fix demo mode

ee/tabby-schema/src/env.rs

@@ -1,3 +1,3 @@
-pub fn demo_mode() -> bool {
+pub fn is_demo_mode() -> bool {
     std::env::var("TABBY_WEBSERVER_DEMO_MODE").is_ok()
 }

ee/tabby-schema/src/lib.rs

@@ -6,7 +6,7 @@ mod schema;
 
 pub mod juniper;
 pub use dao::*;
-pub use env::demo_mode;
+pub use env::is_demo_mode;
 pub use schema::*;
 
 #[macro_export]

ee/tabby-schema/src/schema/mod.rs

@@ -411,7 +411,7 @@ impl Query {
             is_chat_enabled: ctx.locator.worker().is_chat_enabled().await?,
             is_email_configured: ctx.locator.email().read_setting().await?.is_some(),
             allow_self_signup: ctx.locator.auth().allow_self_signup().await?,
-            is_demo_mode: env::demo_mode(),
+            is_demo_mode: env::is_demo_mode(),
         })
     }
 

ee/tabby-webserver/src/service/auth.rs

@@ -16,7 +16,7 @@ use tabby_schema::{
         OAuthResponse, RefreshTokenResponse, RegisterResponse, RequestInvitationInput,
         TokenAuthResponse, UpdateOAuthCredentialInput, User,
     },
-    demo_mode,
+    is_demo_mode,
     email::EmailService,
     license::{LicenseInfo, LicenseService},
     setting::SettingService,
@@ -63,7 +63,7 @@ impl AuthenticationService for AuthenticationServiceImpl {
         invitation_code: Option<String>,
     ) -> Result<RegisterResponse> {
         let is_admin_initialized = self.is_admin_initialized().await?;
-        if is_admin_initialized && demo_mode() {
+        if is_admin_initialized && is_demo_mode() {
             bail!("Registering new users is disabled in demo mode");
         }
         let invitation =
@@ -166,7 +166,7 @@ impl AuthenticationService for AuthenticationServiceImpl {
         old_password: Option<&str>,
         new_password: &str,
     ) -> Result<()> {
-        if demo_mode() {
+        if is_demo_mode() {
             bail!("Changing passwords is disabled in demo mode");
         }
 
@@ -322,7 +322,7 @@ impl AuthenticationService for AuthenticationServiceImpl {
     }
 
     async fn create_invitation(&self, email: String) -> Result<Invitation> {
-        if demo_mode() {
+        if is_demo_mode() {
             bail!("Inviting users is disabled in demo mode");
         }
         let license = self.license.read().await?;
@@ -523,7 +523,7 @@ async fn get_or_create_oauth_user(
         .map_err(|x| OAuthError::Other(x.into()))?
         .can_register_without_invitation(email)
     {
-        if demo_mode() {
+        if is_demo_mode() {
             bail!("Registering new users is disabled in demo mode");
         }
         // it's ok to set password to null here, because

ee/tabby-webserver/src/service/license.rs

@@ -6,7 +6,7 @@ use lazy_static::lazy_static;
 use serde::Deserialize;
 use tabby_db::DbConn;
 use tabby_schema::{
-    demo_mode,
+    is_demo_mode,
     license::{LicenseInfo, LicenseService, LicenseStatus, LicenseType},
     Result,
 };
@@ -129,7 +129,7 @@ fn license_info_from_raw(raw: LicenseJWTPayload, seats_used: usize) -> Result<Li
 #[async_trait]
 impl LicenseService for LicenseServiceImpl {
     async fn read(&self) -> Result<LicenseInfo> {
-        if demo_mode() {
+        if is_demo_mode() {
             return self.make_demo_license().await;
         }
 
@@ -145,7 +145,7 @@ impl LicenseService for LicenseServiceImpl {
     }
 
     async fn update(&self, license: String) -> Result<()> {
-        if demo_mode() {
+        if is_demo_mode() {
             bail!("Modifying license is disabled in demo mode");
         }
 

ee/tabby-webserver/src/service/mod.rs

@@ -34,7 +34,7 @@ use tabby_db::DbConn;
 use tabby_schema::{
     analytic::AnalyticService,
     auth::AuthenticationService,
-    demo_mode,
+    is_demo_mode,
     email::EmailService,
     job::JobService,
     license::{IsLicenseValid, LicenseService},
@@ -116,13 +116,6 @@ impl ServerContext {
     /// Returns whether a request is authorized to access the content, and the user ID if authentication was used.
     async fn authorize_request(&self, uri: &Uri, headers: &HeaderMap) -> (bool, Option<ID>) {
         let path = uri.path();
-        if demo_mode()
-            && (path.starts_with("/v1/completions")
-                || path.starts_with("/v1/chat/completions")
-                || path.starts_with("/v1beta/chat/completions"))
-        {
-            return (false, None);
-        }
         if !(path.starts_with("/v1/") || path.starts_with("/v1beta/")) {
             return (true, None);
         }
@@ -146,10 +139,12 @@ impl ServerContext {
         }
 
         let is_license_valid = self.license.read().await.ensure_valid_license().is_ok();
+        let requires_owner = !is_license_valid || is_demo_mode();
+
         // If there's no valid license, only allows owner access.
         match self
             .db_conn
-            .verify_auth_token(token, !is_license_valid)
+            .verify_auth_token(token, requires_owner)
             .await
         {
             Ok(id) => (true, Some(id.as_id())),