Runpod•2y ago

How do I expose my api key and use CORS instead?

I want to make it so that all requests from a domain to my serverless endpoint are allowed. I suppose I don't mind exposing my api key if I can make it so that only requests from a certain domain are allowed, right?

How would I do this? I want to serve a Comfy workflow on a serverless endpoint and I think I can use https://github.com/blib-la/runpod-worker-comfy to set up the endpoint itself. It would be really helpful if a) someone could let me know if this is possible, and if so b) outline the general steps I need to do to accomplish it.

GitHub

GitHub - blib-la/runpod-worker-comfy: ComfyUI as a serverless API o...

ComfyUI as a serverless API on RunPod. Contribute to blib-la/runpod-worker-comfy development by creating an account on GitHub.

J.•2/20/24, 1:30 AM

Wah this is an awesome repository

J.•2/20/24, 1:30 AM

Tldr though if you launch this on runpod serverless, runpod serverless itself managed an api endpoint to trigger

J.•2/20/24, 1:30 AM

https://docs.runpod.io/serverless/overview

Overview | RunPod Documentation

An overview to Serverless GPU computing for AI inference and training.

J.•2/20/24, 1:30 AM

Here is their doc

J.•2/20/24, 1:31 AM

the main idea behind serverless is you define a python function such as:

And you can invoke it through curl ; their python sdk; or python request module:

request runpodurl/<your serverless id>/run for example, and it will trigger that python function

J.•2/20/24, 1:32 AM

I guess the tldr im trying to tell u is that, if this is a repo for comfy ui serverless then its already basically already a ready to go api that when u make a request to runpod need to do so with an auth key anyways

WarySlothOP•2/20/24, 1:44 AM

@justin hmm is this function you're talking about something I can change? Because if so, I coul just change it to be like "if the request is coming from domain x, then allow. Otherwise, reject"

WarySlothOP•2/20/24, 1:44 AM

Does something as simple as that work? I think this is in the handler.py code (for this repository specifically or really any other worker repo for runpod)

WWarySloth @justin hmm is this function you're talking about something I can change? Becaus...

J.•2/20/24, 1:45 AM

Yes u can define the handler.py to respond however u would like

J.•2/20/24, 1:45 AM

but u dont need to change it to do a domain authorization

J.•2/20/24, 1:45 AM

to make a request to the api u need an authentication key

J.•2/20/24, 1:45 AM

can read more on serverless for that information in the docs

J.•2/20/24, 1:45 AM

so ur domain essentially on its requests just needs to pass the auth key with its request

J.•2/20/24, 1:46 AM

u dont need to specifically define by domains

J.•2/20/24, 1:46 AM

this serverless btw is to spin up gpus dynamically up and down to respond to requests

J.•2/20/24, 1:46 AM

rather than keeping a gpu pod instance open 24/7 which is what gpu pod does

J.•2/20/24, 1:46 AM

gpu pod is more of renting a linux server with a GPU for manual usage; usually; vs serverless is more of an api sort of usage

WarySlothOP•2/20/24, 1:46 AM

Okay but I guess what I'm asking is I have to make this request from the frontend (because of some weird shopify stuff) and so I would have to expose the api key. Thus, would want to restrsict it to just a certain domain

WarySlothOP•2/20/24, 1:47 AM

or some other form of protection

WWarySloth Okay but I guess what I'm asking is I have to make this request from the fronten...

J.•2/20/24, 1:47 AM

Got it. You could probably have the shopify make a request to a django / flask server u host on fly.io or something

J.•2/20/24, 1:47 AM

and then proxy that request through to runpod

J.•2/20/24, 1:47 AM

is my recommendation

J.•2/20/24, 1:47 AM

but that is up to u ultimately

WarySlothOP•2/20/24, 1:48 AM

ok cool that makes more sense. I guess, just wanted your opinion--is that safer because then my proxy server can figure out if the request is legit or not? Just from the ip the request is coming form?

WarySlothOP•2/20/24, 1:48 AM

vs I can't do that if I call the runpod handler directly

WWarySloth ok cool that makes more sense. I guess, just wanted your opinion--is that safer ...

J.•2/20/24, 1:48 AM

Well, I guess your proxy server can do anything haha

J.•2/20/24, 1:48 AM

But yes

J.•2/20/24, 1:48 AM

I mean ppl can fake whatever request structure they want to a backend api

J.•2/20/24, 1:48 AM

but i guess, u can force a shopify button maybe to pass some token or something

J.•2/20/24, 1:48 AM

and rate limit it etc

J.•2/20/24, 1:48 AM

on the proxy etc

J.•2/20/24, 1:49 AM

If ur worried about security

J.•2/20/24, 1:49 AM

But yea

WarySlothOP•2/20/24, 1:49 AM

why wouldn't you recommend trying to do that in the runpod handler itself? Like why not just add some python to restrict the handler.py file to only run if it's from a legit domain and theres a rate limit?

WarySlothOP•2/20/24, 1:49 AM

that way I don't have to setup a proxy server

WWarySloth why wouldn't you recommend trying to do that in the runpod handler itself? Like ...

J.•2/20/24, 1:49 AM

Bc by exposing ur authentication key they can do a lot of stuff on runpod

J.•2/20/24, 1:49 AM

like spin up pods themselves

J.•2/20/24, 1:49 AM

modify ur endpoint

J.•2/20/24, 1:49 AM

etc

WarySlothOP•2/20/24, 1:49 AM

oh okay got it

WarySlothOP•2/20/24, 1:49 AM

makes more sense now

WarySlothOP•2/20/24, 1:50 AM

any pointers on where to look just for some basic information on proxy servers with runpod? like a guide or even just what search term you'd recommend

WarySlothOP•2/20/24, 1:50 AM

thank you so much btw, this is really helpful

J.•2/20/24, 1:51 AM

Hm. Essentially I think first, just learn how to call the serverless function on runpod.

https://discord.com/channels/912829806415085598/1194695853026328626/1194998123781685258

You can refer to this hello world example of serverless on runpod + also the docs:

https://docs.runpod.io/serverless/overview

Overview | RunPod Documentation

An overview to Serverless GPU computing for AI inference and training.

J.•2/20/24, 1:51 AM

You can deploy one + also just learn how to call it

J.•2/20/24, 1:52 AM

that will give you an idea of how to write a basic python function to call ur api

J.•2/20/24, 1:52 AM

from there, all you need is a hello world flask application, to deploy on fly.io

J.•2/20/24, 1:52 AM

You can ask chatgpt + fly.io has great documentation on a basic flask server setup

J.•2/20/24, 1:52 AM

https://fly.io/docs/languages-and-frameworks/python/#run-a-flask-app

Fly

Run a Python App

Documentation and guides from the team at Fly.io.