Skip to content

Commit 146967f

Browse files
committed
HAWKI Update #2
1 parent f352dc3 commit 146967f

File tree

643 files changed

+126482
-2881
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

643 files changed

+126482
-2881
lines changed

Diff for: .gitignore

+1-3
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,2 @@
11
.env
2-
.DS_Store
3-
4-
feedback/*/***
2+
.DS_Store

Diff for: .htaccess

+20-19
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,25 @@
1-
# Prevent Access to svg
2-
<Files "*.svg">
3-
Order allow,deny
4-
Allow from all
5-
</Files>
1+
# DISABLE DIRECTORY LISTINGS
2+
Options -Indexes
63

7-
# Prevent Access to log files
8-
<Files "*.log">
9-
Order Allow,Deny
10-
Deny from all
11-
</Files>
4+
<IfModule mod_rewrite.c>
5+
RewriteEngine On
6+
RewriteBase /
127

13-
# Prevent Access to dot files
14-
<FilesMatch "^\.">
15-
Order allow,deny
16-
Deny from all
17-
</FilesMatch>
8+
# Remove .php extension from URLs
9+
RewriteCond %{REQUEST_FILENAME}.php -f
10+
RewriteRule ^ %{REQUEST_URI}.php [L]
11+
12+
# Remove trailing dot from URLs
13+
RewriteRule ^(.*)\.$ /$1 [R=301,L]
14+
15+
# Redirect all requests to index.php except existing files or directories
16+
RewriteCond %{REQUEST_FILENAME} !-f
17+
RewriteCond %{REQUEST_FILENAME} !-d
18+
RewriteRule ^ index.php [L]
19+
</IfModule>
1820

19-
# DISABLE CACHING
2021
<IfModule mod_headers.c>
21-
Header set Cache-Control "no-cache, no-store, must-revalidate"
22-
Header set Pragma "no-cache"
23-
Header set Expires 0
22+
Header set Cache-Control "no-cache, no-store, must-revalidate"
23+
Header set Pragma "no-cache"
24+
Header set Expires 0
2425
</IfModule>

Diff for: Changelog.txt

+21
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
CHANGE LOG:
2+
3+
16.04.2024 Changelog – HAWKI V1.
4+
5+
- Multi language package added.
6+
- Dark mode theme added.
7+
- Syntax Highlighting update.
8+
- KaTeX implimentation for math formulas.
9+
- Azure AI integration
10+
- BUGFIX: Test user enabled w/ cridentials from .env file.
11+
- Shibboleth connection
12+
- System prompts panel added.
13+
- Security updates for escaped HTML, sanitized inputs, csrf token.
14+
15+
23.01.2024
16+
17+
- Message Inputfield scroll panel added.
18+
- Autoscroll function adjusted. Scroll up stops the auto scroll.
19+
- Stop Generating function added. During the generation process send button switches to stop generation button.
20+
- Copy Button added. The function copies the whole message as plain text.
21+
- BUGFIX: Parsing error from json "Chunks" corrected (merged code from Niklas Wode).

Diff for: FiraSans.woff2

-15.8 KB
Binary file not shown.

Diff for: README.md

+35-40
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,5 @@
11
# HAWKI
22

3-
# NEU NEU NEU
4-
5-
Im Rahmen der gemeinsamen Weiterentwicklung von HAWKI möchten wir ein Dokument zur Verfügung stellen, das verschiedene Nutzungsmöglichkeiten von HAWKI aufzeigt. Hier ist Platz, um Promptvorschläge für die Hochschullehre zu machen oder weitere fiktive Expert*innen für das virtuelle Büro hinzuzufügen.
6-
https://pad.hawk.de/p/Offener_Prompt-Katalog
7-
8-
93
## About
104

115
HAWKI is a didactic interface for universities based on the OpenAI API. It is not necessary for users to create an account, the university ID is sufficient for login - no user-related data is stored.
@@ -20,42 +14,38 @@ Learning Space: The learning spaces are designed to help you understand the diff
2014

2115
We welcome constructive feedback to further develop this project based on your needs and insights.
2216

23-
![HAWKI Login](/img/hawki-screenshot-login.png)
17+
<!-- ![HAWKI Login](/img/hawki-screenshot-login.png) -->
18+
![HAWKI Login](/img/readmePic1.jpeg)
2419
_HAWKI Login Screen_
2520

