[Feature] Simple API token authentication and pluggable middlewares (#1106)

2024-01-23 18:13:00 -05:00
parent 7a0b011dd5
commit 9c1352eb57
2 changed files with 48 additions and 29 deletions
--- a/vllm/entrypoints/openai/api_server.py
+++ b/vllm/entrypoints/openai/api_server.py
@@ -2,6 +2,10 @@ import argparse
 import asyncio
 import json
 from contextlib import asynccontextmanager
+import os
+import importlib
+import inspect
+
 from aioprometheus import MetricsMiddleware
 from aioprometheus.asgi.starlette import metrics
 import fastapi
@@ -64,6 +68,13 @@ def parse_args():
                        type=json.loads,
                        default=["*"],
                        help="allowed headers")
+    parser.add_argument(
+        "--api-key",
+        type=str,
+        default=None,
+        help=
+        "If provided, the server will require this key to be presented in the header."
+    )
    parser.add_argument("--served-model-name",
                        type=str,
                        default=None,
@@ -94,6 +105,17 @@ def parse_args():
        type=str,
        default=None,
        help="FastAPI root_path when app is behind a path based routing proxy")
+    parser.add_argument(
+        "--middleware",
+        type=str,
+        action="append",
+        default=[],
+        help="Additional ASGI middleware to apply to the app. "
+        "We accept multiple --middleware arguments. "
+        "The value should be an import path. "
+        "If a function is provided, vLLM will add it to the server using @app.middleware('http'). "
+        "If a class is provided, vLLM will add it to the server using app.add_middleware(). "
+    )

    parser = AsyncEngineArgs.add_cli_args(parser)
    return parser.parse_args()
@@ -161,6 +183,29 @@ if __name__ == "__main__":
        allow_headers=args.allowed_headers,
    )

+    if token := os.environ.get("VLLM_API_KEY") or args.api_key:
+
+        @app.middleware("http")
+        async def authentication(request: Request, call_next):
+            if not request.url.path.startswith("/v1"):
+                return await call_next(request)
+            if request.headers.get("Authorization") != "Bearer " + token:
+                return JSONResponse(content={"error": "Unauthorized"},
+                                    status_code=401)
+            return await call_next(request)
+
+    for middleware in args.middleware:
+        module_path, object_name = middleware.rsplit(".", 1)
+        imported = getattr(importlib.import_module(module_path), object_name)
+        if inspect.isclass(imported):
+            app.add_middleware(imported)
+        elif inspect.iscoroutinefunction(imported):
+            app.middleware("http")(imported)
+        else:
+            raise ValueError(
+                f"Invalid middleware {middleware}. Must be a function or a class."
+            )
+
    logger.info(f"args: {args}")

    if args.served_model_name is not None: