opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-09 12:59:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
9,254 Commits 494 Branches 170 Tags 689 MiB
3d77a5ec08
Commit Graph

9254 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Xiyuan Chen
3d77a5ec08
Update api/services/feature_service.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-08 17:07:17 -07:00
GareArc
41af72449d
fix: address PR review feedback on enterprise license enforcement 
- Cache invalid license statuses with 30s TTL to prevent DoS amplification
- Return LicenseStatus enum (not raw str) from get_cached_license_status
- Flatten nested try/except into _read_cached_license_status / _fetch_and_cache_license_status helpers
- Escalate log levels from debug to warning with exc_info for cache failures
- Switch before_request license check from fail-open to fail-closed
- Remove dead raise_for_status parameter from BaseRequest.send_request
- Gate license expired_at behind is_authenticated; only expose status to unauthenticated callers (CVE-2025-63387)
- Remove redundant 'not is_console_api' guard in before_request
- Add 8 unit tests for get_cached_license_status
 2026-03-08 17:00:12 -07:00
Xiyuan Chen
de72bdef71
Merge branch 'main' into fix/main-enterprise-api-error-handling 2026-03-08 16:28:01 -07:00
CoralGarden52
c925d17e8f
chore: add TypedDict related prompt to api/AGENTS.md (#33116) 2026-03-08 07:03:52 +09:00
Angel
dc2a53d834
feat: add files to message end pr32019 (#32242) 
Co-authored-by: fatelei <fatelei@gmail.com>
Co-authored-by: angel.k <angel.kolev@solaredge.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-07 20:01:12 +08:00
hj24
05ab107e73
feat: add export app messages (#32990) 2026-03-07 11:27:15 +08:00
pepsi
c016793efb
refactor: pass KnowledgeConfiguration directly instead of dict (#32732) 
Co-authored-by: pepsi <pepsi@pepsidexuniji.local>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-03-06 22:15:32 +09:00
Coding On Star
a5bcbaebb7
feat(toast): add IToastProps type import to enhance type safety (#33096) 
Co-authored-by: CodingOnStar <hanxujiang@dify.com>
 2026-03-06 19:22:55 +08:00
Saumya Talwani
f50e44b24a
test: improve coverage for some test files (#32916) 
Signed-off-by: edvatar <88481784+toroleapinc@users.noreply.github.com>
Signed-off-by: -LAN- <laipz8200@outlook.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: majiayu000 <1835304752@qq.com>
Co-authored-by: Poojan <poojan@infocusp.com>
Co-authored-by: sahil-infocusp <73810410+sahil-infocusp@users.noreply.github.com>
Co-authored-by: 非法操作 <hjlarry@163.com>
Co-authored-by: Pandaaaa906 <ye.pandaaaa906@gmail.com>
Co-authored-by: Asuka Minato <i@asukaminato.eu.org>
Co-authored-by: heyszt <270985384@qq.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Ijas <ijas.ahmd.ap@gmail.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: 木之本澪 <kinomotomiovo@gmail.com>
Co-authored-by: KinomotoMio <200703522+KinomotoMio@users.noreply.github.com>
Co-authored-by: 不做了睡大觉 <64798754+stakeswky@users.noreply.github.com>
Co-authored-by: User <user@example.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: edvatar <88481784+toroleapinc@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
Co-authored-by: Leilei <138381132+Inlei@users.noreply.github.com>
Co-authored-by: HaKu <104669497+haku-ink@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: wangxiaolei <fatelei@gmail.com>
Co-authored-by: Varun Chawla <34209028+veeceey@users.noreply.github.com>
Co-authored-by: Stephen Zhou <38493346+hyoban@users.noreply.github.com>
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
Co-authored-by: yyh <92089059+lyzno1@users.noreply.github.com>
Co-authored-by: tda <95275462+tda1017@users.noreply.github.com>
Co-authored-by: root <root@DESKTOP-KQLO90N>
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Co-authored-by: Niels Kaspers <153818647+nielskaspers@users.noreply.github.com>
Co-authored-by: hj24 <mambahj24@gmail.com>
Co-authored-by: Tyson Cung <45380903+tysoncung@users.noreply.github.com>
Co-authored-by: Stephen Zhou <hi@hyoban.cc>
Co-authored-by: FFXN <31929997+FFXN@users.noreply.github.com>
Co-authored-by: slegarraga <64795732+slegarraga@users.noreply.github.com>
Co-authored-by: 99 <wh2099@pm.me>
Co-authored-by: Br1an <932039080@qq.com>
Co-authored-by: L1nSn0w <l1nsn0w@qq.com>
Co-authored-by: Yunlu Wen <yunlu.wen@dify.ai>
Co-authored-by: akkoaya <151345394+akkoaya@users.noreply.github.com>
Co-authored-by: 盐粒 Yanli <yanli@dify.ai>
Co-authored-by: lif <1835304752@qq.com>
Co-authored-by: weiguang li <codingpunk@gmail.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
Co-authored-by: HanWenbo <124024253+hwb96@users.noreply.github.com>
Co-authored-by: Coding On Star <447357187@qq.com>
Co-authored-by: CodingOnStar <hanxujiang@dify.com>
Co-authored-by: Stable Genius <stablegenius043@gmail.com>
Co-authored-by: Stable Genius <259448942+stablegenius49@users.noreply.github.com>
Co-authored-by: ふるい <46769295+Echo0ff@users.noreply.github.com>
Co-authored-by: Xiyuan Chen <52963600+GareArc@users.noreply.github.com>
 2026-03-06 18:59:16 +08:00
Nite Knite
09347d5e8b
chore: fix account dropdown test (#33093) 2026-03-06 18:19:02 +08:00
Stephen Zhou
299a893ac5