26-
![HAWKI Dashboard](/img/hawki-screenshot-dashboard.jpg)
21+
<!-- ![HAWKI Dashboard](/img/hawki-screenshot-dashboard.jpg) -->
22+
![HAWKI Dashboard](/img/readmePic3.jpg)
2723
_HAWKI Dashboard_
2824

29-
## ChangeLog 23.01.2024
25+
![HAWKI Dashboard](/img/readmePic2.jpg)
26+
_HAWKI Settings Panel_
27+
28+
29+
## Changelog – HAWKI V1.
3030

31-
Quality of Life Features:
31+
###Functionality
3232

33-
- Message Inputfield scroll panel added
34-
It is now possible to scroll in the text input field. Previously, long text entries were too inconvenient.
35-
- Autoscroll function adjusted. Scroll up stops the auto scroll.
36-
When a response is generated, the user can still scroll up and read the text that has already been generated.
37-
- Stop Generating function added. During the generation process “send” button switches to “stop generation” button.
38-
Now users no longer have to wait until the end of the generation, but can end the process manually.
39-
- Copy Button added. The function copies the whole message as plain text.
40-
Users can use the Copy button to copy the text without formatting. This simplifies the further processing of the generated answers.
33+
Shibboleth connection as an additional authentication option. (Thanks to Marvin Mundry from the University of Hamburg)
4134

35+
Multi-language with translated texts for English, Italian, French and Spanish.
36+
Display of mathematical formulas, LaTex and improvement of syntax highlighting.
4237

43-
Bugfix
44-
- Parsing error from json "Chunks" corrected (merged code from Uni Kassel / thx to Niklas Wode).
45-
Previously, the response was sometimes not generated completely or contained errors.
38+
###Quality of Life
4639

47-
Other
40+
Dark Mode for our night owls.
4841

49-
- Removed testing files
50-
Redundant files from the development phase
42+
System prompts can now be viewed transparently.
5143

52-
- Removed docker container
53-
We cannot offer long-term support for a docker integration and find the setup process simple enough and have therefore removed the docker container.
44+
###Security updates
5445

55-
- Changed standard model to GPT-4-Turbo
56-
At times we had a model switcher built in, but this has now become unnecessary. We have removed the model switcher and set gpt 4 turbo as the standard model.
46+
We have made HAWKI more secure in some areas and updated the code structure.
5747

58-
- Previously, the generated text that was in double asterisks was deleted, now we make it available as bold text, as intended.
48+
We would like to thank Thorger Jansen (discovery, analysis, coordination) from SEC Consult Vulnerability Lab for responsibly reporting the identified issues and working with us to fix them.
5949

6050
## Getting started
6151

@@ -65,7 +55,7 @@ At times we had a model switcher built in, but this has now become unnecessary.
6555

6656
HAWKI uses LDAP under the hood in order to authenticate users. Make sure you have LDAP setup first and that it is accessible from your HAWKI instance. Provide your LDAP config according to chapter [Configuration](#configuration). You can find more information on how to use LDAP on the official website https://ldap.com
6757

68-
_**Testing without LDAP:**_ You can try out HAWKI without an LDAP server. To do so, set `TESTUSER` and `TESTPASSWORD` in the configuration file (see [Configuration](#configuration)).
58+
_**Testing without LDAP:**_ You can try out HAWKI without an LDAP server. To do so, set `TESTUSER` to your prefered user name `tester` in the configuration file (see [Configuration](#configuration)) and sign in with username `tester` and password `superlangespasswort123`
6959

7060
### OpenID Connect
7161

@@ -74,35 +64,40 @@ authenticate users. It requires the jumbojett/openid-connect-php
7464
library (https://github.com/jumbojett/OpenID-Connect-PHP)
7565
to be installed with composer.
7666

77-
### Open AI Access
67+
### Shibboleth
68+
69+
The new version also supports the Shibboleth for user authentication. Define your Shibboleth url and login page in the environment file (see [Configuration](#configuration)).
7870

79-
To generate answers HAWKI uses the _Open AI API_. Follow the instructions on https://platform.openai.com/docs/introduction to generate an API key and paste it in the configuration file like instructed in chapter [Configuration](#configuration).
71+
### Open AI Access
8072

