Merge pull request #1382 from open-webui/main

dev

Merge pull request #1382 from open-webui/main
dev
6c3f2f8d · Timothy Jaeryang Baek · GitHub · 698bfcf8 · d72653cd · 6c3f2f8d
Unverified Commit 6c3f2f8d authored Apr 01, 2024 by Timothy Jaeryang Baek Committed by GitHub Apr 01, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 0 deletions

backend/apps/ollama/main.py backend/apps/ollama/main.py +9 -0

src/lib/components/chat/Settings/Models.svelte src/lib/components/chat/Settings/Models.svelte +3 -0

No files found.
--- a/backend/apps/ollama/main.py
+++ b/backend/apps/ollama/main.py
@@ -1029,6 +1029,14 @@ async def download_model(
    url_idx: Optional[int] = None,
 ):

+    allowed_hosts = ["https://huggingface.co/", "https://github.com/"]
+
+    if not any(form_data.url.startswith(host) for host in allowed_hosts):
+        raise HTTPException(
+            status_code=400,
+            detail="Invalid file_url. Only URLs from allowed hosts are permitted.",
+        )
+
    if url_idx == None:
        url_idx = 0
    url = app.state.OLLAMA_BASE_URLS[url_idx]
@@ -1037,6 +1045,7 @@ async def download_model(

    if file_name:
        file_path = f"{UPLOAD_DIR}/{file_name}"
+
        return StreamingResponse(
            download_file_stream(url, form_data.url, file_path, file_name),
        )

--- a/src/lib/components/chat/Settings/Models.svelte
+++ b/src/lib/components/chat/Settings/Models.svelte
@@ -258,6 +258,9 @@
 					console.log(error);
 				}
 			}
+		} else {
+			const error = await fileResponse?.json();
+			toast.error(error?.detail ?? error);
 		}

 		if (uploaded) {