9bbe63c1d8
Implement a ratelimit for Web App Form endpoints (vibe-kanban 033e0d0d)
...
Prevent adversaries from brute-frocing the form token.
2026-01-27 07:49:50 +08:00
b59713b980
Return the form expired error code in get form definition in WEbAPp Api (vibe-kanban 758765b0)
2026-01-26 16:14:02 +08:00
33a830cbc9
refactor(api): rename placeholder to default_value in various parts
...
Previously the fields / classes are named with `placeholder`. However,
the actual purpose is to use as default values. This commit addresses
this problem by correcting names for relevant fields / classes.
- FormInputPlaceholder
- FormInput.placeholder
- HumanInputRequiredResponse.resolved_placeholder_values
- HumanInputFormDefinition.resolved_placeholder_values
- FormCreateParams.resolved_placeholder_values
- HumanInputRequired.resolved_placeholder_values
- The `resolved_placeholder_values` argument of _create_human_input_delivery_test_form
- The `resolved_placeholder_values` inside _jsonify_form_definition
2026-01-23 15:05:18 +08:00
6bf6bf6a2a
feat(api): implement test form delivery & submission logic (vibe-kanban 89cd6a22)
...
This ensures that user can receive & submit form while using email
delivery test.
2026-01-19 09:52:30 +08:00
1f47ea8452
Merge the two delivery test api (vibe-kanban 7e7941e4)
...
The AdvancedChatDraftHumanInputDeliveryTestApi and WorkflowDraftHumanInputDeliveryTestApi are the same. Merge this two api by deleting AdvancedChatDraftHumanInputDeliveryTestApi and allowing
Chatflow to use WorkflowDraftHumanInputDeliveryTestApi.
Update tests accordingly. This project uses uv to manage dependencies.
2026-01-16 14:06:32 +08:00
68d56415d0
Rename the placeholder_values to resolved_placeholder_values in HumanInputFormApi (vibe-kanban 4b9631d6)
...
Update tests accordingly. Ensure relevant tests are green.
2026-01-16 13:27:35 +08:00
e099a8de47
feat(api): simplify the FormDefinition API for web app
2026-01-16 09:49:45 +08:00
c45dd66bd7
The site field returned by HumanInputFormApi is inconsistent with the API docs (vibe-kanban e0fb38c9)
...
```javascript
Expected structure:
```json
{
"site": {
"app_id": "e9823576-d836-4f2b-b46f-bd4df1d82230",
"end_user_id": "b7aa295d-1560-4d87-a828-77b3f39b30d0",
"enable_site": true,
"site": {
"title": "wf",
"chat_color_theme": null,
"chat_color_theme_inverted": false,
"icon_type": "emoji",
"icon": "\ud83e\udd16",
"icon_background": "#FFEAD5",
"icon_url": null,
"description": null,
"copyright": null,
"privacy_policy": null,
"custom_disclaimer": "",
"default_language": "en-US",
"prompt_public": false,
"show_workflow_steps": true,
"use_icon_as_answer_icon": false
},
"model_config": null,
"plan": "basic",
"can_replace_logo": false,
"custom_config": null
},
// ... other fields
}
```
The current implementation of HumanInputFormApi returns the following structure:
```json
{
"site": {
"title": "hitl-chatflow",
"chat_color_theme": null,
"chat_color_theme_inverted": false,
"icon_type": "emoji",
"icon": "🤖 ",
"icon_background": "#FFEAD5",
"icon_url": null,
"description": null,
"copyright": null,
"privacy_policy": null,
"custom_disclaimer": "",
"default_language": "en-US",
"prompt_public": false,
"show_workflow_steps": true,
"use_icon_as_answer_icon": false
},
// ... other fields
}
```
\`\`\`
2026-01-15 12:26:51 +08:00
ea90746ed7
feat(api): adjust /pause-details api, add backstage form token
2026-01-15 09:43:16 +08:00
f1b2e1cfb4
feat(api): Add app_id field to HumanInputForm model
...
This ensures that `HumanInputForm` could be associated to a specific
application without relying on `WorkflowRun`, providing us a smoother
migration path if we want to implement test form.
2026-01-14 16:58:17 +08:00
25cc2ab738
fix(api): missing site field in Web App Form Definition API
2026-01-14 14:25:57 +08:00
9c287ee0ae
feat(api): adjust form submission run api
...
Separate `inputs` and `form_inputs` fields.
