- Navigate to your ComfyUI
custom_nodesdirectory:
cd ComfyUI/custom_nodes- Clone this repository:
git clone https://github.com/LucipherDev/ComfyUI-Sentinel- Install dependencies:
cd ComfyUI-Sentinel
pip install -r requirements.txt-
Edit
config.jsonaccording to your preferences:secret_key_env: Name of the environment variable for the secret key used to encrypt JWT tokens. If no secret key is set, a random key will be generated.- Type: str
- Default: SECRET_KEY
users_db: Name of the user database file.- Type: str
- Default: users_db.json
access_token_expiration_hours: Duration (in hours) for which JWT tokens remain valid.- Type: number
- Default: 12
log: Name of the log file.- Type: str
- Default: sentinel.log
log_levels: Message levels to log.- Type: str
- Options: ["INFO", "WARNING", "ERROR", "DEBUG"]
- Default: ["INFO"]
whitelist: List of allowed IPs.- Type: str
- Default: whitelist.txt
blacklist: List of blocked IPs.- Type: str
- Default: blacklist.txt
blacklist_after_attempts: Number of failed login attempts before an IP is blacklisted (0 to disable).- Type: int
- Default: 0
free_memory_on_logout: Free memory when a user logs out.- Type: bool
- Default: false
force_https: Force ComfyUI to use HTTPS.- Type: bool
- Default: false
separate_users: Isolate user input/output and queue history. *Experimental- Type: bool
- Default: false
manager_admin_only: Control who can access ComfyUI Manager- Type: bool
- Default: false
-
Run ComfyUI
-
Access the GUI URL
-
Register the admin account
Done!
- Delete the database file and start over.
OR
- Remove the admin user and promote an existing user to admin by adding
"admin": trueto their profile.
To remove Sentinel, delete the ComfyUI-Sentinel folder or uninstall via ComfyUI Manager.
-
- Upon the first run, register an admin user with full access and management capabilities.
-
- Admins can register new users and assign credentials.
-
- A discreet logout button is available.
-
- Implements a timeout for IP addresses after too many failed login/register attempts. Maximum timeout is 5 minutes unless
blacklist_after_attempts > 0, in which case the IP will be blacklisted.
- Implements a timeout for IP addresses after too many failed login/register attempts. Maximum timeout is 5 minutes unless
-
- Filters IP addresses based on whitelist/blacklist rules.
- If a whitelist exists, only those IPs will be allowed.
- Otherwise, blacklisted IPs will be blocked.
- Filters IP addresses based on whitelist/blacklist rules.
-
- Each user has an isolated input/output directory and queue history. Folder access is restricted accordingly. Still under development but fairly functional. Use at your own risk
-
- If turned on, only the admin user will be able to access the ComfyUI Manager Extension.
- Check custom nodes for malicious code
All API calls to the ComfyUI server require authentication. You can:
- Include the authentication token in headers:
Authorization: Bearer eyJhbGci... - Include it as a cookie named
jwt_tokenin the request.
Endpoint: POST /register
Request Body:
{
"new_user_username": "your_username",
"new_user_password": "your_password",
"username": "admin_username", // Required if admin exists
"password": "admin_password" // Required if admin exists
}Endpoint: POST /login
Request Body:
{
"username": "your_username",
"password": "your_password"
}While ComfyUI Sentinel enhances security for ComfyUI, it does not guarantee absolute protection. Security is about risk mitigation, not elimination. Users are responsible for implementing their own security measures.
Use at your own discretion.