refactor: consolidate route auth for UI and API tokens

[ryan-crabbe-berri]

Summary

• Unify UI and API token authorization through the shared RBAC path
• Backfill missing routes in role-based route lists so dashboard continues to work for all roles

Test plan

• Unit tests pass (test_user_api_key_auth.py, test_jwt.py)
• Manual verification with admin, internal_user, and internal_user_viewer tokens

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
litellm	Ready	Preview, Comment	Apr 10, 2026 3:57pm

[codspeed-hq]

Merging this PR will not alter performance

✅ 16 untouched benchmarks

---

_{Comparing litellm_auth_rbac_cleanup (3af7de4) with main (9e6d2d2)}

[greptile-apps]

Greptile Summary

This PR eliminates an RBAC bypass in the proxy's route authorization layer: previously, any token with team_id == \"litellm-dashboard\" would be granted access to any route in ui_routes (via a prefix-match startswith) regardless of the user's role — so an internal_user_viewer with a dashboard token could reach /config/update or other admin-only paths. The fix removes the _is_allowed_route/_is_ui_route shortcut and routes all tokens through the shared _is_api_route_allowed RBAC path. To preserve dashboard functionality the PR backfills previously missing routes (/health/services, /sso/get/ui_settings, /spend/logs/ui, /global/spend/all_tag_names, etc.) into the appropriate role-based lists, and retains the ui_routes enum member with a backward-compat comment so existing JWT admin_allowed_routes: [ui_routes] configurations continue to work.

Confidence Score: 5/5

Safe to merge — fixes a real RBAC bypass with no regressions introduced; backward-compat concern from prior review is addressed.

All changed files have passing unit tests. Previous P1 concern (deletion of ui_routes breaking JWT configs) is resolved by retaining the enum member with a compat comment, and test_allowed_routes_admin still parametrizes with ["ui_routes"]. New test_ui_token_route_access explicitly validates the security fix. Route backfilling is careful and consistent. No new P0/P1 findings.

No files require special attention.

Important Files Changed

Filename	Overview
litellm/proxy/auth/auth_checks.py	Removes _is_allowed_route/_is_ui_route UI bypass; all tokens now go through _is_api_route_allowed RBAC. Minor: _is_route_allowed result is assigned but never checked (pre-existing pattern).
litellm/proxy/_types.py	Route lists updated: new routes backfilled to info_routes, spend_tracking_routes, global_spend_tracking_routes, internal_user_routes, admin_viewer_routes. ui_routes retained with backward-compat comment. Black reformatting of multi-line defaults.
tests/proxy_unit_tests/test_user_api_key_auth.py	New test_ui_token_route_access parametrize adds explicit coverage for the security fix; test_is_allowed_route updated to match renamed function. Coverage improved, not weakened.
tests/proxy_unit_tests/test_jwt.py	test_allowed_routes_admin still parametrizes with ["ui_routes"], validating that the retained enum member continues to work in JWT admin_allowed_routes configs.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    subgraph BEFORE["BEFORE this PR"]
        A[Request with dashboard token] --> B{Route in ui_routes?}
        B -->|Yes - prefix match| C[Allow regardless of role]
        B -->|No| D[RBAC check]
    end

    subgraph AFTER["AFTER this PR"]
        E[All tokens] --> F[_is_api_route_allowed]
        F --> G{Proxy admin?}
        G -->|Yes| H[Allow all routes]
        G -->|No| I[non_proxy_admin_allowed_routes_check]
        I --> J{Role}
        J -->|INTERNAL_USER| K[internal_user_routes]
        J -->|INTERNAL_USER_VIEW_ONLY| L[internal_user_view_only_routes]
        J -->|PROXY_ADMIN_VIEW_ONLY| M[admin_viewer_routes]
        K --> N[Allow or 403]
        L --> N
        M --> N
    end

    style C fill:#f66,color:#fff
    style H fill:#6b6,color:#fff
    style N fill:#6b6,color:#fff

Loading

_{Reviews (2): Last reviewed commit: "retain ui_routes enum alias for JWT conf..." | Re-trigger Greptile}