2026-01-13 11:08:31 +08:00
fb01b91b06
WIP: feat(api): implement delivery testing api
2026-01-06 08:54:06 +08:00
37dd61558c
feat(api): Implement HITL for Workflow, add is_resumption for start event
2025-12-30 16:40:08 +08:00
1ebc17850b
fix(api): force download for HTML previews ( #30090 )
...
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-12-25 11:43:07 +08:00
037b8ae9e2
refactor: split changes for api/controllers/web/forgot_password.py ( #29858 )
2025-12-24 09:41:51 +08:00
0a448a13c8
refactor: split changes for api/controllers/console/extension.py ( #29888 )
2025-12-24 09:41:42 +08:00
d005689d0a
chore: remove unused login call from activation flow ( #30017 )
2025-12-23 12:26:52 +08:00
b7649f61f8
fix: Login secret text transmission ( #29659 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Joel <iamjoel007@gmail.com >
Co-authored-by: -LAN- <laipz8200@outlook.com >
2025-12-16 16:55:51 +08:00
09982a1c95
fix: webhook node output file as file variable ( #29621 )
2025-12-15 19:55:59 +08:00
bd7b1fc6fb
fix: csv injection in annotations export ( #29462 )
...
Co-authored-by: hj24 <huangjian@dify.ai >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-12-15 17:14:05 +08:00
724cd57dbf
fix: dos in annotation import ( #29470 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-12-15 15:22:04 +08:00
094f417b32
refactor: admin api using session factory ( #29628 )
2025-12-15 12:01:41 +08:00
063b39ada5
fix: conversation rename payload validation ( #29510 )
2025-12-11 18:05:41 +09:00
b4afc7e435
fix: Can not blank conversation ID validation in chat payloads ( #29436 )
...
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-12-11 09:47:10 +08:00
05fe92a541
refactor: port reqparse to BaseModel ( #28993 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-12-08 15:31:19 +09:00
2431ddfde6
Feat integrate partner stack ( #28353 )
...
Co-authored-by: Joel <iamjoel007@gmail.com >
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com >
2025-11-20 15:58:05 +08:00
b2a604b801
Add Comprehensive Unit Tests for Console Auth Controllers ( #28349 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com >
2025-11-20 12:50:16 +08:00
9a5f214623
refactor: replace localStorage with HTTP-only cookies for auth tokens ( #24365 )
...
Signed-off-by: NeatGuyCoding <15627489+NeatGuyCoding@users.noreply.github.com >
Signed-off-by: lyzno1 <yuanyouhuilyz@gmail.com >
Signed-off-by: kenwoodjw <blackxin55+@gmail.com >
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Yunlu Wen <wylswz@163.com >
Co-authored-by: Joel <iamjoel007@gmail.com >
Co-authored-by: GareArc <chen4851@purdue.edu >
Co-authored-by: NFish <douxc512@gmail.com >
Co-authored-by: Davide Delbianco <davide.delbianco@outlook.com >
Co-authored-by: minglu7 <1347866672@qq.com >
Co-authored-by: Ponder <ruan.lj@foxmail.com >
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com >
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: heyszt <270985384@qq.com >
Co-authored-by: Asuka Minato <i@asukaminato.eu.org >
Co-authored-by: Guangdong Liu <liugddx@gmail.com >
Co-authored-by: Eric Guo <eric.guocz@gmail.com >
Co-authored-by: NeatGuyCoding <15627489+NeatGuyCoding@users.noreply.github.com >
Co-authored-by: XlKsyt <caixuesen@outlook.com >
Co-authored-by: Dhruv Gorasiya <80987415+DhruvGorasiya@users.noreply.github.com >
Co-authored-by: crazywoola <427733928@qq.com >
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: lyzno1 <92089059+lyzno1@users.noreply.github.com >
Co-authored-by: hj24 <mambahj24@gmail.com >
Co-authored-by: GuanMu <ballmanjq@gmail.com >
Co-authored-by: 非法操作 <hjlarry@163.com >
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
Co-authored-by: Tonlo <123lzs123@gmail.com >
Co-authored-by: Yusuke Yamada <yamachu.dev@gmail.com >
Co-authored-by: Novice <novice12185727@gmail.com >
Co-authored-by: kenwoodjw <blackxin55+@gmail.com >
Co-authored-by: Ademílson Tonato <ademilsonft@outlook.com >
Co-authored-by: znn <jubinkumarsoni@gmail.com >
Co-authored-by: yangzheli <43645580+yangzheli@users.noreply.github.com >
2025-10-19 21:29:04 +08:00
0a6b78f883
Use hook to get userid ( #26839 )
...
