jprdonnelly/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-03-10 19:01:54 -04:00
Code Issues Packages Projects Releases Wiki Activity
8,901 Commits 400 Branches 166 Tags
efbdb4c7065ac836b30fe82e2d3da713026704e6
Commit Graph

700 Commits

Author SHA1 Message Date
GareArc
efbdb4c706 fix(app-copy): inherit web app permission from original app 
When copying an app, the copied app was not getting a web_app_settings
record created. This caused the enterprise service to query for settings
that don't exist, falling back to default behavior.

This fix ensures copied apps inherit the same access mode as the original:
- If original has explicit settings (public/private/private_all/sso_verified),
  the copy gets the same setting
- If original has no settings (old apps), copy defaults to 'public' to match
  the original's effective permission via fallback

This prevents permission mismatches between original and copied apps and
ensures the enterprise service has explicit settings to query.

Related: langgenius/dify-enterprise#423
 2026-02-13 22:11:03 -08:00
NFish
08b8eff933 Merge remote-tracking branch 'origin/hotfix/1.12.1-fix.4' into release/e-1.12.1 2026-02-09 15:54:32 +08:00
GareArc
990e8feee8 security: fix IDOR and privilege escalation in set_default_provider 
- Add tenant_id verification to prevent IDOR attacks
- Add admin check for enterprise tenant-wide default changes
- Preserve non-enterprise behavior (users can set own defaults)
 2026-02-06 13:32:18 +08:00
QuantumGhost
540e1db83c perf(api): Optimize the response time of AppListApi endpoint (#31999) 2026-02-06 10:46:25 +08:00
Asuka Minato
f5d6c250ed fix: "refactor: port api/controllers/console/tag/tags.py to ov3" (#31887) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-02-03 22:18:53 +08:00
Stephen Zhou
b55c0ec4de fix: revert "refactor: api/controllers/console/feature.py (test)" (#31850) 2026-02-03 12:26:47 +08:00
Asuka Minato
47f8de3f8e refactor: port api/controllers/console/app/annotation.py api/controllers/console/explore/trial.py api/controllers/console/workspace/account.py api/controllers/console/workspace/members.py api/controllers/service_api/app/annotation.py to basemodel (#31833) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-03 09:59:00 +08:00
Asuka Minato
491fa9923b refactor: port api/controllers/console/datasets/data_source.py /datasets/metadata.py /service_api/dataset/metadata.py /nodes/agent/agent_node.py api/core/workflow/nodes/datasource/datasource_node.py api/services/dataset_service.py to match case (#31836) 2026-02-02 21:03:16 +09:00
Asuka Minato
ce2c41bbf5 refactor: port api/controllers/console/datasets/datasets_document.py api/controllers/service_api/app/annotation.py api/core/app/app_config/easy_ui_based_app/agent/manager.py api/core/app/apps/pipeline/pipeline_generator.py api/core/workflow/nodes/knowledge_retrieval/knowledge_retrieval_node.py to match case (#31832) 2026-02-02 19:07:30 +09:00
Asuka Minato
920db69ef2 refactor: if to match (#31799) 2026-02-02 18:12:03 +09:00
Asuka Minato
ac222a4dd4 refactor: port api/controllers/console/app/audio.py api/controllers/console/app/message.py api/controllers/console/auth/data_source_oauth.py api/controllers/console/auth/forgot_password.py api/controllers/console/workspace/endpoint.py (#30680) 2026-02-02 18:03:07 +09:00
FFXN
41177757e6 fix: summary index bug (#31810) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Jyong <76649700+JohnJyong@users.noreply.github.com>
Co-authored-by: zxhlyh <jasonapring2015@outlook.com>
Co-authored-by: Yansong Zhang <916125788@qq.com>
Co-authored-by: hj24 <mambahj24@gmail.com>
Co-authored-by: CodingOnStar <hanxujiang@dify.ai>
Co-authored-by: CodingOnStar <hanxujiang@dify.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2026-02-02 09:45:17 +08:00
Asuka Minato
3216b67bfa refactor: examples of use match case (#31312) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-02-01 19:25:54 +09:00
Asuka Minato
7828508b30 refactor: remove all reqparser (#29289) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Stephen Zhou <38493346+hyoban@users.noreply.github.com>
 2026-02-01 13:43:14 +09:00
Asuka Minato
a433d5ed36 refactor: port api/controllers/console/tag/tags.py to ov3 (#31767) 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-30 22:40:14 +09:00
Asuka Minato
b58d9e030a refactor: init_validate.py to v3 (#31457) 2026-01-30 22:39:02 +09:00
QuantumGhost
90fe9abab7 revert: revert human input relevant code (#31766) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-01-30 19:18:49 +08:00
Asuka Minato
ba568a634d refactor: api/controllers/console/remote_files.py to ov3 (#31466) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-01-30 19:32:20 +09:00
Cursx
f33d99ea01 refactor: api/controllers/console/feature.py (test) (#31562) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2026-01-30 19:22:01 +09:00
Asuka Minato
89abea26f9 refactor: rm some dict api/controllers/console/app/generator.py api/core/llm_generator/llm_generator.py (#31709) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-01-30 17:37:20 +09:00
QuantumGhost
03e3acfc71 feat(api): Human Input Node (backend part) (#31646) 
The backend part of the human in the loop (HITL) feature and relevant architecture / workflow engine changes.

