943b23b042
Merge remote-tracking branch 'origin/main' into feat/cli
2026-05-24 22:47:33 -07:00
f70b745ec2
Potential fix for pull request finding 'CodeQL / Incomplete URL substring sanitization'
...
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-05-25 12:34:45 +08:00
eba0041973
fix(openapi): close 4 critical OAuth device-flow security findings
...
1. Host-header injection (sso_initiate / sso_complete): replace
request.host_url with dify_config.CONSOLE_API_URL via a
_trusted_origin() helper that fails closed when unset. An
attacker-controlled Host header on sso-initiate would otherwise
be sealed into the signed state envelope, causing the IdP to
redirect the victim's EE-signed SSO assertion to evil.com.
2. Unvalidated JWS claim payloads: add ExtSubjectAssertionClaims
and ApprovalGrantClaimsPayload pydantic models and route every
verified payload through model_validate. A signed-but-malformed
blob now returns BadRequest('invalid_sso_assertion') or
VerifyError('claim shape invalid') instead of crashing the
handler with KeyError / 500. ApprovalGrantClaimsPayload is
imported lazily inside verify_approval_grant to break the
libs -> controllers cycle.
3. Timing-unsafe CSRF compare in approve_external: replace plain
!= with secrets.compare_digest.
4. Bearer rate-limit bypass on revoked tokens: move
enforce_bearer_rate_limit to fire after sha256_hex but before
resolver.resolve, so revoked-token replay is now bounded. Also
collapse the two distinct error messages (unknown token prefix
vs token unknown or revoked) into a single generic
'invalid_bearer' to remove the prefix-validity oracle.
Tests: 4 new unit-test files cover each finding plus one updated
test for the new bearer error string. 744 tests pass.
2026-05-24 21:17:36 -07:00
639e12a306
fix: request /api/datasets raise exception ( #36591 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-25 02:27:54 +00:00
8d7ee1d761
Merge branch 'main' into feat/cli
2026-05-23 14:37:18 +08:00
98de360447
refactor: move db query from api leyer to service layer
2026-05-23 14:21:04 +08:00
f39e7d6cd5
refactor: move select to data access layer
2026-05-23 14:21:04 +08:00
0c1b37687f
refactor: decouple Context from flask
2026-05-23 10:33:07 +08:00
790ca72627
refactor(api): migrate console/service_api.dataset to BaseModel ( #36480 )
2026-05-22 17:39:07 +00:00
4c2ba50dfe
Merge remote-tracking branch 'upstream/main' into feat/cli
2026-05-22 21:38:55 +08:00
d94e302045
fix typings
2026-05-22 18:15:28 +08:00
473c945839
chore: seprate vector space quota query ( #36514 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-22 09:26:17 +00:00
851bf36f24
Merge remote-tracking branch 'upstream/main' into feat/cli
2026-05-22 16:07:59 +08:00
92181dbe09
fix(api): preserve remote file URL query params ( #36478 )
2026-05-22 01:45:20 +00:00
ea5e487d3c
fix(api): stop returning 204 with response body and add CI check ( #36489 )
2026-05-21 16:20:34 +00:00
092c8bca81
refactor(api): migrate console.datasets.metadata to BaseModel ( #36450 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-21 15:04:42 +00:00
f04d809426
fix(api): fix invalid token error while changing email ( #36412 )
2026-05-20 05:51:15 +00:00
5381452de9
feat(cli,api): difyctl version probes server and reports compat verdict ( #36356 )
...
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-20 10:27:34 +08:00
d9e90d0fa0
feat: add new agent ( #36284 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-19 10:43:23 +00:00
34a89416f7
test(api): manage backend pytest services natively ( #36235 )
2026-05-19 07:52:15 +00:00
04d62867af
feat(dify-ui): add shared form primitives ( #36334 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-19 05:38:57 +00:00
de0a44be06
Merge branch 'main' into feat/cli
2026-05-19 10:37:42 +08:00
76bba64b79
chore: add type to test ( #36324 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-18 08:47:47 +00:00
2eb37caf2e
refactor(api): migrate console.app.workflow to BaseModel ( #36216 )
...
Co-authored-by: WH-2099 <wh2099@pm.me >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-18 07:31:37 +00:00
e2d6ae818c
Merge remote-tracking branch 'upstream/main' into feat/cli
2026-05-18 14:00:59 +08:00
b96f372f45
chore(api): upgrade graphon to 0.4.0 ( #36124 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: QuantumGhost <obelisk.reg+git@gmail.com >
2026-05-18 00:34:17 +00:00
9d0906c684
chore: improve swagger markdown optional fields typing ( #36247 )
2026-05-16 16:40:20 +00:00
8be6665d22
feat(api,cli): openapi HITL endpoints — always-stream, human_input_form, workflow_events, stop-task
...
