlas so you can use compass, it is possible with the mongodump/mongorestore commands

@hallow tulip Hey bud still trying to get to the bottom of this authentication issue. I've tried a few different things aside from messing with the auth service as I assume if there is an issue there that no-one would be able to use google auth.

@hallow tulip I can confirm it appears to be whatever session manager is in use. As I've now added discord login. And the same looping occurs after selecting an account to login with.
Also signing up with a gmail address appears to work but when you try and login in reports that a "system error occurred" So while I'm still at odds on how Mongo is deployed ... I would guess both google auth and email signup have created duplicates?
Is the current release stable?

@hallow tulip To further extend on this TLDR.. I've checked the database and it appears the users are being added with the correct info from the provider.
And it also appears a new session is being created. So this would indicate that authentication is successful. Yet still ... loops.

Oh so another bug I found along the way. The system let me signup with an email address already added to the database by google. But did not add a duplicate to the database.

Anyway to save a scroll the site is up at http://anathema.enchanting.digital/

this is not a bug but rather a feature

we don't manage providers like all other since I personally find it annoying

@sage holly already found the issue

the site is not HTTPS

you need SSL certificate to authenticate with a secure provider

also btw, but it's not secure to allow registration to all users. You should first implement HTTPS, then block email and providers signups

otherwise move LC to a local network only

Actually. For google (which usually does require it) They have an exception system, If that's not set into testing mode. Then an error occurs on the google side.
And discord doesn't require SSL. But I'll fix that shortly anyway. If your saying its required by LC... That's interesting as login with email and password does work.
It does appear you are using some 3rd party middleware for this which seems like overkill. Integrating OAuth is not rocket science. (took me two seconds to set it up on https://www.enchanting.digital)

And yes. there is no accounting. which I also find rather shortsighted. Especially when it this appears to be a fork of Open Chat.. So user management and whole bunch of things have been actually removed....
So yes it is insecure to have it open for signup.

I assume that's what you mean by insecure. (letting anyone create an account and use my API keys)

I'm not sure what you mean by "this appears to be a fork of Open Chat"

LibreChat is not a fork of anything. It was started in January of 2023 long before most AI web apps

As in it looks identical to ChatGPT? I guess that could be a coincidence. As for what's been removed. Mostly user management, admin panels and any effective way to monetize.

a fork implies a starting codebase was used. I think the term you mean is "clone"

Well I assumed you took a copy of ChatGPT and made changes to it. however that is achieved isn't reallly important.

some of those things are planned, as for providing an effective way of monetizing, that is not the mission of this project, but many have done it using their own forks of LibreChat

there is no such thing.. what you see is a result of thousands of hours producing a comparable product, all open source

especially in January 2023, there were no other open source* AI chat apps, other than maybe streamlit, which I didn't even look at

And. yeah basically this started as me looking for help for stuff that wasn't covered by the docs. Hoping that I wouldn't have to reverse engineer to much. because it's well a complicated codebase.
To the point where I couldn;t argue with the other person above about it being insecure. Because I'm only half way through working out what does what.

The biggest being. people telling me that https is required for auth. And to "check google" the problem with that is google does have a dev mode that allows non https... though hours of reading your code I found it was the code that requires https.. which is wierd because the email auth doesn't

And the fact the session is still written to the database, again odd... but hey it seems to work providing SSL is setup. (A suggestion would be to include certbot and scripts to manage this instead of manually fiddling every 60 days.)

fyi streamlit does suck and isn't opensource.

I probably missed this reply. what even is open chat?

ChatGPT .. aka OpenUI

wandb/openui?

Should probably correct that typo

https://docs.openwebui.com/

Derp tired... 12:48am here

Why I concluded it was a fork is because this above. is also not really commercial in the fact that it uses insecure middleware transports and insecure routes

oh ok yea, this is another webui. OpenWebUI is written is svelte, these days it would have been easier to just recreate it from scratch instead of translating everything to TS/JS. Also FYI OpenWebUI was born after LibreChat

Open is ChatGPT everyones grandaddy...

wdym? I haven't read the whole chat. What middleware/insecure routes are we using?

OpenAI just released the source not long ago

where?

You said to take it offline because it was insecure, and I didn't know what you meant. And there are a few routes that are just silly like /config for example

So I locked it down as suggested and am busy re-writing the auth system to be a little more user friendly.

Again I'd have to check my desktop it was something like that and returns half of the ENV strings

I said to take it offline if you want to allow signups but also don't get bots. LC it self is secure but it's under MIT license, everyone has the signup disabled but UI accessible publicly on the internet

Oh fair enough. Well idk I needed an easy way to manage users and I'm building that in with my own Oauth libs.

we're not sending envs to the UI so you probably modified the code. Also, you can see /config values ​​only in dev or probably HTTP

yea sure, we will also build something like a "waiting for admin verification" thing in the future

@rough violet something I would look into cause it was a little annoying... I was testing a script that went a little nuts .. And LC's moderation system banned the admin account. .. me personally in my project I exclude admin from punishment... maybe its ego idk 😉

(basically I was testing how big the sys prompt could be before things got unstable)

yea I know, in testing this is possible. We could definetly make a env parameters (default to false) to allow banning admin accounts

Yeah. I will confess I wrote my first Ai App with JQuery and FastAPI ... (the www of my above domain) people will never understand how much it takes to make AI usable.

On .. any level...