CHAI
/
chtech-anythingllm
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
235 MiB
Tree: 49c520f08a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '49c520f08a'
${ noResults }
chtech-anythingllm/server/endpoints/admin.js

556 lines
17 KiB
Raw Normal View History

first commit
11 months ago
  1. const { ApiKey } = require("../models/apiKeys");
  2. const { Document } = require("../models/documents");
  3. const { EventLogs } = require("../models/eventLogs");
  4. const { Invite } = require("../models/invite");
  5. const { SystemSettings } = require("../models/systemSettings");
  6. const { Telemetry } = require("../models/telemetry");
  7. const { User } = require("../models/user");
  8. const { DocumentVectors } = require("../models/vectors");
  9. const { Workspace } = require("../models/workspace");
  10. const { WorkspaceChats } = require("../models/workspaceChats");
  11. const {
  12. getVectorDbClass,
  13. getEmbeddingEngineSelection,
  14. } = require("../utils/helpers");
  15. const {
  16. validRoleSelection,
  17. canModifyAdmin,
  18. validCanModify,
  19. } = require("../utils/helpers/admin");
  20. const { reqBody, userFromSession, safeJsonParse } = require("../utils/http");
  21. const {
  22. strictMultiUserRoleValid,
  23. flexUserRoleValid,
  24. ROLES,
  25. } = require("../utils/middleware/multiUserProtected");
  26. const { validatedRequest } = require("../utils/middleware/validatedRequest");
  27. const ImportedPlugin = require("../utils/agents/imported");
  29. function adminEndpoints(app) {
  30. if (!app) return;
  32. app.get(
  33. "/admin/users",
  34. [validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
  35. async (_request, response) => {
  36. try {
  37. const users = await User.where();
  38. response.status(200).json({ users });
  39. } catch (e) {
  40. console.error(e);
  41. response.sendStatus(500).end();
  42. }
  43. }
  44. );
  46. app.post(
  47. "/admin/users/new",
  48. [validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
  49. async (request, response) => {
  50. try {
  51. const currUser = await userFromSession(request, response);
  52. const newUserParams = reqBody(request);
  53. const roleValidation = validRoleSelection(currUser, newUserParams);
  55. if (!roleValidation.valid) {
  56. response
  57. .status(200)
  58. .json({ user: null, error: roleValidation.error });
  59. return;
  60. }
  62. const { user: newUser, error } = await User.create(newUserParams);
  63. if (!!newUser) {
  64. await EventLogs.logEvent(
  65. "user_created",
  66. {
  67. userName: newUser.username,
  68. createdBy: currUser.username,
  69. },
  70. currUser.id
  71. );
  72. }
  74. response.status(200).json({ user: newUser, error });
  75. } catch (e) {
  76. console.error(e);
  77. response.sendStatus(500).end();
  78. }
  79. }
  80. );
  82. app.post(
  83. "/admin/user/:id",
  84. [validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
  85. async (request, response) => {
  86. try {
  87. const currUser = await userFromSession(request, response);
  88. const { id } = request.params;
  89. const updates = reqBody(request);
  90. const user = await User.get({ id: Number(id) });
  92. const canModify = validCanModify(currUser, user);
  93. if (!canModify.valid) {
  94. response.status(200).json({ success: false, error: canModify.error });
  95. return;
  96. }
  98. const roleValidation = validRoleSelection(currUser, updates);
  99. if (!roleValidation.valid) {
  100. response
  101. .status(200)
  102. .json({ success: false, error: roleValidation.error });
  103. return;
  104. }
  106. const validAdminRoleModification = await canModifyAdmin(user, updates);
  107. if (!validAdminRoleModification.valid) {
  108. response
  109. .status(200)
  110. .json({ success: false, error: validAdminRoleModification.error });
  111. return;
  112. }
  114. const { success, error } = await User.update(id, updates);
  115. response.status(200).json({ success, error });
  116. } catch (e) {
  117. console.error(e);
  118. response.sendStatus(500).end();
  119. }
  120. }
  121. );
  123. app.delete(
  124. "/admin/user/:id",
  125. [validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
  126. async (request, response) => {
  127. try {
  128. const currUser = await userFromSession(request, response);
