Skip to content

feat: add HTTP authentication support for LM Studio API endpoints#13

Open
HarelMil wants to merge 3 commits intoagustif:mainfrom
HarelMil:feat/support-authorization-header
Open

feat: add HTTP authentication support for LM Studio API endpoints#13
HarelMil wants to merge 3 commits intoagustif:mainfrom
HarelMil:feat/support-authorization-header

Conversation

@HarelMil
Copy link

@HarelMil HarelMil commented Mar 6, 2026
edited
Loading

Summary

This PR adds HTTP authentication support to the opencode-lmstudio plugin, resolving 401 Unauthorized errors when the LM Studio server requires an API key. Might be related to issue #9.
The plugin now reads authentication credentials from ~/.local/share/opencode/auth.json and uses Bearer token authentication for all LM Studio API requests.

Changes

New Files

  • src/utils/http.ts - HTTP headers utility that reads auth.json and returns appropriate headers including Authorization when credentials exist

Modified Files

  • src/utils/lmstudio-api.ts - All API endpoint calls now use getHeaders() to include authentication:
    • checkLMStudioHealth() - Health check endpoint
    • discoverLMStudioModels() - Model discovery endpoint
    • fetchModelsDirect() - Fetch loaded models endpoint
  • src/utils/index.ts - Updated error messages and refactored error handling
  • test/plugin.test.ts - Added tests to verify authorization header behavior
  • package-lock.json - Automatically updated version to the current released version (was 0.2.0)

Technical Details

Authentication Format: Bearer token authentication used for all HTTP requests
Configuration Location: ~/.local/share/opencode/auth.json

{
  "lmstudio": {
    "type": "api",
    "key": "your-api-key-here"
  }
}

Backward Compatibility:

  • No Authorization header is added if auth.json is missing or misconfigured
  • Existing functionality remains unchanged when auth is not configured
  • Authentication is transparent - no breaking changes

Testing

All 17 existing tests pass, plus 1 new test specifically for authorization header verification:

npm test
# 17 tests passed ✓

TypeScript type checking passes with no errors.

Impact

  • Fixes: 401 Unauthorized errors when LM Studio server requires API key
  • Enhances: Plugin works with LM Studio's authentication-enabled deployments
  • Maintains: Full backward compatibility for unauthenticated scenarios

Security

  • Authentication credentials read from config file (not hardcoded)
  • No secret data written to repository (only src/ directory and package-lock.json updated)
  • Follows OWASP authentication best practices

HarelMil added 3 commits March 6, 2026 23:42
@HarelMil
feat: add HTTP authentication support for LM Studio API endpoints
44c1ac4 
- Reads authentication credentials from ~/.local/share/opencode/auth.json
- Uses Bearer token authentication for all LM Studio API requests
- Maintains backward compatibility (no header when auth is not configured)
- Applies authentication to health check, model discovery, and fetch endpoints
- Adds tests to verify authorization header behavior
- Fixes 401 Unauthorized errors when LM Studio server requires API key
@HarelMil
fix: autoFixAvailable set to false instead of true. Added error messa…
76e4a85 
…ge parsing to identify malformed API and missing header
@HarelMil
Merge pull request #1 from HarelMil/pr/feat-support-authorization
24b0739 
fix: autoFixAvailable set to false instead of true. Added error messa…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@HarelMil