opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-06-17 06:21:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
11,073 Commits 567 Branches 172 Tags 719 MiB
83f287ef48
Commit Graph

31 Commits

Author SHA1 Message Date
GareArc
57fb121f8a
fix(api): add override decorators and refresh generated contract after main merge 2026-06-10 04:24:38 -07:00
GareArc
525d706bad
fix(openapi): harden formatter against malformed details and document bypass paths 
Review follow-ups:
- finalize() now falls back to a minimal status-derived body instead of
  letting a ValidationError escape the framework error handler when an
  already-rewritten e.data carries malformed canonical details
- document that a pre-built e.response bypasses the body formatter
- note the promote-to-libs seam for transport-generic codes in the module
  docstring
- CLI: skip the loc prefix when a server error detail has an empty loc
 2026-06-10 04:04:17 -07:00
GareArc
f5c5dbaed5
feat(openapi): emit canonical ErrorBody on every /openapi/v1 error path 
Install OpenApiErrorFormatter on the openapi blueprint's ExternalApi so
all non-2xx responses from /openapi/v1 carry the canonical ErrorBody shape
(code, message, status, optional details/hint). RFC 8628 device-flow
endpoints are unaffected — their flat {error: ...} shape is passed through
unchanged.

Also: set catch_all_404s=True when a formatter is present so unknown
routes return canonical JSON 404s (not Flask's default HTML 404).
Override _help_on_404 to suppress route suggestions, which would corrupt
the JSON contract and enumerate routes to unauthenticated callers.

Both behaviours are scoped by formatter presence — other blueprints that
construct ExternalApi without error_body_formatter are byte-identical.

