^h[#xSSKrSSKJrJr SSKJrJrJr SSKJ r SSK J r J r J r JrJr SSKJr "SS 5rg) N)ListOptional) HTTPExceptionRequeststatus)verbose_proxy_logger)CommonProxyErrorsLiteLLM_UserTable LiteLLMRoutesLitellmUserRolesUserAPIKeyAuth)_user_is_org_adminc\rSrSr\S\\S\\S\S\ S\ S\S\ 4S j5r \S\4S j5r \S\S \4S j5r\S\S \S \4Sj5r\S\S\\S \4Sj5rSrg) RouteChecksuser_obj _user_rolerouterequest valid_tokenapi_key request_datac [RUS9 [RUS9(ag U[RR ;aUS:Xag US:XaUR nURS5n[R"SUSUR35 U(aAXR:wa1[[RSRXR5S9eg g US :Xag US :Xag g U[RR ;a [!US S 5bS [!US /5;ag U["R$R :Xa[RUS9(a[[RSU3S9e[R'U[R(R S9(aUS:Xa\UbX[+U[,5(aBUR/5n U H+n U S;dM [[RSUSUSU S3S9e g g g [[RSUSU3S9eg U["R0R :Xa2[R'U[R2R S9(ag [5X`S9(a2[R'U[R6R S9(ag U["R8R :Xa2[R'U[R:R S9(ag [R'U[R<R S9(ag Sn SnUb*UR>=(d Sn UR=(d Sn[ASUSU SU35e)z? Checks if Non Proxy Admin User is allowed to access the route )rz /key/infoz /user/infouser_idz user_id: z & valid_token.user_id: zHkey not allowed to access this user's info. user_id={}, key's user_id={} status_codedetailz /model/infoz /team/info permissionsNget_spend_routesz5user not allowed to access this OpenAI routes, role= rallowed_routesz /user/update) user_emailpasswordz-user not allowed to access this route, role= z. Trying to access: z and updating invalid param: z-. only user_email and password can be updated)r user_objectunknownz^Only proxy admin can be used to generate, delete, update info for new keys/users/teams. Route=z . Your role=z. Your user_id=)!rcustom_admin_only_route_checkis_llm_api_router info_routesvalue query_paramsgetrdebugrrrHTTP_403_FORBIDDENformatglobal_spend_tracking_routesgetattrr PROXY_ADMIN_VIEW_ONLYcheck_route_accessmanagement_routes isinstancedictkeys INTERNAL_USERinternal_user_routesrorg_admin_allowed_routesINTERNAL_USER_VIEW_ONLYinternal_user_view_only_routesself_managed_routes user_role Exception) rrrrrrrr+r_params_updatedparamr>s Y/home/james-whalen/.local/lib/python3.13/site-packages/litellm/proxy/auth/route_checks.py$non_proxy_admin_allowed_routes_check0RouteChecks.non_proxy_admin_allowed_routes_checks 11 2   ' 'e ' 4  ]..44 4 #,&&33 &**95$**y(@ATAT@UVw*=*=='$*$=$=ipp#%8%8  >7-',&' ]??EE E ]D9E"gk="&MM  +AAGG G++%+8# & 9 9RS]R^_--M,K,K,Q,Q.N*$/J|T4R4R*6*;*;*=%4E$,FF&3060I0I-Z[eZffz|A{BB_`e_ffS,T'"!"&55S/($*$=$=!NzlZnotnuv!, *88>> >..M,N,N,T,T/  % ,, (N(N(T(T-   *BBHH H..,KKQQ/   + + (I(I(O(O,  !IG#$..;) "**7ipqvpwxDENDOO^_f^gh cSSKJnJn SU;a[USLa2[R"S[ R R35 gXS;a[[RSUS3S9eg) Nr)general_settings premium_useradmin_only_routesTzFTrying to use 'admin_only_routes' this is an Enterprise only feature. z-user not allowed to access this route. Route=z is an admin only router) litellm.proxy.proxy_serverrGrHrerrorr not_premium_userr*rrr.)rrGrHs rBr')RouteChecks.custom_admin_only_route_checksM "2 24'$**\]n]]^F^F]GH)<==# & 9 9J5'Qhi rEreturnchU[RR;agU[RR;ag[RRH%nSU;dM [R XS9(dM% g SU;agSU;agSU;agSU;agSU;agS U;agS U;agg ) z Helper to checks if provided route is an OpenAI route Returns: - True: if route is an OpenAI route - False: if route is not an OpenAI route T{rpatternz /bedrock/z /vertex-ai/z/gemini/z/cohere/z /langfuse/z /anthropic/z/azure/F)r openai_routesr*anthropic_routesr_route_matches_pattern)r openai_routes rBr(RouteChecks.is_llm_api_routes M//55 5 M2288 8*77==Ll"556 > %  E !     5  E !  rErRcx[R"SSU5nSUS3n[R"X5(agg)a@ Check if route matches the pattern placed in proxy/_types.py Example: - pattern: "/threads/{thread_id}" - route: "/threads/thread_49EIN5QF32s4mH20M7GFKdlZ" - returns: True - pattern: "/key/{token_id}/regenerate" - route: "/key/regenerate/82akk800000000jjsk" - returns: False, pattern is "/key/{token_id}/regenerate" z \{[^}]+\}z[^/]+^$TF)resubmatchrQs rBrU"RouteChecks._route_matches_patterns8&&x9gYa. 88G # #rEr"cF^TU;=(d [U4SjU55$)z Check if a route has access by checking both exact matches and patterns Args: route (str): The route to check allowed_routes (list): List of allowed routes/patterns Returns: bool: True if route is allowed, False otherwise c3L># UHn[RTUS9v M g7f)rQN)rrU).0 allowed_routers rB 1RouteChecks.check_route_access..s(. !/   . .UM . R!/s!$)anyr!s` rBr3RouteChecks.check_route_accesss+& #. !/. +  rEN)__name__ __module__ __qualname____firstlineno__ staticmethodrr r strrr r6rCr'boolr(rUrr3__static_attributes__rgrErBrrsp,-p-.pp p $ p  pppd S  ****XcCD* # tCy T  rEr)r[typingrrfastapirrrlitellm._loggingrlitellm.proxy._typesr r r r r auth_checks_organizationrrrgrErBrus/ !2219X X rE