ollama not using api key
theoden8 opened this issue · 13 comments
Good afternoon,
First of all, thank you for a great project. It's by far the only F-Droid app that allows me to use self-hosted LLMs.
It seems that authentication with ollama using api key is not implemented at all, making the app recieve 403 when connecting to my authenticated endpoint.
I believe the parent class of ollama has token, while the child does not use it:
https://github.com/Mobile-Artificial-Intelligence/maid/blob/main/lib/classes/ollama_model.dart (search for "header")
Adding it to the header could be done like this:
Ahh yes I was aware of this but I forgot to fix it as I didn't think anyone was actually using ollama with a key. Its an easy fix.
I wanted to use ollama on mobile, so ssh -L isn't an option, but running without auth is a bit too much.
I'm using https://github.com/ParisNeo/ollama_proxy_server, which uses bearer token for api key. Not sure if it's compatible but openai client seems to get through.
I'm using langchain dart for ollama so I'll have to look if auth is an option for that.
When instantiating ChatOllama:
maid/lib/classes/ollama_model.dart
Lines 191 to 197 in 2479541
You can add custom headers using the headers field. E.g:
final chat = ChatOllama(
baseUrl: '$uri/api',
headers: { 'Authorization': 'Bearer: <token>' },
defaultOptions: ChatOllamaOptions(
model: name,
seed: seed
),
);OK this should work
https://github.com/Mobile-Artificial-Intelligence/maid/actions/runs/8966774761
Can't test it myself because I'm out of town and I don't have my laptop
The authentication seems to be missing from the headers. I've installed the version from the link you've provided. I think I'm supposed to see it? Or is it sent separately? As per doc.
Sorry for the delay, had trouble downloading the APK due to some DNS resolution thing.
127.0.0.1 - - [12/May/2024 12:12:45] "GET /api/tags HTTP/1.0" - -
User is not authorized
127.0.0.1 - - [12/May/2024 12:12:45] "GET /api/tags HTTP/1.0" 403 -
127.0.0.1 - - [12/May/2024 12:13:58] "GET /api/tags HTTP/1.0" - -
User is not authorized
127.0.0.1 - - [12/May/2024 12:13:58] "GET /api/tags HTTP/1.0" 403 -
Let me try and print what's being sent and what's being received.
So, here's the problem.
- https://github.com/Mobile-Artificial-Intelligence/maid/blob/main/lib/classes/ollama_model.dart#L140 doesn't have authorization
- https://github.com/Mobile-Artificial-Intelligence/maid/blob/main/lib/classes/ollama_model.dart#L239 doesn't have authorization
- The header keys are converted to lowercase. https://github.com/dart-lang/http/issues?q=is%3Aissue+is%3Aopen+lowercase
The latter is a server-side issue
Another problem is that "Bearer: " is incorrect as per https://datatracker.ietf.org/doc/html/rfc6750.
Check out my repo, it’s a simple, secure way to manage API key authentication for your Ollama apps with a Caddy server.