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-10-14 09:20:37 +08:00
2f50f3fd4b
refactor: use libs.login current_user in console controllers ( #26745 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com >
2025-10-13 10:33:33 +08:00
1bd621f819
remove .value ( #26633 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-10-11 09:08:29 +08:00
f5161d9add
Exclude tests directory from pyright type checking ( #26496 )
...
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-10-02 18:51:36 +08:00
8940decd1b
more httpx ( #25651 )
...
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-09-22 23:07:09 +08:00
85cda47c70
feat: knowledge pipeline ( #25360 )
...
Signed-off-by: -LAN- <laipz8200@outlook.com >
Co-authored-by: twwu <twwu@dify.ai >
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com >
Co-authored-by: jyong <718720800@qq.com >
Co-authored-by: Wu Tianwei <30284043+WTW0313@users.noreply.github.com >
Co-authored-by: QuantumGhost <obelisk.reg+git@gmail.com >
Co-authored-by: lyzno1 <yuanyouhuilyz@gmail.com >
Co-authored-by: quicksand <quicksandzn@gmail.com >
Co-authored-by: Jyong <76649700+JohnJyong@users.noreply.github.com >
Co-authored-by: lyzno1 <92089059+lyzno1@users.noreply.github.com >
Co-authored-by: zxhlyh <jasonapring2015@outlook.com >
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Joel <iamjoel007@gmail.com >
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
Co-authored-by: nite-knite <nkCoding@gmail.com >
Co-authored-by: Hanqing Zhao <sherry9277@gmail.com >
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Harry <xh001x@hotmail.com >
2025-09-18 12:49:10 +08:00
c2fcd2895b
Feat/email register refactor ( #25369 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com >
Co-authored-by: Joel <iamjoel007@gmail.com >
2025-09-12 10:24:54 +08:00
ea61420441
Revert "feat: email register refactor" ( #25367 )
2025-09-08 19:20:09 +08:00
860ee20c71
feat: email register refactor ( #25344 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com >
2025-09-08 17:51:43 +08:00
cfb8d224da
fix: standardize authentication error messages to prevent user enumeration ( #24324 )
...
Signed-off-by: -LAN- <laipz8200@outlook.com >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-26 09:46:23 +08:00
18dce66443
try flask_restful -> flask_restx ( #24310 )
...
Signed-off-by: -LAN- <laipz8200@outlook.com >
Co-authored-by: -LAN- <laipz8200@outlook.com >
2025-08-24 13:45:47 +08:00
da9af7b547
[Chore/Refactor] Use centralized naive_utc_now for UTC datetime operations ( #24352 )
...
Signed-off-by: -LAN- <laipz8200@outlook.com >
2025-08-22 23:53:05 +08:00
bf2f03f911
Restructure the File errors in controller ( #23801 )
...
Co-authored-by: Yongtao Huang <99629139+hyongtao-db@users.noreply.github.com >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-13 17:06:07 +08:00
2edd32fdea
fix: resolve AppCard description overlap with tag area ( #23585 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-08 09:05:55 +08:00
d98071a088
feat: add Service API file preview endpoint ( #23534 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-07 21:44:29 +08:00
afac1fe590
Add comprehensive security tests for file upload controller ( #23102 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-07-31 10:32:16 +08:00
74caebac32
test: add comprehensive OAuth authentication unit tests ( #22528 )
2025-07-17 14:20:59 +08:00
38106074b4
test: add comprehensive unit tests for console authentication and authorization decorators ( #22439 )
2025-07-16 10:07:01 +08:00
10b738a296
feat: Persist Variables for Enhanced Debugging Workflow ( #20699 )
...
This pull request introduces a feature aimed at improving the debugging experience during workflow editing. With the addition of variable persistence, the system will automatically retain the output variables from previously executed nodes. These persisted variables can then be reused when debugging subsequent nodes, eliminating the need for repetitive manual input.
By streamlining this aspect of the workflow, the feature minimizes user errors and significantly reduces debugging effort, offering a smoother and more efficient experience.
Key highlights of this change:
- Automatic persistence of output variables for executed nodes.
- Reuse of persisted variables to simplify input steps for nodes requiring them (e.g., `code`, `template`, `variable_assigner`).
- Enhanced debugging experience with reduced friction.
Closes #19735 .
2025-06-24 09:05:29 +08:00
8b9fed75f3
refactor(version): simplify version comparison logic ( #10109 )
2024-10-31 15:15:32 +08:00
3af65b2f45
feat(api): add version comparison logic ( #8902 )
2024-09-30 11:12:26 +08:00
