build: update react refresh ignore

build: eslint plugin react-refresh
Merge branch 'feat/plugins' of github.com:langgenius/dify into feat/plugins
2026-01-23 21:42:53 +08:00 · 2024-10-22 14:09:31 +08:00 · 2024-10-22 13:49:39 +08:00 · 2024-10-22 13:43:15 +08:00 · 2024-10-22 13:43:01 +08:00 · 2024-10-22 11:43:23 +08:00
1334 changed files with 40448 additions and 37573 deletions
--- a/.devcontainer/post_create_command.sh
+++ b/.devcontainer/post_create_command.sh
@ -1,11 +1,12 @@
 #!/bin/bash

-cd web && npm install
+npm add -g pnpm@9.12.2
+cd web && pnpm install
 pipx install poetry

 echo 'alias start-api="cd /workspaces/dify/api && poetry run python -m flask run --host 0.0.0.0 --port=5001 --debug"' >> ~/.bashrc
 echo 'alias start-worker="cd /workspaces/dify/api && poetry run python -m celery -A app.celery worker -P gevent -c 1 --loglevel INFO -Q dataset,generation,mail,ops_trace,app_deletion"' >> ~/.bashrc
-echo 'alias start-web="cd /workspaces/dify/web && npm run dev"' >> ~/.bashrc
+echo 'alias start-web="cd /workspaces/dify/web && pnpm dev"' >> ~/.bashrc
 echo 'alias start-containers="cd /workspaces/dify/docker && docker-compose -f docker-compose.middleware.yaml -p dify up -d"' >> ~/.bashrc

-source /home/vscode/.bashrc
+source /home/vscode/.bashrc
--- a/.github/workflows/style.yml
+++ b/.github/workflows/style.yml
@ -76,16 +76,16 @@ jobs:
        if: steps.changed-files.outputs.any_changed == 'true'
        with:
          node-version: 20
-          cache: yarn
+          cache: pnpm
          cache-dependency-path: ./web/package.json

      - name: Web dependencies
        if: steps.changed-files.outputs.any_changed == 'true'
-        run: yarn install --frozen-lockfile
+        run: pnpm install --frozen-lockfile

      - name: Web style check
        if: steps.changed-files.outputs.any_changed == 'true'
-        run: yarn run lint
+        run: pnpm run lint


  superlinter:
--- a/.github/workflows/tool-test-sdks.yaml
+++ b/.github/workflows/tool-test-sdks.yaml
@ -32,10 +32,10 @@ jobs:
        with:
          node-version: ${{ matrix.node-version }}
          cache: ''
-          cache-dependency-path: 'yarn.lock'
+          cache-dependency-path: 'pnpm-lock.yaml'

      - name: Install Dependencies
-        run: yarn install
+        run: pnpm install

      - name: Test
-        run: yarn test
+        run: pnpm test
--- a/.github/workflows/translate-i18n-base-on-english.yml
+++ b/.github/workflows/translate-i18n-base-on-english.yml
@ -38,11 +38,11 @@ jobs:

      - name: Install dependencies
        if: env.FILES_CHANGED == 'true'
-        run: yarn install --frozen-lockfile
+        run: pnpm install --frozen-lockfile

      - name: Run npm script
        if: env.FILES_CHANGED == 'true'
-        run: npm run auto-gen-i18n
+        run: pnpm run auto-gen-i18n

      - name: Create Pull Request
        if: env.FILES_CHANGED == 'true'
--- a/.github/workflows/web-tests.yml
+++ b/.github/workflows/web-tests.yml
@ -34,13 +34,13 @@ jobs:
        if: steps.changed-files.outputs.any_changed == 'true'
        with:
          node-version: 20
-          cache: yarn
+          cache: pnpm
          cache-dependency-path: ./web/package.json

      - name: Install dependencies
        if: steps.changed-files.outputs.any_changed == 'true'
-        run: yarn install --frozen-lockfile
+        run: pnpm install --frozen-lockfile

      - name: Run tests
        if: steps.changed-files.outputs.any_changed == 'true'
-        run: yarn test
+        run: pnpm test
--- a/.gitignore
+++ b/.gitignore
@ -175,8 +175,6 @@ docker/volumes/pgvector/data/*
 docker/volumes/pgvecto_rs/data/*

 docker/nginx/conf.d/default.conf
-docker/nginx/ssl/*
-!docker/nginx/ssl/.gitkeep
 docker/middleware.env

 sdks/python-client/build
@ -189,4 +187,7 @@ pyrightconfig.json
 api/.vscode

 .idea/
-.vscode
+.vscode
+
+# pnpm
+/.pnpm-store
--- a/5
+++ b/5
@ -6,9 +6,8 @@ Dify is licensed under the Apache License 2.0, with the following additional con

 a. Multi-tenant service: Unless explicitly authorized by Dify in writing, you may not use the Dify source code to operate a multi-tenant environment. 
    - Tenant Definition: Within the context of Dify, one tenant corresponds to one workspace. The workspace provides a separated area for each tenant's data and configurations.
-    
-b. LOGO and copyright information: In the process of using Dify's frontend, you may not remove or modify the LOGO or copyright information in the Dify console or applications. This restriction is inapplicable to uses of Dify that do not involve its frontend.
-    - Frontend Definition: For the purposes of this license, the "frontend" of Dify includes all components located in the `web/` directory when running Dify from the raw source code, or the "web" image when running Dify with Docker.
+
+b. LOGO and copyright information: In the process of using Dify's frontend components, you may not remove or modify the LOGO or copyright information in the Dify console or applications. This restriction is inapplicable to uses of Dify that do not involve its frontend components.

 Please contact business@dify.ai by email to inquire about licensing matters.

--- a/README.md
+++ b/README.md
@ -1,9 +1,5 @@
 ![cover-v5-optimized](https://github.com/langgenius/dify/assets/13230914/f9e19af5-61ba-4119-b926-d10c4c06ebab)

-<p align="center">
-  📌 <a href="https://dify.ai/blog/introducing-dify-workflow-file-upload-a-demo-on-ai-podcast">Introducing Dify Workflow File Upload: Recreate Google NotebookLM Podcast</a>
-</p>
-
 <p align="center">
  <a href="https://cloud.dify.ai">Dify Cloud</a> ·
  <a href="https://docs.dify.ai/getting-started/install-self-hosted">Self-hosting</a> ·
@ -172,7 +168,7 @@ Star Dify on GitHub and be instantly notified of new releases.
 > Before installing Dify, make sure your machine meets the following minimum system requirements:
 > 
 >- CPU >= 2 Core
->- RAM >= 4 GiB
+>- RAM >= 4GB

 </br>

--- a/README_CN.md
+++ b/README_CN.md
@ -154,7 +154,7 @@ Dify 是一个开源的 LLM 应用开发平台。其直观的界面结合了 AI
 我们提供[ Dify 云服务](https://dify.ai)，任何人都可以零设置尝试。它提供了自部署版本的所有功能，并在沙盒计划中包含 200 次免费的 GPT-4 调用。

 - **自托管 Dify 社区版</br>**
-使用这个[入门指南](#快速启动)快速在您的环境中运行 Dify。
+使用这个[入门指南](#quick-start)快速在您的环境中运行 Dify。
 使用我们的[文档](https://docs.dify.ai)进行进一步的参考和更深入的说明。

 - **面向企业/组织的 Dify</br>**
@ -174,7 +174,7 @@ Dify 是一个开源的 LLM 应用开发平台。其直观的界面结合了 AI
 在安装 Dify 之前，请确保您的机器满足以下最低系统要求：

 - CPU >= 2 Core
- RAM >= 4 GiB
+- RAM >= 4GB

 ### 快速启动

--- a/api/.env.example
+++ b/api/.env.example
@ -31,17 +31,8 @@ REDIS_HOST=localhost
 REDIS_PORT=6379
 REDIS_USERNAME=
 REDIS_PASSWORD=difyai123456
-REDIS_USE_SSL=false
 REDIS_DB=0

-# redis Sentinel configuration.
-REDIS_USE_SENTINEL=false
-REDIS_SENTINELS=
-REDIS_SENTINEL_SERVICE_NAME=
-REDIS_SENTINEL_USERNAME=
-REDIS_SENTINEL_PASSWORD=
-REDIS_SENTINEL_SOCKET_TIMEOUT=0.1
-
 # PostgreSQL database configuration
 DB_USERNAME=postgres
 DB_PASSWORD=difyai123456
@ -51,7 +42,7 @@ DB_DATABASE=dify

