diff --git a/ai-hub/app/api/routes/user.py b/ai-hub/app/api/routes/user.py index 47f34f4..b001d5f 100644 --- a/ai-hub/app/api/routes/user.py +++ b/ai-hub/app/api/routes/user.py @@ -252,9 +252,12 @@ system_statuses = system_prefs.get("statuses", {}) user_statuses = prefs_dict.get("statuses", {}) - def is_provider_healthy(section: str, provider_id: str) -> bool: + def is_provider_healthy(section: str, provider_id: str, p_data: dict = None) -> bool: status_key = f"{section}_{provider_id}" - return user_statuses.get(status_key) == "success" or system_statuses.get(status_key) == "success" + # Healthy if success status OR if it contains a key (user override) + is_success = user_statuses.get(status_key) == "success" or system_statuses.get(status_key) == "success" + has_key = p_data and p_data.get("api_key") and p_data.get("api_key") not in ("None", "none", "") + return is_success or bool(has_key) user_providers = llm_prefs.get("providers", {}) if not user_providers: @@ -271,7 +274,7 @@ llm_providers_effective = {} for p, p_p in user_providers.items(): - if p_p and is_provider_healthy("llm", p): + if p_p and is_provider_healthy("llm", p, p_p): llm_providers_effective[p] = { "api_key": mask_key(p_p.get("api_key")), "model": p_p.get("model") @@ -293,7 +296,7 @@ tts_providers_effective = {} for p, p_p in user_tts_providers.items(): - if p_p and is_provider_healthy("tts", p): + if p_p and is_provider_healthy("tts", p, p_p): tts_providers_effective[p] = { "api_key": mask_key(p_p.get("api_key")), "model": p_p.get("model"), @@ -315,7 +318,7 @@ stt_providers_effective = {} for p, p_p in user_stt_providers.items(): - if p_p and is_provider_healthy("stt", p): + if p_p and is_provider_healthy("stt", p, p_p): stt_providers_effective[p] = { "api_key": mask_key(p_p.get("api_key")), "model": p_p.get("model") @@ -627,8 +630,13 @@ if not user_id: raise HTTPException(status_code=401, detail="Unauthorized") user = services.user_service.get_user_by_id(db=db, user_id=user_id) - if not user or user.role != "admin": - raise HTTPException(status_code=403, detail="Forbidden: Admin only") + if not user: + raise HTTPException(status_code=404, detail="User not found") + + # We allow verification if user is admin OR if they are providing their own key (not using a masked key without permission) + is_using_masked = not req.api_key or "***" in str(req.api_key) + if is_using_masked and user.role != "admin": + raise HTTPException(status_code=403, detail="Forbidden: Admin only for masked keys") actual_key = req.api_key try: llm_prefs = {} @@ -676,8 +684,12 @@ if not user_id: raise HTTPException(status_code=401, detail="Unauthorized") user = services.user_service.get_user_by_id(db=db, user_id=user_id) - if not user or user.role != "admin": - raise HTTPException(status_code=403, detail="Forbidden: Admin only") + if not user: + raise HTTPException(status_code=404, detail="User not found") + + is_using_masked = not req.api_key or "***" in str(req.api_key) + if is_using_masked and user.role != "admin": + raise HTTPException(status_code=403, detail="Forbidden: Admin only for masked keys") actual_key = req.api_key try: @@ -726,8 +738,11 @@ if not user_id: raise HTTPException(status_code=401, detail="Unauthorized") user = services.user_service.get_user_by_id(db=db, user_id=user_id) - if not user or user.role != "admin": - raise HTTPException(status_code=403, detail="Forbidden: Admin only") + if not user: + raise HTTPException(status_code=404, detail="User not found") + is_using_masked = not req.api_key or "***" in str(req.api_key) + if is_using_masked and user.role != "admin": + raise HTTPException(status_code=403, detail="Forbidden: Admin only for masked keys") actual_key = req.api_key try: