errorsis

2026-02-25 03:26:46 -05:00 · 2024-07-22 15:51:31 -07:00
8 changed files with 5 additions and 347 deletions
--- a/api/client.go
+++ b/api/client.go
@@ -17,7 +17,6 @@ import (
 	"bufio"
 	"bytes"
 	"context"
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -25,10 +24,7 @@ import (
 	"net/http"
 	"net/url"
 	"runtime"
-	"strings"
-	"time"

-	"github.com/ollama/ollama/auth"
 	"github.com/ollama/ollama/envconfig"
 	"github.com/ollama/ollama/format"
 	"github.com/ollama/ollama/version"
@@ -387,16 +383,3 @@ func (c *Client) Version(ctx context.Context) (string, error) {

 	return version.Version, nil
 }
-
-func Authorization(ctx context.Context, request *http.Request) (string, error) {
-	data := []byte(fmt.Sprintf("%s,%s,%d", request.Method, request.URL.RequestURI(), time.Now().Unix()))
-
-	token, err := auth.Sign(ctx, data)
-	if err != nil {
-		return "", err
-	}
-
-	// interleave request data into the token
-	key, sig, _ := strings.Cut(token, ":")
-	return fmt.Sprintf("%s:%s:%s", key, base64.StdEncoding.EncodeToString(data), sig), nil
-}
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -7,6 +7,7 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"encoding/pem"
+	"errors"
 	"fmt"
 	"io"
 	"log/slog"
@@ -26,7 +27,7 @@ func privateKey() (ssh.Signer, error) {

 	keyPath := filepath.Join(home, ".ollama", defaultPrivateKey)
 	privateKeyFile, err := os.ReadFile(keyPath)
-	if os.IsNotExist(err) {
+	if errors.Is(err, os.ErrNotExist) {
 		err := initializeKeypair()
 		if err != nil {
 			return nil, err
@@ -50,7 +51,7 @@ func GetPublicKey() (ssh.PublicKey, error) {

 	pubkeyPath := filepath.Join(home, ".ollama", defaultPrivateKey+".pub")
 	pubKeyFile, err := os.ReadFile(pubkeyPath)
-	if os.IsNotExist(err) {
+	if errors.Is(err, os.ErrNotExist) {
 		// try from privateKey
 		privateKey, err := privateKey()
 		if err != nil {
@@ -113,7 +114,7 @@ func initializeKeypair() error {
 	pubKeyPath := filepath.Join(home, ".ollama", "id_ed25519.pub")

 	_, err = os.Stat(privKeyPath)
-	if os.IsNotExist(err) {
+	if errors.Is(err, os.ErrNotExist) {
 		fmt.Printf("Couldn't find '%s'. Generating new private key.\n", privKeyPath)
 		cryptoPublicKey, cryptoPrivateKey, err := ed25519.GenerateKey(rand.Reader)
 		if err != nil {
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -5,7 +5,6 @@ import (
 	"bytes"
 	"context"
 	"crypto/sha256"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
@@ -13,7 +12,6 @@ import (
 	"math"
 	"net"
 	"net/http"
-	"net/url"
 	"os"
 	"os/signal"
 	"path/filepath"
@@ -262,8 +260,6 @@ func tempZipFiles(path string) (string, error) {
 	return tempfile.Name(), nil
 }

-var ErrBlobExists = errors.New("blob exists")
-
 func createBlob(cmd *cobra.Command, client *api.Client, path string) (string, error) {
 	bin, err := os.Open(path)
 	if err != nil {
@@ -281,120 +277,12 @@ func createBlob(cmd *cobra.Command, client *api.Client, path string) (string, er
 	}

 	digest := fmt.Sprintf("sha256:%x", hash.Sum(nil))
-
-	// We check if we can find the models directory locally
-	// If we can, we return the path to the directory
-	// If we can't, we return an error
-	// If the blob exists already, we return the digest
-	dest, err := getLocalPath(cmd.Context(), digest)
-
-	if errors.Is(err, ErrBlobExists) {
-		return digest, nil
-	}
-
-	// Successfully found the model directory
-	if err == nil {
-		// Copy blob in via OS specific copy
-		// Linux errors out to use io.copy
-		err = localCopy(path, dest)
-		if err == nil {
-			return digest, nil
-		}
-
-		// Default copy using io.copy
-		err = defaultCopy(path, dest)
-		if err == nil {
-			return digest, nil
-		}
-	}
-
-	// If at any point copying the blob over locally fails, we default to the copy through the server
 	if err = client.CreateBlob(cmd.Context(), digest, bin); err != nil {
 		return "", err
 	}
 	return digest, nil
 }

