fix: use LicenseStatus enum instead of raw strings and tighten path prefix matching

Replace raw license status strings with LicenseStatus enum values in app_factory.py and enterprise_service.py to prevent silent mismatches. Use trailing-slash prefixes ('/console/api/', '/api/') to avoid false matches on unrelated paths like /api-docs.
2026-05-09 21:28:25 +08:00 · 2026-03-05 01:16:45 -08:00 · 2026-03-05 01:16:45 -08:00 · f97ade7053
commit f97ade7053
parent a0dcd04546
2 changed files with 8 additions and 5 deletions
--- a/api/app_factory.py
+++ b/api/app_factory.py
@ -11,6 +11,7 @@ from controllers.console.error import UnauthorizedAndForceLogout
 from core.logging.context import init_request_context
 from dify_app import DifyApp
 from services.enterprise.enterprise_service import EnterpriseService
+from services.feature_service import LicenseStatus

 logger = logging.getLogger(__name__)

@ -38,8 +39,8 @@ def create_flask_app_with_configs() -> DifyApp:
        # When license expires, block all API access except bootstrap endpoints needed
        # for the frontend to load the license expiration page without infinite reloads.
        if dify_config.ENTERPRISE_ENABLED:
-            is_console_api = request.path.startswith("/console/api")
-            is_webapp_api = request.path.startswith("/api") and not is_console_api
+            is_console_api = request.path.startswith("/console/api/")
+            is_webapp_api = request.path.startswith("/api/") and not is_console_api

            if is_console_api or is_webapp_api:
                if is_console_api:
@ -57,7 +58,7 @@ def create_flask_app_with_configs() -> DifyApp:
                    try:
                        # Check license status with caching (10 min TTL)
                        license_status = EnterpriseService.get_cached_license_status()
-                        if license_status in ["inactive", "expired", "lost"]:
+                        if license_status in (LicenseStatus.INACTIVE, LicenseStatus.EXPIRED, LicenseStatus.LOST):
                            raise UnauthorizedAndForceLogout(
                                f"Enterprise license is {license_status}. Please contact your administrator."
                            )
--- a/api/services/enterprise/enterprise_service.py
+++ b/api/services/enterprise/enterprise_service.py
@ -257,9 +257,11 @@ class EnterpriseService:
            info = cls.get_info()
            license_info = info.get("License")
            if license_info:
-                status = license_info.get("status", "inactive")
+                from services.feature_service import LicenseStatus
+
+                status = license_info.get("status", LicenseStatus.INACTIVE)
                # Only cache valid statuses so license updates are picked up immediately
-                if status in ("active", "expiring"):
+                if status in (LicenseStatus.ACTIVE, LicenseStatus.EXPIRING):
                    try:
                        redis_client.setex(LICENSE_STATUS_CACHE_KEY, LICENSE_STATUS_CACHE_TTL, status)
                    except Exception: