mirror of
https://github.com/Mintplex-Labs/anything-llm.git
synced 2026-07-19 14:13:35 -04:00
Closed
opened 2026-02-22 18:20:13 -05:00 by yindo
·
4 comments
No Branch/Tag Specified
master
5846-bug-when-scrolling-up-scrolling-jumps
refactor-remove-workspace-pfp
5969-bug-stopgenerationbutton-disappears-on-the-first-prompt-that-initiates-an-agent-session
2235-bug-how-to-upload-a-folder-with-subfolders-with-files-to-anythingllm
5990-workspace-update-fails-with-unknown-argument-router_id-v1130v1150-intel-mac
opencomputer-examples
pg
feat/image-generation-translations
feat/image-generation
5924-bug-meeting-summary-fails-with-sincludes-is-not-a-function-when-default-llm-is-anthropic-claude
render
feat/uniform-modal-component
5883-bug-unescaped-content-in-json-strings-being-passed-to-document-generator-tools
5901-bug-api-update-embeddings-fails-prisma-argument-filename-is-missing-on-workspace_documentscreate-desktop-windows-v1141
hybrid-search
1981-translations
5752-bug-prompts-to-local-jan-endpoint-unresponsive
feat-disable-native-tool-calling-env-var
5676-bug-non-ollama-agent-providers-do-not-parse-and-present-reasoning-content
feat/markdown-web-scraping
5717-bug-apiv1documentupload-silently-drops-metadata-field-in-desktop-1130-arg-count-mismatch-nested-payload-key
fix/aibitat-context-overflow
5711-bug-erratic-deepseek-v4-flash-the-agent-model-failed-to-respond-400-the-reasoning_content
5631-feat-custom-api-request-timeouts-for-ai-providers
feat-reasoning-control
feat-agent-clarifying-questions-translations
5583-bug-lm-studio-provider-does-not-present-reasoning-output
5313-normalize-translations
feat/memory-translations
5305-lemonade-embedding-engine-swallows-errors-falsely-reports-documents-as-embedded
5060-bug-agent-interactions-agent-are-not-persisted-to-thread-history-via-api
pptx-subagent
feat-render-images-from-mcp-tool-results
stt-provider-expansion-openai-api-compatible
feat-file-search-agent-tool
feat-native-embedder-job-queue
5189-normalize-translations
feat-file-search-agent-tool-translations
i18n-eslint
5140-auto-migration
5112-bug-openrouter-failed-message-bug
3506-feat-parameters-for-openrouter-models
4992-feat-preserve-scroll-position
4973-bug-markdown-numbered-list-display-in-reasoning-pane
desktop
4938-bug-pending-chat-rerendering-ui-bug
quickstart-env
node-llama-cpp-in-container-cuda
node-llama-cpp-in-container
ollama-in-container
4817-feat-set-cooldown-per-mcp-server
4845-keyboard-shortcuts-to-navigate-in-chat
4844-feat-reorder-threads-by-latest-interaction
standardize-username-constraints-normalize-translations
4792-feat-refactor-workspacepfp-image
1382-embed-ip-improvements
1382-bug-embed-api-improvements
refactor-eslint-frontend
4687-feat-refactor-vector-db-providers
4615-feat-disable-apidocs-with-environment-variable
4559-feat-agent-web-search-enable-ordering-of-results
4599-bug-ollama-race-condition-bug
4572-bug-lmstudio-provided-llm-stopped-working-with-anything-llm-after-upgrading-to-190
4508-agent-youtube-transcript-analysis
4497-feat-workspace-names
frontend-eslint
ollama-lmstudio-auto-context-window
4431-validate-vector-database-connectioN
2019-slash-command-keyboard-selection
microsoft-foundry-provider
4431-validate-vector-database-connection
4325-sys-prompt-var-improvements
3209-feat-apiv1workspacestream-chat-sources-citations
4210-bug-voice-to-text-overwrite
4136-feat-jan-as-a-backend-server-option
4172-feat-openai-o3-support
1.8.3-rerelease
web-push-notifications-service
tasks
3955-feat-jinaai-embedder-provider-support
3921-feat-agent-skills-uiux-improvements
3901-bug-validfunccall-checks-optional-arguments
keyboard-dev
1787-custom-roles-and-permissions
add-jira-slack-data-connector
office-extension-wip
lightmode-dropdown-color-update
3586-bug-agent-flow-function-description-provided-by-user-is-not-seen-in-the-llm-query
3463-bug-agent-continues-to-run-if-request-failed-even-after-exit
3439-feat-call-variables-within-the-flow-api-block-url-field
3282-manager-view-models-workspace
3280-token-counting-server-side-truncation-improvements
3147-bug-embedded-chat-widget---not-considering-query-mode-option-always-working-in-chat-mode
2995-feat-disable-temperature-setting-for-deepseek-r1-deepseek-reasoner-model
2827-feat-perplexity-citations
2866-feat-finally-a-gemini-models-endpoint
2647-feat-hpp-header-for-a-c++-code-file-mime-addition
lancedb-revert
1656-feat-implement-tooltip-ui-designs
2011-feat-bump-perplexity-models
1873-feat-auto-add-and-watch-folder-for-document-uploads
1297-feat-gemini-agent-support
1759-bug-ui-bug-fixes
1686-feat-implement-winston-for-logging
1536-bug-toggling-on-users-can-delete-workspaces-does-not-take-effect
agent-ui-mobile-styles
1522-feat-chromadb-support
1595-bug-unable-to-get-live-web-search-and-browsing-agent-working-using-google-custom-search-engine-error-getaddrinfo-enotfound-http-errno-3008
1582-bug-lm-studio-does-not-allow-for-different-model-selection
1312-bug-usernames-should-not-be-case-sensitive-when-logging-in
1029-feat-hf-serverless-inference-api
1086-feat-implement-normalized-input-fields
knowledge-graph-support
644-bug-uploaded-file-name-does-not-match-the-displayed-file-name-after-the-upload
v1.15.0
v1.14.2
v1.14.1
v1.14.0
v1.13.0
v1.12.1
v1.12.0
v1.11.2
v1.11.1
v1.11.0
v1.10.0
v1.9.1
v1.9.0
v1.8.5
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.8
v1.7.6
v1.7.5
v1.7.4
v1.4.0
v1.3.0
v1.2.4
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.1
v1.1.0
v1.0.0
Labels
Clear labels
Desktop
