Merge remote-tracking branch 'origin/main' into feat/support-agent-sandbox

2026-05-13 16:03:50 -04:00 · 2026-02-08 01:30:21 +08:00
parent 724700acc4 c185a51bad
commit d23a94982d
34 changed files with 1353 additions and 356 deletions
--- a/api/controllers/console/apikey.py
+++ b/api/controllers/console/apikey.py
@@ -10,6 +10,7 @@ from libs.helper import TimestampField
 from libs.login import current_account_with_tenant, login_required
 from models.dataset import Dataset
 from models.model import ApiToken, App
+from services.api_token_service import ApiTokenCache

 from . import console_ns
 from .wraps import account_initialization_required, edit_permission_required, setup_required
@@ -131,6 +132,11 @@ class BaseApiKeyResource(Resource):
        if key is None:
            flask_restx.abort(HTTPStatus.NOT_FOUND, message="API key not found")

+        # Invalidate cache before deleting from database
+        # Type assertion: key is guaranteed to be non-None here because abort() raises
+        assert key is not None  # nosec - for type checker only
+        ApiTokenCache.delete(key.token, key.type)
+
        db.session.query(ApiToken).where(ApiToken.id == api_key_id).delete()
        db.session.commit()

--- a/api/controllers/console/datasets/datasets.py
+++ b/api/controllers/console/datasets/datasets.py
@@ -55,6 +55,7 @@ from libs.login import current_account_with_tenant, login_required
 from models import ApiToken, Dataset, Document, DocumentSegment, UploadFile
 from models.dataset import DatasetPermissionEnum
 from models.provider_ids import ModelProviderID
+from services.api_token_service import ApiTokenCache
 from services.dataset_service import DatasetPermissionService, DatasetService, DocumentService

 # Register models for flask_restx to avoid dict type issues in Swagger
@@ -820,6 +821,11 @@ class DatasetApiDeleteApi(Resource):
        if key is None:
            console_ns.abort(404, message="API key not found")

+        # Invalidate cache before deleting from database
+        # Type assertion: key is guaranteed to be non-None here because abort() raises
+        assert key is not None  # nosec - for type checker only
+        ApiTokenCache.delete(key.token, key.type)
+
        db.session.query(ApiToken).where(ApiToken.id == api_key_id).delete()
        db.session.commit()

--- a/api/controllers/console/tag/tags.py
+++ b/api/controllers/console/tag/tags.py
@@ -120,7 +120,7 @@ class TagUpdateDeleteApi(Resource):

        TagService.delete_tag(tag_id)

-        return 204
+        return "", 204


@console_ns.route("/tag-bindings/create")