kudzues/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-04-05 18:31:45 +08:00
Code Issues Packages Projects Releases Wiki Activity
9,258 Commits 445 Branches 169 Tags
copilot/sub-pr-33044
Commit Graph

9258 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
copilot-swe-agent[bot]
0e4f5cb38c refactor: move console_exempt_prefixes to module level in app_factory.py 
Co-authored-by: GareArc <52963600+GareArc@users.noreply.github.com>
 2026-03-09 07:28:50 +00:00
copilot-swe-agent[bot]
c13d1872d4 Initial plan 2026-03-09 07:27:12 +00:00
GareArc
c911de6a6c fix: exempt setup flow endpoints from license check 
Add /console/api/init and /console/api/login to the license exempt
list so that fresh installs can complete setup when the enterprise
license is inactive. Without these exemptions the init password
validation and post-setup auto-login are blocked, causing the setup
page to enter an infinite reload loop.
 2026-03-08 23:46:26 -07:00
Xiyuan Chen
968bf10e1c Update api/services/enterprise/enterprise_service.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-08 17:35:50 -07:00
Xiyuan Chen
3d77a5ec08 Update api/services/feature_service.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-08 17:07:17 -07:00
GareArc
41af72449d fix: address PR review feedback on enterprise license enforcement 
- Cache invalid license statuses with 30s TTL to prevent DoS amplification
- Return LicenseStatus enum (not raw str) from get_cached_license_status
- Flatten nested try/except into _read_cached_license_status / _fetch_and_cache_license_status helpers
- Escalate log levels from debug to warning with exc_info for cache failures
- Switch before_request license check from fail-open to fail-closed
- Remove dead raise_for_status parameter from BaseRequest.send_request
- Gate license expired_at behind is_authenticated; only expose status to unauthenticated callers (CVE-2025-63387)
- Remove redundant 'not is_console_api' guard in before_request
- Add 8 unit tests for get_cached_license_status
 2026-03-08 17:00:12 -07:00
Xiyuan Chen
de72bdef71 Merge branch 'main' into fix/main-enterprise-api-error-handling 2026-03-08 16:28:01 -07:00
CoralGarden52
c925d17e8f chore: add TypedDict related prompt to api/AGENTS.md (#33116) 2026-03-08 07:03:52 +09:00
Angel
dc2a53d834 feat: add files to message end pr32019 (#32242) 
Co-authored-by: fatelei <fatelei@gmail.com>
Co-authored-by: angel.k <angel.kolev@solaredge.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-07 20:01:12 +08:00
hj24
05ab107e73 feat: add export app messages (#32990) 2026-03-07 11:27:15 +08:00
pepsi
c016793efb refactor: pass KnowledgeConfiguration directly instead of dict (#32732) 
Co-authored-by: pepsi <pepsi@pepsidexuniji.local>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-03-06 22:15:32 +09:00
Coding On Star
a5bcbaebb7 feat(toast): add IToastProps type import to enhance type safety (#33096) 
Co-authored-by: CodingOnStar <hanxujiang@dify.com>
 2026-03-06 19:22:55 +08:00
Saumya Talwani
f50e44b24a test: improve coverage for some test files (#32916) 
Signed-off-by: edvatar <88481784+toroleapinc@users.noreply.github.com>
Signed-off-by: -LAN- <laipz8200@outlook.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: majiayu000 <1835304752@qq.com>
Co-authored-by: Poojan <poojan@infocusp.com>
Co-authored-by: sahil-infocusp <73810410+sahil-infocusp@users.noreply.github.com>
Co-authored-by: 非法操作 <hjlarry@163.com>
Co-authored-by: Pandaaaa906 <ye.pandaaaa906@gmail.com>
Co-authored-by: Asuka Minato <i@asukaminato.eu.org>
Co-authored-by: heyszt <270985384@qq.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Ijas <ijas.ahmd.ap@gmail.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: 木之本澪 <kinomotomiovo@gmail.com>
Co-authored-by: KinomotoMio <200703522+KinomotoMio@users.noreply.github.com>
Co-authored-by: 不做了睡大觉 <64798754+stakeswky@users.noreply.github.com>
Co-authored-by: User <user@example.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: edvatar <88481784+toroleapinc@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
Co-authored-by: Leilei <138381132+Inlei@users.noreply.github.com>
Co-authored-by: HaKu <104669497+haku-ink@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: wangxiaolei <fatelei@gmail.com>
Co-authored-by: Varun Chawla <34209028+veeceey@users.noreply.github.com>
Co-authored-by: Stephen Zhou <38493346+hyoban@users.noreply.github.com>
Co-authored-by: yyh <yuanyouhuilyz@gmail.com>
Co-authored-by: yyh <92089059+lyzno1@users.noreply.github.com>
Co-authored-by: tda <95275462+tda1017@users.noreply.github.com>
Co-authored-by: root <root@DESKTOP-KQLO90N>
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
Co-authored-by: Niels Kaspers <153818647+nielskaspers@users.noreply.github.com>
Co-authored-by: hj24 <mambahj24@gmail.com>
Co-authored-by: Tyson Cung <45380903+tysoncung@users.noreply.github.com>
Co-authored-by: Stephen Zhou <hi@hyoban.cc>
Co-authored-by: FFXN <31929997+FFXN@users.noreply.github.com>
Co-authored-by: slegarraga <64795732+slegarraga@users.noreply.github.com>
Co-authored-by: 99 <wh2099@pm.me>
Co-authored-by: Br1an <932039080@qq.com>
Co-authored-by: L1nSn0w <l1nsn0w@qq.com>
Co-authored-by: Yunlu Wen <yunlu.wen@dify.ai>
Co-authored-by: akkoaya <151345394+akkoaya@users.noreply.github.com>
Co-authored-by: 盐粒 Yanli <yanli@dify.ai>
Co-authored-by: lif <1835304752@qq.com>
Co-authored-by: weiguang li <codingpunk@gmail.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
Co-authored-by: HanWenbo <124024253+hwb96@users.noreply.github.com>
Co-authored-by: Coding On Star <447357187@qq.com>
Co-authored-by: CodingOnStar <hanxujiang@dify.com>