Signed-off-by: yihong0618 <zouzou0208@gmail.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
Co-authored-by: 盐粒 Yanli <yanli@dify.ai>
Co-authored-by: CrabSAMA <40541269+CrabSAMA@users.noreply.github.com>
Co-authored-by: Stephen Zhou <38493346+hyoban@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: yihong <zouzou0208@gmail.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
 2026-01-30 10:18:49 +08:00
Asuka Minato
3bcfb4031a refactor: ExporleBanner to TypeBase (#31698) 2026-01-29 15:34:14 +09:00
FFXN
c2473d85dc feat: Add summary index for knowledge. (#31625) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Jyong <76649700+JohnJyong@users.noreply.github.com>
Co-authored-by: zxhlyh <jasonapring2015@outlook.com>
Co-authored-by: Yansong Zhang <916125788@qq.com>
Co-authored-by: hj24 <mambahj24@gmail.com>
Co-authored-by: CodingOnStar <hanxujiang@dify.ai>
Co-authored-by: CodingOnStar <hanxujiang@dify.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2026-01-29 13:47:35 +08:00
Asuka Minato
8ec4233611 fix: doc not gen bug (#31547) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Stephen Zhou <38493346+hyoban@users.noreply.github.com>
 2026-01-27 20:19:39 +09:00
Asuka Minato
e482588ef8 fix: ConsoleDatasetListQuery request.args.to_dict() (#31598) 2026-01-27 17:12:52 +09:00
E.G
f6be9cd90d refactor: replace request.args.get with Pydantic BaseModel validation (#31104) 
Co-authored-by: GlobalStar117 <GlobalStar117@users.noreply.github.com>
Co-authored-by: Asuka Minato <i@asukaminato.eu.org>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2026-01-27 10:48:42 +08:00
Asuka Minato
eba5eac3fa refactor: api/controllers/console/setup.py to ov3 (#31465) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-01-26 15:04:33 +08:00
Asuka Minato
19008dce13 refactor: api/controllers/console/version.py to v3 (#31463) 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2026-01-26 15:04:25 +08:00
Asuka Minato
b9f1d65d4f refactor: example of refine dict / Mapping (#31498) 2026-01-26 10:23:38 +08:00
wangxiaolei
1f8c730259 feat: optimize http status code (#31430) 2026-01-24 10:16:16 +08:00
Asuka Minato
8d45755303 feat: init fastopenapi (#30453) 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-01-23 21:07:52 +09:00
非法操作
fa92548cf6 feat: archive workflow run logs backend (#31310) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-01-23 13:11:56 +08:00
Cursx
b3a869b91b refactor: optimize system features response payload for unauthenticated clients (#31392) 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: QuantumGhost <obelisk.reg+git@gmail.com>
 2026-01-23 12:12:11 +08:00
QuantumGhost
61f8647f37 docs(api): mark SystemFeatureApi as unauthenticated by design (#31417) 
The `/console/api/system-features` is required for the dashboard initialization. Authentication would create circular dependency (can't login without dashboard loading).

ref: CVE-2025-63387

Related: #31368
 2026-01-22 22:33:59 +08:00
zyssyz123
515002a8ba feat: app trial (#26281) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: hj24 <mambahj24@gmail.com>
 2026-01-22 15:42:54 +08:00
盐粒 Yanli
62ac02a568 feat: Download the uploaded files (#31068) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-01-19 16:48:13 +08:00
wangxiaolei
88780c7eb7 fix: Revert "fix: fix create app xss issue" (#31219) 2026-01-19 16:07:24 +08:00
Xiyuan Chen
72ce6ca437 feat: implement workspace permission checks for member invitations an… (#31202) 2026-01-18 19:35:50 -08:00
Xiangxuan Qu
1a9fdd9a65 refactor: migrate tag list API query parameters to Pydantic (#31097) 
Co-authored-by: fghpdf <fghpdf@users.noreply.github.com>
 2026-01-16 17:49:52 +08:00
wangxiaolei
5008f5e89b fix: Use raw SQL UPDATE to set read status without triggering updated… (#31015) 2026-01-15 09:51:44 +08:00
盐粒 Yanli
5bf4114d6f fix: increase name length limit in ExternalDatasetCreatePayload (#31000) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Asuka Minato <i@asukaminato.eu.org>
 2026-01-14 22:13:53 +09:00
wangxiaolei
87f348a0de feat: change param to pydantic model (#30870) 2026-01-14 09:46:41 +08:00
非法操作
491e1fd6a4 chore: case insensitive email (#29978) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
 2026-01-13 15:42:44 +08:00
zyssyz123
fe0802262c feat: credit pool (#30720) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2026-01-08 13:17:30 +08:00
Asuka Minato
885f226f77 refactor: split changes for api/controllers/console/workspace/trigger… (#30627) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2026-01-07 21:18:02 +08:00
Sara Rasool
4f0fb6df2b chore: use from __future__ import annotations (#30254) 
Co-authored-by: Dev <dev@Devs-MacBook-Pro-4.local>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Asuka Minato <i@asukaminato.eu.org>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2026-01-06 23:57:20 +09:00
Asuka Minato
0294555893 refactor: port api/fields/file_fields.py (#30638) 2026-01-06 22:55:58 +08:00
-LAN-
55de731f9c refactor(api): clarify published RAG pipeline invoke naming (#30644) 2026-01-06 23:48:06 +09:00
lif
f3ca8be9f9 refactor: clean type: ignore comments in login.py and template_transformer.py (#30510) 
Signed-off-by: majiayu000 <1835304752@qq.com>
 2026-01-06 14:33:27 +08:00
Asuka Minato
f320fd5f95 refactor: port controllers/console/app/app.py (#30522) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2026-01-06 10:12:52 +08:00