search

assafelovic / gpt-researcher

LLM based autonomous agent that conducts in-depth local and web research on any given topic
https://gptr.dev
Apache License 2.0
14.59k stars 1.94k forks source link

Secure the API #916

Open mcantrell opened 1 week ago

mcantrell commented 1 week ago

Given that the API provides endpoints (getConfig) to view secret keys, security seems necessary.

The current documentation probably also needs to be updated to reflect that the server should not be openly exposed to the internet due to the security risk (until this feature is added).

assafelovic commented 6 days ago

Which API are you referring to? Sorry not exactly understanding the main issue here

mcantrell commented 6 days ago

The docker container binds a python fastapi to all network adapters and exposes the API security keys to everyone who has network access:

image

To limit the potential for security leaks, maybe the services should only be available over localhost until there is a method to secure the API.

ElishaKay commented 5 days ago

great call @mcantrell

The original idea for the getConfig & setConfig routes was to make the onboarding experience smoother for running the full-stack app in development mode - i.e. so that developers getting started with the repo will have a clearer understanding (on the localhost:3000 frontend) of which env variables are required for which features of the app.

I wonder what it would take to make this "dev"=>"production" flow smoother.

Maybe an env variable SERVER_MODE which equals development or production & defaults to development

When SERVER_MODE="production", we could: a) hide the getConfig & setConfig routes b) hide the "API Variables" tab on the NextJS frontend c) leverage the docker networks feature to restrict access to localhost:8000 (related note here)

True, we'll need to clarify the docs, as well in the meantime to raise a flag with users that would like to run on linux

Feel free to open a PR with whatever you have time budget for if you'd like carve your name into the git tree

mcantrell commented 5 days ago

I think that changing the settings to use localhost by default would be enough really. That would certainly go a long way.

Maybe the security part should be up to the developer. I think we're planning on making a fork of the API and making our own UI with Auth0 integration for security but that might not be everyone's cup of tea.