 # Storage configuration
 # use for store upload files, private keys...
-# storage type: local, s3, aliyun-oss, azure-blob, baidu-obs, google-storage, huawei-obs, oci-storage, tencent-cos, volcengine-tos, supabase
+# storage type: local, s3, azure-blob, google-storage, tencent-cos, huawei-obs, volcengine-tos, baidu-obs, supabase
 STORAGE_TYPE=local
 STORAGE_LOCAL_PATH=storage
 S3_USE_AWS_MANAGED_IAM=false
@ -120,7 +111,7 @@ SUPABASE_URL=your-server-url
 WEB_API_CORS_ALLOW_ORIGINS=http://127.0.0.1:3000,*
 CONSOLE_CORS_ALLOW_ORIGINS=http://127.0.0.1:3000,*

-# Vector database configuration, support: weaviate, qdrant, milvus, myscale, relyt, pgvecto_rs, pgvector, pgvector, chroma, opensearch, tidb_vector, vikingdb, upstash
+# Vector database configuration, support: weaviate, qdrant, milvus, myscale, relyt, pgvecto_rs, pgvector, pgvector, chroma, opensearch, tidb_vector, vikingdb
 VECTOR_STORE=weaviate

 # Weaviate configuration
@ -229,10 +220,6 @@ BAIDU_VECTOR_DB_DATABASE=dify
 BAIDU_VECTOR_DB_SHARD=1
 BAIDU_VECTOR_DB_REPLICAS=3

-# Upstash configuration
-UPSTASH_VECTOR_URL=your-server-url
-UPSTASH_VECTOR_TOKEN=your-access-token
-
 # ViKingDB configuration
 VIKINGDB_ACCESS_KEY=your-ak
 VIKINGDB_SECRET_KEY=your-sk
@ -246,13 +233,10 @@ VIKINGDB_SOCKET_TIMEOUT=30
 UPLOAD_FILE_SIZE_LIMIT=15
 UPLOAD_FILE_BATCH_LIMIT=5
 UPLOAD_IMAGE_FILE_SIZE_LIMIT=10
-UPLOAD_VIDEO_FILE_SIZE_LIMIT=100
-UPLOAD_AUDIO_FILE_SIZE_LIMIT=50

 # Model Configuration
 MULTIMODAL_SEND_IMAGE_FORMAT=base64
 PROMPT_GENERATION_MAX_TOKENS=512
-CODE_GENERATION_MAX_TOKENS=1024

 # Mail configuration, support: resend, smtp
 MAIL_TYPE=
@ -318,10 +302,6 @@ RESPECT_XFORWARD_HEADERS_ENABLED=false

 # Log file path
 LOG_FILE=
-# Log file max size, the unit is MB
-LOG_FILE_MAX_SIZE=20
-# Log file max backup count
-LOG_FILE_BACKUP_COUNT=5

 # Indexing configuration
 INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=1000
@ -330,7 +310,6 @@ INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH=1000
 WORKFLOW_MAX_EXECUTION_STEPS=500
 WORKFLOW_MAX_EXECUTION_TIME=1200
 WORKFLOW_CALL_MAX_DEPTH=5
-MAX_VARIABLE_SIZE=204800

 # App configuration
 APP_MAX_EXECUTION_TIME=1200
@ -348,6 +327,3 @@ POSITION_TOOL_EXCLUDES=
 POSITION_PROVIDER_PINS=
 POSITION_PROVIDER_INCLUDES=
 POSITION_PROVIDER_EXCLUDES=
-
-# Reset password token expiry minutes
-RESET_PASSWORD_TOKEN_EXPIRY_MINUTES=5
--- a/api/.vscode/launch.json.example
+++ b/api/.vscode/launch.json.example
@ -1,15 +1,8 @@
 {
    "version": "0.2.0",
-    "compounds": [
-        {
-            "name": "Launch Flask and Celery",
-            "configurations": ["Python: Flask", "Python: Celery"]
-        }
-    ],
    "configurations": [
        {
            "name": "Python: Flask",
-            "consoleName": "Flask",
            "type": "debugpy",
            "request": "launch",
            "python": "${workspaceFolder}/.venv/bin/python",
@ -24,12 +17,12 @@
            },
            "args": [
                "run",
+                "--host=0.0.0.0",
                "--port=5001"
            ]
        },
        {
            "name": "Python: Celery",
-            "consoleName": "Celery",
            "type": "debugpy",
            "request": "launch",
            "python": "${workspaceFolder}/.venv/bin/python",
@ -52,10 +45,10 @@
                "-c",
                "1",
                "--loglevel",
-                "DEBUG",
+                "info",
                "-Q",
                "dataset,generation,mail,ops_trace,app_deletion"
            ]
-        }
+        },
    ]
-}
+}
--- a/api/Dockerfile
+++ b/api/Dockerfile
@ -55,9 +55,7 @@ RUN apt-get update \
    && echo "deb http://deb.debian.org/debian testing main" > /etc/apt/sources.list \
    && apt-get update \
    # For Security
-    && apt-get install -y --no-install-recommends zlib1g=1:1.3.dfsg+really1.3.1-1 expat=2.6.3-1 libldap-2.5-0=2.5.18+dfsg-3+b1 perl=5.40.0-6 libsqlite3-0=3.46.1-1 \
-    # install a chinese font to support the use of tools like matplotlib
-    && apt-get install -y fonts-noto-cjk \
+    && apt-get install -y --no-install-recommends zlib1g=1:1.3.dfsg+really1.3.1-1 expat=2.6.3-1 libldap-2.5-0=2.5.18+dfsg-3 perl=5.38.2-5 libsqlite3-0=3.46.0-1 \
    && apt-get autoremove -y \
    && rm -rf /var/lib/apt/lists/*

--- a/api/app.py
+++ b/api/app.py
@ -1,7 +1,5 @@
 import os

-from configs import dify_config
-
 if os.environ.get("DEBUG", "false").lower() != "true":
    from gevent import monkey

@ -22,7 +20,6 @@ from app_factory import create_app

 # DO NOT REMOVE BELOW
 from events import event_handlers  # noqa: F401
-from extensions.ext_database import db

 # TODO: Find a way to avoid importing models here
 from models import account, dataset, model, source, task, tool, tools, web  # noqa: F401
@ -38,11 +35,17 @@ if hasattr(time, "tzset"):
    time.tzset()


+# -------------
+# Configuration
+# -------------
+config_type = os.getenv("EDITION", default="SELF_HOSTED")  # ce edition first
+
+
 # create app
 app = create_app()
 celery = app.extensions["celery"]

-if dify_config.TESTING:
+if app.config.get("TESTING"):
    print("App is running in TESTING mode")


@ -50,15 +53,15 @@ if dify_config.TESTING:
 def after_request(response):
    """Add Version headers to the response."""
    response.set_cookie("remember_token", "", expires=0)
-    response.headers.add("X-Version", dify_config.CURRENT_VERSION)
-    response.headers.add("X-Env", dify_config.DEPLOY_ENV)
+    response.headers.add("X-Version", app.config["CURRENT_VERSION"])
+    response.headers.add("X-Env", app.config["DEPLOY_ENV"])
    return response


@app.route("/health")
 def health():
    return Response(
-        json.dumps({"pid": os.getpid(), "status": "ok", "version": dify_config.CURRENT_VERSION}),
+        json.dumps({"pid": os.getpid(), "status": "ok", "version": app.config["CURRENT_VERSION"]}),
        status=200,
        content_type="application/json",
    )
--- a/api/app_factory.py
+++ b/api/app_factory.py
@ -10,6 +10,9 @@ if os.environ.get("DEBUG", "false").lower() != "true":
    grpc.experimental.gevent.init_gevent()

 import json
+import logging
+import sys
+from logging.handlers import RotatingFileHandler

 from flask import Flask, Response, request
 from flask_cors import CORS
@ -24,7 +27,6 @@ from extensions import (
    ext_compress,
    ext_database,
    ext_hosting_provider,
-    ext_logging,
    ext_login,
    ext_mail,
    ext_migrate,
@ -68,7 +70,43 @@ def create_flask_app_with_configs() -> Flask:

 def create_app() -> Flask:
    app = create_flask_app_with_configs()
-    app.secret_key = dify_config.SECRET_KEY
+
+    app.secret_key = app.config["SECRET_KEY"]
+
+    log_handlers = None
+    log_file = app.config.get("LOG_FILE")
+    if log_file:
+        log_dir = os.path.dirname(log_file)
+        os.makedirs(log_dir, exist_ok=True)
+        log_handlers = [
+            RotatingFileHandler(
+                filename=log_file,
+                maxBytes=1024 * 1024 * 1024,
+                backupCount=5,
+            ),
+            logging.StreamHandler(sys.stdout),
+        ]
+
+    logging.basicConfig(
+        level=app.config.get("LOG_LEVEL"),
+        format=app.config.get("LOG_FORMAT"),
+        datefmt=app.config.get("LOG_DATEFORMAT"),
+        handlers=log_handlers,
+        force=True,
+    )
+    log_tz = app.config.get("LOG_TZ")
+    if log_tz:
+        from datetime import datetime
+
+        import pytz
+
+        timezone = pytz.timezone(log_tz)
+
+        def time_converter(seconds):
+            return datetime.utcfromtimestamp(seconds).astimezone(timezone).timetuple()
+
+        for handler in logging.root.handlers:
+            handler.formatter.converter = time_converter
    initialize_extensions(app)
    register_blueprints(app)
    register_commands(app)
@ -79,7 +117,6 @@ def create_app() -> Flask:
 def initialize_extensions(app):
    # Since the application instance is now created, pass it to each Flask
    # extension instance to bind it to the Flask application instance (app)
-    ext_logging.init_app(app)
    ext_compress.init_app(app)
    ext_code_based_extension.init()
    ext_database.init_app(app)
@ -150,7 +187,7 @@ def register_blueprints(app):