Wire-level tests added to TestWireContract (3 tests, 18 total):
- 422 from @accepts validation carries code/status/details
- unknown-route 404 is canonical JSON without route suggestions
- device token POST returns RFC 8628 flat shape untouched by formatter
 2026-06-10 02:48:38 -07:00
GareArc
5c657885a9
refactor(api): inject error-body formatter seam into ExternalApi handlers 2026-06-10 02:07:12 -07:00
Yunlu Wen
a728e0ac69
feat: adding dify cli (#36348) 
Co-authored-by: GareArc <garethcxy@dify.ai>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: L1nSn0w <l1nsn0w@qq.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: gigglewang <gigglewang@dify.ai>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Xiyuan Chen <52963600+GareArc@users.noreply.github.com>
 2026-05-26 01:12:36 +00:00
chariri
1efd365b62
fix(swagger): Apply the inline-nested-dicts patch to HTTP Swagger endpoints (#35952) 2026-05-09 08:21:26 +00:00
Ygor Leal
b5259a3a85
refactor(api): enable reportUntypedFunctionDecorator in pyright config (#26412) (#35031) 2026-04-13 03:28:23 +00:00
Byron.wang
5362f69083
feat(refactoring): Support Structured Logging (JSON) (#30170) 2026-01-04 11:46:46 +08:00
crazywoola
a915b8a584
revert: "security/fix-swagger-info-leak-m02" (#29721) 2025-12-16 14:19:33 +08:00
L1nSn0w
355a2356d4
security/fix-swagger-info-leak-m02 (#29283) 
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-12-15 11:24:06 +08:00
Eric Guo
ff32dff163
Enabled cross-subdomain console sessions by making the cookie domain configurable and aligning the frontend so it reads the shared CSRF cookie. (#27190) 2025-10-28 10:04:24 +08:00
Asuka Minato
32c715c4d0
rm type ignore (#25715) 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
 2025-10-21 11:26:58 +08:00
-LAN-
9a5f214623
refactor: replace localStorage with HTTP-only cookies for auth tokens (#24365) 
Signed-off-by: NeatGuyCoding <15627489+NeatGuyCoding@users.noreply.github.com>
Signed-off-by: lyzno1 <yuanyouhuilyz@gmail.com>
Signed-off-by: kenwoodjw <blackxin55+@gmail.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Yunlu Wen <wylswz@163.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
Co-authored-by: GareArc <chen4851@purdue.edu>
Co-authored-by: NFish <douxc512@gmail.com>
Co-authored-by: Davide Delbianco <davide.delbianco@outlook.com>
Co-authored-by: minglu7 <1347866672@qq.com>
Co-authored-by: Ponder <ruan.lj@foxmail.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: heyszt <270985384@qq.com>
Co-authored-by: Asuka Minato <i@asukaminato.eu.org>
Co-authored-by: Guangdong Liu <liugddx@gmail.com>
Co-authored-by: Eric Guo <eric.guocz@gmail.com>
Co-authored-by: NeatGuyCoding <15627489+NeatGuyCoding@users.noreply.github.com>
Co-authored-by: XlKsyt <caixuesen@outlook.com>
Co-authored-by: Dhruv Gorasiya <80987415+DhruvGorasiya@users.noreply.github.com>
Co-authored-by: crazywoola <427733928@qq.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: lyzno1 <92089059+lyzno1@users.noreply.github.com>
Co-authored-by: hj24 <mambahj24@gmail.com>
Co-authored-by: GuanMu <ballmanjq@gmail.com>
Co-authored-by: 非法操作 <hjlarry@163.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Tonlo <123lzs123@gmail.com>
Co-authored-by: Yusuke Yamada <yamachu.dev@gmail.com>
Co-authored-by: Novice <novice12185727@gmail.com>
Co-authored-by: kenwoodjw <blackxin55+@gmail.com>
Co-authored-by: Ademílson Tonato <ademilsonft@outlook.com>
Co-authored-by: znn <jubinkumarsoni@gmail.com>
Co-authored-by: yangzheli <43645580+yangzheli@users.noreply.github.com>
 2025-10-19 21:29:04 +08:00
Asuka Minato
cced33d068
use deco to avoid current_user (#26077) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2025-10-16 15:45:51 +09:00
Asuka Minato
e5d4235f1b
feat(typing): Remove "libs" from pyright exclude and fix typing errors (#26423) 
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
 2025-09-29 19:23:22 +08:00
-LAN-
08dd3f7b50
Fix basedpyright type errors (#25435) 
Signed-off-by: -LAN- <laipz8200@outlook.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-10 01:54:26 +08:00
Asuka Minato
a78339a040
remove bare list, dict, Sequence, None, Any (#25058) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
 2025-09-06 03:32:23 +08:00
Bowen Liang
7b379e2a61
chore: apply ty checks on api code with script and ci action (#24653) 2025-09-02 16:05:13 +08:00
Bowen Liang
6e674b511a
api: support to config disabling Swagger UI in api service (#24440) 2025-08-26 15:48:04 +08:00
非法操作
d7869a4d1e
feat: add authorizations for swagger doc (#24518) 2025-08-26 11:41:00 +08:00
-LAN-
a9e106b17e
fix: Fix login error handling by raising exception instead of returning (#24452) 2025-08-25 13:54:25 +08:00
-LAN-
fe06d266e9
refactor: better error handler (#24422) 
Signed-off-by: -LAN- <laipz8200@outlook.com>
 2025-08-25 09:28:42 +08:00
Matri Qi
f31ddc4b1c
fix(api): restful to restx migration issue (#24416) 2025-08-24 20:58:42 +08:00
Asuka Minato
18dce66443
try flask_restful -> flask_restx (#24310) 
Signed-off-by: -LAN- <laipz8200@outlook.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
 2025-08-24 13:45:47 +08:00
Bowen Liang
8537abfff8
chore: avoid repeated type ignore noqa by adding flask_restful and flask_login in mypy import exclusions (#19224) 2025-05-06 11:58:49 +08:00
yihong
56e15d09a9
feat: mypy for all type check (#10921) 2024-12-24 18:38:51 +08:00
-LAN-
9414143b5f
chore(api/libs): Apply ruff format. (#7301) 2024-08-15 17:53:12 +08:00
liuzhenghua
9622fbb62f
feat: app rate limit (#5844) 
Co-authored-by: liuzhenghua-jk <liuzhenghua-jk@360shuke.com>
Co-authored-by: takatost <takatost@gmail.com>
 2024-07-10 21:31:35 +08:00
takatost
1a6ad05a23
feat: service api add llm usage (#2051) 2024-01-17 22:39:47 +08:00
Bowen Liang
cc9e74123c
improve: introduce isort for linting Python imports (#1983) 2024-01-12 12:34:01 +08:00
John Wang
db896255d6 Initial commit 2023-05-15 08:51:32 +08:00