opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-06-27 07:31:09 +08:00
Code Issues Packages Projects Releases Wiki Activity
11,281 Commits 577 Branches 173 Tags 838 MiB
a79bc7d074
Commit Graph

3353 Commits

Author SHA1 Message Date
yungle246
a79bc7d074 feat(api): mask secret tokens in api-key list responses (reveal-once) 
Previously the console api-key list returned every key's full plaintext
token, so anyone with console access could retrieve the secret of an
already-created key (via the copy button or the raw API response). This
is contrary to the reveal-once norm.

- List endpoints (app keys, workspace dataset keys, per-dataset keys) now
  return a masked token (prefix + last 4); the full secret is only ever
  returned by the create endpoint, at creation time.
- Frontend secret-key modal displays the masked token as-is and drops the
  copy affordance for existing keys (copying a masked value is pointless).

Applies to both app and dataset keys since they share the modal and the
ApiKeyItem response model.
 2026-06-25 14:21:38 +09:00
YungLe
272f11770e
Merge branch 'main' into feat/dataset-api-key-scope 2026-06-23 18:21:21 +09:00
Stephen Zhou
0fcaf92d67
fix(web): polish main nav and deployment tooltip styles (#37800) 2026-06-23 08:10:28 +00:00
盐粒 Yanli
f4fdbeba76
feat(agent-v2): sync nightly updates to main (2026-06-22) (#37651) 
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: yyh <92089059+lyzno1@users.noreply.github.com>
 2026-06-23 08:05:16 +00:00
Stephen Zhou
99c3d7d0f0
refactor(web): consolidate deployment state atoms (#37783) 2026-06-23 07:26:55 +00:00
Stephen Zhou
855bb32306
refactor: adapt docs links for product prefixes (#37565) 
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
 2026-06-23 03:24:29 +00:00
Jingyi
ab11083c2d
fix(web): restore contact us support menu (#37774) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-23 01:04:17 +00:00
yyh
9fd153ad99
fix(web): derive publish shortcut display from hotkey (#37758) 2026-06-22 10:26:54 +00:00
Wu Tianwei
76e587f78a
fix(tests): enhance toast mock and add preview-only app warning test (#37749) 2026-06-22 10:09:07 +00:00
非法操作
0d7ca17cd1
fix: add the outlined button of notification (#37741) 2026-06-22 09:30:07 +00:00
Wu Tianwei
8f6b57fe24
fix: add RBAC feature across various components (#37732) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-22 07:30:28 +00:00
KVOJJJin
7e9cb50152
feat(web): hide snippets (#37729) 2026-06-22 04:51:47 +00:00
yyh
8c484411ea
fix(web): simplify completed drawer dismissal (#37664) 2026-06-22 02:17:24 +00:00
yyh
4c083e76e2
feat(web): add app shell skip navigation (#37644) 2026-06-22 02:17:18 +00:00
yungle246
1edffca717 Merge remote-tracking branch 'upstream/main' into feat/dataset-api-key-scope 
# Conflicts:
#	web/app/components/datasets/extra-info/api-access/__tests__/card.spec.tsx
#	web/app/components/datasets/extra-info/api-access/card.tsx
#	web/app/components/develop/secret-key/secret-key-modal.tsx
 2026-06-20 03:16:09 +09:00
Sukka
9eca75c7fc
refactor(web): migrate shared localStorage to createLocalStorageState (#37408) 
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
 2026-06-19 13:51:45 +00:00
Wu Tianwei
33edf97f81
feat: RBAC (#37107) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: fatelei <fatelei@gmail.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: 盐粒 Yanli <yanli@dify.ai>
Co-authored-by: Charles Yao <chongbinyao33@gmail.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: yunlu.wen <yunlu.wen@dify.ai>
Co-authored-by: yyh <92089059+lyzno1@users.noreply.github.com>
Co-authored-by: Jingyi <jingyi.qi@dify.ai>
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
Co-authored-by: hjlarry <hjlarry@163.com>
Co-authored-by: Asuka Minato <i@asukaminato.eu.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Xiyuan Chen <52963600+GareArc@users.noreply.github.com>
Co-authored-by: gigglewang <gigglewang@dify.ai>
Co-authored-by: chariri <w@chariri.moe>
Co-authored-by: Evan <2869018789@qq.com>
Co-authored-by: zyssyz123 <916125788@qq.com>
 2026-06-18 16:35:29 +00:00
盐粒 Yanli
8732d1463a
chore(agent-v2): sync nightly updates to main (2026-06-18) (#37610) 
Co-authored-by: Joel <iamjoel007@gmail.com>
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
 2026-06-18 15:34:51 +00:00
yyh
aa777a1f7a
fix(web): nav link focus ring style (#37633) 2026-06-18 09:57:22 +00:00
yungle246
8391cf7d05 fix(web): keep API key table header and rows aligned on scroll 
The secret-key modal rendered the header and the rows in separate
containers with fixed pixel column widths. Adding the Scope column pushed
the total width past the modal, so the body scrolled horizontally on its
own and desynced from the fixed header.