chore: bring back code-inspector-plugin and agentation (#33088) 
Co-authored-by: zhsama <zhsama@users.noreply.github.com>
 2026-03-06 17:01:18 +08:00
Junyan Chin
c477571553
perf: no longer record install count for auto upgrade (#33086) 2026-03-06 16:19:30 +08:00
QuantumGhost
d01acfc490
fix(api): fix the issue that workflow_runs.started_at is overwritten while resuming (#32851) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-03-06 15:41:30 +08:00
Stephen Zhou
f05f0be55f
chore: use react-grab to replace code-inspector-plugin (#33078) 2026-03-06 14:54:24 +08:00
eux
e74cda6535
feat(tasks): isolate summary generation to dedicated dataset_summary queue (#32972) 2026-03-06 14:35:28 +08:00
Nite Knite
0490756ab2
chore: add support email env (#33075) 2026-03-06 14:29:29 +08:00
非法操作
dc31b07533
fix(type-check): resolve missing-attribute in app dataset join update handler (#33071) 2026-03-06 11:45:51 +08:00
Copilot
d1eaa41dd1
fix(i18n): correct French translation of "disabled" from medical term to UI-appropriate term (#33067) 
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2026-03-06 09:57:43 +08:00
非法操作
7ffa6c1849
fix: conversation var unexpected reset after HITL node (#32936) 2026-03-06 09:57:09 +08:00
kurokobo
ad81513b6a
fix: show citations in advanced chat apps (#32985) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-03-06 09:56:14 +08:00
Lovish Arora
f751864ab3
fix(api): return inserted ids from Chroma and Clickzetta add_texts (#33065) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-03-06 09:49:53 +08:00
盐粒 Yanli
49dcf5e0d9
chore: add local pyrefly exclude workflow (#33059) 2026-03-06 09:49:23 +08:00
statxc
741d48560d
refactor(api): add TypedDict definitions to models/model.py (#32925) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-03-06 08:42:54 +09:00
dependabot[bot]
6bd1be9e16
chore(deps): bump markdown from 3.5.2 to 3.8.1 in /api (#33064) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-06 07:41:55 +09:00
木之本澪
f76de73be4
test: migrate dataset permission service SQL tests to testcontainers (#32546) 
Co-authored-by: KinomotoMio <200703522+KinomotoMio@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-06 07:21:25 +09:00
dependabot[bot]
98ba091a50
chore(deps): bump dompurify from 3.3.0 to 3.3.2 in /web (#33062) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-06 06:48:59 +09:00
Lovish Arora
ed0b27e4d6
chore(api): update Python type-checker versions (#33056) 2026-03-06 06:26:28 +09:00
木之本澪
187faed1c0
test: migrate test_dataset_service_delete_dataset SQL tests to testcontainers (#32543) 
Co-authored-by: KinomotoMio <200703522+KinomotoMio@users.noreply.github.com>
 2026-03-06 06:06:14 +09:00
GareArc
f97ade7053
fix: use LicenseStatus enum instead of raw strings and tighten path prefix matching 
Replace raw license status strings with LicenseStatus enum values in
app_factory.py and enterprise_service.py to prevent silent mismatches.
Use trailing-slash prefixes ('/console/api/', '/api/') to avoid false
matches on unrelated paths like /api-docs.
 2026-03-05 01:17:49 -08:00
wangxiaolei
92bde3503b
fix: fix check workflow_run (#33028) 
Co-authored-by: 非法操作 <hjlarry@163.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-05 17:13:35 +08:00
GareArc
a0dcd04546
fix: remove extra exempts 2026-03-05 01:10:23 -08:00
wangxiaolei
7d25415e4d
feat: 204 http status code not return content (#33023) 2026-03-05 17:04:19 +08:00
autofix-ci[bot]
b0138316f0
[autofix.ci] apply automated fixes 2026-03-05 09:02:35 +00:00
Novice
c913a629df
feat: add partial indexes on conversations for app_id with created_at and updated_at (#32616) 2026-03-05 16:53:28 +08:00
GareArc
099568f3da
fix: expose license status to unauthenticated /system-features callers 
After force-logout due to license expiry, the login page calls
/system-features without auth. The license block was gated behind
is_authenticated, so the frontend always saw status='none' instead
of the actual expiry status. Split the guard so license.status and
expired_at are always returned while workspace usage details remain
auth-gated.
 2026-03-05 00:48:50 -08:00
yyh
ebda5efe27
chore: prevent Storybook crash caused by vite-plugin-inspect (#33039) 2026-03-05 16:13:02 +08:00
Stephen Zhou
f487b680f5
refactor: spilt context for better hmr (#33033) 2026-03-05 15:54:56 +08:00
zxhlyh
f3c840a60e
fix: workflow canvas sync (#33030) 2026-03-05 15:08:37 +08:00
Coding On Star
1819b87a56
test(workflow): add validation tests for workflow and node component rendering part 3 (#33012) 
Co-authored-by: CodingOnStar <hanxujiang@dify.com>
 2026-03-05 14:34:07 +08:00
99
7432b58f82
refactor(dify_graph): introduce run_context and delegate child engine creation (#32964) 2026-03-05 14:31:28 +08:00
GareArc
0623522d04
fix: exempt console bootstrap APIs from license check to prevent infinite reload loop 2026-03-04 22:13:52 -08:00
Coding On Star
89a859ae32
refactor: simplify oauthNewUser state handling in AppInitializer component (#33019) 
Co-authored-by: CodingOnStar <hanxujiang@dify.com>
 2026-03-05 13:53:20 +08:00
GareArc
a25d48c5bd
feat: add Redis caching for enterprise license status 
Cache license status for 10 minutes to reduce HTTP calls to enterprise API.
Only caches license status, not full system features.

Changes:
- Add EnterpriseService.get_cached_license_status() method
- Cache key: enterprise:license:status
- TTL: 600 seconds (10 minutes)
- Graceful degradation: falls back to API call if Redis fails

Performance improvement:
- Before: HTTP call (~50-200ms) on every API request
- After: Redis lookup (~1ms) on cached requests
- Reduces load on enterprise service by ~99%
 2026-03-04 21:29:11 -08:00
GareArc
4f3a020670
feat: extend license enforcement to webapp API endpoints 
Extend license middleware to also block webapp API (/api/*) when
enterprise license is expired/inactive/lost.

Changes:
- Check both /console/api and /api endpoints
- Add webapp-specific exempt paths:
  - /api/passport (webapp authentication)
  - /api/login, /api/logout, /api/oauth
  - /api/forgot-password
  - /api/system-features (webapp needs this to check license status)

This ensures both console users and webapp users are blocked when
license expires, maintaining consistent enforcement across all APIs.
 2026-03-04 20:40:29 -08:00
GareArc
d2e1177478
fix: use UnauthorizedAndForceLogout to trigger frontend logout on license expiry 
Change license check to raise UnauthorizedAndForceLogout exception instead
of returning generic JSON response. This ensures proper frontend handling:

Frontend behavior (service/base.ts line 588):
- Checks if code === 'unauthorized_and_force_logout'
- Executes globalThis.location.reload()
- Forces user logout and redirect to login page
- Login page displays license expiration UI (already exists)

Response format:
- HTTP 401 (not 403)
- code: "unauthorized_and_force_logout"
- Triggers frontend reload which clears auth state

This completes the license enforcement flow:
1. Backend blocks all business APIs when license expires
2. Backend returns proper error code to trigger logout
3. Frontend reloads and redirects to login
4. Login page shows license expiration message
 2026-03-04 20:40:29 -08:00
GareArc
8a21fd88fd
feat: add global license check middleware to block API access on expiry 
Add before_request middleware that validates enterprise license status
for all /console/api endpoints when ENTERPRISE_ENABLED is true.

Behavior:
- Checks license status before each console API request
- Returns 403 with clear error message when license is expired/inactive/lost
- Exempts auth endpoints (login, oauth, forgot-password, etc.)
- Exempts /console/api/features so frontend can fetch license status
- Gracefully handles errors to avoid service disruption

This ensures all business APIs are blocked when license expires,
addressing the issue where APIs remained callable after expiry.
 2026-03-04 20:40:29 -08:00
GareArc
1c1bcc67da
fix: handle enterprise API errors properly to prevent KeyError crashes 
When enterprise API returns 403/404, the response contains error JSON
instead of expected data structure. Code was accessing fields directly
causing KeyError → 500 Internal Server Error.

Changes:
- Add enterprise-specific error classes (EnterpriseAPIError, etc.)
- Implement centralized error validation in EnterpriseRequest.send_request()
- Extract error messages from API responses (message/error/detail fields)
- Raise domain-specific errors based on HTTP status codes
- Preserve backward compatibility with raise_for_status parameter

This prevents KeyError crashes and returns proper HTTP error codes
(403/404) instead of 500 errors.
 2026-03-04 19:55:03 -08:00
Stephen Zhou
a4373d8b7b
chore: i18n hmr support, fix hmr for app context (#32997) 2026-03-05 10:45:16 +08:00
Eric Cao
164ccb7c48
chore: add TypedDict related prompt to AGENTS.md (#32995) 
Co-authored-by: caoergou <caogou123@163.com>
 2026-03-05 10:08:18 +09:00
木之本澪
2b5ce196ad
test: migrate test_document_service_rename_document SQL tests to testcontainers (#32542) 
Co-authored-by: KinomotoMio <200703522+KinomotoMio@users.noreply.github.com>
 2026-03-05 10:07:29 +09:00