yujunjun/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2025-11-11 08:53:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
dify/api/controllers/service_api/app
History
QuantumGhost 874406d934
security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518) 
The `ChatMessageApi` (`POST /console/api/apps/{app_id}/chat-messages`) and 
`ModelConfigResource` (`POST /console/api/apps/{app_id}/model-config`) 
endpoints do not properly validate user permissions, allowing users without `editor` 
permission to access restricted functionality.

This PR addresses this issue by adding proper permission check.
2025-09-11 14:53:35 +08:00
..
__init__.py
fix: missing default user for APP service api (#2606)
2024-02-28 16:09:56 +08:00
annotation.py
security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518)
2025-09-11 14:53:35 +08:00
app.py
feat: API docs for service api (#24425)
2025-08-25 09:26:54 +08:00
audio.py
chore: apply ty checks on api code with script and ci action (#24653)
2025-09-02 16:05:13 +08:00
completion.py
Refactor: use logger = logging.getLogger(__name__) in logging (#24515)
2025-08-26 18:10:31 +08:00
conversation.py
Fix basedpyright type errors (#25435)
2025-09-10 01:54:26 +08:00
error.py
Restructure the File errors in controller (#23801)
2025-08-13 17:06:07 +08:00
file_preview.py
[Chore/Refactor] Switch from MyPy to Basedpyright for type checking (#25047)
2025-09-03 11:52:26 +08:00
file.py
feat: API docs for service api (#24425)
2025-08-25 09:26:54 +08:00
message.py
Refactor: use logger = logging.getLogger(__name__) in logging (#24515)
2025-08-26 18:10:31 +08:00
site.py
feat: API docs for service api (#24425)
2025-08-25 09:26:54 +08:00
workflow.py
Refactor: use logger = logging.getLogger(__name__) in logging (#24515)
2025-08-26 18:10:31 +08:00