search

SillyTavern / SillyTavern-Extras

Extensions API for SillyTavern.
GNU Affero General Public License v3.0
549 stars 124 forks source link

GET 401 - Unauthorized API key access. #79

Closed viktorpetkov000 closed 1 year ago

viktorpetkov000 commented 1 year ago

The following is a curl command, trying to access the extras API with --share and --secure. Asterisks for privacy.

Trying ...:443... Connected to ---.trycloudflare.com (...) port 443 (#0) schannel: disabled automatic use of client certificate ALPN: offers http/1.1 ALPN: server accepted http/1.1 GET / HTTP/1.1 Host: ---.trycloudflare.com User-Agent: curl/7.83.1 Accept: /

Mark bundle as not supporting multiuse HTTP/1.1 401 Unauthorized Date: Tue, 11 Jul 2023 23:31:45 GMT Content-Type: application/json Content-Length: 33 Connection: keep-alive CF-Ray: CF-Cache-Status: DYNAMIC Access-Control-Allow-Origin: Vary: Accept-Encoding X-Request-Duration: 0.0010099411010742188 Server: cloudflare

Using the API key provided with the correct API URL results in a 401 unauthorized api key error, both in the application and with external software. I'm not sure if I am doing something wrong or there is an issue with the API, however, I cannot successfully get --secure to work with --share, I'm forced to turn it off in order to access the api remotely.

Cohee1207 commented 1 year ago

How did you provide a key? You are trying to query the API directly or through SillyTavern app?

viktorpetkov000 commented 1 year ago

I use the API key that is generated when running the software with --secure. I tried querying through the SillyTavern app with no luck and then I tried querying directly with curl - still not luck. I tried also deleting the API key text file that is generated automatically and getting a new one - still no luck.

Cohee1207 commented 1 year ago

I tried it on my end (share and secure flags enabled), and everything appears to be working fine. Can you please confirm that you're running the latest versions for both pieces of software? image

viktorpetkov000 commented 1 year ago

I'm running the Dev build for SillyTavern but I don't think that's the issue, since the API key generation is from extras, which I have updated and I tried querying the API key directly anyways. I tried with --listen enabled and disabled, no difference.

viktorpetkov000 commented 1 year ago

Okay, I've gone ahead and fixed the issue for myself. It turns out that the requests.authorization token was empty for some reason. I can't explain why, I tried querying many times with different headers and no luck. Finally I got sick of it and just changed the code to use request.headers.get('Authorization'), also adding a single "Bearer " prefix to it, instead of getattr(request.authorization, 'token', ''). Now it works perfectly.