273 Commits

Author	SHA1	Message	Date
QuantumGhost	874406d934	security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518) ... The `ChatMessageApi` (`POST /console/api/apps/{app_id}/chat-messages`) and `ModelConfigResource` (`POST /console/api/apps/{app_id}/model-config`) endpoints do not properly validate user permissions, allowing users without `editor` permission to access restricted functionality. This PR addresses this issue by adding proper permission check.	2025-09-11 14:53:35 +08:00
Yeuoly	9898730cc5	feat: add webhook node limit validation (max 5 per workflow) ... - Add MAX_WEBHOOK_NODES_PER_WORKFLOW constant set to 5 - Validate webhook node count in sync_webhook_relationships method - Raise ValueError when workflow exceeds webhook node limit - Block workflow save when limit is exceeded to ensure data integrity - Provide clear error message indicating current count and maximum allowed 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-10 17:22:09 +08:00
Yeuoly	b0f1e55a87	refactor: remove triggered_by field from webhook triggers and use automatic sync ... - Remove triggered_by field from WorkflowWebhookTrigger model - Replace manual webhook creation/deletion APIs with automatic sync via WebhookService - Keep only GET API for retrieving webhook information - Use same webhook ID for both debug and production environments (differentiated by endpoint) - Add sync_webhook_relationships to automatically manage webhook lifecycle - Update tests to remove triggered_by references - Clean up unused imports and fix type checking issues 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-10 17:17:19 +08:00
-LAN-	08dd3f7b50	Fix basedpyright type errors (#25435) ... Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-09-10 01:54:26 +08:00
Harry	5a15419baf	feat(trigger): implement debug session capabilities for trigger nodes ... - Added `DraftWorkflowTriggerNodeApi` to handle debugging of trigger nodes, allowing for real-time event listening and session management. - Introduced `TriggerDebugService` for managing debug sessions and event dispatching using Redis Pub/Sub. - Updated `TriggerService` to support dispatching events to debug sessions and refactored related methods for improved clarity and functionality. - Enhanced data structures in `request.py` and `entities.py` to accommodate new debug event data requirements. These changes significantly improve the debugging capabilities for trigger nodes in draft workflows, facilitating better development and troubleshooting processes.	2025-09-09 21:27:31 +08:00
Asuka Minato	38057b1b0e	add typing to all wraps (#25405) ... Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-09-09 16:48:33 +08:00
Xiyuan Chen	64c9a2f678	Feat/credential policy (#25151) ... Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-09-08 23:45:05 -07:00
lyzno1	b6c552df07	fix: add stable sorting for trigger list to prevent position changes (#25328)	2025-09-07 21:52:41 +08:00
Asuka Minato	a78339a040	remove bare list, dict, Sequence, None, Any (#25058) ... Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: -LAN- <laipz8200@outlook.com>	2025-09-06 03:32:23 +08:00
Harry	814787677a	feat(trigger): update plugin trigger API and model to use trigger_name ... - Modified `PluginTriggerApi` to accept `trigger_name` as a JSON argument and return encoded plugin triggers. - Updated `WorkflowPluginTrigger` model to replace `trigger_id` with `trigger_name` for better clarity. - Adjusted `WorkflowPluginTriggerService` to handle the new `trigger_name` field and ensure proper error handling for subscriptions. - Enhanced `workflow_trigger_fields` to include `trigger_name` in the plugin trigger schema. This change improves the API's clarity and aligns the model with the updated naming conventions.	2025-09-05 15:56:13 +08:00
非法操作	461829274a	feat: (trigger) support file upload in webhook (#25159)	2025-09-04 18:33:42 +08:00
Harry	f60e28d2f5	feat(trigger): enhance user role validation and add request logs API for trigger providers ... - Updated user role validation in PluginTriggerApi and WebhookTriggerApi to assert current_user as an Account and check tenant ID. - Introduced TriggerSubscriptionBuilderRequestLogsApi to retrieve request logs for subscription instances, ensuring proper user authentication and error handling. - Added new API endpoint for accessing request logs related to trigger providers. 🤖 Generated with [Claude Code](https://claude.ai/code)	2025-09-04 14:44:02 +08:00