  129. const { id } = request.params;
  130. const user = await User.get({ id: Number(id) });
  132. const canModify = validCanModify(currUser, user);
  133. if (!canModify.valid) {
  134. response.status(200).json({ success: false, error: canModify.error });
  135. return;
  136. }
  138. await User.delete({ id: Number(id) });
  139. await EventLogs.logEvent(
  140. "user_deleted",
  141. {
  142. userName: user.username,
  143. deletedBy: currUser.username,
  144. },
  145. currUser.id
  146. );
  147. response.status(200).json({ success: true, error: null });
  148. } catch (e) {
  149. console.error(e);
  150. response.sendStatus(500).end();
  151. }
  152. }
  153. );
  155. app.get(
  156. "/admin/invites",
  157. [validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
  158. async (_request, response) => {
  159. try {
  160. const invites = await Invite.whereWithUsers();
  161. response.status(200).json({ invites });
  162. } catch (e) {
  163. console.error(e);
  164. response.sendStatus(500).end();
  165. }
  166. }
  167. );
  169. app.post(
  170. "/admin/invite/new",
  171. [validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
  172. async (request, response) => {
  173. try {
  174. const user = await userFromSession(request, response);
  175. const body = reqBody(request);
  176. const { invite, error } = await Invite.create({
  177. createdByUserId: user.id,
  178. workspaceIds: body?.workspaceIds || [],
  179. });
  181. await EventLogs.logEvent(
  182. "invite_created",
  183. {
  184. inviteCode: invite.code,
  185. createdBy: response.locals?.user?.username,
  186. },
  187. response.locals?.user?.id
  188. );
  189. response.status(200).json({ invite, error });
  190. } catch (e) {
  191. console.error(e);
  192. response.sendStatus(500).end();
  193. }
  194. }
  195. );
  197. app.delete(
  198. "/admin/invite/:id",
  199. [validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
  200. async (request, response) => {
  201. try {
  202. const { id } = request.params;
  203. const { success, error } = await Invite.deactivate(id);
  204. await EventLogs.logEvent(
  205. "invite_deleted",
  206. { deletedBy: response.locals?.user?.username },
  207. response.locals?.user?.id
  208. );
  209. response.status(200).json({ success, error });
  210. } catch (e) {
  211. console.error(e);
  212. response.sendStatus(500).end();
  213. }
  214. }
  215. );
  217. app.get(
  218. "/admin/workspaces",
  219. [validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
  220. async (_request, response) => {
  221. try {
  222. const workspaces = await Workspace.whereWithUsers();
  223. response.status(200).json({ workspaces });
  224. } catch (e) {
  225. console.error(e);
  226. response.sendStatus(500).end();
  227. }
  228. }
  229. );
  231. app.get(
  232. "/admin/workspaces/:workspaceId/users",
  233. [validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
  234. async (request, response) => {
  235. try {
  236. const { workspaceId } = request.params;
  237. const users = await Workspace.workspaceUsers(workspaceId);
  238. response.status(200).json({ users });
  239. } catch (e) {
  240. console.error(e);
  241. response.sendStatus(500).end();
  242. }
  243. }
  244. );
  246. app.post(
  247. "/admin/workspaces/new",
  248. [validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
  249. async (request, response) => {
  250. try {
  251. const user = await userFromSession(request, response);
  252. const { name } = reqBody(request);
  253. const { workspace, message: error } = await Workspace.new(
  254. name,
  255. user.id
  256. );
  257. response.status(200).json({ workspace, error });
  258. } catch (e) {
  259. console.error(e);
  260. response.sendStatus(500).end();
  261. }
  262. }
  263. );
  265. app.post(
  266. "/admin/workspaces/:workspaceId/update-users",
  267. [validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
  268. async (request, response) => {
  269. try {
  270. const { workspaceId } = request.params;
  271. const { userIds } = reqBody(request);
  272. const { success, error } = await Workspace.updateUsers(
  273. workspaceId,
  274. userIds
  275. );
  276. response.status(200).json({ success, error });
  277. } catch (e) {
  278. console.error(e);
  279. response.sendStatus(500).end();
  280. }
  281. }
  282. );
  284. app.delete(
  285. "/admin/workspaces/:id",
  286. [validatedRequest, strictMultiUserRoleValid([ROLES.admin, ROLES.manager])],
  287. async (request, response) => {
  288. try {
  289. const { id } = request.params;
  290. const VectorDb = getVectorDbClass();
  291. const workspace = await Workspace.get({ id: Number(id) });
  292. if (!workspace) {
  293. response.sendStatus(404).end();
  294. return;
  295. }
  297. await WorkspaceChats.delete({ workspaceId: Number(workspace.id) });
  298. await DocumentVectors.deleteForWorkspace(Number(workspace.id));
  299. await Document.delete({ workspaceId: Number(workspace.id) });
  300. await Workspace.delete({ id: Number(workspace.id) });
  301. try {
  302. await VectorDb["delete-namespace"]({ namespace: workspace.slug });
  303. } catch (e) {
  304. console.error(e.message);
  305. }
  307. response.status(200).json({ success: true, error: null });
  308. } catch (e) {
  309. console.error(e);
  310. response.sendStatus(500).end();
  311. }
  312. }
  313. );
  315. // System preferences but only by array of labels
  316. app.get(
  317. "/admin/system-preferences-for",
  318. [validatedRequest, flexUserRoleValid([ROLES.admin, ROLES.manager])],
  319. async (request, response) => {
  320. try {
  321. const requestedSettings = {};
  322. const labels = request.query.labels?.split(",") || [];
  323. const needEmbedder = [
  324. "text_splitter_chunk_size",
  325. "max_embed_chunk_size",
  326. ];
  327. const noRecord = [
  328. "max_embed_chunk_size",
  329. "agent_sql_connections",
  330. "imported_agent_skills",
  331. "feature_flags",
  332. "meta_page_title",
  333. "meta_page_favicon",
  334. ];
  336. for (const label of labels) {
  337. // Skip any settings that are not explicitly defined as public
  338. if (!SystemSettings.publicFields.includes(label)) continue;
  340. // Only get the embedder if the setting actually needs it
  341. let embedder = needEmbedder.includes(label)
  342. ? getEmbeddingEngineSelection()
  343. : null;
  344. // Only get the record from db if the setting actually needs it
  345. let setting = noRecord.includes(label)
  346. ? null
  347. : await SystemSettings.get({ label });
  349. switch (label) {
  350. case "footer_data":
  351. requestedSettings[label] = setting?.value ?? JSON.stringify([]);
  352. break;
  353. case "support_email":
  354. requestedSettings[label] = setting?.value || null;
  355. break;
  356. case "text_splitter_chunk_size":
  357. requestedSettings[label] =
  358. setting?.value || embedder?.embeddingMaxChunkLength || null;
  359. break;
  360. case "text_splitter_chunk_overlap":
  361. requestedSettings[label] = setting?.value || null;
  362. break;
  363. case "max_embed_chunk_size":
  364. requestedSettings[label] =
  365. embedder?.embeddingMaxChunkLength || 1000;
  366. break;
  367. case "agent_search_provider":
  368. requestedSettings[label] = setting?.value || null;
  369. break;
  370. case "agent_sql_connections":
  371. requestedSettings[label] =
  372. await SystemSettings.brief.agent_sql_connections();
  373. break;
  374. case "default_agent_skills":
  375. requestedSettings[label] = safeJsonParse(setting?.value, []);
  376. break;
  377. case "disabled_agent_skills":
  378. requestedSettings[label] = safeJsonParse(setting?.value, []);
  379. break;
  380. case "imported_agent_skills":
  381. requestedSettings[label] = ImportedPlugin.listImportedPlugins();
  382. break;
  383. case "custom_app_name":
  384. requestedSettings[label] = setting?.value || null;
  385. break;
  386. case "feature_flags":
  387. requestedSettings[label] =
  388. (await SystemSettings.getFeatureFlags()) || {};
  389. break;
  390. case "meta_page_title":
  391. requestedSettings[label] =
  392. await SystemSettings.getValueOrFallback({ label }, null);
  393. break;
  394. case "meta_page_favicon":
  395. requestedSettings[label] =
  396. await SystemSettings.getValueOrFallback({ label }, null);
  397. break;
  398. default:
  399. break;
  400. }
  401. }
  403. response.status(200).json({ settings: requestedSettings });
  404. } catch (e) {
  405. console.error(e);
  406. response.sendStatus(500).end();
  407. }
  408. }
  409. );
  411. // TODO: Delete this endpoint
  412. // DEPRECATED - use /admin/system-preferences-for instead with ?labels=... comma separated string of labels
