aledipa
diff --git a/‎.gitignore‎
Lines changed: 100 additions & 1 deletion b/‎.gitignore‎
Lines changed: 100 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 65 additions & 30 deletions b/‎README.md‎
Lines changed: 65 additions & 30 deletions
diff --git a/‎src/FreeGPT4_Server.py‎
Lines changed: 25 additions & 4 deletions b/‎src/FreeGPT4_Server.py‎
Lines changed: 25 additions & 4 deletions
@@ -1 +1,100 @@
-**/*.DS_Store
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+*.manifest
+*.spec
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Virtual environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# IDEs
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Logs
+*.log
+logs/
+
+# Database
+*.db
+*.sqlite
+*.sqlite3
+
+# Configuration files with sensitive data
+config.ini
+.env.local
+.env.production
+
+# Temporary files
+*.tmp
+*.temp
+temp/
+tmp/
+
+# Docker
+.dockerignore
+
+# Local data and cookies
+src/data/cookies.json
+src/data/proxies.json
+src/data/*.db
+
+# Test artifacts
+.coverage
+.pytest_cache/
+test-results/
@@ -8,11 +8,14 @@
 
 Self-hosted web API that exposes free, unlimited access to modern LLM providers through a single, simple HTTP interface. It includes an optional web GUI for configuration and supports running via Python or Docker.
 
-- Free to use
-- Unlimited requests
-- Simple HTTP interface (returns plain text)
-- Optional Web GUI
-- Docker image available
+## Key Features
+
+- **Free to use** - No API keys or subscriptions required
+- **Unlimited requests** - No rate limiting
+- **Simple HTTP interface** - Returns plain text responses
+- **Optional Web GUI** - Easy configuration through browser
+- **Docker support** - Ready-to-use container available
+- **Smart timeout handling** - Automatic retry with optimized timeouts
 
 Note: The demo server, when available, can be overloaded and may not always respond.
 
@@ -43,13 +46,6 @@ Note: The demo server, when available, can be overloaded and may not always resp
 
 ---
 
-## Features
-
-- Self-hosted DeepSeek-R1 and GPT-4o API
-- Unlimited usage
-- Free of cost
-- User-friendly GUI
-
 ## Screenshots
 
 <img src="./img/login.png" style="width:100%; max-width:500px; min-width:200px; aspect-ratio: 4/3" />
@@ -112,8 +108,15 @@ pip install -r requirements.txt
 ```
 
 3. Start the server (basic)
+```bash
+python3 src/FreeGPT4_Server.py
 ```
-python3 FreeGPT4_Server.py
+
+### Security Note
+
+When using the Web GUI, always set a secure password:
+```bash
+python3 src/FreeGPT4_Server.py --enable-gui --password your_secure_password
 ```
 
 ---
@@ -170,12 +173,12 @@ From the GUI you can configure common options (e.g., model, provider, keyword, h
 ## Command-line options
 
 Show help:
-```
-python3 FreeGPT4_Server.py [-h] [--remove-sources] [--enable-gui]
-                           [--private-mode] [--enable-history] [--password PASSWORD]
-                           [--cookie-file COOKIE_FILE] [--file-input] [--port PORT]
-                           [--model MODEL] [--provider PROVIDER] [--keyword KEYWORD]
-                           [--system-prompt SYSTEM_PROMPT] [--enable-proxies] [--enable-virtual-users]
+```bash
+python3 src/FreeGPT4_Server.py [-h] [--remove-sources] [--enable-gui]
+                                [--private-mode] [--enable-history] [--password PASSWORD]
+                                [--cookie-file COOKIE_FILE] [--file-input] [--port PORT]
+                                [--model MODEL] [--provider PROVIDER] [--keyword KEYWORD]
+                                [--system-prompt SYSTEM_PROMPT] [--enable-proxies] [--enable-virtual-users]
 ```
 
 Options:
@@ -219,20 +222,34 @@ Enable proxies to mitigate blocks:
 