Co-authored-by: Stable Genius <stablegenius043@gmail.com>
Co-authored-by: Stable Genius <259448942+stablegenius49@users.noreply.github.com>
Co-authored-by: ふるい <46769295+Echo0ff@users.noreply.github.com>
Co-authored-by: Xiyuan Chen <52963600+GareArc@users.noreply.github.com>
 2026-03-06 18:59:16 +08:00
Nite Knite
09347d5e8b chore: fix account dropdown test (#33093) 2026-03-06 18:19:02 +08:00
Stephen Zhou
299a893ac5 chore: bring back code-inspector-plugin and agentation (#33088) 
Co-authored-by: zhsama <zhsama@users.noreply.github.com>
 2026-03-06 17:01:18 +08:00
Junyan Chin
c477571553 perf: no longer record install count for auto upgrade (#33086) 2026-03-06 16:19:30 +08:00
QuantumGhost
d01acfc490 fix(api): fix the issue that workflow_runs.started_at is overwritten while resuming (#32851) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-03-06 15:41:30 +08:00
Stephen Zhou
f05f0be55f chore: use react-grab to replace code-inspector-plugin (#33078) 2026-03-06 14:54:24 +08:00
eux
e74cda6535 feat(tasks): isolate summary generation to dedicated dataset_summary queue (#32972) 2026-03-06 14:35:28 +08:00
Nite Knite
0490756ab2 chore: add support email env (#33075) 2026-03-06 14:29:29 +08:00
非法操作
dc31b07533 fix(type-check): resolve missing-attribute in app dataset join update handler (#33071) 2026-03-06 11:45:51 +08:00
Copilot
d1eaa41dd1 fix(i18n): correct French translation of "disabled" from medical term to UI-appropriate term (#33067) 
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2026-03-06 09:57:43 +08:00
非法操作
7ffa6c1849 fix: conversation var unexpected reset after HITL node (#32936) 2026-03-06 09:57:09 +08:00
kurokobo
ad81513b6a fix: show citations in advanced chat apps (#32985) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-03-06 09:56:14 +08:00
Lovish Arora
f751864ab3 fix(api): return inserted ids from Chroma and Clickzetta add_texts (#33065) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-03-06 09:49:53 +08:00
盐粒 Yanli
49dcf5e0d9 chore: add local pyrefly exclude workflow (#33059) 2026-03-06 09:49:23 +08:00
statxc
741d48560d refactor(api): add TypedDict definitions to models/model.py (#32925) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-03-06 08:42:54 +09:00
dependabot[bot]
6bd1be9e16 chore(deps): bump markdown from 3.5.2 to 3.8.1 in /api (#33064) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-06 07:41:55 +09:00
木之本澪
f76de73be4 test: migrate dataset permission service SQL tests to testcontainers (#32546) 
Co-authored-by: KinomotoMio <200703522+KinomotoMio@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-06 07:21:25 +09:00
dependabot[bot]
98ba091a50 chore(deps): bump dompurify from 3.3.0 to 3.3.2 in /web (#33062) 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-06 06:48:59 +09:00
Lovish Arora
ed0b27e4d6 chore(api): update Python type-checker versions (#33056) 2026-03-06 06:26:28 +09:00
木之本澪
187faed1c0 test: migrate test_dataset_service_delete_dataset SQL tests to testcontainers (#32543) 
Co-authored-by: KinomotoMio <200703522+KinomotoMio@users.noreply.github.com>
 2026-03-06 06:06:14 +09:00
GareArc
f97ade7053 fix: use LicenseStatus enum instead of raw strings and tighten path prefix matching 
Replace raw license status strings with LicenseStatus enum values in
app_factory.py and enterprise_service.py to prevent silent mismatches.
Use trailing-slash prefixes ('/console/api/', '/api/') to avoid false
matches on unrelated paths like /api-docs.
 2026-03-05 01:17:49 -08:00
wangxiaolei
92bde3503b fix: fix check workflow_run (#33028) 
Co-authored-by: 非法操作 <hjlarry@163.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-03-05 17:13:35 +08:00
GareArc
a0dcd04546 fix: remove extra exempts 2026-03-05 01:10:23 -08:00
wangxiaolei
7d25415e4d feat: 204 http status code not return content (#33023) 2026-03-05 17:04:19 +08:00
autofix-ci[bot]
b0138316f0 [autofix.ci] apply automated fixes 2026-03-05 09:02:35 +00:00
Novice
c913a629df feat: add partial indexes on conversations for app_id with created_at and updated_at (#32616) 2026-03-05 16:53:28 +08:00
GareArc
099568f3da fix: expose license status to unauthenticated /system-features callers 
After force-logout due to license expiry, the login page calls
/system-features without auth. The license block was gated behind
is_authenticated, so the frontend always saw status='none' instead
of the actual expiry status. Split the guard so license.status and
expired_at are always returned while workspace usage details remain
auth-gated.
 2026-03-05 00:48:50 -08:00
yyh
ebda5efe27 chore: prevent Storybook crash caused by vite-plugin-inspect (#33039) 2026-03-05 16:13:02 +08:00
Stephen Zhou
f487b680f5 refactor: spilt context for better hmr (#33033) 2026-03-05 15:54:56 +08:00
zxhlyh
f3c840a60e fix: workflow canvas sync (#33030) 2026-03-05 15:08:37 +08:00
Coding On Star
1819b87a56 test(workflow): add validation tests for workflow and node component rendering part 3 (#33012) 
Co-authored-by: CodingOnStar <hanxujiang@dify.com>
 2026-03-05 14:34:07 +08:00
99
7432b58f82 refactor(dify_graph): introduce run_context and delegate child engine creation (#32964) 2026-03-05 14:31:28 +08:00
GareArc
0623522d04 fix: exempt console bootstrap APIs from license check to prevent infinite reload loop 2026-03-04 22:13:52 -08:00
Coding On Star
89a859ae32 refactor: simplify oauthNewUser state handling in AppInitializer component (#33019) 
Co-authored-by: CodingOnStar <hanxujiang@dify.com>
 2026-03-05 13:53:20 +08:00
GareArc
a25d48c5bd feat: add Redis caching for enterprise license status 
Cache license status for 10 minutes to reduce HTTP calls to enterprise API.
Only caches license status, not full system features.

