opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-04-08 09:16:41 +08:00
Code Issues Packages Projects Releases Wiki Activity
8,871 Commits 446 Branches 169 Tags 665 MiB
a678dd1a32
Commit Graph

8871 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
QuantumGhost
c51cedff7e
security(api): enforce privilege validation for dataset-to-pipeline transformation (#25603) 
The transformation from classic dataset to knowledge pipeline represents an irreversible
write operation that permanently alters the dataset structure. To prevent unauthorized
modifications, this change implements strict privilege validation in RagPipelineTransformApi.

Only users with editor privileges or dataset operator roles are authorized to execute
this transformation, ensuring proper access control for this critical operation.
 2025-09-12 17:12:06 +08:00
QuantumGhost
32a1a61d65 security(api): enforce privilege validation for dataset-to-pipeline transformation 
The transformation from classic dataset to knowledge pipeline represents an irreversible
write operation that permanently alters the dataset structure. To prevent unauthorized
modifications, this change implements strict privilege validation in `RagPipelineTransformApi`.

Only users with editor privileges or dataset operator roles are authorized to execute
this transformation, ensuring proper access control for this critical operation.
 2025-09-12 17:07:26 +08:00
jyong
ad870de554 add dataset service api enable 2025-09-12 15:35:13 +08:00
kenwoodjw
c91253d05d
fix segment deletion race condition (#24408) 
Signed-off-by: kenwoodjw <blackxin55+@gmail.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-09-12 15:29:57 +08:00
Guangdong Liu
285291f545
refactor: update API routes and documentation for console endpoints (#25554) 2025-09-12 11:51:24 +08:00
JQSevenMiao
c0e1015c6e
fix: filter temporary edges from workflow draft sync (#25442) 
Co-authored-by: jiasiqi <jiasiqi3@tal.com>
 2025-09-12 11:19:57 +08:00
github-actions[bot]
12d1bcc545
chore: translate i18n files and update type definitions (#25575) 
Co-authored-by: iamjoel <2120155+iamjoel@users.noreply.github.com>
 2025-09-12 10:39:38 +08:00
QuantumGhost
ac41151571 chore(api): remove unused installed_plugins.jsonl 2025-09-12 10:38:43 +08:00
Yeuoly
ec808f3fe8
refactor: centralize default end user session ID constant (#25416) 
This PR refactors the handling of the default end user session ID by centralizing it as an enum in the models module where the `EndUser` model is defined. This improves code organization and makes the relationship between the constant and the model clearer.

