mirror of
https://github.com/comfyanonymous/ComfyUI.git
synced 2025-12-18 10:33:01 +08:00
06bf79b19b
- Add API key authentication middleware with multiple auth methods (Bearer, X-API-Key, query param) - Add /health endpoint with server status, queue info, device info, and VRAM stats - Add CLI arguments --api-key and --api-key-file for authentication configuration - Static files and WebSocket connections exempt from authentication - Fully backward compatible - no authentication required by default - Add comprehensive documentation, examples, and test scripts
3.5 KiB
3.5 KiB
ComfyUI API Security Enhancement
Summary
This implementation adds API key authentication and a health check endpoint to ComfyUI.
Files Modified
-
middleware/auth_middleware.py (NEW)
- API key authentication middleware
- Supports multiple authentication methods (Bearer token, X-API-Key header, query parameter)
- Configurable exempt paths
-
comfy/cli_args.py (MODIFIED)
- Added
--api-keyargument for inline API key - Added
--api-key-fileargument for API key from file - Added logic to load API key from file
- Added
-
server.py (MODIFIED)
- Imported auth middleware
- Integrated middleware into application
- Added
/healthendpoint with system information - Configured exempt paths (/, /health, /ws)
New Files
- API_AUTHENTICATION.md - Complete documentation
- test_api_auth.py - Test suite for authentication
- examples_api_auth.py - Python usage examples
Quick Start
1. Start ComfyUI with API Key Protection
# Generate a secure API key
python -c "import secrets; print(secrets.token_hex(32))"
# Start with API key
python main.py --api-key "your-generated-key-here"
# Or use a file
echo "your-generated-key-here" > api_key.txt
python main.py --api-key-file api_key.txt
2. Test the Health Endpoint
curl http://localhost:8188/health
3. Make Authenticated Requests
# Using Bearer token
curl -H "Authorization: Bearer your-api-key" http://localhost:8188/prompt
# Using X-API-Key header
curl -H "X-API-Key: your-api-key" http://localhost:8188/prompt
4. Run Tests
# Install requests if needed
pip install requests
# Run test suite
python test_api_auth.py your-api-key
# Run examples
python examples_api_auth.py
Features
API Key Authentication
- ✅ Multiple authentication methods (Bearer, X-API-Key, query param)
- ✅ Configurable via command line
- ✅ Secure file-based configuration
- ✅ Exempt paths for health checks and WebSocket
- ✅ Detailed logging of authentication attempts
Health Check Endpoint
- ✅ Returns server status
- ✅ Queue information (pending/running)
- ✅ Device information
- ✅ VRAM usage (if GPU available)
- ✅ Version information
- ✅ Timestamp for monitoring
Security Best Practices
- Generate Strong Keys: Use
openssl rand -hex 32or similar - Use File-Based Config: Keep keys out of command history
- Enable HTTPS: Use with
--tls-keyfileand--tls-certfile - Restrict File Permissions:
chmod 600 api_key.txt - Rotate Keys Regularly: Change API keys periodically
- Monitor Access: Check logs for unauthorized attempts
Backward Compatibility
- ✅ Fully backward compatible
- ✅ No authentication required by default
- ✅ Existing functionality unchanged
- ✅ WebSocket connections work normally
Testing
The implementation has been tested for:
- ✅ Syntax errors (none found)
- ✅ Import compatibility
- ✅ Middleware integration
- ✅ Route configuration
- ✅ Health endpoint functionality
To fully test in your environment:
# 1. Start server without auth (test backward compatibility)
python main.py
# 2. Start server with auth
python main.py --api-key "test-key-123"
# 3. Run test suite
python test_api_auth.py test-key-123
# 4. Check health endpoint
curl http://localhost:8188/health
Support
For detailed documentation, see:
- API_AUTHENTICATION.md - Complete usage guide
- examples_api_auth.py - Code examples
- test_api_auth.py - Test suite
License
Same as ComfyUI main project.