Docker
Integration Request
Integration Request
OS: Linux
OS: Mobile
OS: Windows
UI/UX
blocked
bug
bug
core-team-only
documentation
duplicate
embed-widget
enhancement
feature request
github_actions
good first issue
investigating
needs info / can't replicate
possible bug
pull-request
question
stage: specifications
wontfix
Mirrored from GitHub Pull Request
No Label
enhancement
Milestone
No items
No Milestone
Projects
Clear projects
No project
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Mintplex-Labs/anything-llm#569
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @xnetsc on GitHub (Mar 20, 2024).
Original GitHub issue: https://github.com/Mintplex-Labs/anything-llm/issues/942
To enhance the security of web login processes, a more secure and sophisticated approach involves the use of cryptographic keys, as follows:
Further steps for the login process include:
This methodology significantly enhances security by ensuring that passwords are not transmitted in plaintext, thereby reducing the risk of interception and unauthorized access.
Additionally, this approach offers the significant advantage of eliminating the need for the server to store user passwords. Instead, only usernames and their corresponding public keys are stored. This ensures that sensitive user information remains secure, even in the event of server anomalies, such as a security breach by hackers. By adopting this method, the integrity and confidentiality of user data are significantly enhanced, providing a robust defense against unauthorized access and data leaks.
@mccoysc commented on GitHub (Mar 20, 2024):
Or,in an alternative approach to authentication and data integrity, we forgo traditional token-based verification in favor of a system where each user action and its associated data payload are authenticated through digital signatures. In this model, users sign every request with their private key. The server then verifies the legitimacy and integrity of these requests by validating the signature against the user's public key. This method ensures two critical security assurances:
Authenticity - By verifying the digital signature with the public key, the server confirms that the request was indeed initiated by the legitimate user, effectively replacing the need for token-based authentication. This process guarantees that the requestor possesses the corresponding private key without revealing it, thereby affirming their identity.
Integrity - Digital signatures not only authenticate the sender but also ensure that the request data has not been altered in transit. Any modification to the original data would invalidate the signature, alerting the server to potential tampering. This ensures that the server processes the user's true intentions as expressed in the request.
This approach simplifies the authentication process by directly leveraging cryptographic principles, offering a clear and robust method for securing user interactions. It enhances security by ensuring both the identity of the requester and the integrity of the request data, providing a streamlined alternative to conventional token-based systems.
I recommend using this approach.
@mccoysc commented on GitHub (Mar 20, 2024):
If implementing the second approach is challenging due to significant changes required in the front-end code, making it difficult to achieve in the short term, I suggest that, at the very least, the first approach mentioned above should be adopted.
[FEAT] Login token recommendationto [GH-ISSUE #942] [FEAT] Login token recommendation@xnetsc commented on GitHub (Mar 20, 2024):
Or,in an alternative approach to authentication and data integrity, we forgo traditional token-based verification in favor of a system where each user action and its associated data payload are authenticated through digital signatures. In this model, users sign every request with their private key. The server then verifies the legitimacy and integrity of these requests by validating the signature against the user's public key. This method ensures two critical security assurances:
Authenticity - By verifying the digital signature with the public key, the server confirms that the request was indeed initiated by the legitimate user, effectively replacing the need for token-based authentication. This process guarantees that the requestor possesses the corresponding private key without revealing it, thereby affirming their identity.
Integrity - Digital signatures not only authenticate the sender but also ensure that the request data has not been altered in transit. Any modification to the original data would invalidate the signature, alerting the server to potential tampering. This ensures that the server processes the user's true intentions as expressed in the request.
This approach simplifies the authentication process by directly leveraging cryptographic principles, offering a clear and robust method for securing user interactions. It enhances security by ensuring both the identity of the requester and the integrity of the request data, providing a streamlined alternative to conventional token-based systems.
I recommend using this approach.
@xnetsc commented on GitHub (Mar 20, 2024):
If implementing the second approach is challenging due to significant changes required in the front-end code, making it difficult to achieve in the short term, I suggest that, at the very least, the first approach mentioned above should be adopted.