81-
The API also works with _Microsoft Azure AI_. Follow the instructions on https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/create-resource?pivots=web-portal to create a resource, deploy a GPT-4 model and generate the API URL and API key. For Microsoft Azure AI, this URL should look like _https://<AZURE_OPENAI_ENDPOINT>/openai/deployments/<DEPLOYMENT_NAME>/chat/completions?api-version=2023-05-15_ with AZURE_OPENAI_ENDPOINT and DEPLOYMENT_NAME being replaced by your values. Paste the API URL and API key in the configuration file like instructed in chapter [Configuration](#configuration).
73+
To generate answers HAWKI uses the Open AI api. Follow the instructions on https://platform.openai.com/docs/introduction to generate an API key and paste it in the configuration file like instructed in chapter [Configuration](#configuration).
8274

8375
## Configuration
8476

8577
To get started you need to add a configuration file to the project first. Copy the file ".env.example" from the root directory and rename it to ".env". Replace the example values in it with your own configuration. A detailed description of all values is listed below.
8678

8779
| Value | Type | Example | Description |
8880
| ---------------- | ------- | -------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
89-
| Authentication | string | 'LDAP' or 'OIDC' | Authentication method: LDAP or OpenID Connect |
81+
| Authentication | string | 'LDAP' / 'OIDC' / 'Shibboleth' | Authentication method: LDAP or OpenID Connect |
9082
| LDAP_HOST | string | "ldaps://...de" | The URL of your LDAP server. |
9183
| LDAP_BIND_PW | string | secretpassword | Password of the user that is trying to bind to the LDAP Server. |
9284
| LDAP_BASE_DN | string | "cn=...,ou=...,dc=..." | Distinguised name that is used to initially bind to your LDAP server. |
9385
| LDAP_SEARCH_DN | string | "ou=...,dc=..." | Distinguished name that is used for authenticating users. |
86+
| LDAP_PORT | string | "..." | The LDAP port. |
87+
| SHIBBOLET_LOGIN_PATH | string | "..." | Path to shibboleth login page. |
88+
| SHIBBOLET_LOGIN_PAGE | string | "..." | Shibboleth login page. |
9489
| OIDC_IDP | string | "https://...." | URL of the Identity provider supporting OpenID Connect. |
9590
| OIDC_CLIENT_ID | string | "..." | Client Id for this application in Identity provider. |
9691
| OIDC_CLIENT_SECRET | string | "..." | Secret key for OpenID Connect.
9792
| OIDC_LOGOUT_URI | string | "https://...." | URL to logout from Identity provider |
98-
| OPENAI_API_KEY | string | sk-... | Open AI API key |
99-
| OPENAI_API_URL | string | https://api.openai.com/v1/chat/completions | Open AI API URL. Also works with Microsoft Azure AI. |
93+
| OPENAI_API_URL | string | "https://api.openai.com/v1/chat/completions" | Open AI URL |
94+
| OPENAI_API_KEY | string | sk-... | Open AI Api key |
10095
| IMPRINT_LOCATION | string | https://your-university/imprint | A link to your imprint. Alternatively you can replace the file index.php under /impressum with your own html/ php of your imprint. |
10196
| PRIVACY_LOCATION | string | https://your-university/privacy-policy | A link to your privacy policy. Alternatively you can replace the file index.php under /datenschutz with your own html/ php of your privacy policy. |
102-
| TESTUSER | string | `tester` | Can be set for testing purposes. Requires `Authentication=LDAP`. You can then sign in using the given username and password. |
103-
| TESTPASSWORD | string | `superlangespasswort123` | Can be set for testing purposes. Requires `Authentication=LDAP`. You can then sign in using the given username and password. |
104-
| FAVICON_URI | string | "https://...." | Link to favicon
105-
97+
| TESTUSER | string | "tester" | Set value for testing purposes. Leave TESTUSER and TESTPASSWORD empty or comment them out to disable test user. |
98+
| TESTPASSWORD | string | "superlangespasswort123" | Set value for testing purposes. Leave TESTUSER and TESTPASSWORD empty or comment them out to disable test user. |
99+
| FAVICON_URI | string | "https://...." | Link to favicon |
100+
| DEFAULT_LANGUAGE | string | "de_DE"/ "en_US"/ "es_ES"/ "fr_FR"/ "it_IT" | Default website language. Only applicable if the user has not previously changed the language or their browser language is not one of the supported languages. Current supported languages: 'de_DE', 'en_US', 'es_ES', 'fr_FR', 'it_IT' |
106101
## Web Server Configuration
107102