-func getLocalPath(ctx context.Context, digest string) (string, error) {
-	ollamaHost := envconfig.Host
-
-	client := http.DefaultClient
-	base := &url.URL{
-		Scheme: ollamaHost.Scheme,
-		Host:   net.JoinHostPort(ollamaHost.Host, ollamaHost.Port),
-	}
-
-	data, err := json.Marshal(digest)
-	if err != nil {
-		return "", err
-	}
-
-	reqBody := bytes.NewReader(data)
-	path := fmt.Sprintf("/api/blobs/%s", digest)
-	requestURL := base.JoinPath(path)
-	request, err := http.NewRequestWithContext(ctx, http.MethodPost, requestURL.String(), reqBody)
-	if err != nil {
-		return "", err
-	}
-
-	authz, err := api.Authorization(ctx, request)
-	if err != nil {
-		return "", err
-	}
-
-	request.Header.Set("Authorization", authz)
-	request.Header.Set("User-Agent", fmt.Sprintf("ollama/%s (%s %s) Go/%s", version.Version, runtime.GOARCH, runtime.GOOS, runtime.Version()))
-	request.Header.Set("X-Redirect-Create", "1")
-
-	resp, err := client.Do(request)
-	if err != nil {
-		return "", err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode == http.StatusTemporaryRedirect {
-		dest := resp.Header.Get("LocalLocation")
-
-		return dest, nil
-	}
-	return "", ErrBlobExists
-}
-
-func defaultCopy(path string, dest string) error {
-	// This function should be called if the server is local
-	// It should find the model directory, copy the blob over, and return the digest
-	dirPath := filepath.Dir(dest)
-
-	if err := os.MkdirAll(dirPath, 0o755); err != nil {
-		return err
-	}
-
-	// Copy blob over
-	sourceFile, err := os.Open(path)
-	if err != nil {
-		return fmt.Errorf("could not open source file: %v", err)
-	}
-	defer sourceFile.Close()
-
-	destFile, err := os.Create(dest)
-	if err != nil {
-		return fmt.Errorf("could not create destination file: %v", err)
-	}
-	defer destFile.Close()
-
-	_, err = io.CopyBuffer(destFile, sourceFile, make([]byte, 4*1024*1024))
-	if err != nil {
-		return fmt.Errorf("error copying file: %v", err)
-	}
-
-	err = destFile.Sync()
-	if err != nil {
-		return fmt.Errorf("error flushing file: %v", err)
-	}
-
-	return nil
-}
-
 func RunHandler(cmd *cobra.Command, args []string) error {
 	interactive := true

--- a/cmd/copy_darwin.go
+++ b/cmd/copy_darwin.go
@@ -1,23 +0,0 @@
-package cmd
-
-import (
-	"os"
-	"path/filepath"
-
-	"golang.org/x/sys/unix"
-)
-
-func localCopy(src, target string) error {
-	dirPath := filepath.Dir(target)
-
-	if err := os.MkdirAll(dirPath, 0o755); err != nil {
-		return err
-	}
-
-	err := unix.Clonefile(src, target, 0)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
--- a/cmd/copy_linux.go
+++ b/cmd/copy_linux.go
@@ -1,7 +0,0 @@
-package cmd
-
-import "errors"
-
-func localCopy(src, target string) error {
-	return errors.New("no local copy implementation for linux")
-}
--- a/cmd/copy_windows.go
+++ b/cmd/copy_windows.go
@@ -1,67 +0,0 @@
-//go:build windows
-// +build windows
-
-package cmd
-
-import (
-	"os"
-	"path/filepath"
-	"syscall"
-	"unsafe"
-)
-
-func localCopy(src, target string) error {
-	// Create target directory if it doesn't exist
-	dirPath := filepath.Dir(target)
-	if err := os.MkdirAll(dirPath, 0o755); err != nil {
-		return err
-	}
-
-	// Open source file
-	sourceFile, err := os.Open(src)
-	if err != nil {
-		return err
-	}
-	defer sourceFile.Close()
-
-	// Create target file
-	targetFile, err := os.Create(target)
-	if err != nil {
-		return err
-	}
-	defer targetFile.Close()
-
-	// Use CopyFileExW to copy the file
-	err = copyFileEx(src, target)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func copyFileEx(src, dst string) error {
-	kernel32 := syscall.NewLazyDLL("kernel32.dll")
-	copyFileEx := kernel32.NewProc("CopyFileExW")
-
-	srcPtr, err := syscall.UTF16PtrFromString(src)
-	if err != nil {
-		return err
-	}
-
-	dstPtr, err := syscall.UTF16PtrFromString(dst)
-	if err != nil {
-		return err
-	}
-
-	r1, _, err := copyFileEx.Call(
-		uintptr(unsafe.Pointer(srcPtr)),
-		uintptr(unsafe.Pointer(dstPtr)),
-		0, 0, 0, 0)
-
-	if r1 == 0 {
-		return err
-	}
-
-	return nil
-}
--- a/server/routes.go
+++ b/server/routes.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"cmp"
 	"context"
-	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -24,10 +23,8 @@ import (

 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
-	"golang.org/x/crypto/ssh"