    CORS(
        web_bp,
-        resources={r"/*": {"origins": dify_config.WEB_API_CORS_ALLOW_ORIGINS}},
+        resources={r"/*": {"origins": app.config["WEB_API_CORS_ALLOW_ORIGINS"]}},
        supports_credentials=True,
        allow_headers=["Content-Type", "Authorization", "X-App-Code"],
        methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],
@ -161,7 +198,7 @@ def register_blueprints(app):

    CORS(
        console_app_bp,
-        resources={r"/*": {"origins": dify_config.CONSOLE_CORS_ALLOW_ORIGINS}},
+        resources={r"/*": {"origins": app.config["CONSOLE_CORS_ALLOW_ORIGINS"]}},
        supports_credentials=True,
        allow_headers=["Content-Type", "Authorization"],
        methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"],
--- a/api/commands.py
+++ b/api/commands.py
@ -19,7 +19,7 @@ from extensions.ext_redis import redis_client
 from libs.helper import email as email_validate
 from libs.password import hash_password, password_pattern, valid_password
 from libs.rsa import generate_key_pair
-from models import Tenant
+from models.account import Tenant
 from models.dataset import Dataset, DatasetCollectionBinding, DocumentSegment
 from models.dataset import Document as DatasetDocument
 from models.model import Account, App, AppAnnotationSetting, AppMode, Conversation, MessageAnnotation
@ -277,7 +277,6 @@ def migrate_knowledge_vector_database():
        VectorType.TENCENT,
        VectorType.BAIDU,
        VectorType.VIKINGDB,
-        VectorType.UPSTASH,
    }
    page = 1
    while True:
@ -427,14 +426,14 @@ def convert_to_agent_apps():
        # fetch first 1000 apps
        sql_query = """SELECT a.id AS id FROM apps a
            INNER JOIN app_model_configs am ON a.app_model_config_id=am.id
-            WHERE a.mode = 'chat'
-            AND am.agent_mode is not null
+            WHERE a.mode = 'chat' 
+            AND am.agent_mode is not null 
            AND (
-				am.agent_mode like '%"strategy": "function_call"%'
+				am.agent_mode like '%"strategy": "function_call"%' 
                OR am.agent_mode  like '%"strategy": "react"%'
-			)
+			) 
            AND (
-				am.agent_mode like '{"enabled": true%'
+				am.agent_mode like '{"enabled": true%' 
                OR am.agent_mode like '{"max_iteration": %'
 			) ORDER BY a.created_at DESC LIMIT 1000
        """
--- a/api/configs/feature/init.py
+++ b/api/configs/feature/init.py
@ -1,15 +1,6 @@
-from typing import Annotated, Literal, Optional
+from typing import Annotated, Optional

-from pydantic import (
-    AliasChoices,
-    Field,
-    HttpUrl,
-    NegativeInt,
-    NonNegativeInt,
-    PositiveFloat,
-    PositiveInt,
-    computed_field,
-)
+from pydantic import AliasChoices, Field, HttpUrl, NegativeInt, NonNegativeInt, PositiveInt, computed_field
 from pydantic_settings import BaseSettings

 from configs.feature.hosted_service import HostedServiceConfig
@ -20,33 +11,18 @@ class SecurityConfig(BaseSettings):
    Security-related configurations for the application
    """

-    SECRET_KEY: str = Field(
+    SECRET_KEY: Optional[str] = Field(
        description="Secret key for secure session cookie signing."
        "Make sure you are changing this key for your deployment with a strong key."
        "Generate a strong key using `openssl rand -base64 42` or set via the `SECRET_KEY` environment variable.",
-        default="",
-    )
-
-    RESET_PASSWORD_TOKEN_EXPIRY_MINUTES: PositiveInt = Field(
-        description="Duration in minutes for which a password reset token remains valid",
-        default=5,
-    )
-
-    LOGIN_DISABLED: bool = Field(
-        description="Whether to disable login checks",
-        default=False,
-    )
-
-    ADMIN_API_KEY_ENABLE: bool = Field(
-        description="Whether to enable admin api key for authentication",
-        default=False,
-    )
-
-    ADMIN_API_KEY: Optional[str] = Field(
-        description="admin api key for authentication",
        default=None,
    )

+    RESET_PASSWORD_TOKEN_EXPIRY_HOURS: PositiveInt = Field(
+        description="Duration in hours for which a password reset token remains valid",
+        default=24,
+    )
+

 class AppExecutionConfig(BaseSettings):
    """
@ -201,16 +177,6 @@ class FileUploadConfig(BaseSettings):
        default=10,
    )

-    UPLOAD_VIDEO_FILE_SIZE_LIMIT: NonNegativeInt = Field(
-        description="video file size limit in Megabytes for uploading files",
-        default=100,
-    )
-
-    UPLOAD_AUDIO_FILE_SIZE_LIMIT: NonNegativeInt = Field(
-        description="audio file size limit in Megabytes for uploading files",
-        default=50,
-    )
-
    BATCH_UPLOAD_LIMIT: NonNegativeInt = Field(
        description="Maximum number of files allowed in a batch upload operation",
        default=20,
@ -319,16 +285,6 @@ class LoggingConfig(BaseSettings):
        default=None,
    )

-    LOG_FILE_MAX_SIZE: PositiveInt = Field(
-        description="Maximum file size for file rotation retention, the unit is megabytes (MB)",
-        default=20,
-    )
-
-    LOG_FILE_BACKUP_COUNT: PositiveInt = Field(
-        description="Maximum file backup count file rotation retention",
-        default=5,
-    )
-
    LOG_FORMAT: str = Field(
        description="Format string for log messages",
        default="%(asctime)s.%(msecs)03d %(levelname)s [%(threadName)s] [%(filename)s:%(lineno)d] - %(message)s",
@ -399,8 +355,8 @@ class WorkflowConfig(BaseSettings):
    )

    MAX_VARIABLE_SIZE: PositiveInt = Field(
-        description="Maximum size in bytes for a single variable in workflows. Default to 200 KB.",
-        default=200 * 1024,
+        description="Maximum size in bytes for a single variable in workflows. Default to 5KB.",
+        default=5 * 1024,
    )


@ -517,18 +473,12 @@ class MailConfig(BaseSettings):
        default=False,
    )

-    EMAIL_SEND_IP_LIMIT_PER_MINUTE: PositiveInt = Field(
-        description="Maximum number of emails allowed to be sent from the same IP address in a minute",
-        default=50,
-    )
-

 class RagEtlConfig(BaseSettings):
    """
    Configuration for RAG ETL processes
    """

-    # TODO: This config is not only for rag etl, it is also for file upload, we should move it to file upload config
    ETL_TYPE: str = Field(
        description="RAG ETL type ('dify' or 'Unstructured'), default to 'dify'",
        default="dify",
@ -571,11 +521,6 @@ class DataSetConfig(BaseSettings):
        default=False,
    )

-    TIDB_SERVERLESS_NUMBER: PositiveInt = Field(
-        description="number of tidb serverless cluster",
-        default=500,
-    )
-

 class WorkspaceConfig(BaseSettings):
    """
@ -600,7 +545,7 @@ class IndexingConfig(BaseSettings):


 class ImageFormatConfig(BaseSettings):
-    MULTIMODAL_SEND_IMAGE_FORMAT: Literal["base64", "url"] = Field(
+    MULTIMODAL_SEND_IMAGE_FORMAT: str = Field(
        description="Format for sending images in multimodal contexts ('base64' or 'url'), default is base64",
        default="base64",
    )
@ -669,33 +614,6 @@ class PositionConfig(BaseSettings):
        return {item.strip() for item in self.POSITION_TOOL_EXCLUDES.split(",") if item.strip() != ""}


