opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-04-16 02:16:57 +08:00
Code Issues Packages Projects Releases Wiki Activity
10,488 Commits 457 Branches 169 Tags 661 MiB
cadc021bfa
Commit Graph

1105 Commits

Author SHA1 Message Date
hjlarry
cadc021bfa fix: sign workflow online user avatars in app list API 2026-04-12 20:35:23 +08:00
hjlarry
effe12cbee fix: require edit permission for draft workflow feature updates 2026-04-12 18:43:43 +08:00
hjlarry
5e8eeb92d9 fix: scope workflow comment reply mutations to tenant/app/comment 2026-04-12 18:42:08 +08:00
hjlarry
3288f5e100 fix(collaboration): align online-users keys to app_id 
Switch /apps/workflows/online-users request and response schema from workflow_ids/workflow_id to app_ids/app_id without compatibility fallback.

Align app list online avatar lookup and online-user map indexing to app.id, matching socket room identity.

Update backend access checks, API fields, frontend contract/types, and unit tests accordingly.
 2026-04-12 16:16:47 +08:00
hjlarry
6b7574023e fix(workflow): enforce tenant access in online users query 
Validate requested workflow_ids against current tenant before reading collaboration online-user state from Redis.

Move workflow access-id lookup into WorkflowService to keep controller thin and aligned with layering.

Limit query size, and stop exposing sid in REST response fields.

Add unit tests for inaccessible workflow filtering and workflow_ids limit checks.
 2026-04-12 16:05:29 +08:00
hjlarry
fb27f368e8 chore: improve workflowComment schema define 2026-04-11 20:21:09 +08:00
hjlarry
ee2b021395 Merge remote-tracking branch 'myori/main' into feat/collaboration2 2026-04-10 22:47:40 +08:00
wangxiaolei
bcd738d2e6
fix: fix orm_exc.DetachedInstanceError (#34904) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-04-10 07:13:59 +00:00
-LAN-
b90fe73c96
fix(api): prevent cross-tenant external API use-check disclosure (#34744) 2026-04-10 03:23:32 +00:00
hjlarry
59e752dcd3 Merge remote-tracking branch 'myori/main' into feat/collaboration2 2026-04-10 09:41:47 +08:00
NVIDIAN
4d57f04a26
refactor: migrate console human_input_form from reqparse to PydanticBaseModel (#34858) 
Co-authored-by: ai-hpc <ai-hpc@users.noreply.github.com>
 2026-04-09 15:38:47 +00:00
NVIDIAN
ab3b305682
refactor: migrate web human_input_form from reqparse to Pydantic BaseModel (#34859) 
Co-authored-by: ai-hpc <ai-hpc@users.noreply.github.com>
 2026-04-09 15:38:16 +00:00
NVIDIAN
b8858708be
chore: remove commented-out reqparse code from rag_pipeline_workflow (#34860) 
Co-authored-by: ai-hpc <ai-hpc@users.noreply.github.com>
 2026-04-09 15:37:39 +00:00
hjlarry
305a4b65cb Merge remote-tracking branch 'myori/main' into feat/collaboration2 2026-04-09 16:02:32 +08:00
autofix-ci[bot]
f3be98cfe4
[autofix.ci] apply automated fixes 2026-04-09 06:06:02 +00:00
aliworksx08
4c05316a7b
refactor(api): deduplicate DSL shared entities into dsl_entities.py (#34762) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-04-09 06:04:18 +00:00
hjlarry
96a6943588 fix: new import paths 2026-04-09 13:53:35 +08:00
autofix-ci[bot]
cd4489563e
[autofix.ci] apply automated fixes 2026-04-09 03:36:49 +00:00
hjlarry
5cac278366 Merge remote-tracking branch 'myori/main' into feat/collaboration2 2026-04-09 11:31:09 +08:00
hjlarry
0055b983dc Merge remote-tracking branch 'myori/main' into feat/collaboration2 2026-04-09 11:27:12 +08:00
dataCenter430
3ea88dfc7f
refactor: convert appMode controllers if/elif to match/case (#30001) (#34789) 2026-04-09 02:27:19 +00:00
dataCenter430
1c7cf44af4
refactor: convert SegmentType controllers if/elif to match/case (#30001) (#34784) 2026-04-09 01:11:47 +00:00
dataCenter430
ce68f2cdc6
refactor: convert webapp auth type if/elif to match/case (#30001) (#34782) 2026-04-09 00:16:44 +00:00
dataCenter430
a8fa552b3a
refactor: convert importStatus if/elif to match/case (#30001) (#34780) 2026-04-09 00:04:47 +00:00
Jake Armstrong
bd257777a0
refactor(api): deduplicate workflow controller schemas into controller_schemas.py (#34755) 2026-04-08 23:49:04 +00:00
corevibe555
4d4265f531
refactor(api): deduplicate Pydantic models across fields and controllers (#34718) 2026-04-08 05:20:00 +00:00
corevibe555
0ba66ab155
refactor(api): deduplicate shared controller request schemas into controller_schemas.py (#34700) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-04-08 03:10:04 +00:00
carlos4s
ae9fcc2969
refactor: use sessionmaker in controllers, events, models, and tasks 1 (#34693) 2026-04-07 23:47:20 +00:00
corevibe555
624db69f12
refactor(api): remove duplicated RAG entities from services layer (#34689) 2026-04-07 23:36:59 +00:00
corevibe555
f8f7b0ec1a
refactor(api): deduplicate shared auth request payloads into auth_entities.py (#34694) 2026-04-07 22:51:11 +00:00
YBoy
485fc2c416
refactor(api): type Tenant custom config with TypedDict and tighten MCP headers type (#34670) 2026-04-07 13:18:19 +00:00
corevibe555
c2af415450
refactor(api): Extract shared ResponseModel (#34633) 2026-04-07 13:05:38 +00:00
Pulakesh
bceb0eee9b
refactor(api): migrate dict returns to TypedDicts in billing service (#34649) 2026-04-07 05:56:02 +00:00
YBoy
f67a811f7f
refactor: replace dict params with BaseModel payloads in TagService (#34422) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-04-07 04:20:02 +00:00
aliworksx08
396b39dff9
refactor: migrate session.query to select API in console controllers (#34607) 2026-04-07 04:19:30 +00:00
YBoy
89e23456f0
refactor(api): type invitation detail with InvitationDetailDict TypedDict (#34613) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-04-07 01:03:31 +00:00
Jake Armstrong
a39173c227
refactor(api): type notification response with NotificationResponseDict TypedDict (#34616) 2026-04-07 01:03:18 +00:00
Jake Armstrong
9081c46565
refactor(api): type upload file serialization with UploadFileDict TypedDict (#34589) 2026-04-06 11:34:52 +00:00
YBoy
9a6222f245
refactor(api): type webhook data extraction with RawWebhookDataDict TypedDict (#34486) 2026-04-03 02:24:17 +00:00
wangxiaolei
4cc5401d7e
fix: fix import dsl failed (#34492) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-04-03 02:08:21 +00:00
Tim Ren
985b41c40b
fix(security): add tenant_id validation to prevent IDOR in data source binding (#34456) 
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-02 13:17:02 +00:00
99
318a3d0308
refactor(api): tighten login and wrapper typing (#34447) 2026-04-02 09:36:58 +00:00
Sedo
43c48ba4d7
fix: add tenant/dataset ownership checks to prevent IDOR vulnerabilities (#34436) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-04-02 05:45:20 +00:00
99
8f9dbf269e
chore(api): align Python support with 3.12 (#34419) 
Co-authored-by: Asuka Minato <i@asukaminato.eu.org>
 2026-04-02 05:07:32 +00:00
Tim Ren
391007d02e
refactor: migrate service_api and inner_api to sessionmaker pattern (#34379) 
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-04-01 14:53:41 +00:00
wangxiaolei
e41965061c
fix: sqlalchemy.exc.InvalidRequestError: Can't operate on closed tran… (#34407) 2026-04-01 13:15:36 +00:00
Dream
c51cd42cb4
refactor(api): replace json.loads with Pydantic validation in controllers and infra layers (#34277) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-04-01 05:41:44 +00:00
lif
19530e880a
refactor(api): clean redundant type ignore in request query parsing 🤖🤖🤖 (#34350) 2026-03-31 22:52:35 +00:00
Desel72
dbdbb098d5
refactor: use sessionmaker().begin() in console workspace and misc co… (#34284) 2026-03-31 14:28:05 +00:00
Desel72
2c8b47ce44
refactor: use sessionmaker().begin() in web and mcp controllers (#34281) 2026-03-31 14:26:37 +00:00