mirror of
https://github.com/YFGaia/dify-plus.git
synced 2026-06-04 10:14:00 +08:00
npc0-hue
17832f2424
本次提交整合了多个功能改进和问题修复: 主要功能: - 批量工作流处理功能完善,支持 Excel 上传和进度跟踪 - 管理中心反向代理和转发配置优化 - 用户同步添加互斥锁,防止并发问题 - 计费系统和额度显示优化 - AI 绘图功能扩展 前端改进: - 文本生成应用显示修复 - 批量任务进度展示优化 - 按钮样式和 CSS 优化,禁止换行 - 多语言支持完善(新增印尼语等) - 构建镜像逻辑优化 - 批量处理进度管理器实现 后端改进: - Docker Compose 配置升级 - 队列任务和 Worker Pool 优化 - Admin API 初始化和验证逻辑改进 - 数据库迁移和初始化完善 - 静态变量处理优化 - URL 签名助手实现 - Celery 扩展优化 - 代码和导入包问题修复(idea 自动调整代码位置) 技术改进: - 兼容性修复 (flask-restx, jschardet) - 钉钉 Web API 版本更新 - 代码格式化和导入包问题修复 - 日志处理优化 - 工作流循环管理优化 Docker 相关: - Nginx 配置更新 - 容器启动脚本优化 - 镜像构建流程改进 - docker-compose.dify-plus.yaml 大幅更新 管理后台: - 工作流批量处理 API 实现 - 工作池初始化 - 批量工作流服务实现 - 转发扩展配置 - 用户服务扩展
96 lines
3.5 KiB
Python
96 lines
3.5 KiB
Python
from datetime import UTC, datetime, timedelta
|
|
|
|
from flask import request
|
|
from flask_restx import Resource
|
|
from werkzeug.exceptions import NotFound, Unauthorized
|
|
|
|
from configs import dify_config
|
|
from controllers.console import api
|
|
from controllers.console.app.error_extend import WebSSOAuthRequiredError
|
|
from controllers.console.workspace.workspace import account_initialization_required, setup_required
|
|
from controllers.web.passport import generate_session_id
|
|
from extensions.ext_database import db
|
|
from libs.login import login_required
|
|
from libs.passport import PassportService
|
|
from models.model import App, EndUser, Site
|
|
from services.feature_service import FeatureService
|
|
|
|
|
|
class PassportResourceExtend(Resource):
|
|
"""Base resource for passport."""
|
|
|
|
@setup_required
|
|
@login_required
|
|
@account_initialization_required
|
|
def get(self):
|
|
system_features = FeatureService.get_system_features()
|
|
if system_features.sso_enforced_for_web:
|
|
raise WebSSOAuthRequiredError()
|
|
|
|
app_code = request.headers.get("X-App-Code")
|
|
if app_code is None:
|
|
raise Unauthorized("X-App-Code header is missing.")
|
|
|
|
# 二开部分Begin - 校验Token
|
|
auth_header = request.headers.get("Authorization-extend", "")
|
|
if not auth_header:
|
|
auth_token = request.args.get("_token")
|
|
if not auth_token:
|
|
raise WebSSOAuthRequiredError()
|
|
else:
|
|
if " " not in auth_header:
|
|
raise Unauthorized("Invalid Authorization header format. Expected 'Bearer <api-key>' format.")
|
|
auth_scheme, auth_token = auth_header.split(None, 1)
|
|
auth_scheme = auth_scheme.lower()
|
|
if auth_scheme != "bearer":
|
|
raise Unauthorized("Invalid Authorization header format. Expected 'Bearer <api-key>' format.")
|
|
|
|
decoded = PassportService().verify(auth_token)
|
|
user_id = decoded.get("user_id")
|
|
# 二开部分End - 校验Token
|
|
|
|
# get site from db and check if it is normal
|
|
site = db.session.query(Site).filter(Site.code == app_code, Site.status == "normal").first()
|
|
if not site:
|
|
print("site", site, flush=True)
|
|
raise NotFound()
|
|
# get app from db and check if it is normal and enable_site
|
|
app_model = db.session.query(App).filter(App.id == site.app_id).first()
|
|
if not app_model or app_model.status != "normal" or not app_model.enable_site:
|
|
print("app_model", app_model, flush=True)
|
|
print("app_model", app_model, flush=True)
|
|
raise NotFound()
|
|
|
|
endUser_ta = db.session.query(EndUser).filter(EndUser.id == user_id).first()
|
|
if not endUser_ta:
|
|
end_user = EndUser(
|
|
id=user_id,
|
|
tenant_id=app_model.tenant_id,
|
|
app_id=app_model.id,
|
|
type="browser",
|
|
is_anonymous=True,
|
|
session_id=generate_session_id(),
|
|
)
|
|
|
|
db.session.add(end_user)
|
|
db.session.commit()
|
|
exp_dt = datetime.now(UTC) + timedelta(minutes=dify_config.ACCESS_TOKEN_EXPIRE_MINUTES)
|
|
exp = int(exp_dt.timestamp())
|
|
payload = {
|
|
"iss": site.app_id,
|
|
"sub": "Web API Passport",
|
|
"app_id": site.app_id,
|
|
"app_code": app_code,
|
|
"end_user_id": user_id,
|
|
"exp": exp,
|
|
}
|
|
|
|
tk = PassportService().issue(payload)
|
|
|
|
return {
|
|
"access_token": tk,
|
|
}
|
|
|
|
|
|
api.add_resource(PassportResourceExtend, "/passport-extend")
|