-class LoginConfig(BaseSettings):
-    ENABLE_EMAIL_CODE_LOGIN: bool = Field(
-        description="whether to enable email code login",
-        default=False,
-    )
-    ENABLE_EMAIL_PASSWORD_LOGIN: bool = Field(
-        description="whether to enable email password login",
-        default=True,
-    )
-    ENABLE_SOCIAL_OAUTH_LOGIN: bool = Field(
-        description="whether to enable github/google oauth login",
-        default=False,
-    )
-    EMAIL_CODE_LOGIN_TOKEN_EXPIRY_MINUTES: PositiveInt = Field(
-        description="expiry time in minutes for email code login token",
-        default=5,
-    )
-    ALLOW_REGISTER: bool = Field(
-        description="whether to enable register",
-        default=False,
-    )
-    ALLOW_CREATE_WORKSPACE: bool = Field(
-        description="whether to enable create workspace",
-        default=False,
-    )
-
-
 class FeatureConfig(
    # place the configs in alphabet order
    AppExecutionConfig,
@ -721,7 +639,6 @@ class FeatureConfig(
    UpdateConfig,
    WorkflowConfig,
    WorkspaceConfig,
-    LoginConfig,
    # hosted services config
    HostedServiceConfig,
    CeleryBeatConfig,
--- a/api/configs/middleware/init.py
+++ b/api/configs/middleware/init.py
@ -27,9 +27,7 @@ from configs.middleware.vdb.pgvectors_config import PGVectoRSConfig
 from configs.middleware.vdb.qdrant_config import QdrantConfig
 from configs.middleware.vdb.relyt_config import RelytConfig
 from configs.middleware.vdb.tencent_vector_config import TencentVectorDBConfig
-from configs.middleware.vdb.tidb_on_qdrant_config import TidbOnQdrantConfig
 from configs.middleware.vdb.tidb_vector_config import TiDBVectorConfig
-from configs.middleware.vdb.upstash_config import UpstashConfig
 from configs.middleware.vdb.vikingdb_config import VikingDBConfig
 from configs.middleware.vdb.weaviate_config import WeaviateConfig

@ -37,8 +35,7 @@ from configs.middleware.vdb.weaviate_config import WeaviateConfig
 class StorageConfig(BaseSettings):
    STORAGE_TYPE: str = Field(
        description="Type of storage to use."
-        " Options: 'local', 's3', 'aliyun-oss', 'azure-blob', 'baidu-obs', 'google-storage', 'huawei-obs', "
-        "'oci-storage', 'tencent-cos', 'volcengine-tos', 'supabase'. Default is 'local'.",
+        " Options: 'local', 's3', 'azure-blob', 'aliyun-oss', 'google-storage'. Default is 'local'.",
        default="local",
    )

@ -55,11 +52,6 @@ class VectorStoreConfig(BaseSettings):
        default=None,
    )

-    VECTOR_STORE_WHITELIST_ENABLE: Optional[bool] = Field(
-        description="Enable whitelist for vector store.",
-        default=False,
-    )
-

 class KeywordStoreConfig(BaseSettings):
    KEYWORD_STORE: str = Field(
@ -253,7 +245,5 @@ class MiddlewareConfig(
    ElasticsearchConfig,
    InternalTestConfig,
    VikingDBConfig,
-    UpstashConfig,
-    TidbOnQdrantConfig,
 ):
    pass
--- a/api/configs/middleware/vdb/tidb_on_qdrant_config.py
+++ b/api/configs/middleware/vdb/tidb_on_qdrant_config.py
@ -1,65 +0,0 @@
-from typing import Optional
-
-from pydantic import Field, NonNegativeInt, PositiveInt
-from pydantic_settings import BaseSettings
-
-
-class TidbOnQdrantConfig(BaseSettings):
-    """
-    Tidb on Qdrant configs
-    """
-
-    TIDB_ON_QDRANT_URL: Optional[str] = Field(
-        description="Tidb on Qdrant url",
-        default=None,
-    )
-
-    TIDB_ON_QDRANT_API_KEY: Optional[str] = Field(
-        description="Tidb on Qdrant api key",
-        default=None,
-    )
-
-    TIDB_ON_QDRANT_CLIENT_TIMEOUT: NonNegativeInt = Field(
-        description="Tidb on Qdrant client timeout in seconds",
-        default=20,
-    )
-
-    TIDB_ON_QDRANT_GRPC_ENABLED: bool = Field(
-        description="whether enable grpc support for Tidb on Qdrant connection",
-        default=False,
-    )
-
-    TIDB_ON_QDRANT_GRPC_PORT: PositiveInt = Field(
-        description="Tidb on Qdrant grpc port",
-        default=6334,
-    )
-
-    TIDB_PUBLIC_KEY: Optional[str] = Field(
-        description="Tidb account public key",
-        default=None,
-    )
-
-    TIDB_PRIVATE_KEY: Optional[str] = Field(
-        description="Tidb account private key",
-        default=None,
-    )
-
-    TIDB_API_URL: Optional[str] = Field(
-        description="Tidb API url",
-        default=None,
-    )
-
-    TIDB_IAM_API_URL: Optional[str] = Field(
-        description="Tidb IAM API url",
-        default=None,
-    )
-
-    TIDB_REGION: Optional[str] = Field(
-        description="Tidb serverless region",
-        default="regions/aws-us-east-1",
-    )
-
-    TIDB_PROJECT_ID: Optional[str] = Field(
-        description="Tidb project id",
-        default=None,
-    )
--- a/api/configs/middleware/vdb/upstash_config.py
+++ b/api/configs/middleware/vdb/upstash_config.py
@ -1,20 +0,0 @@
-from typing import Optional
-
-from pydantic import Field
-from pydantic_settings import BaseSettings
-
-
-class UpstashConfig(BaseSettings):
-    """
-    Configuration settings for Upstash vector database
-    """
-
-    UPSTASH_VECTOR_URL: Optional[str] = Field(
-        description="URL of the upstash server (e.g., 'https://vector.upstash.io')",
-        default=None,
-    )
-
-    UPSTASH_VECTOR_TOKEN: Optional[str] = Field(
-        description="Token for authenticating with the upstash server",
-        default=None,
-    )
--- a/api/configs/packaging/init.py
+++ b/api/configs/packaging/init.py
@ -9,7 +9,7 @@ class PackagingInfo(BaseSettings):

    CURRENT_VERSION: str = Field(
        description="Dify version",
-        default="0.10.2",
+        default="0.9.2",
    )

    COMMIT_SHA: str = Field(
--- a/api/constants/init.py
+++ b/api/constants/init.py
@ -1,24 +1,2 @@
-from configs import dify_config
-
 HIDDEN_VALUE = "[__HIDDEN__]"
 UUID_NIL = "00000000-0000-0000-0000-000000000000"
-
-IMAGE_EXTENSIONS = ["jpg", "jpeg", "png", "webp", "gif", "svg"]
-IMAGE_EXTENSIONS.extend([ext.upper() for ext in IMAGE_EXTENSIONS])
-
-VIDEO_EXTENSIONS = ["mp4", "mov", "mpeg", "mpga"]
-VIDEO_EXTENSIONS.extend([ext.upper() for ext in VIDEO_EXTENSIONS])
-
-AUDIO_EXTENSIONS = ["mp3", "m4a", "wav", "webm", "amr"]
-AUDIO_EXTENSIONS.extend([ext.upper() for ext in AUDIO_EXTENSIONS])
-
-
-if dify_config.ETL_TYPE == "Unstructured":
-    DOCUMENT_EXTENSIONS = ["txt", "markdown", "md", "pdf", "html", "htm", "xlsx", "xls"]
-    DOCUMENT_EXTENSIONS.extend(("docx", "csv", "eml", "msg", "pptx", "xml", "epub"))
-    if dify_config.UNSTRUCTURED_API_URL:
-        DOCUMENT_EXTENSIONS.append("ppt")
-    DOCUMENT_EXTENSIONS.extend([ext.upper() for ext in DOCUMENT_EXTENSIONS])
-else:
-    DOCUMENT_EXTENSIONS = ["txt", "markdown", "md", "pdf", "html", "htm", "xlsx", "xls", "docx", "csv"]
-    DOCUMENT_EXTENSIONS.extend([ext.upper() for ext in DOCUMENT_EXTENSIONS])
--- a/api/contexts/init.py
+++ b/api/contexts/init.py
@ -1,9 +1,7 @@
 from contextvars import ContextVar
-from typing import TYPE_CHECKING

