Closed BaiMoHan closed 8 months ago
Add auth via middleware.
same here
The code being open source, anybody found a trace of the key being leaked?
For anyone experiencing this issue, did you use docker push
with this repo? Doing so pushes this image with the .env file to a registry, possibly Docker hub. I see quite a few public images on there named chatbot-ui
with plenty of downloads.
I lost my openai key recently as well. Not certain that this app was the culprit tho.
Same here. Key got leaked somehow. I only used chatbot-ui locally behind my own auth page.
@seanchito @MrFuryian how long ago did you deploy? I'm trying to track down a source of the issue and found this comment: https://github.com/mckaywrigley/chatbot-ui/pull/449#issuecomment-1500154212
I wonder if a bug is racking up high usage even when the app is not in use, appearing to be a leak?
I don't think there's any versioning, so you can use git log
to see the latest commit in the repo to get a sense of which commit you have running.
@djsiroky I'm a git newb, but I was merging stuff from the beginning up til the end, mid-april. Openai api logs are shit, but the activity I see looks like lots of people doing different size requests, as if the key was shared somewhere. My key got swiped July 9, and they immediately ran it up to the $65 limit in 24hrs.
@seanchito Got it, definitely not a random bug. Thanks for replying. I think I'm going to look for other options instead of trying to track down the cause of this key leaking...
https://github.com/mckaywrigley/chatbot-ui/issues/923 same as this