Wu Tianwei
84e3571ec3
fix: delete get upload file endpoint ( #25543 )
...
Co-authored-by: jyong <718720800@qq.com >
2025-09-12 09:36:53 +08:00
QuantumGhost
874406d934
security(api): fix privilege escalation vulnerability in model config and chat message APIs ( #25518 )
...
The `ChatMessageApi` (`POST /console/api/apps/{app_id}/chat-messages`) and
`ModelConfigResource` (`POST /console/api/apps/{app_id}/model-config`)
endpoints do not properly validate user permissions, allowing users without `editor`
permission to access restricted functionality.
This PR addresses this issue by adding proper permission check.
2025-09-11 14:53:35 +08:00
Guangdong Liu
b51c724a94
refactor: Migrate part of the console basic API module to Flask-RESTX ( #24732 )
...
Signed-off-by: -LAN- <laipz8200@outlook.com >
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com >
Co-authored-by: -LAN- <laipz8200@outlook.com >
2025-09-10 12:15:47 +08:00
-LAN-
08dd3f7b50
Fix basedpyright type errors ( #25435 )
...
Signed-off-by: -LAN- <laipz8200@outlook.com >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-09-10 01:54:26 +08:00
Asuka Minato
38057b1b0e
add typing to all wraps ( #25405 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-09-09 16:48:33 +08:00
Yongtao Huang
4aba570fa8
Fix flask response: 200 -> {}, 200 ( #25404 )
2025-09-09 15:06:18 +08:00
Yeuoly
720ecea737
fix: tenant_id was not specific when retrieval end-user in plugin backwards invocation wraps ( #25377 )
...
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-09-09 09:49:35 +08:00
ZalterCitty
4ee49f3550
chore: remove weird account login ( #22247 )
...
Co-authored-by: zhuqingchao <zhuqingchao@xiaomi.com >
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com >
2025-09-08 10:44:36 +08:00
Asuka Minato
f6059ef389
add more typing ( #24949 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-09-08 10:40:00 +08:00
kenwoodjw
1ba69b8abf
fix: child chunk API 404 due to UUID type comparison ( #25234 )
...
Signed-off-by: kenwoodjw <blackxin55+@gmail.com >
2025-09-05 14:00:28 +08:00
-LAN-
b17527c32a
[Chore/Refactor] Switch from MyPy to Basedpyright for type checking ( #25047 )
...
Signed-off-by: -LAN- <laipz8200@outlook.com >
2025-09-03 11:52:26 +08:00
-LAN-
9d5956cef8
[Chore/Refactor] Switch from MyPy to Basedpyright for type checking ( #25047 )
...
Signed-off-by: -LAN- <laipz8200@outlook.com >
2025-09-03 11:52:26 +08:00
Will
99f57f5954
fix: EndUser is not bound to a Session ( #25010 )
2025-09-02 21:37:21 +08:00
Will
d33dfee8a3
fix: EndUser is not bound to a Session ( #25010 )
2025-09-02 21:37:21 +08:00
Bowen Liang
eafe26f2a5
chore: apply ty checks on api code with script and ci action ( #24653 )
2025-09-02 16:05:13 +08:00
Bowen Liang
7b379e2a61
chore: apply ty checks on api code with script and ci action ( #24653 )
2025-09-02 16:05:13 +08:00
Asuka Minato
2b2cd9fc9d
example enum to StrEnum ( #24877 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-09-01 15:40:26 +08:00
Asuka Minato
d41d4deaac
example enum to StrEnum ( #24877 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-09-01 15:40:26 +08:00
kenwoodjw
3a41d28050
Chore: remove dupliacte logic in DatasetApi.get() ( #24769 )
...
Signed-off-by: kenwoodjw <blackxin55+@gmail.com >
2025-08-29 14:25:36 +08:00
kenwoodjw
e4383d6167
Chore: remove dupliacte logic in DatasetApi.get() ( #24769 )
...
Signed-off-by: kenwoodjw <blackxin55+@gmail.com >
2025-08-29 14:25:36 +08:00
Bowen Liang
e91a9f8935
chore: cleanup unnecessary mypy suppressions on imports ( #24712 )
2025-08-28 23:17:25 +08:00
Bowen Liang
39064197da
chore: cleanup unnecessary mypy suppressions on imports ( #24712 )
2025-08-28 23:17:25 +08:00
Yongtao Huang
76ce0afec0
Refactor: use logger = logging.getLogger(__name__) in logging ( #24515 )
...
Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com >
2025-08-26 18:10:31 +08:00
Yongtao Huang
fa753239ad
Refactor: use logger = logging.getLogger(__name__) in logging ( #24515 )
...
Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com >
2025-08-26 18:10:31 +08:00
Asuka Minato
3cf8d26459
example: limit current user usage ( #24470 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-26 00:23:29 +08:00
Asuka Minato
2b91ba2411
example: limit current user usage ( #24470 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-26 00:23:29 +08:00
quicksand
9703d19dd1
fix: flask_restx namespace path wrong ( #24456 )
2025-08-25 14:56:20 +08:00
quicksand
424fdf4b52
fix: flask_restx namespace path wrong ( #24456 )
2025-08-25 14:56:20 +08:00
-LAN-
d08f6cd27e
feat: API docs for service api ( #24425 )
...
Signed-off-by: -LAN- <laipz8200@outlook.com >
2025-08-25 09:26:54 +08:00
-LAN-
b7466f8b65
feat: API docs for service api ( #24425 )
...
Signed-off-by: -LAN- <laipz8200@outlook.com >
2025-08-25 09:26:54 +08:00
Asuka Minato
a864ed1985
try flask_restful -> flask_restx ( #24310 )
...
Signed-off-by: -LAN- <laipz8200@outlook.com >
Co-authored-by: -LAN- <laipz8200@outlook.com >
2025-08-24 13:45:47 +08:00
Asuka Minato
18dce66443
try flask_restful -> flask_restx ( #24310 )
...
Signed-off-by: -LAN- <laipz8200@outlook.com >
Co-authored-by: -LAN- <laipz8200@outlook.com >
2025-08-24 13:45:47 +08:00
kenwoodjw
cc2fccfead
fix child-chunk ownership validation ( #24374 )
...
Signed-off-by: kenwoodjw <blackxin55+@gmail.com >
2025-08-23 20:17:44 +08:00
kenwoodjw
8a348bea21
fix child-chunk ownership validation ( #24374 )
...
Signed-off-by: kenwoodjw <blackxin55+@gmail.com >
2025-08-23 20:17:44 +08:00
Zhehao Peng
0d16663fa7
Use typing.Literal to replace str places ( #24099 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-18 21:34:13 +08:00
Zhehao Peng
c0702aacac
Use typing.Literal to replace str places ( #24099 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-18 21:34:13 +08:00
Alex Chim
9853b18df8
Fixes #23921 ( #23924 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-14 15:54:25 +08:00
Alex Chim
4a2e6af9b5
Fixes #23921 ( #23924 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-14 15:54:25 +08:00
Yongtao Huang
0fb7a2b4c4
Restructure the File errors in controller ( #23801 )
...
Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-13 17:06:07 +08:00
Yongtao Huang
bf2f03f911
Restructure the File errors in controller ( #23801 )
...
Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-13 17:06:07 +08:00
lyzno1
a5ffaa700e
fix: resolve AppCard description overlap with tag area ( #23585 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-08 09:05:55 +08:00
lyzno1
2edd32fdea
fix: resolve AppCard description overlap with tag area ( #23585 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-08 09:05:55 +08:00
lyzno1
1c992f5f91
feat: add Service API file preview endpoint ( #23534 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-07 21:44:29 +08:00
lyzno1
d98071a088
feat: add Service API file preview endpoint ( #23534 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-07 21:44:29 +08:00
Yongtao Huang
ec93cc7713
Chore: remove unused variable pruned_memory ( #23514 )
2025-08-07 09:06:17 +08:00
Yongtao Huang
e072b7dafa
Chore: remove unused variable pruned_memory ( #23514 )
2025-08-07 09:06:17 +08:00
Yongtao Huang
d73c18ec63
Fix: avoid Flask route conflict by merging DocumentDetailApi and DocumentDeleteApi ( #23333 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-04 14:37:36 +08:00
Yongtao Huang
146d870098
Fix: avoid Flask route conflict by merging DocumentDetailApi and DocumentDeleteApi ( #23333 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-04 14:37:36 +08:00
qiaofenlin
b108f213b1
feat: support workflow version specification in workflow and chat APIs ( #23188 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-08-03 16:27:12 +08:00
qiaofenlin
20f0238aab
feat: support workflow version specification in workflow and chat APIs ( #23188 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
2025-08-03 16:27:12 +08:00