Harden LLM access: secrets only in server .env, no URL in repo.
Require LLM_BASE_URL and LLM_API_KEY for automatic generation, add per-user rate limits, stop publishing backend/LLM settings in docker-compose, and document secure deployment.
This commit is contained in:
Mireya Cueto Garrido
@@ -0,0 +1,20 @@
|
||||
from typing import Annotated
|
||||
|
||||
from fastapi import Depends
|
||||
|
||||
from app.core.auth import get_current_user
|
||||
from app.core.config import Settings, get_settings
|
||||
from app.core.errors import LLMUnavailableError
|
||||
from app.core.llm_rate_limit import enforce_llm_rate_limit
|
||||
from app.models.user import User
|
||||
|
||||
|
||||
def require_llm_generation(
|
||||
settings: Annotated[Settings, Depends(get_settings)],
|
||||
current_user: Annotated[User, Depends(get_current_user)],
|
||||
) -> User:
|
||||
"""Solo permite generación automática si el LLM está configurado por entorno (no en el repo)."""
|
||||
if not settings.llm_ready:
|
||||
raise LLMUnavailableError("Automatic AI generation is not available")
|
||||
enforce_llm_rate_limit(current_user.id, settings)
|
||||
return current_user
|
||||
Reference in New Issue
Block a user