-if TYPE_CHECKING:
-    from core.workflow.entities.variable_pool import VariablePool
+from core.workflow.entities.variable_pool import VariablePool

 tenant_id: ContextVar[str] = ContextVar("tenant_id")

-workflow_variable_pool: ContextVar["VariablePool"] = ContextVar("workflow_variable_pool")
+workflow_variable_pool: ContextVar[VariablePool] = ContextVar("workflow_variable_pool")
--- a/api/controllers/console/admin.py
+++ b/api/controllers/console/admin.py
@ -1,10 +1,10 @@
+import os
 from functools import wraps

 from flask import request
 from flask_restful import Resource, reqparse
 from werkzeug.exceptions import NotFound, Unauthorized

-from configs import dify_config
 from constants.languages import supported_language
 from controllers.console import api
 from controllers.console.wraps import only_edition_cloud
@ -15,7 +15,7 @@ from models.model import App, InstalledApp, RecommendedApp
 def admin_required(view):
    @wraps(view)
    def decorated(*args, **kwargs):
-        if not dify_config.ADMIN_API_KEY:
+        if not os.getenv("ADMIN_API_KEY"):
            raise Unauthorized("API key is invalid.")

        auth_header = request.headers.get("Authorization")
@ -31,7 +31,7 @@ def admin_required(view):
        if auth_scheme != "bearer":
            raise Unauthorized("Invalid Authorization header format. Expected 'Bearer <api-key>' format.")

-        if dify_config.ADMIN_API_KEY != auth_token:
+        if os.getenv("ADMIN_API_KEY") != auth_token:
            raise Unauthorized("API key is invalid.")

        return view(*args, **kwargs)
--- a/api/controllers/console/app/conversation.py
+++ b/api/controllers/console/app/conversation.py
@ -22,8 +22,7 @@ from fields.conversation_fields import (
 )
 from libs.helper import DatetimeString
 from libs.login import login_required
-from models import Conversation, EndUser, Message, MessageAnnotation
-from models.model import AppMode
+from models.model import AppMode, Conversation, EndUser, Message, MessageAnnotation


 class CompletionConversationApi(Resource):
--- a/api/controllers/console/app/generator.py
+++ b/api/controllers/console/app/generator.py
@ -52,39 +52,4 @@ class RuleGenerateApi(Resource):
        return rules


-class RuleCodeGenerateApi(Resource):
-    @setup_required
-    @login_required
-    @account_initialization_required
-    def post(self):
-        parser = reqparse.RequestParser()
-        parser.add_argument("instruction", type=str, required=True, nullable=False, location="json")
-        parser.add_argument("model_config", type=dict, required=True, nullable=False, location="json")
-        parser.add_argument("no_variable", type=bool, required=True, default=False, location="json")
-        parser.add_argument("code_language", type=str, required=False, default="javascript", location="json")
-        args = parser.parse_args()
-
-        account = current_user
-        CODE_GENERATION_MAX_TOKENS = int(os.getenv("CODE_GENERATION_MAX_TOKENS", "1024"))
-        try:
-            code_result = LLMGenerator.generate_code(
-                tenant_id=account.current_tenant_id,
-                instruction=args["instruction"],
-                model_config=args["model_config"],
-                code_language=args["code_language"],
-                max_tokens=CODE_GENERATION_MAX_TOKENS,
-            )
-        except ProviderTokenNotInitError as ex:
-            raise ProviderNotInitializeError(ex.description)
-        except QuotaExceededError:
-            raise ProviderQuotaExceededError()
-        except ModelCurrentlyNotSupportError:
-            raise ProviderModelCurrentlyNotSupportError()
-        except InvokeError as e:
-            raise CompletionRequestError(e.description)
-
-        return code_result
-
-
 api.add_resource(RuleGenerateApi, "/rule-generate")
-api.add_resource(RuleCodeGenerateApi, "/rule-code-generate")
--- a/api/controllers/console/app/message.py
+++ b/api/controllers/console/app/message.py
@ -105,8 +105,6 @@ class ChatMessageListApi(Resource):
            if rest_count > 0:
                has_more = True

-        history_messages = list(reversed(history_messages))
-
        return InfiniteScrollPagination(data=history_messages, limit=args["limit"], has_more=has_more)


--- a/api/controllers/console/app/site.py
+++ b/api/controllers/console/app/site.py
@ -12,7 +12,7 @@ from controllers.console.wraps import account_initialization_required
 from extensions.ext_database import db
 from fields.app_fields import app_site_fields
 from libs.login import login_required
-from models import Site
+from models.model import Site


 def parse_app_site_args():
--- a/api/controllers/console/app/workflow.py
+++ b/api/controllers/console/app/workflow.py
@ -13,14 +13,14 @@ from controllers.console.setup import setup_required
 from controllers.console.wraps import account_initialization_required
 from core.app.apps.base_app_queue_manager import AppQueueManager
 from core.app.entities.app_invoke_entities import InvokeFrom
-from factories import variable_factory
+from core.app.segments import factory
+from core.errors.error import AppInvokeQuotaExceededError
 from fields.workflow_fields import workflow_fields
 from fields.workflow_run_fields import workflow_run_node_execution_fields
 from libs import helper
 from libs.helper import TimestampField, uuid_value
 from libs.login import current_user, login_required
-from models import App
-from models.model import AppMode
+from models.model import App, AppMode
 from services.app_dsl_service import AppDslService
 from services.app_generate_service import AppGenerateService
 from services.errors.app import WorkflowHashNotEqualError
@ -101,13 +101,9 @@ class DraftWorkflowApi(Resource):

        try:
            environment_variables_list = args.get("environment_variables") or []
-            environment_variables = [
-                variable_factory.build_variable_from_mapping(obj) for obj in environment_variables_list
-            ]
+            environment_variables = [factory.build_variable_from_mapping(obj) for obj in environment_variables_list]
            conversation_variables_list = args.get("conversation_variables") or []
-            conversation_variables = [
-                variable_factory.build_variable_from_mapping(obj) for obj in conversation_variables_list
-            ]
+            conversation_variables = [factory.build_variable_from_mapping(obj) for obj in conversation_variables_list]
            workflow = workflow_service.sync_draft_workflow(
                app_model=app_model,
                graph=args["graph"],
@ -277,15 +273,17 @@ class DraftWorkflowRunApi(Resource):
        parser.add_argument("files", type=list, required=False, location="json")
        args = parser.parse_args()

-        response = AppGenerateService.generate(
-            app_model=app_model,
-            user=current_user,
-            args=args,
-            invoke_from=InvokeFrom.DEBUGGER,
-            streaming=True,
-        )
+        try:
+            response = AppGenerateService.generate(
+                app_model=app_model, user=current_user, args=args, invoke_from=InvokeFrom.DEBUGGER, streaming=True
+            )

-        return helper.compact_generate_response(response)
+            return helper.compact_generate_response(response)
+        except (ValueError, AppInvokeQuotaExceededError) as e:
+            raise e
+        except Exception as e:
+            logging.exception("internal server error.")
+            raise InternalServerError()


 class WorkflowTaskStopApi(Resource):
--- a/api/controllers/console/app/workflow_app_log.py
+++ b/api/controllers/console/app/workflow_app_log.py
@ -7,8 +7,7 @@ from controllers.console.setup import setup_required
 from controllers.console.wraps import account_initialization_required
 from fields.workflow_app_log_fields import workflow_app_log_pagination_fields
 from libs.login import login_required
-from models import App
-from models.model import AppMode
+from models.model import App, AppMode
 from services.workflow_app_service import WorkflowAppService


--- a/api/controllers/console/app/workflow_run.py
+++ b/api/controllers/console/app/workflow_run.py
@ -13,8 +13,7 @@ from fields.workflow_run_fields import (
 )
 from libs.helper import uuid_value
 from libs.login import login_required
-from models import App
-from models.model import AppMode
+from models.model import App, AppMode
 from services.workflow_run_service import WorkflowRunService


--- a/api/controllers/console/app/workflow_statistic.py
+++ b/api/controllers/console/app/workflow_statistic.py
@ -13,8 +13,8 @@ from controllers.console.wraps import account_initialization_required
 from extensions.ext_database import db
 from libs.helper import DatetimeString
 from libs.login import login_required
-from models.enums import WorkflowRunTriggeredFrom
 from models.model import AppMode
+from models.workflow import WorkflowRunTriggeredFrom


 class WorkflowDailyRunsStatistic(Resource):
--- a/api/controllers/console/app/wraps.py
+++ b/api/controllers/console/app/wraps.py
@ -5,8 +5,7 @@ from typing import Optional, Union
 from controllers.console.app.error import AppNotFoundError
 from extensions.ext_database import db
 from libs.login import current_user
-from models import App
-from models.model import AppMode
+from models.model import App, AppMode


 def get_app_model(view: Optional[Callable] = None, *, mode: Union[AppMode, list[AppMode]] = None):
--- a/api/controllers/console/auth/activate.py
+++ b/api/controllers/console/auth/activate.py
@ -1,15 +1,17 @@
+import base64
 import datetime
+import secrets

