youngkingdom/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-04-23 20:36:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
8,504 Commits 473 Branches 169 Tags
116ec9dd04e56b2d056a76ed68520ffaa0ff85f0
Commit Graph

288 Commits

Author SHA1 Message Date
QuantumGhost
9bbe63c1d8 Implement a ratelimit for Web App Form endpoints (vibe-kanban 033e0d0d) 
Prevent adversaries from brute-frocing the form token.
 2026-01-27 07:49:50 +08:00
QuantumGhost
6277fc3b74 feat(api): Add configuration example for HITL related configuration 2026-01-26 08:52:04 +08:00
QuantumGhost
67bb3c2026 feat(api): enable human input timeout check 2026-01-26 08:40:28 +08:00
QuantumGhost
2db638b992 Add a configuration for controlling the redis instance / type used for streaming events between celery worker and api (vibe-kanban 08e07904) 
Currently, the celery worker executing workflows / chatflows uses redis pubsub to publish events to api.
(See \_topic\_msg\_generator and \_publish\_streaming\_response)

The current implementation uses the default redis client.

For large scale deployment, we need to use a dedicated redis cluster to ensure performance.

To achieve this, you should:

1. introduce a dedicated configuration class to control

  the redis address used for pubsub. (Ideally, there should only be one configuration item such as `pubsub_redis_url`, and its default value should be the original redis confugration.)

2. Add an option to switch between pubsub and sharded pubsub. When shared pubsub is specified, the ShardedRedisBroadcastChannel should be used instead.

COmplete the task above, add some unit tests.
 2026-01-19 07:40:44 +08:00
QuantumGhost
184f7ab144 WIP: feat(api): always use form_token to submit human input form 2026-01-06 08:53:24 +08:00
QuantumGhost
5d0dd329f2 WIP: human input timeout 2025-12-26 12:34:46 +08:00
QuantumGhost
f368155995 resume test 2025-12-26 12:16:01 +08:00
QuantumGhost
8b914d9116 WIP 2025-12-26 10:45:23 +08:00
Michael.Y.Ma
3322e7a7e3 feat: Add OSS-specific parameters for HW and ALI private deployment (#29705) 
Co-authored-by: crazywoola <427733928@qq.com>
 2025-12-22 21:59:32 +08:00
huku
eb5a444d3d fix: plugin execution timeout not respecting PLUGIN_MAX_EXECUTION_TIMEOUT (#29785) 
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-12-18 15:11:01 +08:00
hj24
46c9a59a31 feat: sandbox retention basic settings (#29842) 2025-12-18 14:16:23 +08:00
crazywoola
a915b8a584 revert: "security/fix-swagger-info-leak-m02" (#29721) 2025-12-16 14:19:33 +08:00
longbingljw
4cc6652424 feat: VECTOR_STORE supports seekdb (#29658) 2025-12-16 12:35:04 +09:00
zyssyz123
724cd57dbf fix: dos in annotation import (#29470) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-12-15 15:22:04 +08:00
L1nSn0w
355a2356d4 security/fix-swagger-info-leak-m02 (#29283) 
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-12-15 11:24:06 +08:00
TomoOkuyama
569c593240 feat: Add InterSystems IRIS vector database support (#29480) 
Co-authored-by: Tomo Okuyama <tomo.okuyama@intersystems.com>
 2025-12-15 10:20:43 +08:00
Jyong
9affc546c6 Feat/support multimodal embedding (#29115) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-12-09 14:41:46 +08:00
wangxiaolei
f48522e923 feat: add x-trace-id to http responses and logs (#29015) 
Introduce trace id to http responses and logs to facilitate debugging process.
 2025-12-02 17:22:34 +08:00
jiangbo721
2551f6f279 feat: add APP_DEFAULT_ACTIVE_REQUESTS as the default value for APP_AC… (#26930) 2025-11-27 10:51:48 +08:00
墨绿色
f76a3f545c Feat/add weaviate tokenization configurable (#28159) 
Co-authored-by: lijiezhao <lijiezhao@perfect99.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-11-25 20:07:45 +08:00
Maries
a1b735a4c0 feat: trigger billing (#28335) 
Signed-off-by: lyzno1 <yuanyouhuilyz@gmail.com>
Co-authored-by: lyzno1 <yuanyouhuilyz@gmail.com>
Co-authored-by: lyzno1 <92089059+lyzno1@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-11-20 10:15:23 +08:00
longbingljw
c0b7ffd5d0 feat:mysql adaptation for metadb (#28188) 2025-11-20 09:44:39 +08:00
-LAN-
fe6538b08d chore: disable workflow logs auto-cleanup by default (#28136) 
This PR changes the default value of `WORKFLOW_LOG_CLEANUP_ENABLED` from `true` to `false` across all configuration files.