- Remove response_mode from AppRunRequest; openapi /run always streams
- Add POST /apps/<id>/tasks/<task_id>/stop (SIGINT hook target)
- Add GET/POST /apps/<id>/form/human_input/<token> (HITL form fetch/submit)
- Add GET /apps/<id>/tasks/<task_id>/events (SSE reconnect after resume)
- Add HumanInputSurface.OPENAPI; map to STANDALONE_WEB_APP recipient type
- Regenerate cli/src/types/data-contracts.ts via pnpm sync-models
2026-05-15 02:50:54 -07:00
a252fbddfa
feat: initialize user timezone and language from browser ( #36170 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-15 08:12:52 +00:00
c2868075fa
Merge remote-tracking branch 'origin/main' into feat/cli
...
# Conflicts:
# docker/docker-compose.yaml
# pnpm-lock.yaml
# pnpm-workspace.yaml
2026-05-14 20:11:59 -07:00
194b54bae4
fix: allow tag rename without type payload ( #36182 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-15 01:29:17 +00:00
432a6412a3
fix(security): tenant-scope FilePreviewApi text-extract endpoint (GHSA-2qwc-c2cc-2xwv) ( #35797 )
...
Signed-off-by: xr843 <137012659+xr843@users.noreply.github.com >
Co-authored-by: Ido Shani <ido@zafran.io >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: -LAN- <laipz8200@outlook.com >
2026-05-14 16:13:04 +00:00
5798610f27
refactor(api): migrate console.app.workflow_comment to BaseModel ( #36180 )
2026-05-14 12:13:47 +00:00
9d545144ce
chore: remove obsolete admin console routes ( #35637 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-13 08:08:50 +00:00
2afa39cdcb
fix: knowledge hit-testing render failed. ( #36106 )
...
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-05-13 07:31:38 +00:00
1a83dfaf1f
refactor: use BaseModel in openapi group. Generate ts code from swagger ( #36076 )
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-05-13 12:56:42 +08:00
4bb987eca3
fix: validate missing text indexing technique ( #35941 )
2026-05-12 05:07:03 +00:00
4fd4615c56
fix: avoid trial workflow schema model collision ( #36061 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-12 03:24:14 +00:00
1f7da9c191
Merge branch 'main' into feat/cli
...
Conflicts resolved:
- api/services/app_service.py: extend AppListParams with status + openapi_visible fields so the openapi caller's per-page visibility gate survives the dict->BaseModel refactor; openapi controller now constructs AppListParams.
- pnpm-workspace.yaml: union of CLI-only entries (@napi-rs/keyring, @oclif/*) with main's bumped versions (@next/*, @orpc/*, eslint-plugin-sonarjs, eslint-plugin-storybook); kept eventsource-parser.
- pnpm-lock.yaml: regenerated.
- web/app/signin/utils/post-login-redirect.ts: union impl — keep main's resolvePostLoginRedirect(searchParams) + setOAuthPendingRedirect; add hardened sessionStorage-based setPostLoginRedirect for device flow with same-origin + path whitelist; device redirect takes precedence over oauth pending.
2026-05-11 19:29:37 -07:00
6779366dca
feat(api,web,cli): difyctl v1.0 — OAuth device flow, /openapi/v1 auth pipeline, CLI client
2026-05-11 18:40:39 -07:00
7b5c371b9d
chore: api para type ( #35985 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-10 06:04:42 +00:00
4a56763d2f
refactor(api): migrate console.app.workflow etc. to BaseModel ( #35967 )
2026-05-09 08:34:15 +00:00
1efd365b62
fix(swagger): Apply the inline-nested-dicts patch to HTTP Swagger endpoints ( #35952 )
2026-05-09 08:21:26 +00:00
d5ad6aedc0
fix(swagger): add util to convert BaseModel to schema for query params ( #35959 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-09 04:52:45 +00:00
140ad6ba4e
chore: add Type to test ( #35942 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-09 03:16:22 +00:00
38a419d073
ci: auto gen api doc and download link ( #35919 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: WH-2099 <wh2099@pm.me >
2026-05-09 03:01:47 +00:00
927a17804b
feat: support configurable explore app categories ( #35723 )
2026-05-08 06:04:07 +00:00
ecd830083a
test: add type to test ( #35871 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-08 01:06:25 +00:00
8fd616d27f
refactor: add type to test ( #30873 )
...
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-07 03:46:23 +00:00
00bf3f83f2
refactor: verticalize tag management and batch bindings ( #35840 )
...
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-07 01:36:10 +00:00
