yujunjun/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2025-11-27 19:35:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,205 Commits 250 Branches 156 Tags
Commit Graph

686 Commits

Author SHA1 Message Date
Yongtao Huang
4511f4f537
Remove redundant parse_args call in WorkflowByIdApi.patch (#25498) 2025-09-12 09:40:41 +08:00
Wu Tianwei
84e3571ec3
fix: delete get upload file endpoint (#25543) 
Co-authored-by: jyong <718720800@qq.com>
 2025-09-12 09:36:53 +08:00
QuantumGhost
874406d934
security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518) 
The `ChatMessageApi` (`POST /console/api/apps/{app_id}/chat-messages`) and 
`ModelConfigResource` (`POST /console/api/apps/{app_id}/model-config`) 
endpoints do not properly validate user permissions, allowing users without `editor` 
permission to access restricted functionality.

This PR addresses this issue by adding proper permission check.
 2025-09-11 14:53:35 +08:00
Asuka Minato
cbc0e639e4
update sql in batch (#24801) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
 2025-09-10 13:00:17 +08:00
Guangdong Liu
b51c724a94
refactor: Migrate part of the console basic API module to Flask-RESTX (#24732) 
Signed-off-by: -LAN- <laipz8200@outlook.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
 2025-09-10 12:15:47 +08:00
Will
fecdb9554d
fix: inner_api get_user_tenant (#25462) 2025-09-10 11:31:16 +08:00
-LAN-
08dd3f7b50
Fix basedpyright type errors (#25435) 
Signed-off-by: -LAN- <laipz8200@outlook.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-10 01:54:26 +08:00
Asuka Minato
38057b1b0e
add typing to all wraps (#25405) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-09 16:48:33 +08:00
Yongtao Huang
4aba570fa8
Fix flask response: 200 -> {}, 200 (#25404) 2025-09-09 15:06:18 +08:00
Xiyuan Chen
64c9a2f678
Feat/credential policy (#25151) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-08 23:45:05 -07:00
Yeuoly
720ecea737
fix: tenant_id was not specific when retrieval end-user in plugin backwards invocation wraps (#25377) 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2025-09-09 09:49:35 +08:00
zyssyz123
ea61420441
Revert "feat: email register refactor" (#25367) 2025-09-08 19:20:09 +08:00
zyssyz123
860ee20c71
feat: email register refactor (#25344) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-09-08 17:51:43 +08:00
Cluas
f891c67eca
feat: add MCP server headers support #22718 (#24760) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
Co-authored-by: Novice <novice12185727@gmail.com>
 2025-09-08 14:10:55 +08:00
ZalterCitty
4ee49f3550
chore: remove weird account login (#22247) 
Co-authored-by: zhuqingchao <zhuqingchao@xiaomi.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-09-08 10:44:36 +08:00
Asuka Minato
f6059ef389
add more typing (#24949) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-08 10:40:00 +08:00
Asuka Minato
16a3e21410
more assert (#24996) 
Signed-off-by: -LAN- <laipz8200@outlook.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-09-08 09:59:43 +08:00
-LAN-
9b8a03b53b
[Chore/Refactor] Improve type annotations in models module (#25281) 
Signed-off-by: -LAN- <laipz8200@outlook.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-09-08 09:42:27 +08:00
Asuka Minato
a78339a040
remove bare list, dict, Sequence, None, Any (#25058) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
 2025-09-06 03:32:23 +08:00
kenwoodjw
1ba69b8abf
fix: child chunk API 404 due to UUID type comparison (#25234) 
Signed-off-by: kenwoodjw <blackxin55+@gmail.com>
 2025-09-05 14:00:28 +08:00
Yongtao Huang
865ba8bb4f
Minor fix: correct get_app_model mode for delete() (#25082) 
Signed-off-by: Yongtao Huang <yongtaoh2022@gmail.com>
 2025-09-04 11:08:31 +08:00
NeatGuyCoding
a9c7669c16
chore: comply to RFC 6750 and improve bearer token split (#24955) 2025-09-03 22:29:08 +08:00
非法操作
b673560b92
feat: improve multi model credentials (#25009) 
Co-authored-by: Claude <noreply@anthropic.com>