Changes:
- Add EnterpriseService.get_cached_license_status() method
- Cache key: enterprise:license:status
- TTL: 600 seconds (10 minutes)
- Graceful degradation: falls back to API call if Redis fails

Performance improvement:
- Before: HTTP call (~50-200ms) on every API request
- After: Redis lookup (~1ms) on cached requests
- Reduces load on enterprise service by ~99%
 2026-03-04 21:29:11 -08:00
GareArc
4f3a020670 feat: extend license enforcement to webapp API endpoints 
Extend license middleware to also block webapp API (/api/*) when
enterprise license is expired/inactive/lost.

Changes:
- Check both /console/api and /api endpoints
- Add webapp-specific exempt paths:
  - /api/passport (webapp authentication)
  - /api/login, /api/logout, /api/oauth
  - /api/forgot-password
  - /api/system-features (webapp needs this to check license status)

This ensures both console users and webapp users are blocked when
license expires, maintaining consistent enforcement across all APIs.
 2026-03-04 20:40:29 -08:00
GareArc
d2e1177478 fix: use UnauthorizedAndForceLogout to trigger frontend logout on license expiry 
Change license check to raise UnauthorizedAndForceLogout exception instead
of returning generic JSON response. This ensures proper frontend handling:

Frontend behavior (service/base.ts line 588):
- Checks if code === 'unauthorized_and_force_logout'
- Executes globalThis.location.reload()
- Forces user logout and redirect to login page
- Login page displays license expiration UI (already exists)

Response format:
- HTTP 401 (not 403)
- code: "unauthorized_and_force_logout"
- Triggers frontend reload which clears auth state

This completes the license enforcement flow:
1. Backend blocks all business APIs when license expires
2. Backend returns proper error code to trigger logout
3. Frontend reloads and redirects to login
4. Login page shows license expiration message
 2026-03-04 20:40:29 -08:00
GareArc
8a21fd88fd feat: add global license check middleware to block API access on expiry 
Add before_request middleware that validates enterprise license status
for all /console/api endpoints when ENTERPRISE_ENABLED is true.

Behavior:
- Checks license status before each console API request
- Returns 403 with clear error message when license is expired/inactive/lost
- Exempts auth endpoints (login, oauth, forgot-password, etc.)
- Exempts /console/api/features so frontend can fetch license status
- Gracefully handles errors to avoid service disruption

This ensures all business APIs are blocked when license expires,
addressing the issue where APIs remained callable after expiry.
 2026-03-04 20:40:29 -08:00