Switch to proportional flex columns (header and rows share the same
weights) with min-w-0 + truncate, and constrain the body to vertical
scroll only. Columns now always fit the modal width, so the header and
values stay aligned. The scope cell gains a title tooltip for the full
label when truncated.
 2026-06-18 17:59:54 +09:00
yyh
762321751c
refactor(web): centralize main nav route access (#37612) 2026-06-18 06:47:22 +00:00
非法操作
26b0137c83
chore: improve invite member flow (#37479) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Jingyi <jingyi.qi@dify.ai>
 2026-06-18 06:30:01 +00:00
盐粒 Yanli
3f2d22ec0f
feat(agent-v2): sync nightly updates to main (#37599) 
Co-authored-by: Jingyi-Dify <jingyi.qi@dify.ai>
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: hjlarry <hjlarry@163.com>
Co-authored-by: Bond Zhu <783504079@qq.com>
Co-authored-by: Yansong Zhang <916125788@qq.com>
Co-authored-by: yyh <92089059+lyzno1@users.noreply.github.com>
 2026-06-18 05:03:34 +00:00
Stephen Zhou
48452aefbc
feat: app deploy (#35670) 
Co-authored-by: zhangx1n <zhangxin@dify.ai>
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-17 09:28:43 +00:00
yyh
8782da42c8
fix(web): prevent workspace trigger focus ring clipping (#37576) 2026-06-17 08:33:51 +00:00
非法操作
e6a91bfcde
chore: workflow restore sandbox upgrade (#37568) 2026-06-17 08:13:26 +00:00
YungLe
d2d4e54b11 Merge remote-tracking branch 'upstream/main' into feat/dataset-api-key-scope 2026-06-17 16:45:13 +09:00
Jingyi
e189ceb397
fix: align app and knowledge detail shell styles (#37555) 2026-06-17 01:25:05 +00:00
KVOJJJin
1427b0b098
feat: refine snippet layout (#37517) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-06-16 09:47:38 +00:00
Jingyi
30506f7221
fix(workflow): clamp file list upload limit (#37474) 2026-06-16 05:50:16 +00:00
Jingyi
598ecc02c6
fix(workflow): refine tool picker copy (#37477) 2026-06-16 05:33:34 +00:00
Jingyi
7bed801b0d
fix(workflow): reset block selector tab on reopen (#37469) 2026-06-16 00:22:54 +00:00
Jingyi
9b74df21d0
feat(web): refine onboarding UI (#37433) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
Co-authored-by: hjlarry <hjlarry@163.com>
Co-authored-by: fatelei <fatelei@gmail.com>
Co-authored-by: Asuka Minato <i@asukaminato.eu.org>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Xiyuan Chen <52963600+GareArc@users.noreply.github.com>
Co-authored-by: gigglewang <gigglewang@dify.ai>
Co-authored-by: Yunlu Wen <yunlu.wen@dify.ai>
Co-authored-by: chariri <w@chariri.moe>
Co-authored-by: Evan <2869018789@qq.com>
Co-authored-by: yyh <92089059+lyzno1@users.noreply.github.com>
 2026-06-15 08:47:15 +00:00
wangxiaolei
3eaa534e99
fix: fix human input form logo replace (#37452) 2026-06-15 07:27:25 +00:00
wangxiaolei
a685eba549
fix: fix remove logo not work (#37435) 2026-06-15 03:32:10 +00:00
yyh
8eb6a19784
refactor: normalize search input and dify-ui focus states (#37413) 2026-06-15 01:03:31 +00:00
Jingyi
09b6f25fb9
fix: render marketplace template icons with AppIcon (#37401) 2026-06-13 02:50:53 +00:00
yyh
ad96501e09
fix(ui): keep loading buttons focusable (#37383) 2026-06-12 10:31:33 +00:00
yyh
800bfc988e
fix(web): tighten start block preview card spacing (#37379) 2026-06-12 08:55:57 +00:00
yyh
514fddb60c
fix(ui): align infotip popover focus styles (#37377) 2026-06-12 08:14:29 +00:00
Jingyi
c69abf16ae
feat(workflow): update start node UI (#37348) 2026-06-12 04:42:43 +00:00
KVOJJJin
72faca2592
fix(web): preserve form state during config refetch (#37357) 2026-06-12 03:21:33 +00:00
Crazywoola
09bb87d089
feat: harden /create and /refine workflow generation for edge cases (#37336) 
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
 2026-06-12 02:41:17 +00:00
Charles Yao
aff8f82bc0
fix(web): correct MCP forward-identity header copy; guard toggle hydration (#37176) 
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-12 01:45:51 +00:00
KVOJJJin
632df88228
fix(web): correct icon of tag (#37326) 2026-06-11 07:01:46 +00:00
Jingyi
49c97a3f61
fix(web): show plugin auth permission hint (#37310) 2026-06-11 03:24:39 +00:00
yungle246
be6612f454 feat: allow knowledge base API keys to be scoped to a single dataset 
Reintroduce the nullable api_tokens.dataset_id column (dropped in 2e9819ca5b28)
so dataset API keys can opt into per-knowledge-base scoping:

- NULL dataset_id keeps today's workspace-wide behavior, so every existing key
  and the existing /datasets/api-keys create route are unchanged.
- validate_dataset_token rejects a bound key for any other dataset, and for
  endpoints that carry no dataset id (e.g. list-all), with 403.
- CachedApiToken carries dataset_id with a None default so cache entries
  written before deploy keep deserializing.
- The per-dataset console routes in apikey.py (previously dead code that 500ed
  on a missing ApiToken.dataset_id) now create bound keys; their list returns
  bound keys plus workspace keys so the dataset page shows the full access
  picture.
- Frontend: the knowledge base API access popover gains an API keys entry; the
  secret key modal accepts datasetId, shows a scope column, and offers a
  workspace / this-knowledge-base scope choice on create. New strings are
  localized for all 23 locales.
 2026-06-11 11:41:47 +09:00
Stephen Zhou
5ed663e7fd
refactor: use foxact package for copied hooks (#37308) 2026-06-11 01:05:08 +00:00
Rohit Gahlawat
08f1bf20ab
refactor(web): mark Props of app/annotation components as read-only (#25219) (#37299) 2026-06-11 00:19:51 +00:00
Rohit Gahlawat
86ffa119ff
refactor(web): mark Props of workflow/ components as read-only (#25219) (#37304) 2026-06-11 00:18:51 +00:00