## Motivation

Setting the default to `false` provides safer default behavior by:

- Preventing unintended data loss for new installations
- Giving users explicit control over when to enable log cleanup
- Following the opt-in principle for data deletion features

Users who need automatic cleanup can enable it by setting `WORKFLOW_LOG_CLEANUP_ENABLED=true` in their configuration.
 2025-11-12 22:55:02 +08:00
Yeuoly
b76e17b25d feat: introduce trigger functionality (#27644) 
Signed-off-by: lyzno1 <yuanyouhuilyz@gmail.com>
Co-authored-by: Stream <Stream_2@qq.com>
Co-authored-by: lyzno1 <92089059+lyzno1@users.noreply.github.com>
Co-authored-by: zhsama <torvalds@linux.do>
Co-authored-by: Harry <xh001x@hotmail.com>
Co-authored-by: lyzno1 <yuanyouhuilyz@gmail.com>
Co-authored-by: yessenia <yessenia.contact@gmail.com>
Co-authored-by: hjlarry <hjlarry@163.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: WTW0313 <twwu@dify.ai>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-12 17:59:37 +08:00
hj24
37903722fe refactor: implement tenant self queue for rag tasks (#27559) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
 2025-11-06 21:25:50 +08:00
Boris Polonsky
68d357d7f6 Add WEAVIATE_GRPC_ENDPOINT as designed in weaviate migration guide (#27861) 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-11-05 17:19:08 +08:00
Novice
ef1db35f80 feat: implement file extension blacklist for upload security (#27540) 2025-11-04 15:45:22 +08:00
Ponder
b610cf9a11 feat: add segments max number limit for SegmentApi.post (#27745) 2025-11-04 10:27:58 +08:00
Eric Guo
ff32dff163 Enabled cross-subdomain console sessions by making the cookie domain configurable and aligning the frontend so it reads the shared CSRF cookie. (#27190) 2025-10-28 10:04:24 +08:00
Asuka Minato
32c715c4d0 rm type ignore (#25715) 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com>
 2025-10-21 11:26:58 +08:00
hj24
2382229c7d fix variable-truncator max size comments (#27129) 2025-10-20 14:52:40 +09:00
Eric Guo
59ad6e02ce Add timeout so any plugin daemon call (including the SSE path) that legitimately takes longer than 5s would right. (#26852) 2025-10-14 09:23:27 +08:00
carribean
cbf2ba6cec Feature integrate alibabacloud mysql vector (#25994) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-10-11 10:47:28 +08:00
Asuka Minato
1bd621f819 remove .value (#26633) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2025-10-11 09:08:29 +08:00
Nan LI
885dff82e3 feat: update HTTP timeout configurations and enhance timeout input handling in UI (#26685) 2025-10-10 09:00:06 +08:00
-LAN-
4a475bf1cd chore: Raise default string length limits (#26592) 
Signed-off-by: -LAN- <laipz8200@outlook.com>
Co-authored-by: Bowen Liang <liangbowen@gf.com.cn>
 2025-10-06 10:40:13 +08:00
zxhlyh
915023b809 Chore/remove add node restrict of workflow (#26218) 
Co-authored-by: -LAN- <laipz8200@outlook.com>
 2025-09-25 18:02:43 +08:00
Blackoutta
e937c8c72e improve: pooling httpx clients for requests to code sandbox and ssrf (#26052) 2025-09-24 22:14:50 +08:00
longbingljw
24b4289d6c fix:add some explanation for oceanbase parser selection (#26071) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-23 17:06:06 +08:00
Asuka Minato
8940decd1b more httpx (#25651) 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
 2025-09-22 23:07:09 +08:00
Shili Cao
345ac8333c Add Full-Text & Hybrid Search Support to Baidu Vector DB and Update SDK, Closes #25982 (#25983) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-09-22 10:17:35 +08:00
longbingljw
208fe3d7de feat:support selecting different ftparser for OceanBase. (#25970) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-22 09:56:33 +08:00
Yunlu Wen
4f45978cd9 fix: remote code execution in email endpoints (#25753) 
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-09-18 16:45:34 +08:00
Saurabh Singh
5a0bf8e028 feat: make SQLALCHEMY_POOL_TIMEOUT configurable (#25468) 
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-18 16:13:56 +08:00
-LAN-
85cda47c70 feat: knowledge pipeline (#25360) 
Signed-off-by: -LAN- <laipz8200@outlook.com>
Co-authored-by: twwu <twwu@dify.ai>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
Co-authored-by: jyong <718720800@qq.com>
Co-authored-by: Wu Tianwei <30284043+WTW0313@users.noreply.github.com>
Co-authored-by: QuantumGhost <obelisk.reg+git@gmail.com>
Co-authored-by: lyzno1 <yuanyouhuilyz@gmail.com>
Co-authored-by: quicksand <quicksandzn@gmail.com>
Co-authored-by: Jyong <76649700+JohnJyong@users.noreply.github.com>
Co-authored-by: lyzno1 <92089059+lyzno1@users.noreply.github.com>
Co-authored-by: zxhlyh <jasonapring2015@outlook.com>
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: nite-knite <nkCoding@gmail.com>
Co-authored-by: Hanqing Zhao <sherry9277@gmail.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Harry <xh001x@hotmail.com>
 2025-09-18 12:49:10 +08:00
Jiang
b283b10d3e Fix/lindorm vdb optimize (#25748) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-16 16:54:18 +08:00
-LAN-
bab4975809 chore: add ast-grep rule to convert Optional[T] to T | None (#25560) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
 2025-09-15 13:06:33 +08:00
Krito.
a13d7987e0 chore: adopt StrEnum and auto() for some string-typed enums (#25129) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
 2025-09-12 21:14:26 +08:00
zyssyz123
c2fcd2895b Feat/email register refactor (#25369) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>
Co-authored-by: Joel <iamjoel007@gmail.com>
 2025-09-12 10:24:54 +08:00
zyssyz123
ea61420441 Revert "feat: email register refactor" (#25367) 2025-09-08 19:20:09 +08:00