Update app.py
Browse files
app.py
CHANGED
|
@@ -1,8 +1,10 @@
|
|
| 1 |
import os
|
|
|
|
| 2 |
import gradio as gr
|
| 3 |
import vertexai
|
| 4 |
from vertexai.preview.vision_models import ImageGenerationModel
|
| 5 |
-
from huggingface_hub import login
|
|
|
|
| 6 |
|
| 7 |
# --- 1. Configuration and Authentication ---
|
| 8 |
|
|
@@ -23,11 +25,8 @@ else:
|
|
| 23 |
# Part B: Google Cloud Credentials and Initialization
|
| 24 |
creds_json_str = os.environ.get("GOOGLE_APPLICATION_CREDENTIALS_JSON")
|
| 25 |
|
| 26 |
-
# <<< START: SECURITY UPDATE >>>
|
| 27 |
# This global variable will hold a generic error message for the UI if initialization fails.
|
| 28 |
-
# We no longer include raw exception details here.
|
| 29 |
generic_init_error_message = "FATAL: The image generation service is not configured correctly. Please contact the administrator."
|
| 30 |
-
# <<< END: SECURITY UPDATE >>>
|
| 31 |
|
| 32 |
# Check if all necessary secrets are loaded
|
| 33 |
if not all([GCP_PROJECT_ID, GCP_LOCATION, creds_json_str]):
|
|
@@ -47,27 +46,31 @@ else:
|
|
| 47 |
# This block runs only if all secrets are present.
|
| 48 |
print("All required GCP secrets (Project, Location, Credentials) are loaded.")
|
| 49 |
|
| 50 |
-
# <<< START: SECURITY UPDATE >>>
|
| 51 |
-
# Note: Writing credentials to a file is a potential security risk if the container's filesystem is compromised.
|
| 52 |
-
# This is a common pattern required by some Google Cloud libraries. Ensure the execution environment is secure.
|
| 53 |
-
# <<< END: SECURITY UPDATE >>>
|
| 54 |
-
with open("gcp_creds.json", "w") as f:
|
| 55 |
-
f.write(creds_json_str)
|
| 56 |
-
os.environ["GOOGLE_APPLICATION_CREDENTIALS"] = "gcp_creds.json"
|
| 57 |
-
|
| 58 |
try:
|
| 59 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 60 |
generation_model = ImageGenerationModel.from_pretrained("imagen-4.0-generate-preview-06-06")
|
| 61 |
print("Vertex AI and Imagen Model initialized successfully.")
|
| 62 |
INITIALIZATION_SUCCESS = True
|
|
|
|
| 63 |
except Exception as e:
|
| 64 |
-
# <<< START: SECURITY UPDATE >>>
|
| 65 |
# Log the detailed, sensitive error for the administrator ONLY.
|
| 66 |
print(f"ERROR: Failed to initialize Vertex AI or the model. Exception: {e}")
|
| 67 |
# Set the generic error message for the UI. DO NOT expose the raw exception 'e'.
|
| 68 |
error_message = generic_init_error_message
|
| 69 |
INITIALIZATION_SUCCESS = False
|
| 70 |
-
# <<< END: SECURITY UPDATE >>>
|
| 71 |
|
| 72 |
# --- 2. The Core Image Generation Function ---
|
| 73 |
def generate_image(prompt: str, negative_prompt: str, seed: int):
|
|
|
|
| 1 |
import os
|
| 2 |
+
import json
|
| 3 |
import gradio as gr
|
| 4 |
import vertexai
|
| 5 |
from vertexai.preview.vision_models import ImageGenerationModel
|
| 6 |
+
from huggingface_hub import login
|
| 7 |
+
from google.oauth2 import service_account # Added for secure in-memory auth
|
| 8 |
|
| 9 |
# --- 1. Configuration and Authentication ---
|
| 10 |
|
|
|
|
| 25 |
# Part B: Google Cloud Credentials and Initialization
|
| 26 |
creds_json_str = os.environ.get("GOOGLE_APPLICATION_CREDENTIALS_JSON")
|
| 27 |
|
|
|
|
| 28 |
# This global variable will hold a generic error message for the UI if initialization fails.
|
|
|
|
| 29 |
generic_init_error_message = "FATAL: The image generation service is not configured correctly. Please contact the administrator."
|
|
|
|
| 30 |
|
| 31 |
# Check if all necessary secrets are loaded
|
| 32 |
if not all([GCP_PROJECT_ID, GCP_LOCATION, creds_json_str]):
|
|
|
|
| 46 |
# This block runs only if all secrets are present.
|
| 47 |
print("All required GCP secrets (Project, Location, Credentials) are loaded.")
|
| 48 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 49 |
try:
|
| 50 |
+
# <<< START: SECURITY FIX >>>
|
| 51 |
+
# Securely initialize the Vertex AI client by passing credentials in-memory.
|
| 52 |
+
# This avoids writing sensitive credential files to the container's filesystem.
|
| 53 |
+
|
| 54 |
+
# 1. Parse the JSON string from the environment variable into a Python dict.
|
| 55 |
+
creds_info = json.loads(creds_json_str)
|
| 56 |
+
|
| 57 |
+
# 2. Create a credentials object from the dictionary.
|
| 58 |
+
credentials = service_account.Credentials.from_service_account_info(creds_info)
|
| 59 |
+
|
| 60 |
+
# 3. Initialize Vertex AI with the in-memory credentials object.
|
| 61 |
+
vertexai.init(project=GCP_PROJECT_ID, location=GCP_LOCATION, credentials=credentials)
|
| 62 |
+
# <<< END: SECURITY FIX >>>
|
| 63 |
+
|
| 64 |
generation_model = ImageGenerationModel.from_pretrained("imagen-4.0-generate-preview-06-06")
|
| 65 |
print("Vertex AI and Imagen Model initialized successfully.")
|
| 66 |
INITIALIZATION_SUCCESS = True
|
| 67 |
+
|
| 68 |
except Exception as e:
|
|
|
|
| 69 |
# Log the detailed, sensitive error for the administrator ONLY.
|
| 70 |
print(f"ERROR: Failed to initialize Vertex AI or the model. Exception: {e}")
|
| 71 |
# Set the generic error message for the UI. DO NOT expose the raw exception 'e'.
|
| 72 |
error_message = generic_init_error_message
|
| 73 |
INITIALIZATION_SUCCESS = False
|
|
|
|
| 74 |
|
| 75 |
# --- 2. The Core Image Generation Function ---
|
| 76 |
def generate_image(prompt: str, negative_prompt: str, seed: int):
|