add environment variable configuration for Open WebUI to disable auth#781
add environment variable configuration for Open WebUI to disable auth#781ericcurtin merged 1 commit intomainfrom
Conversation
There was a problem hiding this comment.
Hey - I've left some high level feedback:
- Hardcoding
WEBUI_AUTH=falseinopenwebuiEnvremoves any way to enable auth through this CLI; consider making this configurable (e.g., via a flag or environment variable) while still defaulting tofalse. - Since
openwebuiEnvjust decoratesopenaiEnv(openaiPathSuffix), you could reduce duplication and keep behavior consistent by exposing a helper likeopenaiEnvWithAuthDisabledor by passing an options struct instead of hardcoding the extraWEBUI_AUTHentry in a separate function.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- Hardcoding `WEBUI_AUTH=false` in `openwebuiEnv` removes any way to enable auth through this CLI; consider making this configurable (e.g., via a flag or environment variable) while still defaulting to `false`.
- Since `openwebuiEnv` just decorates `openaiEnv(openaiPathSuffix)`, you could reduce duplication and keep behavior consistent by exposing a helper like `openaiEnvWithAuthDisabled` or by passing an options struct instead of hardcoding the extra `WEBUI_AUTH` entry in a separate function.Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
There was a problem hiding this comment.
Code Review
The pull request successfully introduces an environment variable configuration to disable authentication for Open WebUI by default. The changes correctly update the envFn for Open WebUI to use a new openwebuiEnv function, which appends WEBUI_AUTH=false. The accompanying tests adequately cover this new functionality and ensure the environment variable is correctly applied and reflected in configuration outputs.
|
|
||
| // openwebuiEnv returns environment variables for Open WebUI with Docker Model Runner. | ||
| func openwebuiEnv(baseURL string) []string { | ||
| return append(openaiEnv(openaiPathSuffix)(baseURL), "WEBUI_AUTH=false") |
There was a problem hiding this comment.
Setting WEBUI_AUTH=false by default significantly impacts the security posture of the Open WebUI application by disabling authentication. While this aligns with the pull request's objective, it's crucial to ensure that users are explicitly aware of this default behavior and its security implications, especially if the application is exposed to untrusted networks. Consider adding a prominent note in the documentation or CLI output when launching Open WebUI with this setting, advising users on how to re-enable authentication if needed for production environments.
This pull request updates the environment variable handling for the Open WebUI container app to ensure authentication is disabled by default.