add settings for http/https URLs in source images in api

76ae1019 · AUTOMATIC1111 · a7f18b22 · 76ae1019 · 76ae1019
Commit 76ae1019 authored Aug 21, 2023 by AUTOMATIC1111
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 20 deletions

modules/api/api.py modules/api/api.py +26 -20

modules/shared_options.py modules/shared_options.py +6 -0

No files found.
--- a/modules/api/api.py
+++ b/modules/api/api.py
@@ -57,29 +57,35 @@ def setUpscalers(req: dict):
    return reqDict


-def decode_base64_to_image(encoding):
-    def verify_url(url):
-        import socket
-        from urllib.parse import urlparse
-        try:
-            parsed_url = urlparse(url)
-            domain_name = parsed_url.netloc
-            host = socket.gethostbyname_ex(domain_name)
-            for ip in host[2]:
-                ip_addr = ipaddress.ip_address(ip)
-                # https://docs.python.org/3/library/ipaddress.html#ipaddress.IPv4Address.is_global
-                if not ip_addr.is_global:
-                    return False
-        except Exception:
-            return False
-
-        return True
+def verify_url(url):
+    """Returns True if the url refers to a global resource."""
+
+    import socket
+    from urllib.parse import urlparse
+    try:
+        parsed_url = urlparse(url)
+        domain_name = parsed_url.netloc
+        host = socket.gethostbyname_ex(domain_name)
+        for ip in host[2]:
+            ip_addr = ipaddress.ip_address(ip)
+            if not ip_addr.is_global:
+                return False
+    except Exception:
+        return False

+    return True
+
+
+def decode_base64_to_image(encoding):
    if encoding.startswith("http://") or encoding.startswith("https://"):
-        if not verify_url(encoding):
-            raise HTTPException(status_code=500, detail="Invalid image url")
+        if not opts.api_enable_requests:
+            raise HTTPException(status_code=500, detail="Requests not allowed")
+
+        if opts.api_forbid_local_requests and not verify_url(encoding):
+            raise HTTPException(status_code=500, detail="Request to local resource not allowed")

-        response = requests.get(encoding, timeout=30, headers={'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36'})
+        headers = {'user-agent': opts.api_useragent} if opts.api_useragent else {}
+        response = requests.get(encoding, timeout=30, headers=headers)
        try:
            image = Image.open(BytesIO(response.content))
            return image

--- a/modules/shared_options.py
+++ b/modules/shared_options.py
@@ -111,6 +111,12 @@ options_templates.update(options_section(('system', "System"), {
    "hide_ldm_prints": OptionInfo(True, "Prevent Stability-AI's ldm/sgm modules from printing noise to console."),
 }))

+options_templates.update(options_section(('API', "API"), {
+    "api_enable_requests": OptionInfo(True, "Allow http:// and https:// URLs for input images in API"),
+    "api_forbid_local_requests": OptionInfo(True, "Forbid URLs to local resources"),
+    "api_useragent": OptionInfo("", "User agent for requests"),
+}))
+
 options_templates.update(options_section(('training', "Training"), {
    "unload_models_when_training": OptionInfo(False, "Move VAE and CLIP to RAM when training if possible. Saves VRAM."),
    "pin_memory": OptionInfo(False, "Turn on pin_memory for DataLoader. Makes training slightly faster but can increase memory usage."),