From 8c872e3c35b1a5e120f167b55ad6182751fc6677 Mon Sep 17 00:00:00 2001 From: Ray Andrew Date: Sat, 14 Feb 2026 13:13:22 -0600 Subject: [PATCH] feat: simplify acquiring access on new-api --- .env.example | 4 +- docker-compose.yml | 1 - new-api/init-channels.sh | 89 +++++++++++++++++++++++++++------------- 3 files changed, 62 insertions(+), 32 deletions(-) diff --git a/.env.example b/.env.example index ecbc8c3..03bbb61 100644 --- a/.env.example +++ b/.env.example @@ -5,8 +5,8 @@ # ============================================ # --- new-api (LLM proxy) --- -# Admin access token for new-api management API (also used by init-channels.sh) -NEW_API_ACCESS_TOKEN=change-me-to-a-random-string +# Admin password (used by init-channels.sh to login and configure channels) +NEW_API_PASSWORD=change-me-after-first-login OPENROUTER_API_KEY=sk-or-... SILICONFLOW_API_KEY=sk-... DEEPINFRA_API_KEY=... diff --git a/docker-compose.yml b/docker-compose.yml index 751999f..e45d16a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -93,7 +93,6 @@ services: - TZ=UTC - ENABLE_METRIC=true - LANG=en_US.UTF-8 - - INITIAL_ROOT_ACCESS_TOKEN=${NEW_API_ACCESS_TOKEN} restart: unless-stopped healthcheck: test: ["CMD", "wget", "-q", "-O", "/dev/null", "http://localhost:3000/"] diff --git a/new-api/init-channels.sh b/new-api/init-channels.sh index 97f4474..d434b07 100755 --- a/new-api/init-channels.sh +++ b/new-api/init-channels.sh @@ -3,13 +3,13 @@ # Run once after first boot: ./new-api/init-channels.sh # # Requires these env vars (or .env file in project root): -# NEW_API_ACCESS_TOKEN - admin access token (set via INITIAL_ROOT_ACCESS_TOKEN) +# NEW_API_USERNAME - admin username (default: root) +# NEW_API_PASSWORD - admin password # DEEPINFRA_API_KEY # SILICONFLOW_API_KEY # OPENROUTER_API_KEY # GROQ_API_KEY # CEREBRAS_API_KEY -# OPENWEBUI_API_KEY - token for Open WebUI to authenticate with new-api set -euo pipefail @@ -25,7 +25,30 @@ if [[ -f "$ENV_FILE" ]]; then fi API_BASE="${NEW_API_BASE:-http://localhost:4000}" -TOKEN="${NEW_API_ACCESS_TOKEN:?Set NEW_API_ACCESS_TOKEN (from INITIAL_ROOT_ACCESS_TOKEN)}" +USERNAME="${NEW_API_USERNAME:-root}" +PASSWORD="${NEW_API_PASSWORD:?Set NEW_API_PASSWORD to the admin password}" + +# ── Login to get session token ────────────────────────── +login() { + echo "Logging in as ${USERNAME}..." + local resp + resp=$(curl -s "${API_BASE}/api/user/login" \ + -H "Content-Type: application/json" \ + -d "$(python3 -c " +import json, sys +print(json.dumps({'username': sys.argv[1], 'password': sys.argv[2]})) +" "$USERNAME" "$PASSWORD")") + + local success token + success=$(echo "$resp" | python3 -c "import sys,json; print(json.load(sys.stdin).get('success', False))") + if [[ "$success" != "True" ]]; then + echo "ERROR: Login failed: ${resp}" + exit 1 + fi + + TOKEN=$(echo "$resp" | python3 -c "import sys,json; print(json.load(sys.stdin)['data']['access_token'])") + echo " Logged in." +} # ── Helper ────────────────────────────────────────────── create_channel() { @@ -51,21 +74,17 @@ print(json.dumps({ })) " "$type" "$name" "$key" "$base_url" "$models" "$model_mapping" "$priority") - local resp http_code body - resp=$(curl -s -w "\n%{http_code}" \ - "${API_BASE}/api/channel/" \ + local resp success + resp=$(curl -s "${API_BASE}/api/channel/" \ -H "Authorization: Bearer ${TOKEN}" \ -H "Content-Type: application/json" \ -d "$payload") - http_code=$(echo "$resp" | tail -1) - body=$(echo "$resp" | sed '$d') - - if [[ "$http_code" == "200" ]]; then + success=$(echo "$resp" | python3 -c "import sys,json; print(json.load(sys.stdin).get('success', False))") + if [[ "$success" == "True" ]]; then echo " OK" else - echo " FAILED (HTTP ${http_code})" - echo " ${body}" | head -c 500 + echo " FAILED: ${resp}" | head -c 500 echo fi } @@ -73,7 +92,7 @@ print(json.dumps({ # Wait for new-api to be ready echo "Waiting for new-api at ${API_BASE}..." for i in $(seq 1 30); do - if curl -sf "${API_BASE}/api/status" > /dev/null 2>&1; then + if curl -sf "${API_BASE}/" > /dev/null 2>&1; then echo "new-api is ready." break fi @@ -84,6 +103,9 @@ for i in $(seq 1 30); do sleep 2 done +# Login first +login + # ── Channel: DeepInfra (priority 1) ──────────────────── create_channel "DeepInfra" 1 \ "${DEEPINFRA_API_KEY:?}" \ @@ -125,13 +147,12 @@ create_channel "Cerebras" 1 \ '{"llama-3.3-70b-cerebras":"llama-3.3-70b"}' # ── Create API token for Open WebUI ──────────────────── -if [[ -n "${OPENWEBUI_API_KEY:-}" ]]; then - echo "" - echo "Creating API token for Open WebUI..." - TOKEN_RESP=$(curl -s "${API_BASE}/api/token/" \ - -H "Authorization: Bearer ${TOKEN}" \ - -H "Content-Type: application/json" \ - -d "$(python3 -c " +echo "" +echo "Creating API token for Open WebUI..." +TOKEN_RESP=$(curl -s "${API_BASE}/api/token/" \ + -H "Authorization: Bearer ${TOKEN}" \ + -H "Content-Type: application/json" \ + -d "$(python3 -c " import json print(json.dumps({ 'name': 'open-webui', @@ -139,23 +160,33 @@ print(json.dumps({ 'unlimited_quota': True })) ")") - echo "Token response: ${TOKEN_RESP}" | head -c 500 - echo "" - echo "" - echo "NOTE: Use the token 'key' from the response above as OPENAI_API_KEY in Open WebUI." - echo " Or create a token manually in the new-api UI." -fi + +TOKEN_KEY=$(echo "$TOKEN_RESP" | python3 -c " +import sys, json +data = json.load(sys.stdin) +if data.get('success'): + print(data['data']['key']) +else: + print('FAILED: ' + data.get('message', 'unknown error')) +" 2>/dev/null || echo "FAILED: could not parse response") + +echo " Token: ${TOKEN_KEY}" echo "" echo "══════════════════════════════════════" echo "Channel setup complete!" echo "" +if [[ "$TOKEN_KEY" != FAILED* ]]; then + echo "Open WebUI API key: ${TOKEN_KEY}" + echo "Set OPENWEBUI_API_KEY=${TOKEN_KEY} in your .env" +fi +echo "" echo "Next steps:" -echo " 1. Verify channels at ${API_BASE} (login: root / 123456 — CHANGE THIS)" +echo " 1. Verify channels at ${API_BASE}" echo " 2. Test a model:" echo " curl ${API_BASE}/v1/chat/completions \\" -echo " -H 'Authorization: Bearer ' \\" +echo " -H 'Authorization: Bearer ${TOKEN_KEY}' \\" echo " -H 'Content-Type: application/json' \\" echo " -d '{\"model\":\"deepseek-v3.2\",\"messages\":[{\"role\":\"user\",\"content\":\"hi\"}]}'" -echo " 3. Check Open WebUI can see models" +echo " 3. Restart Open WebUI with the new API key" echo "══════════════════════════════════════"