  413. app.get(
  414. "/admin/system-preferences",
  415. [validatedRequest, flexUserRoleValid([ROLES.admin, ROLES.manager])],
  416. async (_, response) => {
  417. try {
  418. const embedder = getEmbeddingEngineSelection();
  419. const settings = {
  420. footer_data:
  421. (await SystemSettings.get({ label: "footer_data" }))?.value ||
  422. JSON.stringify([]),
  423. support_email:
  424. (await SystemSettings.get({ label: "support_email" }))?.value ||
  425. null,
  426. text_splitter_chunk_size:
  427. (await SystemSettings.get({ label: "text_splitter_chunk_size" }))
  428. ?.value ||
  429. embedder?.embeddingMaxChunkLength ||
  430. null,
  431. text_splitter_chunk_overlap:
  432. (await SystemSettings.get({ label: "text_splitter_chunk_overlap" }))
  433. ?.value || null,
  434. max_embed_chunk_size: embedder?.embeddingMaxChunkLength || 1000,
  435. agent_search_provider:
  436. (await SystemSettings.get({ label: "agent_search_provider" }))
  437. ?.value || null,
  438. agent_sql_connections:
  439. await SystemSettings.brief.agent_sql_connections(),
  440. default_agent_skills:
  441. safeJsonParse(
  442. (await SystemSettings.get({ label: "default_agent_skills" }))
  443. ?.value,
  444. []
  445. ) || [],
  446. disabled_agent_skills:
  447. safeJsonParse(
  448. (await SystemSettings.get({ label: "disabled_agent_skills" }))
  449. ?.value,
  450. []
  451. ) || [],
  452. imported_agent_skills: ImportedPlugin.listImportedPlugins(),
  453. custom_app_name:
  454. (await SystemSettings.get({ label: "custom_app_name" }))?.value ||
  455. null,
  456. feature_flags: (await SystemSettings.getFeatureFlags()) || {},
  457. meta_page_title: await SystemSettings.getValueOrFallback(
  458. { label: "meta_page_title" },
  459. null
  460. ),
  461. meta_page_favicon: await SystemSettings.getValueOrFallback(
  462. { label: "meta_page_favicon" },
  463. null
  464. ),
  465. };
  466. response.status(200).json({ settings });
  467. } catch (e) {
  468. console.error(e);
  469. response.sendStatus(500).end();
  470. }
  471. }
  472. );
  474. app.post(
  475. "/admin/system-preferences",
  476. [validatedRequest, flexUserRoleValid([ROLES.admin, ROLES.manager])],
  477. async (request, response) => {
  478. try {
  479. const updates = reqBody(request);
  480. await SystemSettings.updateSettings(updates);
  481. response.status(200).json({ success: true, error: null });
  482. } catch (e) {
  483. console.error(e);
  484. response.sendStatus(500).end();
  485. }
  486. }
  487. );
  489. app.get(
  490. "/admin/api-keys",
  491. [validatedRequest, strictMultiUserRoleValid([ROLES.admin])],
  492. async (_request, response) => {
  493. try {
  494. const apiKeys = await ApiKey.whereWithUser({});
  495. return response.status(200).json({
  496. apiKeys,
  497. error: null,
  498. });
  499. } catch (error) {
  500. console.error(error);
  501. response.status(500).json({
  502. apiKey: null,
  503. error: "Could not find an API Keys.",
  504. });
  505. }
  506. }
  507. );
  509. app.post(
  510. "/admin/generate-api-key",
  511. [validatedRequest, strictMultiUserRoleValid([ROLES.admin])],
  512. async (request, response) => {
  513. try {
  514. const user = await userFromSession(request, response);
  515. const { apiKey, error } = await ApiKey.create(user.id);
  517. await Telemetry.sendTelemetry("api_key_created");
  518. await EventLogs.logEvent(
  519. "api_key_created",
  520. { createdBy: user?.username },
  521. user?.id
  522. );
  523. return response.status(200).json({
  524. apiKey,
  525. error,
  526. });
  527. } catch (e) {
  528. console.error(e);
  529. response.sendStatus(500).end();
  530. }
  531. }
  532. );
  534. app.delete(
  535. "/admin/delete-api-key/:id",
  536. [validatedRequest, strictMultiUserRoleValid([ROLES.admin])],
  537. async (request, response) => {
  538. try {
  539. const { id } = request.params;
  540. await ApiKey.delete({ id: Number(id) });
  542. await EventLogs.logEvent(
  543. "api_key_deleted",
  544. { deletedBy: response.locals?.user?.username },
  545. response?.locals?.user?.id
  546. );
  547. return response.status(200).end();
  548. } catch (e) {
  549. console.error(e);
  550. response.sendStatus(500).end();
  551. }
  552. }
  553. );
  554. }
  556. module.exports = { adminEndpoints };