Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API Key (G4F_API_KEY) Not Enforced / Authentication Not Working #2714

Open
comeback01 opened this issue Feb 11, 2025 · 1 comment
Open

API Key (G4F_API_KEY) Not Enforced / Authentication Not Working #2714

comeback01 opened this issue Feb 11, 2025 · 1 comment
Assignees
@xtekky
Labels
bug Something isn't working

Comments

@comeback01
Copy link

Description:

Hello,

I'm experiencing an issue with API key authentication (G4F_API_KEY) in g4f. I've set the environment variable, but I can still access the API and UI without providing the key. Authentication doesn't seem to be enforced.

Steps to Reproduce:

  1. I set the G4F_API_KEY environment variable in my docker-compose.yml file. Here’s an excerpt from my file (with the API key masked):

    version: '3'

services:
  gpt4free:
    image: hlohaus789/g4f:latest
    shm_size: 2gb
    build:
      context: .
      dockerfile: docker/Dockerfile
    volumes:
      - .:/app
    ports:
      - '8080:8080'
      - '1337:1337'
      - '7900:7900'
    environment:
      - OLLAMA_HOST=host.docker.internal
      - G4F_API_KEY=MY_SECRET_API_KEY  # Key replaced for security

  2. I started the container using docker-compose up -d.

  3. I verified that the environment variable is correctly set inside the container:

    docker exec -it gpt4free /bin/bash  # (or /bin/sh)
echo $G4F_API_KEY

    The echo command correctly displays the API key I set.

  4. I tried accessing the API with curl without providing the API key:

    curl -X POST "http://localhost:1337/v1/chat/completions" \
  -H "Content-Type: application/json" \
  -d '{"model": "gpt-4o-mini", "messages": [{"role": "user", "content": "Hello"}]}'

    Expected Result: A 401 Unauthorized or 403 Forbidden error.

    Actual Result: The API successfully responds (HTTP 200) and returns a response, as if authentication is not enabled.

  5. I also tried accessing the UI (http://localhost:8080/chat/) without providing an API key, and I could access it without any issues.

Expected Behavior:

The API and UI should deny access without the correct API key (401 or 403 error).

Observed Behavior:

The API and UI are accessible without an API key.

Any help in resolving this issue would be greatly appreciated. Thank you!

This version is clear, follows GitHub's issue formatting, and maintains the original intent. 🚀
@comeback01 comeback01 added the bug Something isn't working label Feb 11, 2025
@hlohaus
Copy link
Collaborator

hlohaus commented Feb 12, 2025

Check out the authentication docs; you gotta set the g4f key argument not env.

@comeback01

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xtekky xtekky

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hlohaus @comeback01 @xtekky