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-09-12 10:27:16 +08:00
Joel
394b0ac9c0
fix: login security issue frontend (#25571) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-12 10:25:06 +08:00
zyssyz123
c2fcd2895b
Feat/email register refactor (#25369) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
 2025-09-12 10:24:54 +08:00
Ganondorf
bb1514be2d
Force update search method to keyword_search (#25464) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-12 10:12:25 +08:00
Kurumi1997
8ffb9b6aed
fix: Support passing the default app mode when creating an app (#25142) 
Co-authored-by: 王博 <wangbo@localhost.com>
 2025-09-12 10:06:07 +08:00
Matri Qi
33afa7c84a
Fix/disable no unsafe optional chaining (#25553) 2025-09-12 10:03:34 +08:00
L
69aad38d03
fix(date-picker): handle string date to avoid crash (#25522) 
Co-authored-by: 刘佳佳 <liujiajia@nanjingwanhui.com>
Co-authored-by: crazywoola <427733928@qq.com>
 2025-09-12 10:01:26 +08:00
Novice
17b5309e47
fix: single step system file error (#25533) 
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-09-12 09:47:45 +08:00
Asuka Minato
05af23f88f
use autospec=True in mock (#25497) 2025-09-12 09:46:02 +08:00
Yongtao Huang
4511f4f537
Remove redundant parse_args call in WorkflowByIdApi.patch (#25498) 2025-09-12 09:40:41 +08:00
dependabot[bot]
bdacc4da36
chore(deps): bump mermaid from 11.4.1 to 11.10.0 in /web (#25521) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-12 09:40:18 +08:00
15
1a078657d8
Fixes #25530 (#25531) 2025-09-12 09:39:17 +08:00
Asuka Minato
77ba3e8f26
add autofix pnpm (#25557) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-09-12 09:37:54 +08:00
Wu Tianwei
84e3571ec3
fix: delete get upload file endpoint (#25543) 
Co-authored-by: jyong <718720800@qq.com>
 2025-09-12 09:36:53 +08:00
NeatGuyCoding
de18b14372
feat: add test containers based tests for delete segment from index task (#25564) 2025-09-12 09:33:39 +08:00
Yongtao Huang
a1322ddb5d
Fix: correct has_more pagination logic in get_conversational_variable (#25484) 
Signed-off-by: Yongtao Huang<yongtaoh2022@gmail.com>
 2025-09-12 09:32:22 +08:00
GuanMu
c7868fb176
test: remove print code (#25481) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-12 09:30:56 +08:00
椰子糖
4b6687db6b
Fix log time display bug (#25475) 
Co-authored-by: wxliqigang <wxliqigang@gfpartner.com.cn>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2025-09-12 02:46:04 +09:00
-LAN-
462ba354a4
Merge remote-tracking branch 'origin/main' into feat/queue-based-graph-engine 2025-09-12 00:21:06 +08:00
JeeekXY
f1d5bc58b0
fix: app name overflow (#25551) 
Co-authored-by: luxiaoyu1 <luxiaoyu1@xiaomi.com>
 2025-09-11 21:19:55 +08:00
NeatGuyCoding
99f4cd1cfa
feat: add test containers based tests for deal dataset vector index (#25545) 2025-09-11 21:12:53 +08:00
-LAN-
3c668e4a5c
fix: update test assertions for ToolProviderApiEntity validation 
- Fixed test_repack_provider_entity_no_dark_icon to use empty string instead of None for icon_dark field
- Updated test_builtin_provider_to_user_provider_no_credentials assertion to match actual implementation behavior where masked_credentials always contains empty strings for schema fields
 2025-09-11 16:41:10 +08:00
zxhlyh
c2ad68d59a
refactor(workflow): streamline node metadata structure and enhance filtering logic (#25528) 2025-09-11 16:11:34 +08:00
twwu
274e7f4f09 refactor(workflow): streamline node metadata structure and enhance filtering logic 2025-09-11 16:02:06 +08:00
-LAN-
872cff7bab
chore(iteration_node): convert some Any to object 
Signed-off-by: -LAN- <laipz8200@outlook.com>
 2025-09-11 15:40:12 +08:00
-LAN-
8fb69429f9
feat(graph_engine): support parallel mode in iteration node 
Signed-off-by: -LAN- <laipz8200@outlook.com>
 2025-09-11 15:37:46 +08:00
-LAN-
85064bd8cf
Merge remote-tracking branch 'origin/main' into feat/queue-based-graph-engine 2025-09-11 15:13:31 +08:00
-LAN-
ba5df3612b
fix: tests 
Signed-off-by: -LAN- <laipz8200@outlook.com>
 2025-09-11 15:13:18 +08:00
-LAN-
a923ab1ab8
fix: type errors 
Signed-off-by: -LAN- <laipz8200@outlook.com>
 2025-09-11 15:01:16 +08:00
QuantumGhost
874406d934
security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518) 
The `ChatMessageApi` (`POST /console/api/apps/{app_id}/chat-messages`) and 
`ModelConfigResource` (`POST /console/api/apps/{app_id}/model-config`) 
endpoints do not properly validate user permissions, allowing users without `editor` 
permission to access restricted functionality.

This PR addresses this issue by adding proper permission check.
 2025-09-11 14:53:35 +08:00
Nite Knite
07d067d828
chore: support Zendesk widget (#25517) 2025-09-11 13:17:50 +08:00
Xiyuan Chen
af7f67dc9c
Feat/enteprise cd (#25508) 2025-09-10 20:53:42 -07:00
QuantumGhost
9458ebe320
fix: Add waiting state to document embedding process (#25478) 2025-09-11 11:00:47 +08:00
QuantumGhost
5c3d12cfc8
refactor(i18n): clean up code structure and improve readability (#25510) 2025-09-11 11:00:14 +08:00
WTW0313
b146f5d3fa refactor(i18n): clean up code structure and improve readability 2025-09-11 10:53:40 +08:00
Xiyuan Chen
34e55028ae
Feat/enteprise cd (#25485) 2025-09-10 19:01:32 -07:00
-LAN-
b4c1766932
fix: type errors 
Signed-off-by: -LAN- <laipz8200@outlook.com>
 2025-09-10 21:48:05 +08:00
-LAN-
00a1af8506
refactor(graph_engine): use singledispatch in Node 
Signed-off-by: -LAN- <laipz8200@outlook.com>
 2025-09-10 20:59:34 +08:00
twwu
f925cb5191 fix: Fix typo in embedding process variable name 2025-09-10 16:05:44 +08:00
twwu
4559d19d46 fix: Add waiting state to document embedding process 2025-09-10 15:59:13 +08:00
Eric Guo
70e4d6be34
Fix 500 in dataset page. (#25474) 2025-09-10 15:57:04 +08:00
Wu Tianwei
b690ac4e2a
fix: Remove sticky positioning from workflow component fields (#25470) 2025-09-10 15:17:49 +08:00