Harry	a62d7aa3ee	feat(trigger): add plugin trigger workflow support and refactor trigger system ... - Add new workflow plugin trigger service for managing plugin-based triggers - Implement trigger provider encryption utilities for secure credential storage - Add custom trigger errors module for better error handling - Refactor trigger provider and manager classes for improved plugin integration - Update API endpoints to support plugin trigger workflows - Add database migration for plugin trigger workflow support 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-04 13:20:43 +08:00
Yongtao Huang	865ba8bb4f	Minor fix: correct get_app_model mode for delete() (#25082) ... Signed-off-by: Yongtao Huang <yongtaoh2022@gmail.com>	2025-09-04 11:08:31 +08:00
Harry	4b253e1f73	feat(trigger): plugin trigger workflow	2025-09-03 14:53:27 +08:00
Harry	2f08306695	feat(trigger): enhance trigger subscription management and processing ... - Refactor trigger provider classes to improve naming consistency and clarity - Introduce new methods for managing trigger subscriptions, including validation and dispatching - Update API endpoints to reflect changes in subscription handling - Implement logging and request management for endpoint interactions - Enhance data models to support subscription attributes and lifecycle management Co-authored-by: Claude <noreply@anthropic.com>	2025-09-03 14:53:27 +08:00
Will	5092e5f631	fix: workflow not published (#25030)	2025-09-03 10:07:31 +08:00
Yongtao Huang	bc9efa7ea8	Refactor: use DatasourceType.XX.value instead of hardcoded (#25015) ... Signed-off-by: Yongtao Huang <yongtaoh2022@gmail.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-09-03 08:56:48 +08:00
GuanMu	25a11bfafc	Export DSL from history (#24939) ... Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-09-02 21:36:52 +08:00
lyzno1	1fce1a61d4	feat(workflow-log): enhance workflow logs UI with sorting and status filters (#24978)	2025-09-02 16:43:11 +08:00
Novice	68c75f221b	fix: workflow log status filter add parial success status (#24977)	2025-09-02 16:24:03 +08:00
Yeuoly	676648e0b3	Merge branch 'main' into feat/trigger	2025-09-01 18:05:31 +08:00
Asuka Minato	24e2b72b71	Update ast-grep pattern for session.query (#24828) ... Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-08-31 17:03:51 +08:00
非法操作	89ad6ad902	feat: add app trigger list api (#24693)	2025-08-28 15:23:08 +08:00
Eric Guo	ecf74d91e2	✨fix: has_more logic in ChatMessageListApi to ensure correct on behavior when no more messages are available. (#24661)	2025-08-28 15:05:52 +08:00
Yongtao Huang	2a29c61041	Refactor: replace count() > 0 check with exists() (#24583) ... Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-08-27 17:46:52 +08:00
lyzno1	5bbf685035	feat: fix i18n missing keys and merge upstream/main (#24615) ... Signed-off-by: -LAN- <laipz8200@outlook.com> Signed-off-by: kenwoodjw <blackxin55+@gmail.com> Signed-off-by: Yongtao Huang <yongtaoh2022@gmail.com> Signed-off-by: yihong0618 <zouzou0208@gmail.com> Signed-off-by: zhanluxianshen <zhanluxianshen@163.com> Co-authored-by: -LAN- <laipz8200@outlook.com> Co-authored-by: GuanMu <ballmanjq@gmail.com> Co-authored-by: Davide Delbianco <davide.delbianco@outlook.com> Co-authored-by: NeatGuyCoding <15627489+NeatGuyCoding@users.noreply.github.com> Co-authored-by: kenwoodjw <blackxin55+@gmail.com> Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com> Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com> Co-authored-by: Qiang Lee <18018968632@163.com> Co-authored-by: 李强04 <liqiang04@gaotu.cn> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Asuka Minato <i@asukaminato.eu.org> Co-authored-by: Matri Qi <matrixdom@126.com> Co-authored-by: huayaoyue6 <huayaoyue@163.com> Co-authored-by: Bowen Liang <liangbowen@gf.com.cn> Co-authored-by: znn <jubinkumarsoni@gmail.com> Co-authored-by: crazywoola <427733928@qq.com> Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: yihong <zouzou0208@gmail.com> Co-authored-by: Muke Wang <shaodwaaron@gmail.com> Co-authored-by: wangmuke <wangmuke@kingsware.cn> Co-authored-by: Wu Tianwei <30284043+WTW0313@users.noreply.github.com> Co-authored-by: quicksand <quicksandzn@gmail.com> Co-authored-by: 非法操作 <hjlarry@163.com> Co-authored-by: zxhlyh <jasonapring2015@outlook.com> Co-authored-by: Eric Guo <eric.guocz@gmail.com> Co-authored-by: Zhedong Cen <cenzhedong2@126.com> Co-authored-by: jiangbo721 <jiangbo721@163.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: hjlarry <25834719+hjlarry@users.noreply.github.com> Co-authored-by: lxsummer <35754229+lxjustdoit@users.noreply.github.com> Co-authored-by: 湛露先生 <zhanluxianshen@163.com> Co-authored-by: Guangdong Liu <liugddx@gmail.com> Co-authored-by: QuantumGhost <obelisk.reg+git@gmail.