-from flask import request
 from flask_restful import Resource, reqparse

 from constants.languages import supported_language
 from controllers.console import api
 from controllers.console.error import AlreadyActivateError
 from extensions.ext_database import db
-from libs.helper import StrLen, email, extract_remote_ip, timezone
-from models.account import AccountStatus, Tenant
-from services.account_service import AccountService, RegisterService
+from libs.helper import StrLen, email, timezone
+from libs.password import hash_password, valid_password
+from models.account import AccountStatus
+from services.account_service import RegisterService


 class ActivateCheckApi(Resource):
@ -25,18 +27,8 @@ class ActivateCheckApi(Resource):
        token = args["token"]

        invitation = RegisterService.get_invitation_if_token_valid(workspaceId, reg_email, token)
-        if invitation:
-            data = invitation.get("data", {})
-            tenant: Tenant = invitation.get("tenant", None)
-            workspace_name = tenant.name if tenant else None
-            workspace_id = tenant.id if tenant else None
-            invitee_email = data.get("email") if data else None
-            return {
-                "is_valid": invitation is not None,
-                "data": {"workspace_name": workspace_name, "workspace_id": workspace_id, "email": invitee_email},
-            }
-        else:
-            return {"is_valid": False}
+
+        return {"is_valid": invitation is not None, "workspace_name": invitation["tenant"].name if invitation else None}


 class ActivateApi(Resource):
@ -46,6 +38,7 @@ class ActivateApi(Resource):
        parser.add_argument("email", type=email, required=False, nullable=True, location="json")
        parser.add_argument("token", type=str, required=True, nullable=False, location="json")
        parser.add_argument("name", type=StrLen(30), required=True, nullable=False, location="json")
+        parser.add_argument("password", type=valid_password, required=True, nullable=False, location="json")
        parser.add_argument(
            "interface_language", type=supported_language, required=True, nullable=False, location="json"
        )
@ -61,6 +54,15 @@ class ActivateApi(Resource):
        account = invitation["account"]
        account.name = args["name"]

+        # generate password salt
+        salt = secrets.token_bytes(16)
+        base64_salt = base64.b64encode(salt).decode()
+
+        # encrypt password with salt
+        password_hashed = hash_password(args["password"], salt)
+        base64_password_hashed = base64.b64encode(password_hashed).decode()
+        account.password = base64_password_hashed
+        account.password_salt = base64_salt
        account.interface_language = args["interface_language"]
        account.timezone = args["timezone"]
        account.interface_theme = "light"
@ -68,9 +70,7 @@ class ActivateApi(Resource):
        account.initialized_at = datetime.datetime.now(datetime.timezone.utc).replace(tzinfo=None)
        db.session.commit()

-        token_pair = AccountService.login(account, ip_address=extract_remote_ip(request))
-
-        return {"result": "success", "data": token_pair.model_dump()}
+        return {"result": "success"}


 api.add_resource(ActivateCheckApi, "/activate/check")
--- a/api/controllers/console/auth/error.py
+++ b/api/controllers/console/auth/error.py
@ -27,29 +27,5 @@ class InvalidTokenError(BaseHTTPException):

 class PasswordResetRateLimitExceededError(BaseHTTPException):
    error_code = "password_reset_rate_limit_exceeded"
-    description = "Too many password reset emails have been sent. Please try again in 1 minutes."
-    code = 429
-
-
-class EmailCodeError(BaseHTTPException):
-    error_code = "email_code_error"
-    description = "Email code is invalid or expired."
-    code = 400
-
-
-class EmailOrPasswordMismatchError(BaseHTTPException):
-    error_code = "email_or_password_mismatch"
-    description = "The email or password is mismatched."
-    code = 400
-
-
-class EmailPasswordLoginLimitError(BaseHTTPException):
-    error_code = "email_code_login_limit"
-    description = "Too many incorrect password attempts. Please try again later."
-    code = 429
-
-
-class EmailCodeLoginRateLimitExceededError(BaseHTTPException):
-    error_code = "email_code_login_rate_limit_exceeded"
-    description = "Too many login emails have been sent. Please try again in 5 minutes."
+    description = "Password reset rate limit exceeded. Try again later."
    code = 429
--- a/api/controllers/console/auth/forgot_password.py
+++ b/api/controllers/console/auth/forgot_password.py
@ -1,82 +1,65 @@
 import base64
+import logging
 import secrets

-from flask import request
 from flask_restful import Resource, reqparse

-from constants.languages import languages
 from controllers.console import api
 from controllers.console.auth.error import (
-    EmailCodeError,
    InvalidEmailError,
    InvalidTokenError,
    PasswordMismatchError,
+    PasswordResetRateLimitExceededError,
 )
-from controllers.console.error import EmailSendIpLimitError, NotAllowedRegister
 from controllers.console.setup import setup_required
-from events.tenant_event import tenant_was_created
 from extensions.ext_database import db
-from libs.helper import email, extract_remote_ip
+from libs.helper import email as email_validate
 from libs.password import hash_password, valid_password
 from models.account import Account
-from services.account_service import AccountService, TenantService
-from services.errors.workspace import WorkSpaceNotAllowedCreateError
-from services.feature_service import FeatureService
+from services.account_service import AccountService
+from services.errors.account import RateLimitExceededError


 class ForgotPasswordSendEmailApi(Resource):
    @setup_required
    def post(self):
        parser = reqparse.RequestParser()
-        parser.add_argument("email", type=email, required=True, location="json")
-        parser.add_argument("language", type=str, required=False, location="json")
+        parser.add_argument("email", type=str, required=True, location="json")
        args = parser.parse_args()

-        ip_address = extract_remote_ip(request)
-        if AccountService.is_email_send_ip_limit(ip_address):
-            raise EmailSendIpLimitError()
+        email = args["email"]

-        if args["language"] is not None and args["language"] == "zh-Hans":
-            language = "zh-Hans"
+        if not email_validate(email):
+            raise InvalidEmailError()
+
+        account = Account.query.filter_by(email=email).first()
+
+        if account:
+            try:
+                AccountService.send_reset_password_email(account=account)
+            except RateLimitExceededError:
+                logging.warning(f"Rate limit exceeded for email: {account.email}")
+                raise PasswordResetRateLimitExceededError()
        else:
-            language = "en-US"
+            # Return success to avoid revealing email registration status
+            logging.warning(f"Attempt to reset password for unregistered email: {email}")

-        account = Account.query.filter_by(email=args["email"]).first()
-        token = None
-        if account is None:
-            if FeatureService.get_system_features().is_allow_register:
-                token = AccountService.send_reset_password_email(email=args["email"], language=language)
-                return {"result": "fail", "data": token, "code": "account_not_found"}
-            else:
-                raise NotAllowedRegister()
-        else:
-            token = AccountService.send_reset_password_email(account=account, email=args["email"], language=language)
-
-        return {"result": "success", "data": token}
+        return {"result": "success"}


 class ForgotPasswordCheckApi(Resource):
    @setup_required
    def post(self):
        parser = reqparse.RequestParser()
-        parser.add_argument("email", type=str, required=True, location="json")
-        parser.add_argument("code", type=str, required=True, location="json")
        parser.add_argument("token", type=str, required=True, nullable=False, location="json")
        args = parser.parse_args()
+        token = args["token"]

-        user_email = args["email"]
+        reset_data = AccountService.get_reset_password_data(token)

-        token_data = AccountService.get_reset_password_data(args["token"])
-        if token_data is None:
-            raise InvalidTokenError()
-
-        if user_email != token_data.get("email"):
-            raise InvalidEmailError()
-
-        if args["code"] != token_data.get("code"):
-            raise EmailCodeError()
-
-        return {"is_valid": True, "email": token_data.get("email")}
+        if reset_data is None:
+            return {"is_valid": False, "email": None}
+        return {"is_valid": True, "email": reset_data.get("email")}


 class ForgotPasswordResetApi(Resource):
@ -109,26 +92,9 @@ class ForgotPasswordResetApi(Resource):
        base64_password_hashed = base64.b64encode(password_hashed).decode()

        account = Account.query.filter_by(email=reset_data.get("email")).first()
-        if account:
-            account.password = base64_password_hashed
-            account.password_salt = base64_salt
-            db.session.commit()
-            tenant = TenantService.get_join_tenants(account)
-            if not tenant and not FeatureService.get_system_features().is_allow_create_workspace:
-                tenant = TenantService.create_tenant(f"{account.name}'s Workspace")
-                TenantService.create_tenant_member(tenant, account, role="owner")
-                account.current_tenant = tenant
-                tenant_was_created.send(tenant)
-        else:
-            try:
-                account = AccountService.create_account_and_tenant(
-                    email=reset_data.get("email"),
-                    name=reset_data.get("email"),
-                    password=password_confirm,
-                    interface_language=languages[0],
-                )
-            except WorkSpaceNotAllowedCreateError:
-                pass
+        account.password = base64_password_hashed
+        account.password_salt = base64_salt
+        db.session.commit()

        return {"result": "success"}

--- a/api/controllers/console/auth/login.py
+++ b/api/controllers/console/auth/login.py
@ -5,29 +5,12 @@ from flask import request
 from flask_restful import Resource, reqparse

 import services
-from constants.languages import languages
 from controllers.console import api
-from controllers.console.auth.error import (
-    EmailCodeError,
-    EmailOrPasswordMismatchError,
-    EmailPasswordLoginLimitError,
-    InvalidEmailError,
-    InvalidTokenError,
-)
-from controllers.console.error import (
-    AccountBannedError,
-    EmailSendIpLimitError,
-    NotAllowedCreateWorkspace,
-    NotAllowedRegister,
-)
 from controllers.console.setup import setup_required
-from events.tenant_event import tenant_was_created
 from libs.helper import email, extract_remote_ip
 from libs.password import valid_password
 from models.account import Account
-from services.account_service import AccountService, RegisterService, TenantService
-from services.errors.workspace import WorkSpaceNotAllowedCreateError
-from services.feature_service import FeatureService
+from services.account_service import AccountService, TenantService


 class LoginApi(Resource):
@ -40,43 +23,15 @@ class LoginApi(Resource):
        parser.add_argument("email", type=email, required=True, location="json")
        parser.add_argument("password", type=valid_password, required=True, location="json")
        parser.add_argument("remember_me", type=bool, required=False, default=False, location="json")
-        parser.add_argument("invite_token", type=str, required=False, default=None, location="json")
-        parser.add_argument("language", type=str, required=False, default="en-US", location="json")
        args = parser.parse_args()

-        is_login_error_rate_limit = AccountService.is_login_error_rate_limit(args["email"])
-        if is_login_error_rate_limit:
-            raise EmailPasswordLoginLimitError()
-
-        invitation = args["invite_token"]
-        if invitation:
-            invitation = RegisterService.get_invitation_if_token_valid(None, args["email"], invitation)
-
-        if args["language"] is not None and args["language"] == "zh-Hans":
-            language = "zh-Hans"
-        else:
-            language = "en-US"
+        # todo: Verify the recaptcha

        try:
-            if invitation:
-                data = invitation.get("data", {})
-                invitee_email = data.get("email") if data else None
-                if invitee_email != args["email"]:
-                    raise InvalidEmailError()
-                account = AccountService.authenticate(args["email"], args["password"], args["invite_token"])
-            else:
-                account = AccountService.authenticate(args["email"], args["password"])
-        except services.errors.account.AccountLoginError:
-            raise AccountBannedError()
-        except services.errors.account.AccountPasswordError:
-            AccountService.add_login_error_rate_limit(args["email"])
-            raise EmailOrPasswordMismatchError()
-        except services.errors.account.AccountNotFoundError:
-            if FeatureService.get_system_features().is_allow_register:
-                token = AccountService.send_reset_password_email(email=args["email"], language=language)
-                return {"result": "fail", "data": token, "code": "account_not_found"}
-            else:
-                raise NotAllowedRegister()
+            account = AccountService.authenticate(args["email"], args["password"])
+        except services.errors.account.AccountLoginError as e:
+            return {"code": "unauthorized", "message": str(e)}, 401
+
        # SELF_HOSTED only have one workspace
        tenants = TenantService.get_join_tenants(account)
        if len(tenants) == 0:
@ -86,7 +41,7 @@ class LoginApi(Resource):
            }

        token_pair = AccountService.login(account=account, ip_address=extract_remote_ip(request))
-        AccountService.reset_login_error_rate_limit(args["email"])
+
        return {"result": "success", "data": token_pair.model_dump()}


@ -94,111 +49,60 @@ class LogoutApi(Resource):
    @setup_required
    def get(self):
        account = cast(Account, flask_login.current_user)
-        if isinstance(account, flask_login.AnonymousUserMixin):
-            return {"result": "success"}
        AccountService.logout(account=account)
        flask_login.logout_user()
        return {"result": "success"}


-class ResetPasswordSendEmailApi(Resource):
+class ResetPasswordApi(Resource):
    @setup_required
-    def post(self):
-        parser = reqparse.RequestParser()
-        parser.add_argument("email", type=email, required=True, location="json")
-        parser.add_argument("language", type=str, required=False, location="json")
-        args = parser.parse_args()
+    def get(self):
+        # parser = reqparse.RequestParser()
+        # parser.add_argument('email', type=email, required=True, location='json')
+        # args = parser.parse_args()

-        if args["language"] is not None and args["language"] == "zh-Hans":
-            language = "zh-Hans"
-        else:
-            language = "en-US"
+        # import mailchimp_transactional as MailchimpTransactional
+        # from mailchimp_transactional.api_client import ApiClientError

-        account = AccountService.get_user_through_email(args["email"])
-        if account is None:
-            if FeatureService.get_system_features().is_allow_register:
-                token = AccountService.send_reset_password_email(email=args["email"], language=language)
-            else:
-                raise NotAllowedRegister()
-        else:
-            token = AccountService.send_reset_password_email(account=account, language=language)
+        # account = {'email': args['email']}
+        # account = AccountService.get_by_email(args['email'])
+        # if account is None:
+        #     raise ValueError('Email not found')
+        # new_password = AccountService.generate_password()
+        # AccountService.update_password(account, new_password)

-        return {"result": "success", "data": token}
+        # todo: Send email
+        # MAILCHIMP_API_KEY = dify_config.MAILCHIMP_TRANSACTIONAL_API_KEY
+        # mailchimp = MailchimpTransactional(MAILCHIMP_API_KEY)

+        # message = {
+        #     'from_email': 'noreply@example.com',
+        #     'to': [{'email': account['email']}],
+        #     'subject': 'Reset your Dify password',
+        #     'html': """
+        #         <p>Dear User,</p>
+        #         <p>The Dify team has generated a new password for you, details as follows:</p>
+        #         <p><strong>{new_password}</strong></p>
+        #         <p>Please change your password to log in as soon as possible.</p>
+        #         <p>Regards,</p>
+        #         <p>The Dify Team</p>
+        #     """
+        # }

-class EmailCodeLoginSendEmailApi(Resource):
-    @setup_required
-    def post(self):
-        parser = reqparse.RequestParser()
-        parser.add_argument("email", type=email, required=True, location="json")
-        parser.add_argument("language", type=str, required=False, location="json")
-        args = parser.parse_args()
+        # response = mailchimp.messages.send({
+        #     'message': message,
+        #     # required for transactional email
+        #     ' settings': {
+        #         'sandbox_mode': dify_config.MAILCHIMP_SANDBOX_MODE,
+        #     },
+        # })

-        ip_address = extract_remote_ip(request)
-        if AccountService.is_email_send_ip_limit(ip_address):
-            raise EmailSendIpLimitError()
+        # Check if MSG was sent
+        # if response.status_code != 200:
+        #     # handle error
+        #     pass

