youngkingdom/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-28 04:43:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(api): retire legacy /v1/* and /console/api device-flow mounts (Phase F)

Browse Source 
Web and CLI consumers now hit /openapi/v1/* directly, so the dual-mount
shims can go:
  - controllers/oauth_device_sso.py (legacy /v1/oauth/device/sso-* + /v1/device/sso-complete)
  - controllers/service_api/oauth.py (legacy /v1/oauth/device/*, /v1/me, /v1/oauth/authorizations/self)
  - controllers/console/auth/oauth_device.py (placeholder for legacy /console/api/oauth/device/{approve,deny})
  - the deferred _register_legacy_console_mount() inside openapi/oauth_device.py

Imports in controllers/console/__init__.py, controllers/service_api/__init__.py,
and extensions/ext_blueprints.py pruned. Tests rewritten to openapi-only.
This commit is contained in:
GareArc
2026-04-27 00:45:10 -07:00
parent eb5ef3dba5
commit 0b3b0b5ce8
15 changed files with 105 additions and 364 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/controllers/openapi/account.py
View File

@ -1,10 +1,6 @@
"""User-scoped account endpoints. /account is the bearer-authed
identity read; /account/sessions and /account/sessions/<id> manage
the user's active OAuth tokens (Phase C steps 1112).
The /account class is also registered on the legacy /v1/me path from
service_api/oauth.py until Phase F retires that mount. Likewise
/account/sessions/self is re-mounted at /v1/oauth/authorizations/self.
the user's active OAuth tokens.
"""
from __future__ import annotations

20
api/controllers/openapi/oauth_device.py
View File

@ -10,11 +10,7 @@ sub-groups in one module:
POST /oauth/device/approve
POST /oauth/device/deny
The five Resource classes are also re-registered on legacy mounts:
service_api_ns at /v1/oauth/device/{code,token,lookup} (from
service_api/oauth.py) and console_ns at /console/api/oauth/device/{approve,deny}
(from the deferred _register_legacy_console_mount() at module bottom).
All legacy mounts retire in Phase F. SSO branch lives in oauth_device_sso.py.
SSO branch lives in oauth_device_sso.py.
"""
from __future__ import annotations
@ -369,17 +365,3 @@ def _emit_deny_audit(state) -> None:
)
# =========================================================================
# Legacy console-side mount — deferred import breaks a cycle that would
# form between this module (imports controllers.console.wraps) and
# controllers.console.__init__ (loads .auth.oauth_device).
# =========================================================================
def _register_legacy_console_mount() -> None:
from controllers.console import console_ns
console_ns.add_resource(DeviceApproveApi, "/oauth/device/approve")
console_ns.add_resource(DeviceDenyApi, "/oauth/device/deny")
_register_legacy_console_mount()

2
api/controllers/openapi/oauth_device_sso.py
View File

@ -8,8 +8,6 @@ EE-only. Browser flow:
Function-based (raw @bp.route) rather than Resource classes because the
handlers do redirects + cookie kwargs that don't fit the Resource shape.
Same handlers are also re-registered on the legacy /v1/* paths from
controllers/oauth_device_sso.py until Phase F retires the legacy mount.
"""
from __future__ import annotations