opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-09 12:59:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(openapi/apps): normalise uuid in session.get; validate workspace_id format in query

Browse Source
This commit is contained in:
GareArc 2026-05-08 18:43:23 -07:00
parent 507eb1f52f
commit a7c481ce87
No known key found for this signature in database
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
api/controllers/openapi/apps.py
View File

@ -61,6 +61,19 @@ class AppDescribeQuery(BaseModel):
fields: set[str] | None = None
workspace_id: str | None = None
@field_validator("workspace_id", mode="before")
@classmethod
def _validate_workspace_id(cls, v: object) -> str | None:
if v is None or v == "":
return None
if not isinstance(v, str):
raise ValueError("workspace_id must be a string")
try:
_uuid.UUID(v)
except ValueError:
raise ValueError("workspace_id must be a valid UUID")
return v
@field_validator("fields", mode="before")
@classmethod
def _parse_fields(cls, v: object) -> set[str] | None:
@ -95,13 +108,14 @@ class AppReadResource(Resource):
raise NotFound("app not found")
try:
_uuid.UUID(app_id)
parsed_uuid = _uuid.UUID(app_id)
is_uuid = True
except ValueError:
parsed_uuid = None
is_uuid = False
if is_uuid:
app = db.session.get(App, app_id)
app = db.session.get(App, str(parsed_uuid)) # normalised dashed form
if not app or app.status != "normal":
raise NotFound("app not found")
else: