dify/api/controllers/web/wraps.py

# -*- coding:utf-8 -*-
from functools import wraps

from flask import request
from flask_restful import Resource
from werkzeug.exceptions import NotFound, Unauthorized

from extensions.ext_database import db
from models.model import App, EndUser, Site
from libs.passport import PassportService

def validate_jwt_token(view=None):
    def decorator(view):
        @wraps(view)
        def decorated(*args, **kwargs):
            app_model, end_user = decode_jwt_token()

            return view(app_model, end_user, *args, **kwargs)
        return decorated
    if view:
        return decorator(view)
    return decorator

def decode_jwt_token():
    auth_header = request.headers.get('Authorization')
    if auth_header is None:
        raise Unauthorized('Authorization header is missing.')

    if ' ' not in auth_header:
        raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.')
    
    auth_scheme, tk = auth_header.split(None, 1)
    auth_scheme = auth_scheme.lower()

    if auth_scheme != 'bearer':
        raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.')
    decoded = PassportService().verify(tk)
    app_code = decoded.get('app_code')
    app_model = db.session.query(App).filter(App.id == decoded['app_id']).first()
    site = db.session.query(Site).filter(Site.code == app_code).first()
    if not app_model:
        raise NotFound()
    if not app_code or not site:
        raise Unauthorized('Site URL is no longer valid.')
    if app_model.enable_site is False:
        raise Unauthorized('Site is disabled.')
    end_user = db.session.query(EndUser).filter(EndUser.id == decoded['end_user_id']).first()
    if not end_user:
        raise NotFound()

    return app_model, end_user

class WebApiResource(Resource):
    method_decorators = [validate_jwt_token]
Initial commit 2023-05-15 08:51:32 +08:00			`# -- coding:utf-8 --`
			`from functools import wraps`

Feature/use jwt in web (#533) Co-authored-by: crazywoola <li.zheng@dentsplysirona.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> 2023-07-11 15:21:20 +08:00			`from flask import request`
Initial commit 2023-05-15 08:51:32 +08:00			`from flask_restful import Resource`
			`from werkzeug.exceptions import NotFound, Unauthorized`

			`from extensions.ext_database import db`
Feature/fix disable site (#825) 2023-08-13 17:32:23 +08:00			`from models.model import App, EndUser, Site`
Feature/use jwt in web (#533) Co-authored-by: crazywoola <li.zheng@dentsplysirona.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> 2023-07-11 15:21:20 +08:00			`from libs.passport import PassportService`
Initial commit 2023-05-15 08:51:32 +08:00
Feature/use jwt in web (#533) Co-authored-by: crazywoola <li.zheng@dentsplysirona.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> 2023-07-11 15:21:20 +08:00			`def validate_jwt_token(view=None):`
Initial commit 2023-05-15 08:51:32 +08:00			`def decorator(view):`
			`@wraps(view)`
			`def decorated(args, *kwargs):`
Feature/use jwt in web (#533) Co-authored-by: crazywoola <li.zheng@dentsplysirona.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> 2023-07-11 15:21:20 +08:00			`app_model, end_user = decode_jwt_token()`
Initial commit 2023-05-15 08:51:32 +08:00
			`return view(app_model, end_user, args, *kwargs)`
			`return decorated`
			`if view:`
			`return decorator(view)`
			`return decorator`

Feature/use jwt in web (#533) Co-authored-by: crazywoola <li.zheng@dentsplysirona.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> 2023-07-11 15:21:20 +08:00			`def decode_jwt_token():`
Initial commit 2023-05-15 08:51:32 +08:00			`auth_header = request.headers.get('Authorization')`
			`if auth_header is None:`
Feat: explore apps (#196) 2023-05-25 15:54:45 +08:00			`raise Unauthorized('Authorization header is missing.')`

			`if ' ' not in auth_header:`
			`raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.')`
Feature/use jwt in web (#533) Co-authored-by: crazywoola <li.zheng@dentsplysirona.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> 2023-07-11 15:21:20 +08:00
			`auth_scheme, tk = auth_header.split(None, 1)`
Initial commit 2023-05-15 08:51:32 +08:00			`auth_scheme = auth_scheme.lower()`

			`if auth_scheme != 'bearer':`
Feat: explore apps (#196) 2023-05-25 15:54:45 +08:00			`raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.')`
Feature/use jwt in web (#533) Co-authored-by: crazywoola <li.zheng@dentsplysirona.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> 2023-07-11 15:21:20 +08:00			`decoded = PassportService().verify(tk)`
Feature/fix disable site (#825) 2023-08-13 17:32:23 +08:00			`app_code = decoded.get('app_code')`
Feature/use jwt in web (#533) Co-authored-by: crazywoola <li.zheng@dentsplysirona.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> 2023-07-11 15:21:20 +08:00			`app_model = db.session.query(App).filter(App.id == decoded['app_id']).first()`
Feature/fix disable site (#825) 2023-08-13 17:32:23 +08:00			`site = db.session.query(Site).filter(Site.code == app_code).first()`
Feature/use jwt in web (#533) Co-authored-by: crazywoola <li.zheng@dentsplysirona.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> 2023-07-11 15:21:20 +08:00			`if not app_model:`
			`raise NotFound()`
fix: old webapp url still valid (#1643) 2023-11-28 20:04:46 +08:00			`if not app_code or not site:`
Feature/fix disable site (#825) 2023-08-13 17:32:23 +08:00			`raise Unauthorized('Site URL is no longer valid.')`
fix: site enable check (#645) 2023-07-26 11:11:09 +08:00			`if app_model.enable_site is False:`
			`raise Unauthorized('Site is disabled.')`
Feature/use jwt in web (#533) Co-authored-by: crazywoola <li.zheng@dentsplysirona.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> 2023-07-11 15:21:20 +08:00			`end_user = db.session.query(EndUser).filter(EndUser.id == decoded['end_user_id']).first()`
			`if not end_user:`
Initial commit 2023-05-15 08:51:32 +08:00			`raise NotFound()`

Feature/use jwt in web (#533) Co-authored-by: crazywoola <li.zheng@dentsplysirona.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> 2023-07-11 15:21:20 +08:00			`return app_model, end_user`
Initial commit 2023-05-15 08:51:32 +08:00
			`class WebApiResource(Resource):`
Feature/use jwt in web (#533) Co-authored-by: crazywoola <li.zheng@dentsplysirona.com> Co-authored-by: StyleZhang <jasonapring2015@outlook.com> 2023-07-11 15:21:20 +08:00			`method_decorators = [validate_jwt_token]`