From 6ae9b7ff6e86701e1bde080f9a0128eb5de7de84 Mon Sep 17 00:00:00 2001
From: Caleb Owens <hello@calebowens.com>
Date: Sat, 18 May 2024 16:51:20 +0100
Subject: [PATCH] Fix ollama request security

---
 app/src/lib/ai/ollamaClient.ts         | 15 ++++++++-------
 crates/gitbutler-tauri/tauri.conf.json |  7 ++++++-
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/app/src/lib/ai/ollamaClient.ts b/app/src/lib/ai/ollamaClient.ts
index 25251d6bf..7c0369cc8 100644
--- a/app/src/lib/ai/ollamaClient.ts
+++ b/app/src/lib/ai/ollamaClient.ts
@@ -1,6 +1,7 @@
 import { LONG_DEFAULT_BRANCH_TEMPLATE, LONG_DEFAULT_COMMIT_TEMPLATE } from '$lib/ai/prompts';
 import { MessageRole, type PromptMessage, type AIClient } from '$lib/ai/types';
 import { isNonEmptyObject } from '$lib/utils/typeguards';
+import { fetch, Body, Response } from '@tauri-apps/api/http';
 
 export const DEFAULT_OLLAMA_ENDPOINT = 'http://127.0.0.1:11434';
 export const DEFAULT_OLLAMA_MODEL_NAME = 'llama3';
@@ -123,14 +124,15 @@ ${JSON.stringify(OLLAMA_CHAT_MESSAGE_FORMAT_SCHEMA, null, 2)}`
 	 * @param request - The OllamaChatRequest object containing the request details.
 	 * @returns A Promise that resolves to the Response object.
 	 */
-	private async fetchChat(request: OllamaChatRequest): Promise<Response> {
+	private async fetchChat(request: OllamaChatRequest): Promise<Response<any>> {
 		const url = new URL(OllamaAPEndpoint.Chat, this.endpoint);
-		const result = await fetch(url, {
+		const body = Body.json(request);
+		const result = await fetch(url.toString(), {
 			method: 'POST',
 			headers: {
 				'Content-Type': 'application/json'
 			},
-			body: JSON.stringify(request)
+			body
 		});
 		return result;
 	}
@@ -155,11 +157,10 @@ ${JSON.stringify(OLLAMA_CHAT_MESSAGE_FORMAT_SCHEMA, null, 2)}`
 			format: 'json'
 		});
 
-		const json = await result.json();
-		if (!isOllamaChatResponse(json)) {
-			throw new Error('Invalid response\n' + JSON.stringify(json));
+		if (!isOllamaChatResponse(result.data)) {
+			throw new Error('Invalid response\n' + JSON.stringify(result.data));
 		}
 
-		return json;
+		return result.data;
 	}
 }
diff --git a/crates/gitbutler-tauri/tauri.conf.json b/crates/gitbutler-tauri/tauri.conf.json
index eb3805f99..2b1111d38 100644
--- a/crates/gitbutler-tauri/tauri.conf.json
+++ b/crates/gitbutler-tauri/tauri.conf.json
@@ -42,7 +42,12 @@
 			"http": {
 				"all": true,
 				"request": true,
-				"scope": [" https://api.anthropic.com/v1/messages"]
+				"scope": [
+					"https://api.anthropic.com/v1/messages",
+					"http://127.0.0.1:11434/api/chat",
+					"http://127.0.0.1:11434/api/generate",
+					"http://127.0.0.1:11434/api/embeddings"
+				]
 			}
 		},
 		"bundle": {