 ### Models and providers
 
-- Models: includes gpt-4 (and variants such as GPT-4o) and DeepSeek-R1
-- Default model: `gpt-4`
-- Default provider: `Bing`
-- Change via flags or in the GUI:
-```
+- **Models**: gpt-4, gpt-4o, deepseek-r1, and other modern LLMs
+- **Default model**: `gpt-4`
+- **Default provider**: `DuckDuckGo` (reliable fallback)
+- **Provider Fallback**: Automatic switching between Bing, DuckDuckGo, and other providers
+- **Health Monitoring**: Real-time provider status tracking
+
+Change via flags or in the GUI:
+```bash
 --model gpt-4o --provider Bing
 ```
 
+### Reliability Features
+
+- **Smart Timeout Handling**: Optimized 30-second timeouts with automatic retry
+- **Provider Fallback**: Automatic switching when primary provider fails
+- **Health Monitoring**: Continuous provider status tracking
+- **Blacklist System**: Automatic exclusion of problematic providers
+
 ### Private mode and password
 
 - `--private-mode` requires a private token to access the API
-- `--password` protects the settings page (mandatory in some Docker setups)
+- `--password` protects the settings page (**mandatory in Docker setups**)
+- **Security Enhancement**: Authentication system hardened against bypass attacks
+- **Logging**: All authentication attempts are logged for security monitoring
 - Use a strong password if you expose the API beyond localhost
 
+**Important**: Always set a password when using the Web GUI to prevent unauthorized access.
+
 ---
 
 ## Siri integration
@@ -250,13 +267,34 @@ Say “GPT Mode” to Siri and ask your question when prompted.
 
 ## Requirements
 
-- Python 3
+- Python 3.8+
 - Flask[async]
 - g4f (from https://github.com/xtekky/gpt4free)
 - aiohttp
 - aiohttp_socks
-- auth
 - Werkzeug
+- requests (for enhanced HTTP handling)
+
+For development and testing:
+- pytest
+- pytest-asyncio
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Timeout Errors**: The system now automatically retries with fallback providers
+2. **Provider Blocks**: Health monitoring automatically switches to working providers
+3. **Authentication Issues**: Ensure you set a strong password and check logs for failed attempts
+4. **Docker Permission Issues**: Use read-only mounts for sensitive files like cookies.json
+
+### Getting Help
+
+If you encounter issues:
+1. Check the application logs for detailed error information
+2. Verify your provider configuration in the Web GUI
+3. Ensure cookies are properly formatted (if using)
+4. Try different providers through the fallback system
 
 ---
 
@@ -270,9 +308,6 @@ Say “GPT Mode” to Siri and ask your question when prompted.
 
 Contributions are welcome! Feel free to open issues and pull requests to improve features, docs, or reliability.
 
-Credits:
-- Some examples and tips credited to community members, including @git-malik and @ayoubelmhamdi.
-
 ---
 
 ## License
 
@@ -252,13 +252,16 @@ def setup_password(self):
 
         try:
             settings = db_manager.get_settings()
+            current_password = settings.get("password", "")
 
             if self.args.password:
                 # Password provided via command line
                 password = self.args.password
                 confirm_password = password
-            elif not settings.get("password"):
+                logger.info("Using password provided via command line argument")
+            elif not current_password:
                 # No password set, prompt for new one
+                logger.info("No admin password configured. Setting up new password...")
                 password = getpass.getpass("Settings page password:\n > ")
                 confirm_password = getpass.getpass("Confirm password:\n > ")
             else:
@@ -275,10 +278,22 @@ def setup_password(self):
                 logger.error("Passwords don't match")
                 exit(1)
 
-            # Save password
+            # Additional password strength validation
+            if len(password) < config.security.password_min_length:
+                logger.error(f"Password must be at least {config.security.password_min_length} characters long")
+                exit(1)
+            
+            # Save password (will be hashed automatically in update_settings)
             db_manager.update_settings({"password": password})
             logger.info("Admin password configured successfully")
 
+            # Verify the password was saved correctly
+            if not db_manager.verify_admin_password(password):
+                logger.error("Password verification failed after setup")
+                exit(1)
+            
+            logger.info("Password verification successful")
+            
         except Exception as e:
             logger.error(f"Failed to setup password: {e}")
             exit(1)
@@ -405,6 +420,12 @@ def settings():
         is_admin = False
         if username == "admin":
             is_admin = auth_service.authenticate_admin(username, password)
+            if not is_admin:
+                return render_template(
+                    "login.html",
+                    virtual_users=server_manager.args.enable_virtual_users,
+                    error="Invalid admin credentials"
+                )
         else:
             is_admin = False
             if not auth_service.authenticate_user(username, password):
@@ -432,8 +453,8 @@ def settings():
             "generic_models": config.generic_models
         }
 
-        if is_admin or username == "admin":
-            # Admin settings
+        if is_admin:
+            # Admin settings (only if properly authenticated)
             template_data["data"] = db_manager.get_settings()
 
             # Load proxies