Conversation
✅ Deploy Preview for localai ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
mudler
force-pushed
the
feat/auth
branch
5 times, most recently
from
c621129 to
5d49724
Compare
richiejp
reviewed
Mar 19, 2026
| .ugs-user-count { | ||
| font-size: 0.75rem; | ||
| color: var(--color-text-muted); | ||
| } |
Collaborator
There was a problem hiding this comment.
This is a very large inline style with a lot of hardcoded sizes and dimensions. My recommendation is to cross-reference this with all of the other CSS and look for a way to unify the styles to avoid exceeding context limits.
richiejp
reviewed
Mar 19, 2026
| fontSize: '0.75rem', | ||
| fontWeight: 600, | ||
| background: 'var(--color-success, #22c55e)22', | ||
| color: 'var(--color-success, #22c55e)', |
Collaborator
There was a problem hiding this comment.
we have vars, but with what looks like a fallback. Need to check these vars exist (I think they do).
richiejp
reviewed
Mar 19, 2026
| <td style={{ fontSize: '0.8125rem' }}> | ||
| {inv.createdBy?.name || inv.createdBy?.id || '-'} | ||
| </td> | ||
| <td style={{ fontSize: '0.8125rem' }}> |
Collaborator
There was a problem hiding this comment.
More inline styles with no vars, are we using TailwindCSS still? Can we unify all these styles across the code base to avoid divergence? May need to add/update CLAUDE.md and AGENTS.md with rules for styling to avoid divergence across the UI
richiejp
reviewed
Mar 19, 2026
| package auth | ||
|
|
||
| import ( | ||
| "gorm.io/driver/sqlite" |
Collaborator
There was a problem hiding this comment.
Is this the purego version? We are not relying on CGO are we?
Owner
Author
There was a problem hiding this comment.
this is the CGO version, when I was looking for a sqlite non-cgo I found only https://github.com/glebarez/sqlite which appears to be unmaintained, so I opted in for basing it on the maintained upstream version instead
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
… is configured Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
localai-bot
pushed a commit
to localai-bot/LocalAI
that referenced
this pull request
Mar 20, 2026
* feat(ui): add users and authentication support Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat: allow the admin user to impersonificate users Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * chore: ui improvements, disable 'Users' button in navbar when no auth is configured Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat: add OIDC support Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * fix: gate models Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * chore: cache requests to optimize speed Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * small UI enhancements Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * chore(ui): style improvements Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * fix: cover other paths by auth Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * chore: separate local auth, refactor Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * security hardening, approval mode Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * fix: fix tests and expectations Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * chore: update localagi/localrecall Signed-off-by: Ettore Di Giacinto <mudler@localai.io> --------- Signed-off-by: Ettore Di Giacinto <mudler@localai.io> Signed-off-by: localai-bot <bot@localai.com>
localai-bot
pushed a commit
to localai-bot/LocalAI
that referenced
this pull request
Mar 20, 2026
* feat(ui): add users and authentication support Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat: allow the admin user to impersonificate users Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * chore: ui improvements, disable 'Users' button in navbar when no auth is configured Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * feat: add OIDC support Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * fix: gate models Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * chore: cache requests to optimize speed Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * small UI enhancements Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * chore(ui): style improvements Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * fix: cover other paths by auth Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * chore: separate local auth, refactor Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * security hardening, approval mode Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * fix: fix tests and expectations Signed-off-by: Ettore Di Giacinto <mudler@localai.io> * chore: update localagi/localrecall Signed-off-by: Ettore Di Giacinto <mudler@localai.io> --------- Signed-off-by: Ettore Di Giacinto <mudler@localai.io> Signed-off-by: localai-bot <bot@localai.com> Signed-off-by: localai-bot <localai-bot@localai.io>
localai-bot
pushed a commit
to localai-bot/LocalAI
that referenced
this pull request
Mar 20, 2026
* feat(ui): add users and authentication support * feat: allow the admin user to impersonificate users * chore: ui improvements, disable 'Users' button in navbar when no auth is configured * feat: add OIDC support * fix: gate models * chore: cache requests to optimize speed * small UI enhancements * chore(ui): style improvements * fix: cover other paths by auth * chore: separate local auth, refactor * security hardening, approval mode * fix: fix tests and expectations * chore: update localagi/localrecall --------- Signed-off-by: localai-bot <localai-bot@localai.io>
localai-bot
pushed a commit
to localai-bot/LocalAI
that referenced
this pull request
Mar 20, 2026
* feat(ui): add users and authentication support * feat: allow the admin user to impersonificate users * chore: ui improvements, disable 'Users' button in navbar when no auth is configured * feat: add OIDC support * fix: gate models * chore: cache requests to optimize speed * small UI enhancements * chore(ui): style improvements * fix: cover other paths by auth * chore: separate local auth, refactor * security hardening, approval mode * fix: fix tests and expectations * chore: update localagi/localrecall --------- Signed-off-by: localai-bot <localai-bot@localai.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR adds an (optional) authentication system for LocalAI.
Besides, it defines admin and user roles, and allows to set fine-grained permissions on the users enabling/disabling specific features, e.g. Agents, Skills, etc.
From this PR, also Skills, Agents, Knowledge bases are specific per-user instead of being global. Each user has its own resources and admins can manage the resources for the whole application.
Important: there is no performance penalty with
authdisabled. The middlewares are not registered and there are no additional computational costs, however, when auth is enabled endpoints will check for authentication which could slow operations - suggestion is for production to use PostgreSQL.Usage metrics
API keys for users
Account settings
Admin view - Users
Admin view - invites
Admin view - user permissions
Notes for Reviewers
This pull request introduces a comprehensive authentication and authorization system to the application, enabling user management, OAuth integration, and per-feature access control. It adds support for configuring authentication via environment variables and CLI flags, initializes and manages the authentication database, and integrates new middleware for route protection. Additionally, it provides API key management functionality and updates various parts of the application to accommodate these new features.
Authentication & Authorization Integration:
AuthConfigtoApplicationConfigand extended CLI options to support enabling authentication, specifying database URL, OAuth (GitHub/OIDC) credentials, admin email, and registration mode. [1] [2] [3]Middleware & Route Protection:
API Key Management:
core/http/auth/apikeys.gofor secure API key generation, validation, listing, and revocation, supporting per-user and per-role API keys.Build & Environment Configuration:
Dockerfileto includeauthinGO_TAGSfor builds, ensuring authentication code is included when building the application.These changes collectively enable robust authentication, OAuth integration, API key management, and granular access control throughout the application.