yujunjun/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2025-11-13 01:38:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,320 Commits 238 Branches 154 Tags
Commit Graph

13 Commits

Author SHA1 Message Date
QuantumGhost
874406d934
security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518) 
The `ChatMessageApi` (`POST /console/api/apps/{app_id}/chat-messages`) and 
`ModelConfigResource` (`POST /console/api/apps/{app_id}/model-config`) 
endpoints do not properly validate user permissions, allowing users without `editor` 
permission to access restricted functionality.

This PR addresses this issue by adding proper permission check.
 2025-09-11 14:53:35 +08:00
Asuka Minato
2b91ba2411
example: limit current user usage (#24470) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-08-26 00:23:29 +08:00
-LAN-
b7466f8b65
feat: API docs for service api (#24425) 
Signed-off-by: -LAN- <laipz8200@outlook.com>
 2025-08-25 09:26:54 +08:00
Asuka Minato
18dce66443
try flask_restful -> flask_restx (#24310) 
Signed-off-by: -LAN- <laipz8200@outlook.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
 2025-08-24 13:45:47 +08:00
Zhehao Peng
c0702aacac
Use typing.Literal to replace str places (#24099) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-08-18 21:34:13 +08:00
Asuka Minato
a189d293f8
make logging not use f-str, change others to f-str (#22882) 2025-07-25 10:32:48 +08:00
quicksand
2d4f8f1377
fix: apps/annotation missing 1 required positional argument: 'end_user' (#20428) 2025-05-29 16:10:28 +08:00
-LAN-
b357eca307
fix: Copy request context and current user in app generators. (#20240) 
Signed-off-by: -LAN- <laipz8200@outlook.com>
 2025-05-27 10:56:23 +08:00
Bowen Liang
8537abfff8
chore: avoid repeated type ignore noqa by adding flask_restful and flask_login in mypy import exclusions (#19224) 2025-05-06 11:58:49 +08:00
小马哥
e5bdc1438a
fix: annotation update need use http put method and annotation-reply api doc parms wrong (#18891) 2025-04-27 16:13:36 +08:00
devxing
136995d2a1
fix: change delete app status code from 204 to 200 (#18398) 
Co-authored-by: devxing <devxing@gmail.com>
Co-authored-by: crazywoola <427733928@qq.com>
 2025-04-27 12:12:46 +08:00
Jasonfish
0afad94378
fix: Correct "The job is not exist" to "The job does not exist" (#17516) 2025-04-07 12:32:25 +08:00
Jasonfish
fd443941a2
feat(improve-api-endpoints): Added Datasets and Annotation APIs (#12237) 2025-04-07 10:36:58 +08:00