You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+35-40
Original file line number
Diff line number
Diff line change
@@ -1,11 +1,5 @@
1
1
# HAWKI
2
2
3
-
# NEU NEU NEU
4
-
5
-
Im Rahmen der gemeinsamen Weiterentwicklung von HAWKI möchten wir ein Dokument zur Verfügung stellen, das verschiedene Nutzungsmöglichkeiten von HAWKI aufzeigt. Hier ist Platz, um Promptvorschläge für die Hochschullehre zu machen oder weitere fiktive Expert*innen für das virtuelle Büro hinzuzufügen.
6
-
https://pad.hawk.de/p/Offener_Prompt-Katalog
7
-
8
-
9
3
## About
10
4
11
5
HAWKI is a didactic interface for universities based on the OpenAI API. It is not necessary for users to create an account, the university ID is sufficient for login - no user-related data is stored.
@@ -20,42 +14,38 @@ Learning Space: The learning spaces are designed to help you understand the diff
20
14
21
15
We welcome constructive feedback to further develop this project based on your needs and insights.
It is now possible to scroll in the text input field. Previously, long text entries were too inconvenient.
35
-
- Autoscroll function adjusted. Scroll up stops the auto scroll.
36
-
When a response is generated, the user can still scroll up and read the text that has already been generated.
37
-
- Stop Generating function added. During the generation process “send” button switches to “stop generation” button.
38
-
Now users no longer have to wait until the end of the generation, but can end the process manually.
39
-
- Copy Button added. The function copies the whole message as plain text.
40
-
Users can use the Copy button to copy the text without formatting. This simplifies the further processing of the generated answers.
33
+
Shibboleth connection as an additional authentication option. (Thanks to Marvin Mundry from the University of Hamburg)
41
34
35
+
Multi-language with translated texts for English, Italian, French and Spanish.
36
+
Display of mathematical formulas, LaTex and improvement of syntax highlighting.
42
37
43
-
Bugfix
44
-
- Parsing error from json "Chunks" corrected (merged code from Uni Kassel / thx to Niklas Wode).
45
-
Previously, the response was sometimes not generated completely or contained errors.
38
+
###Quality of Life
46
39
47
-
Other
40
+
Dark Mode for our night owls.
48
41
49
-
- Removed testing files
50
-
Redundant files from the development phase
42
+
System prompts can now be viewed transparently.
51
43
52
-
- Removed docker container
53
-
We cannot offer long-term support for a docker integration and find the setup process simple enough and have therefore removed the docker container.
44
+
###Security updates
54
45
55
-
- Changed standard model to GPT-4-Turbo
56
-
At times we had a model switcher built in, but this has now become unnecessary. We have removed the model switcher and set gpt 4 turbo as the standard model.
46
+
We have made HAWKI more secure in some areas and updated the code structure.
57
47
58
-
- Previously, the generated text that was in double asterisks was deleted, now we make it available as bold text, as intended.
48
+
We would like to thank Thorger Jansen (discovery, analysis, coordination) from SEC Consult Vulnerability Lab for responsibly reporting the identified issues and working with us to fix them.
59
49
60
50
## Getting started
61
51
@@ -65,7 +55,7 @@ At times we had a model switcher built in, but this has now become unnecessary.
65
55
66
56
HAWKI uses LDAP under the hood in order to authenticate users. Make sure you have LDAP setup first and that it is accessible from your HAWKI instance. Provide your LDAP config according to chapter [Configuration](#configuration). You can find more information on how to use LDAP on the official website https://ldap.com
67
57
68
-
_**Testing without LDAP:**_ You can try out HAWKI without an LDAP server. To do so, set `TESTUSER`and `TESTPASSWORD` in the configuration file (see [Configuration](#configuration)).
58
+
_**Testing without LDAP:**_ You can try out HAWKI without an LDAP server. To do so, set `TESTUSER`to your prefered user name `tester` in the configuration file (see [Configuration](#configuration)) and sign in with username `tester` and password `superlangespasswort123`
69
59
70
60
### OpenID Connect
71
61
@@ -74,35 +64,40 @@ authenticate users. It requires the jumbojett/openid-connect-php
The new version also supports the Shibboleth for user authentication. Define your Shibboleth url and login page in the environment file (see [Configuration](#configuration)).
78
70
79
-
To generate answers HAWKI uses the _Open AI API_. Follow the instructions on https://platform.openai.com/docs/introduction to generate an API key and paste it in the configuration file like instructed in chapter [Configuration](#configuration).
71
+
### Open AI Access
80
72
81
-
The API also works with _Microsoft Azure AI_. Follow the instructions on https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/create-resource?pivots=web-portal to create a resource, deploy a GPT-4 model and generate the API URL and API key. For Microsoft Azure AI, this URL should look like _https://<AZURE_OPENAI_ENDPOINT>/openai/deployments/<DEPLOYMENT_NAME>/chat/completions?api-version=2023-05-15_ with AZURE_OPENAI_ENDPOINT and DEPLOYMENT_NAME being replaced by your values. Paste the API URL and API key in the configuration file like instructed in chapter [Configuration](#configuration).
73
+
To generate answers HAWKI uses the Open AI api. Follow the instructions on https://platform.openai.com/docs/introduction to generate an API keyand paste it in the configuration file like instructed in chapter [Configuration](#configuration).