108103
There are a few things to keep in mind when publishing your HAWKI instance on a webserver.

Diff for: SECURITY.md

+32-12
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,38 @@
1-
# Security Policy
1+
# Sicherheitsrichtlinie
22

3-
We take the security of our projects very seriously. This means we aim to disclose and patch any arising issues as soon as possible. Moderate to major security issues will be fixed and included in a new release. Smaller issues will be given a hotfix.
3+
## Melden von Sicherheitslücken
44

5-
## Reporting a Vulnerability
5+
Wir nehmen die Sicherheit unseres Projekts ernst. Wenn Sie eine Sicherheitslücke in unserem Projekt entdeckt haben, bitten wir Sie, uns dies sicher über E-Mail zu berichten. Bitte senden Sie keine Sicherheitsprobleme über öffentliche GitHub-Issues.
66

7-
In order to report a (possible) vulnerability, please create a report here with the GitHub Security Advisory Tool and include a description as detailed as possible as well as the steps to reproduce the issue.
8-
Alternatively you can contact us via E-Mail under vincent.timm2(at)hawk.de - please include the same information that you would fill in here on GitHub.
7+
**E-Mail:** arian.sadafi1@hawk.de
98

10-
We will try to reply to your request within two weeks. You should expect a close collaboration as we work to resolve the security vulnerability you have reported.
11-
Please avoid revealing information about vulnerabilities in public without prior disclosure if that could put users at risk.
9+
**Verschlüsselte Kommunikation:**
10+
- Bitte senden Sie Ihre Meldung verschlüsselt, wenn möglich. Unten finden Sie meinen öffentlichen PGP-Schlüssel.
1211

13-
## Prefered Language
14-
We prefer all communications to be in English or German.
12+
-----BEGIN PGP PUBLIC KEY BLOCK-----
1513

16-
## Attribution
17-
We will include a "thank you section" in the project description for those who disclosed vulnurabilities in accordance to this policy.
18-
After vulnurabilities are fixed a public disclosure is possible.
14+
mDMEZiDaSBYJKwYBBAHaRw8BAQdA0Pay7iQXr1eKz4ndzp9BUSCBb0F1ZMOpCpj+
15+
qacOYdq0JEFyaWFuIFNhZGFmaSA8YXJpYW4uc2FkYWZpMUBoYXdrLmRlPoiZBBMW
16+
CgBBFiEEWXmdELYk4obrfmZGH11shzhB3/MFAmYg2kgCGwMFCQWjmoAFCwkIBwIC
17+
IgIGFQoJCAsCBBYCAwECHgcCF4AACgkQH11shzhB3/MbUwD9EAUlUw+z2W0RAVzg
18+
eezchrJI9ujASKnttzUx5q3MyzYBAM1orN5fGQxscp5JmqzIDVmftrHSSU6B0EZP
19+
z8ZFOREEuDgEZiDaSBIKKwYBBAGXVQEFAQEHQBiGyFSbtRTDcmr4kB//16cEaPI7
20+
bs9uQ8mvIfAzo9cxAwEIB4h+BBgWCgAmFiEEWXmdELYk4obrfmZGH11shzhB3/MF
21+
AmYg2kgC...
22+
-----END PGP PUBLIC KEY BLOCK-----
23+
24+
25+
## Was passiert nach der Meldung?
26+
27+
- Wir bestätigen den Erhalt Ihrer Meldung innerhalb von 24 Stunden.
28+
- Wir geben Ihnen eine Einschätzung der Schwere und des Einflusses der gemeldeten Sicherheitslücke.
29+
- Wir bemühen uns, Sicherheitsprobleme so schnell wie möglich zu beheben und eine neue Version bereitzustellen, die das Problem löst.
30+
- Wir informieren Sie über den Zeitplan der Korrekturen.
31+
32+
## Öffentliche Anerkennung
33+
34+
Wir erkennen alle Sicherheitsforscher an, die bei der Identifizierung und Meldung von Problemen gemäß dieser Richtlinie helfen. Wenn Sie es wünschen, fügen wir Ihren Namen oder Ihr Pseudonym in die Liste der Beitragenden ein, nachdem das Problem behoben wurde.
35+
36+
## Weitere Informationen
37+
38+
Für weitere Informationen über die Sicherheit dieses Projekts oder die Sicherheitspraktiken wenden Sie sich bitte an arian.sadafi1@hawk.de.

0 commit comments

Comments
 (0)