 2025-09-03 13:52:31 +08:00
-LAN-
9d5956cef8
[Chore/Refactor] Switch from MyPy to Basedpyright for type checking (#25047) 
Signed-off-by: -LAN- <laipz8200@outlook.com>
 2025-09-03 11:52:26 +08:00
湛露先生
1fff4620e6
clean console apis and rag cleans. (#25042) 
Signed-off-by: zhanluxianshen <zhanluxianshen@163.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-03 11:25:18 +08:00
Will
5092e5f631
fix: workflow not published (#25030) 2025-09-03 10:07:31 +08:00
Yongtao Huang
bc9efa7ea8
Refactor: use DatasourceType.XX.value instead of hardcoded (#25015) 
Signed-off-by: Yongtao Huang <yongtaoh2022@gmail.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-03 08:56:48 +08:00
Will
d33dfee8a3
fix: EndUser is not bound to a Session (#25010) 2025-09-02 21:37:21 +08:00
GuanMu
25a11bfafc
Export DSL from history (#24939) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-02 21:36:52 +08:00
Novice
68c75f221b
fix: workflow log status filter add parial success status (#24977) 2025-09-02 16:24:03 +08:00
Bowen Liang
7b379e2a61
chore: apply ty checks on api code with script and ci action (#24653) 2025-09-02 16:05:13 +08:00
Yongtao Huang
067b0d07c4
Fix: ensure InstalledApp deletion uses model instances instead of Row (#24942) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-02 11:59:38 +08:00
jiangbo721
e048588a88
fix: remove duplicated code (#24893) 2025-09-02 08:58:31 +08:00
Asuka Minato
d41d4deaac
example enum to StrEnum (#24877) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-01 15:40:26 +08:00
NeatGuyCoding
2e6e414a9e
the conversion OAuthGrantType(parsed_args["grant_type"]) can raise ValueError for invalid values which is not caught and will produce a 500 (#24854) 2025-09-01 10:05:54 +08:00
NeatGuyCoding
c45d676477
remove duplicated authorization header handling and bearer should be case-insensitive (#24852) 2025-09-01 10:05:19 +08:00
Asuka Minato
b8d8dddd5a
example of decorator typing (#24857) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-01 10:04:24 +08:00
Asuka Minato
24e2b72b71
Update ast-grep pattern for session.query (#24828) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-08-31 17:03:51 +08:00
Novice
1a34ff8a67
fix: change the mcp server strucutre to support github copilot (#24788) 2025-08-29 18:00:58 +08:00
kenwoodjw
e4383d6167
Chore: remove dupliacte logic in DatasetApi.get() (#24769) 
Signed-off-by: kenwoodjw <blackxin55+@gmail.com>
 2025-08-29 14:25:36 +08:00
Junyan Qin (Chin)
f32e176d6a
feat: oauth provider (#24206) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: yessenia <yessenia.contact@gmail.com>
 2025-08-29 14:10:51 +08:00
Bowen Liang
39064197da
chore: cleanup unnecessary mypy suppressions on imports (#24712) 2025-08-28 23:17:25 +08:00
Eric Guo
ecf74d91e2
fix: has_more logic in ChatMessageListApi to ensure correct on behavior when no more messages are available. (#24661) 2025-08-28 15:05:52 +08:00
Guangdong Liu
47f02eec96
refactor: Migrate part of the web API module to Flask-RESTX (#24659) 2025-08-28 09:22:31 +08:00
Guangdong Liu
06dd4d6e00
feat: migrate part of the web chat module to Flask-RESTX (#24664) 2025-08-28 09:21:42 +08:00
Yongtao Huang
2a29c61041
Refactor: replace count() > 0 check with exists() (#24583) 
Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-08-27 17:46:52 +08:00
Guangdong Liu
917ed8cf84
feat: migrate part of the web API module to Flask-RESTX (#24577) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-08-27 16:05:22 +08:00
Yongtao Huang
826f19e968
Chore : rm dead code detected by pylance (#24588) 2025-08-27 13:19:40 +08:00
Yongtao Huang
b486d72b8e
Chore: remove dead var in DocumentBatchIndexingEstimateApi (#24497) 
Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com>
 2025-08-26 23:33:50 +08:00
Yongtao Huang
fa753239ad
Refactor: use logger = logging.getLogger(__name__) in logging (#24515) 
Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-08-26 18:10:31 +08:00