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Yessenia-d <yessenia.contact@gmail.com> Co-authored-by: huangzhuo1949 <167434202+huangzhuo1949@users.noreply.github.com> Co-authored-by: huangzhuo <huangzhuo1@xiaomi.com> Co-authored-by: 17hz <0x149527@gmail.com> Co-authored-by: Amy <1530140574@qq.com> Co-authored-by: Joel <iamjoel007@gmail.com> Co-authored-by: Nite Knite <nkCoding@gmail.com> Co-authored-by: Yeuoly <45712896+Yeuoly@users.noreply.github.com> Co-authored-by: Petrus Han <petrus.hanks@gmail.com> Co-authored-by: iamjoel <2120155+iamjoel@users.noreply.github.com> Co-authored-by: Kalo Chin <frog.beepers.0n@icloud.com> Co-authored-by: Ujjwal Maurya <ujjwalsbx@gmail.com> Co-authored-by: Maries <xh001x@hotmail.com>	2025-08-27 15:07:28 +08:00
非法操作	a63d1e87b1	feat: webhook trigger backend api (#24387) ... Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-08-27 14:42:45 +08:00
Yongtao Huang	fa753239ad	Refactor: use logger = logging.getLogger(__name__) in logging (#24515) ... Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>	2025-08-26 18:10:31 +08:00
Asuka Minato	2b91ba2411	example: limit current user usage (#24470) ... Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-08-26 00:23:29 +08:00
znn	3aedc139ac	fix delete conversations via Api and delete conversations from db as well (#23591) ... Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: crazywoola <427733928@qq.com> Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-08-25 09:43:45 +08:00
Asuka Minato	18dce66443	try flask_restful -> flask_restx (#24310) ... Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: -LAN- <laipz8200@outlook.com>	2025-08-24 13:45:47 +08:00
Yeuoly	e38a86e37b	Merge branch 'main' into feat/trigger	2025-08-22 20:11:49 +08:00
Stream	c2606f9062	fix: correct behaviour of code fix (#24152) ... Co-authored-by: Joel <iamjoel007@gmail.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-08-19 14:18:49 +08:00
lyzno1	aacea166d7	fix: resolve merge conflict between Features removal and validation enhancement (#24150)	2025-08-19 13:47:38 +08:00
Asuka Minato	70da81d0e5	try ast-grep (#24149)	2025-08-19 13:41:52 +08:00
Zhehao Peng	c0702aacac	Use typing.Literal to replace str places (#24099) ... Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-08-18 21:34:13 +08:00
Stream	ae7de7d36b	fix: treat default template of code as empty (#24106) ... Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-08-18 16:52:27 +08:00
Joel	de9c5f10b3	feat: enchance prompt and code (#23633) ... Co-authored-by: stream <stream@dify.ai> Co-authored-by: Stream <1542763342@qq.com> Co-authored-by: Stream <Stream_2@qq.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-08-18 12:29:12 +08:00
耐小心	4b9812ce6a	fix: move database service call inside session context in workflow draft variable API (#23996)	2025-08-15 18:23:42 +08:00
heyszt	aa71173dbb	Feat: External_trace_id compatible with OpenTelemetry (#23918) ... Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-08-15 09:13:41 +08:00
QuantumGhost	7286b4ad06	fix(api): resolve "Message not exists" error in admin feedback creation (#23232) ... Fix regression introduced in PR #22580 where admin users encountered "Message not exists" errors when creating feedback on messages created by other users. The issue was caused by `MessageService.create_feedback()` incorrectly filtering messages by the current user's ID, preventing admins from accessing messages created by end users. Reverts: #22580	2025-08-13 23:57:25 +08:00
Yongtao Huang	bf2f03f911	Restructure the File errors in controller (#23801) ... Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-08-13 17:06:07 +08:00
lyzno1	2edd32fdea	fix: resolve AppCard description overlap with tag area (#23585) ... Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-08-08 09:05:55 +08:00
Yongtao Huang	b8ef0c84e6	Fix: moved file = after file presence validation (#23453) ... Signed-off-by: Yongtao Huang <yongtaoh2022@gmail.com>	2025-08-06 13:44:12 +08:00
Asuka Minato	58608f51da	replace db with sa to get typing support (#23240)	2025-08-02 23:54:23 +08:00
NeatGuyCoding	07cff1ed2c	minor fix: fix flask api resources only accept one resource for same url (#23168)	2025-07-30 17:05:02 +08:00
NeatGuyCoding	070379a900	minor fix: fix wrong check of annotation_ids (#23164)	2025-07-30 17:04:31 +08:00
GuanMu	4499cda186	Feat annotations panel (#22968)	2025-07-30 13:40:48 +08:00
Yongtao Huang	57e0a12ccd	Refactor: remove redundant full module paths in exception handlers (#23076) ... Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>	2025-07-29 09:40:51 +08:00