o ưi/@sdZddlmZmZmZmZmZmZmZddl m Z ddl m Z ddl mZddlmZddlmZmZddlmZmZdd lmZmZmZerTdd lmZdd lmZGd d d eZdS)z Security hook to prevent user B from seeing response from user A. This hook uses the DBSpendUpdateWriter to batch-write response IDs to the database instead of writing immediately on each request. ) TYPE_CHECKINGAnyAsyncGeneratorOptionalTupleUnioncast) HTTPException)verbose_proxy_logger) CustomLogger)LitellmUserRoles)decrypt_value_helperencrypt_value_helper)BaseLiteLLMOpenAIResponseObjectResponsesAPIResponse)CallTypesLiteralLLMResponseTypes SpecialEnums) DualCache)UserAPIKeyAuthc@seZdZddZdddddeded eeee eff d d Z d ee d ee ddd e fddZ de d e fddZ de d ee ee ee ffddZd ee fddZ d!dedddeee e fd efddZdeddded efddZdddeded eedffdd ZdS)"ResponsesIDSecuritycCsdSN)selfrr`/home/app/Keep/.python/lib/python3.10/site-packages/litellm/proxy/hooks/responses_id_security.py__init__szResponsesIDSecurity.__init__user_api_key_dictrcacherdata call_typereturnc shd}||vr dS|dkr0|d}|r.||r.||\}}} ||| |||d<|S|dvrS|d} | rS|| rS|| \}}} ||| |||d<|S)N> aresponsesadelete_responsesacancel_responsesaget_responsesr!previous_response_id>r"r#r$ response_id)get_is_encrypted_response_id_decrypt_response_id check_user_access_to_response_id) rrrrrZresponses_api_call_typesr%original_response_iduser_idteam_idr&rrrasync_pre_call_hook"s8     z'ResponsesIDSecurity.async_pre_call_hookresponse_id_user_idresponse_id_team_idc Csddlm}|jtjjks|jtjkrdS|r7||jkr7|ddr1t d|jd|ddSt d d d |r]||j kr]|ddrWt d |d |jd|j ddSt d dd dS)Nrgeneral_settingsTdisable_responses_id_securityFz(Responses ID Security is disabled. User z is accessing response id z# which is not associated with them.izForbidden. The response id is not associated with the user, who this key belongs to. To disable this security feature, set general_settings::disable_responses_id_security to True in the config.yaml file.) status_codedetailzs$