mirror of
https://github.com/AUTOMATIC1111/stable-diffusion-webui.git
synced 2025-01-04 05:45:05 +08:00
prevent API options from being changed via API
This commit is contained in:
parent
d722d6de36
commit
b4d21e7113
@ -570,7 +570,7 @@ class Api:
|
|||||||
raise RuntimeError(f"model {checkpoint_name!r} not found")
|
raise RuntimeError(f"model {checkpoint_name!r} not found")
|
||||||
|
|
||||||
for k, v in req.items():
|
for k, v in req.items():
|
||||||
shared.opts.set(k, v)
|
shared.opts.set(k, v, is_api=True)
|
||||||
|
|
||||||
shared.opts.save(shared.config_filename)
|
shared.opts.save(shared.config_filename)
|
||||||
return
|
return
|
||||||
|
@ -8,7 +8,7 @@ from modules.shared_cmd_options import cmd_opts
|
|||||||
|
|
||||||
|
|
||||||
class OptionInfo:
|
class OptionInfo:
|
||||||
def __init__(self, default=None, label="", component=None, component_args=None, onchange=None, section=None, refresh=None, comment_before='', comment_after='', infotext=None):
|
def __init__(self, default=None, label="", component=None, component_args=None, onchange=None, section=None, refresh=None, comment_before='', comment_after='', infotext=None, restrict_api=False):
|
||||||
self.default = default
|
self.default = default
|
||||||
self.label = label
|
self.label = label
|
||||||
self.component = component
|
self.component = component
|
||||||
@ -26,6 +26,9 @@ class OptionInfo:
|
|||||||
|
|
||||||
self.infotext = infotext
|
self.infotext = infotext
|
||||||
|
|
||||||
|
self.restrict_api = restrict_api
|
||||||
|
"""If True, the setting will not be accessible via API"""
|
||||||
|
|
||||||
def link(self, label, url):
|
def link(self, label, url):
|
||||||
self.comment_before += f"[<a href='{url}' target='_blank'>{label}</a>]"
|
self.comment_before += f"[<a href='{url}' target='_blank'>{label}</a>]"
|
||||||
return self
|
return self
|
||||||
@ -71,7 +74,7 @@ options_builtin_fields = {"data_labels", "data", "restricted_opts", "typemap"}
|
|||||||
class Options:
|
class Options:
|
||||||
typemap = {int: float}
|
typemap = {int: float}
|
||||||
|
|
||||||
def __init__(self, data_labels, restricted_opts):
|
def __init__(self, data_labels: dict[str, OptionInfo], restricted_opts):
|
||||||
self.data_labels = data_labels
|
self.data_labels = data_labels
|
||||||
self.data = {k: v.default for k, v in self.data_labels.items()}
|
self.data = {k: v.default for k, v in self.data_labels.items()}
|
||||||
self.restricted_opts = restricted_opts
|
self.restricted_opts = restricted_opts
|
||||||
@ -113,14 +116,18 @@ class Options:
|
|||||||
|
|
||||||
return super(Options, self).__getattribute__(item)
|
return super(Options, self).__getattribute__(item)
|
||||||
|
|
||||||
def set(self, key, value):
|
def set(self, key, value, is_api=False):
|
||||||
"""sets an option and calls its onchange callback, returning True if the option changed and False otherwise"""
|
"""sets an option and calls its onchange callback, returning True if the option changed and False otherwise"""
|
||||||
|
|
||||||
oldval = self.data.get(key, None)
|
oldval = self.data.get(key, None)
|
||||||
if oldval == value:
|
if oldval == value:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
if self.data_labels[key].do_not_save:
|
option = self.data_labels[key]
|
||||||
|
if option.do_not_save:
|
||||||
|
return False
|
||||||
|
|
||||||
|
if is_api and option.restrict_api:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
try:
|
try:
|
||||||
@ -128,9 +135,9 @@ class Options:
|
|||||||
except RuntimeError:
|
except RuntimeError:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
if self.data_labels[key].onchange is not None:
|
if option.onchange is not None:
|
||||||
try:
|
try:
|
||||||
self.data_labels[key].onchange()
|
option.onchange()
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
errors.display(e, f"changing setting {key} to {value}")
|
errors.display(e, f"changing setting {key} to {value}")
|
||||||
setattr(self, key, oldval)
|
setattr(self, key, oldval)
|
||||||
|
@ -112,9 +112,9 @@ options_templates.update(options_section(('system', "System"), {
|
|||||||
}))
|
}))
|
||||||
|
|
||||||
options_templates.update(options_section(('API', "API"), {
|
options_templates.update(options_section(('API', "API"), {
|
||||||
"api_enable_requests": OptionInfo(True, "Allow http:// and https:// URLs for input images in API"),
|
"api_enable_requests": OptionInfo(True, "Allow http:// and https:// URLs for input images in API", restrict_api=True),
|
||||||
"api_forbid_local_requests": OptionInfo(True, "Forbid URLs to local resources"),
|
"api_forbid_local_requests": OptionInfo(True, "Forbid URLs to local resources", restrict_api=True),
|
||||||
"api_useragent": OptionInfo("", "User agent for requests"),
|
"api_useragent": OptionInfo("", "User agent for requests", restrict_api=True),
|
||||||
}))
|
}))
|
||||||
|
|
||||||
options_templates.update(options_section(('training', "Training"), {
|
options_templates.update(options_section(('training', "Training"), {
|
||||||
|
Loading…
Reference in New Issue
Block a user