be6612f454
Reintroduce the nullable api_tokens.dataset_id column (dropped in 2e9819ca5b28) so dataset API keys can opt into per-knowledge-base scoping: - NULL dataset_id keeps today's workspace-wide behavior, so every existing key and the existing /datasets/api-keys create route are unchanged. - validate_dataset_token rejects a bound key for any other dataset, and for endpoints that carry no dataset id (e.g. list-all), with 403. - CachedApiToken carries dataset_id with a None default so cache entries written before deploy keep deserializing. - The per-dataset console routes in apikey.py (previously dead code that 500ed on a missing ApiToken.dataset_id) now create bound keys; their list returns bound keys plus workspace keys so the dataset page shows the full access picture. - Frontend: the knowledge base API access popover gains an API keys entry; the secret key modal accepts datasetId, shows a scope column, and offers a workspace / this-knowledge-base scope choice on create. New strings are localized for all 23 locales. |
||
|---|---|---|
| .. | ||
| .idea | ||
| .vscode | ||
| clients | ||
| commands | ||
| configs | ||
| constants | ||
| context | ||
| contexts | ||
| controllers | ||
| core | ||
| dev | ||
| docker | ||
| enterprise | ||
| enums | ||
| events | ||
| extensions | ||
| factories | ||
| fields | ||
| libs | ||
| migrations | ||
| models | ||
| openapi/markdown | ||
| providers | ||
| repositories | ||
| schedule | ||
| services | ||
| tasks | ||
| templates | ||
| tests | ||
| .dockerignore | ||
| .env.example | ||
| .importlinter | ||
| .ruff.toml | ||
| AGENTS.md | ||
| app_factory.py | ||
| app.py | ||
| celery_entrypoint.py | ||
| celery_healthcheck.py | ||
| cnt_base.sh | ||
| conftest.py | ||
| dify_app.py | ||
| Dockerfile | ||
| Dockerfile.dockerignore | ||
| gunicorn.conf.py | ||
| pyproject.toml | ||
| pyrefly-local-excludes.txt | ||
| pytest.ini | ||
| README.md | ||
| uv.lock | ||
Dify Backend API
Setup and Run
Important
In the v1.3.0 release,
poetryhas been replaced withuvas the package manager for Dify API backend service.
uv and pnpm are required to run the setup and development commands below.
Using scripts (recommended)
The scripts resolve paths relative to their location, so you can run them from anywhere.
-
Run setup (copies env files and installs dependencies).
./dev/setup -
Review
api/.env,web/.env.local, anddocker/middleware.envvalues (see theSECRET_KEYnote below). -
Start middleware (PostgreSQL/Redis/Weaviate).
./dev/start-docker-compose -
Start backend (runs migrations first).
./dev/start-api -
Start Dify web service.
./dev/start-web./dev/setupand./dev/start-webinstall JavaScript dependencies through the repository root workspace, so you do not need a separatecd web && pnpm installstep. -
Set up your application by visiting
http://localhost:3000. -
Start the worker service (async and scheduler tasks, runs from
api)../dev/start-worker -
Optional: start Celery Beat (scheduled tasks).
./dev/start-beat
Environment notes
Important
When the frontend and backend run on different subdomains, set COOKIE_DOMAIN to the site’s top-level domain (e.g.,
example.com). The frontend and backend must be under the same top-level domain in order to share authentication cookies.
-
Generate a
SECRET_KEYin the.envfile.bash for Linux
sed -i "/^SECRET_KEY=/c\\SECRET_KEY=$(openssl rand -base64 42)" .envbash for Mac
secret_key=$(openssl rand -base64 42) sed -i '' "/^SECRET_KEY=/c\\ SECRET_KEY=${secret_key}" .env
Testing
-
Install dependencies for both the backend and the test environment
cd api uv sync --group dev -
Run the tests locally with mocked system environment variables in
tool.pytest_envsection inpyproject.toml, more can check Claude.mdcd api uv run pytest # Run all tests uv run pytest tests/unit_tests/ # Unit tests only uv run pytest tests/integration_tests/ # Integration tests # Code quality ./dev/reformat # Run all formatters and linters uv run ruff check --fix ./ # Fix linting issues uv run ruff format ./ # Format code uv run pyrefly check # Type checking
Generate TS stub
uv run dev/generate_swagger_specs.py --output-dir openapi
use https://jsontotable.org/openapi-to-typescript to convert to typescript