 	"github.com/ollama/ollama/api"
-	"github.com/ollama/ollama/auth"
 	"github.com/ollama/ollama/envconfig"
 	"github.com/ollama/ollama/gpu"
 	"github.com/ollama/ollama/llm"
@@ -931,6 +928,7 @@ func (s *Server) CreateBlobHandler(c *gin.Context) {
 		c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
+
 	_, err = os.Stat(path)
 	switch {
 	case errors.Is(err, os.ErrNotExist):
@@ -942,11 +940,6 @@ func (s *Server) CreateBlobHandler(c *gin.Context) {
 		c.Status(http.StatusOK)
 		return
 	}
-	if c.GetHeader("X-Redirect-Create") == "1" && s.isLocal(c) {
-		c.Header("LocalLocation", path)
-		c.Status(http.StatusTemporaryRedirect)
-		return
-	}

 	layer, err := NewLayer(c.Request.Body, "")
 	if err != nil {
@@ -962,54 +955,6 @@ func (s *Server) CreateBlobHandler(c *gin.Context) {
 	c.Status(http.StatusCreated)
 }

-func (s *Server) isLocal(c *gin.Context) bool {
-	if authz := c.GetHeader("Authorization"); authz != "" {
-		parts := strings.Split(authz, ":")
-		if len(parts) != 3 {
-			return false
-		}
-
-		clientPublicKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(fmt.Sprintf("ssh-ed25519 %s", parts[0])))
-		if err != nil {
-			return false
-		}
-
-		// partialRequestData is formatted as http.Method,http.requestURI,timestamp,nonce
-		requestData, err := base64.StdEncoding.DecodeString(parts[1])
-		if err != nil {
-			return false
-		}
-
-		partialRequestDataParts := strings.Split(string(requestData), ",")
-		if len(partialRequestDataParts) != 3 {
-			return false
-		}
-
-		signature, err := base64.StdEncoding.DecodeString(parts[2])
-		if err != nil {
-			return false
-		}
-
-		if err := clientPublicKey.Verify(requestData, &ssh.Signature{Format: clientPublicKey.Type(), Blob: signature}); err != nil {
-			return false
-		}
-
-		serverPublicKey, err := auth.GetPublicKey()
-		if err != nil {
-			slog.Error(fmt.Sprintf("failed to get server public key: %v", err))
-			return false
-		}
-		
-		if bytes.Equal(serverPublicKey.Marshal(), clientPublicKey.Marshal()) {
-			return true
-		}
-
-		return false
-	}
-
-	return false
-}
-
 func isLocalIP(ip netip.Addr) bool {
 	if interfaces, err := net.Interfaces(); err == nil {
 		for _, iface := range interfaces {
--- a/server/routes_test.go
+++ b/server/routes_test.go
@@ -10,18 +10,15 @@ import (
 	"math"
 	"net/http"
 	"net/http/httptest"
-	"net/url"
 	"os"
 	"sort"
 	"strings"
 	"testing"

-	"github.com/gin-gonic/gin"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

 	"github.com/ollama/ollama/api"
-	"github.com/ollama/ollama/auth"
 	"github.com/ollama/ollama/envconfig"
 	"github.com/ollama/ollama/llm"
 	"github.com/ollama/ollama/openai"
@@ -530,62 +527,3 @@ func TestNormalize(t *testing.T) {
 		})
 	}
 }
-
-func TestIsLocalReal(t *testing.T) {
-	gin.SetMode(gin.TestMode)
-	clientPubLoc := t.TempDir()
-	t.Setenv("HOME", clientPubLoc)
-
-	_, err := auth.GetPublicKey()
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	w := httptest.NewRecorder()
-    ctx, _ := gin.CreateTestContext(w)
-	ctx.Request = &http.Request{
-		Header: make(http.Header),
-	}
-
-	requestURL := url.URL{
-		Scheme: "http",
-		Host:   "localhost:8080",
-		Path:   "/api/blobs",
-	}
-	request := &http.Request{
-		Method: http.MethodPost,
-		URL:    &requestURL,
-	}
-	s := &Server{}
-	
-	authz, err := api.Authorization(ctx, request)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	// Set client authorization header
-	ctx.Request.Header.Set("Authorization", authz)
-	if !s.isLocal(ctx) {
-		t.Fatal("Expected isLocal to return true")
-	}
-
-	t.Run("different server pubkey", func(t *testing.T) {
-		serverPubLoc := t.TempDir()
-		t.Setenv("HOME", serverPubLoc)
-		_, err := auth.GetPublicKey()
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		if s.isLocal(ctx) {
-			t.Fatal("Expected isLocal to return false")
-		}
-	})
-
-	t.Run("invalid pubkey", func(t *testing.T) {
-		ctx.Request.Header.Set("Authorization", "sha-25616:invalid")
-		if s.isLocal(ctx) {
-			t.Fatal("Expected isLocal to return false")
-		}
-	})
-}