prevent API options from being changed via API

Author: AUTOMATIC1111

Diff for: modules/api/api.py

@@ -570,7 +570,7 @@ def set_config(self, req: Dict[str, Any]):
             raise RuntimeError(f"model {checkpoint_name!r} not found")
 
         for k, v in req.items():
-            shared.opts.set(k, v)
+            shared.opts.set(k, v, is_api=True)
 
         shared.opts.save(shared.config_filename)
         return

Diff for: modules/options.py

@@ -8,7 +8,7 @@
 
 
 class OptionInfo:
-    def __init__(self, default=None, label="", component=None, component_args=None, onchange=None, section=None, refresh=None, comment_before='', comment_after='', infotext=None):
+    def __init__(self, default=None, label="", component=None, component_args=None, onchange=None, section=None, refresh=None, comment_before='', comment_after='', infotext=None, restrict_api=False):
         self.default = default
         self.label = label
         self.component = component
@@ -26,6 +26,9 @@ def __init__(self, default=None, label="", component=None, component_args=None,
 
         self.infotext = infotext
 
+        self.restrict_api = restrict_api
+        """If True, the setting will not be accessible via API"""
+
     def link(self, label, url):
         self.comment_before += f"[<a href='{url}' target='_blank'>{label}</a>]"
         return self
@@ -71,7 +74,7 @@ def options_section(section_identifier, options_dict):
 class Options:
     typemap = {int: float}
 
-    def __init__(self, data_labels, restricted_opts):
+    def __init__(self, data_labels: dict[str, OptionInfo], restricted_opts):
         self.data_labels = data_labels
         self.data = {k: v.default for k, v in self.data_labels.items()}
         self.restricted_opts = restricted_opts
@@ -113,24 +116,28 @@ def __getattr__(self, item):
 
         return super(Options, self).__getattribute__(item)
 
-    def set(self, key, value):
+    def set(self, key, value, is_api=False):
         """sets an option and calls its onchange callback, returning True if the option changed and False otherwise"""
 
         oldval = self.data.get(key, None)
         if oldval == value:
             return False
 
-        if self.data_labels[key].do_not_save:
+        option = self.data_labels[key]
+        if option.do_not_save:
+            return False
+
+        if is_api and option.restrict_api:
             return False
 
         try:
             setattr(self, key, value)
         except RuntimeError:
             return False
 
-        if self.data_labels[key].onchange is not None:
+        if option.onchange is not None:
             try:
-                self.data_labels[key].onchange()
+                option.onchange()
             except Exception as e:
                 errors.display(e, f"changing setting {key} to {value}")
                 setattr(self, key, oldval)

Diff for: modules/shared_options.py

@@ -112,9 +112,9 @@
 }))
 
 options_templates.update(options_section(('API', "API"), {
-    "api_enable_requests": OptionInfo(True, "Allow http:// and https:// URLs for input images in API"),
-    "api_forbid_local_requests": OptionInfo(True, "Forbid URLs to local resources"),
-    "api_useragent": OptionInfo("", "User agent for requests"),
+    "api_enable_requests": OptionInfo(True, "Allow http:// and https:// URLs for input images in API", restrict_api=True),
+    "api_forbid_local_requests": OptionInfo(True, "Forbid URLs to local resources", restrict_api=True),
+    "api_useragent": OptionInfo("", "User agent for requests", restrict_api=True),
 }))
 
 options_templates.update(options_section(('training', "Training"), {