82
74
83
75
## Configuration
84
76
85
77
To get started you need to add a configuration file to the project first. Copy the file ".env.example" from the root directory and rename it to ".env". Replace the example values in it with your own configuration. A detailed description of all values is listed below.
| OIDC_LOGOUT_URI | string | "https://...." | URL to logout from Identity provider |
98
-
|OPENAI_API_KEY| string |sk-... | Open AI API key|
99
-
|OPENAI_API_URL| string |https://api.openai.com/v1/chat/completions| Open AI API URL. Also works with Microsoft Azure AI.|
93
+
|OPENAI_API_URL| string |"https://api.openai.com/v1/chat/completions"| Open AI URL|
94
+
|OPENAI_API_KEY| string |sk-... | Open AI Api key |
100
95
| IMPRINT_LOCATION | string |https://your-university/imprint| A link to your imprint. Alternatively you can replace the file index.php under /impressum with your own html/ php of your imprint. |
101
96
| PRIVACY_LOCATION | string |https://your-university/privacy-policy| A link to your privacy policy. Alternatively you can replace the file index.php under /datenschutz with your own html/ php of your privacy policy. |
102
-
| TESTUSER | string |`tester`|Can be set for testing purposes. Requires `Authentication=LDAP`. You can then sign in using the given username and password. |
103
-
| TESTPASSWORD | string |`superlangespasswort123`| Can be set for testing purposes. Requires `Authentication=LDAP`. You can then sign in using the given username and password.|
104
-
| FAVICON_URI | string | "https://...." | Link to favicon
105
-
97
+
| TESTUSER | string | "tester"|Set value for testing purposes. Leave TESTUSER and TESTPASSWORD empty or comment them out to disable test user.|
98
+
| TESTPASSWORD | string | "superlangespasswort123" | Set value for testing purposes. Leave TESTUSER and TESTPASSWORD empty or comment them out to disable test user. |
99
+
| FAVICON_URI | string | "https://...." | Link to favicon |
100
+
| DEFAULT_LANGUAGE | string | "de_DE"/ "en_US"/ "es_ES"/ "fr_FR"/ "it_IT" | Default website language. Only applicable if the user has not previously changed the language or their browser language is not one of the supported languages. Current supported languages: 'de_DE', 'en_US', 'es_ES', 'fr_FR', 'it_IT' |
106
101
## Web Server Configuration
107
102
108
103
There are a few things to keep in mind when publishing your HAWKI instance on a webserver.
We take the security of our projects very seriously. This means we aim to disclose and patch any arising issues as soon as possible. Moderate to major security issues will be fixed and included in a new release. Smaller issues will be given a hotfix.
3
+
## Melden von Sicherheitslücken
4
4
5
-
## Reporting a Vulnerability
5
+
Wir nehmen die Sicherheit unseres Projekts ernst. Wenn Sie eine Sicherheitslücke in unserem Projekt entdeckt haben, bitten wir Sie, uns dies sicher über E-Mail zu berichten. Bitte senden Sie keine Sicherheitsprobleme über öffentliche GitHub-Issues.
6
6
7
-
In order to report a (possible) vulnerability, please create a report here with the GitHub Security Advisory Tool and include a description as detailed as possible as well as the steps to reproduce the issue.
8
-
Alternatively you can contact us via E-Mail under vincent.timm2(at)hawk.de - please include the same information that you would fill in here on GitHub.
7
+
**E-Mail:**arian.sadafi1@hawk.de
9
8
10
-
We will try to reply to your request within two weeks. You should expect a close collaboration as we work to resolve the security vulnerability you have reported.
11
-
Please avoid revealing information about vulnerabilities in public without prior disclosure if that could put users at risk.
9
+
**Verschlüsselte Kommunikation:**
10
+
- Bitte senden Sie Ihre Meldung verschlüsselt, wenn möglich. Unten finden Sie meinen öffentlichen PGP-Schlüssel.
12
11
13
-
## Prefered Language
14
-
We prefer all communications to be in English or German.
12
+
-----BEGIN PGP PUBLIC KEY BLOCK-----
15
13
16
-
## Attribution
17
-
We will include a "thank you section" in the project description for those who disclosed vulnurabilities in accordance to this policy.
18
-
After vulnurabilities are fixed a public disclosure is possible.
- Wir bestätigen den Erhalt Ihrer Meldung innerhalb von 24 Stunden.
28
+
- Wir geben Ihnen eine Einschätzung der Schwere und des Einflusses der gemeldeten Sicherheitslücke.
29
+
- Wir bemühen uns, Sicherheitsprobleme so schnell wie möglich zu beheben und eine neue Version bereitzustellen, die das Problem löst.
30
+
- Wir informieren Sie über den Zeitplan der Korrekturen.
31
+
32
+
## Öffentliche Anerkennung
33
+
34
+
Wir erkennen alle Sicherheitsforscher an, die bei der Identifizierung und Meldung von Problemen gemäß dieser Richtlinie helfen. Wenn Sie es wünschen, fügen wir Ihren Namen oder Ihr Pseudonym in die Liste der Beitragenden ein, nachdem das Problem behoben wurde.
35
+
36
+
## Weitere Informationen
37
+
38
+
Für weitere Informationen über die Sicherheit dieses Projekts oder die Sicherheitspraktiken wenden Sie sich bitte an arian.sadafi1@hawk.de.
0 commit comments