-        if args["language"] is not None and args["language"] == "zh-Hans":
-            language = "zh-Hans"
-        else:
-            language = "en-US"
-
-        account = AccountService.get_user_through_email(args["email"])
-        if account is None:
-            if FeatureService.get_system_features().is_allow_register:
-                token = AccountService.send_email_code_login_email(email=args["email"], language=language)
-            else:
-                raise NotAllowedRegister()
-        else:
-            token = AccountService.send_email_code_login_email(account=account, language=language)
-
-        return {"result": "success", "data": token}
-
-
-class EmailCodeLoginApi(Resource):
-    @setup_required
-    def post(self):
-        parser = reqparse.RequestParser()
-        parser.add_argument("email", type=str, required=True, location="json")
-        parser.add_argument("code", type=str, required=True, location="json")
-        parser.add_argument("token", type=str, required=True, location="json")
-        args = parser.parse_args()
-
-        user_email = args["email"]
-
-        token_data = AccountService.get_email_code_login_data(args["token"])
-        if token_data is None:
-            raise InvalidTokenError()
-
-        if token_data["email"] != args["email"]:
-            raise InvalidEmailError()
-
-        if token_data["code"] != args["code"]:
-            raise EmailCodeError()
-
-        AccountService.revoke_email_code_login_token(args["token"])
-        account = AccountService.get_user_through_email(user_email)
-        if account:
-            tenant = TenantService.get_join_tenants(account)
-            if not tenant:
-                if not FeatureService.get_system_features().is_allow_create_workspace:
-                    raise NotAllowedCreateWorkspace()
-                else:
-                    tenant = TenantService.create_tenant(f"{account.name}'s Workspace")
-                    TenantService.create_tenant_member(tenant, account, role="owner")
-                    account.current_tenant = tenant
-                    tenant_was_created.send(tenant)
-
-        if account is None:
-            try:
-                account = AccountService.create_account_and_tenant(
-                    email=user_email, name=user_email, interface_language=languages[0]
-                )
-            except WorkSpaceNotAllowedCreateError:
-                return NotAllowedCreateWorkspace()
-        token_pair = AccountService.login(account, ip_address=extract_remote_ip(request))
-        AccountService.reset_login_error_rate_limit(args["email"])
-        return {"result": "success", "data": token_pair.model_dump()}
+        return {"result": "success"}


 class RefreshTokenApi(Resource):
@ -216,7 +120,4 @@ class RefreshTokenApi(Resource):

 api.add_resource(LoginApi, "/login")
 api.add_resource(LogoutApi, "/logout")
-api.add_resource(EmailCodeLoginSendEmailApi, "/email-code-login")
-api.add_resource(EmailCodeLoginApi, "/email-code-login/validity")
-api.add_resource(ResetPasswordSendEmailApi, "/reset-password")
 api.add_resource(RefreshTokenApi, "/refresh-token")
--- a/api/controllers/console/auth/oauth.py
+++ b/api/controllers/console/auth/oauth.py
@ -5,20 +5,14 @@ from typing import Optional
 import requests
 from flask import current_app, redirect, request
 from flask_restful import Resource
-from werkzeug.exceptions import Unauthorized

 from configs import dify_config
 from constants.languages import languages
-from events.tenant_event import tenant_was_created
 from extensions.ext_database import db
 from libs.helper import extract_remote_ip
 from libs.oauth import GitHubOAuth, GoogleOAuth, OAuthUserInfo
-from models import Account
-from models.account import AccountStatus
+from models.account import Account, AccountStatus
 from services.account_service import AccountService, RegisterService, TenantService
-from services.errors.account import AccountNotFoundError
-from services.errors.workspace import WorkSpaceNotAllowedCreateError, WorkSpaceNotFoundError
-from services.feature_service import FeatureService

 from .. import api

@ -48,7 +42,6 @@ def get_oauth_providers():

 class OAuthLogin(Resource):
    def get(self, provider: str):
-        invite_token = request.args.get("invite_token") or None
        OAUTH_PROVIDERS = get_oauth_providers()
        with current_app.app_context():
            oauth_provider = OAUTH_PROVIDERS.get(provider)
@ -56,7 +49,7 @@ class OAuthLogin(Resource):
        if not oauth_provider:
            return {"error": "Invalid provider"}, 400

-        auth_url = oauth_provider.get_authorization_url(invite_token=invite_token)
+        auth_url = oauth_provider.get_authorization_url()
        return redirect(auth_url)


@ -69,11 +62,6 @@ class OAuthCallback(Resource):
            return {"error": "Invalid provider"}, 400

        code = request.args.get("code")
-        state = request.args.get("state")
-        invite_token = None
-        if state:
-            invite_token = state
-
        try:
            token = oauth_provider.get_access_token(code)
            user_info = oauth_provider.get_user_info(token)
@ -81,43 +69,17 @@ class OAuthCallback(Resource):
            logging.exception(f"An error occurred during the OAuth process with {provider}: {e.response.text}")
            return {"error": "OAuth process failed"}, 400

-        if invite_token and RegisterService.is_valid_invite_token(invite_token):
-            invitation = RegisterService._get_invitation_by_token(token=invite_token)
-            if invitation:
-                invitation_email = invitation.get("email", None)
-                if invitation_email != user_info.email:
-                    return redirect(f"{dify_config.CONSOLE_WEB_URL}/signin?message=Invalid invitation token.")
-
-            return redirect(f"{dify_config.CONSOLE_WEB_URL}/signin/invite-settings?invite_token={invite_token}")
-
-        try:
-            account = _generate_account(provider, user_info)
-        except AccountNotFoundError:
-            return redirect(f"{dify_config.CONSOLE_WEB_URL}/signin?message=Account not found.")
-        except (WorkSpaceNotFoundError, WorkSpaceNotAllowedCreateError):
-            return redirect(
-                f"{dify_config.CONSOLE_WEB_URL}/signin"
-                "?message=Workspace not found, please contact system admin to invite you to join in a workspace."
-            )
-
+        account = _generate_account(provider, user_info)
        # Check account status
-        if account.status == AccountStatus.BANNED.value:
-            return redirect(f"{dify_config.CONSOLE_WEB_URL}/signin?message=Account is banned.")
+        if account.status in {AccountStatus.BANNED.value, AccountStatus.CLOSED.value}:
+            return {"error": "Account is banned or closed."}, 403

        if account.status == AccountStatus.PENDING.value:
            account.status = AccountStatus.ACTIVE.value
            account.initialized_at = datetime.now(timezone.utc).replace(tzinfo=None)
            db.session.commit()

-        try:
-            TenantService.create_owner_tenant_if_not_exist(account)
-        except Unauthorized:
-            return redirect(f"{dify_config.CONSOLE_WEB_URL}/signin?message=Workspace not found.")
-        except WorkSpaceNotAllowedCreateError:
-            return redirect(
-                f"{dify_config.CONSOLE_WEB_URL}/signin"
-                "?message=Workspace not found, please contact system admin to invite you to join in a workspace."
-            )
+        TenantService.create_owner_tenant_if_not_exist(account)

        token_pair = AccountService.login(
            account=account,
@ -142,20 +104,8 @@ def _generate_account(provider: str, user_info: OAuthUserInfo):
    # Get account by openid or email.
    account = _get_account_by_openid_or_email(provider, user_info)

-    if account:
-        tenant = TenantService.get_join_tenants(account)
-        if not tenant:
-            if not FeatureService.get_system_features().is_allow_create_workspace:
-                raise WorkSpaceNotAllowedCreateError()
-            else:
-                tenant = TenantService.create_tenant(f"{account.name}'s Workspace")
-                TenantService.create_tenant_member(tenant, account, role="owner")
-                account.current_tenant = tenant
-                tenant_was_created.send(tenant)
-
    if not account:
-        if not FeatureService.get_system_features().is_allow_register:
-            raise AccountNotFoundError()
+        # Create account
        account_name = user_info.name or "Dify"
        account = RegisterService.register(
            email=user_info.email, name=account_name, password=None, open_id=user_info.id, provider=provider
--- a/api/controllers/console/datasets/data_source.py
+++ b/api/controllers/console/datasets/data_source.py
@ -15,7 +15,8 @@ from core.rag.extractor.notion_extractor import NotionExtractor
 from extensions.ext_database import db
 from fields.data_source_fields import integrate_list_fields, integrate_notion_info_list_fields
 from libs.login import login_required
-from models import DataSourceOauthBinding, Document
+from models.dataset import Document
+from models.source import DataSourceOauthBinding
 from services.dataset_service import DatasetService, DocumentService
 from tasks.document_indexing_sync_task import document_indexing_sync_task

--- a/api/controllers/console/datasets/datasets.py
+++ b/api/controllers/console/datasets/datasets.py
@ -24,8 +24,8 @@ from fields.app_fields import related_app_list
 from fields.dataset_fields import dataset_detail_fields, dataset_query_detail_fields
 from fields.document_fields import document_status_fields
 from libs.login import login_required
-from models import ApiToken, Dataset, Document, DocumentSegment, UploadFile
-from models.dataset import DatasetPermissionEnum
+from models.dataset import Dataset, DatasetPermissionEnum, Document, DocumentSegment
+from models.model import ApiToken, UploadFile
 from services.dataset_service import DatasetPermissionService, DatasetService, DocumentService


@ -102,13 +102,6 @@ class DatasetListApi(Resource):
            help="type is required. Name must be between 1 to 40 characters.",
            type=_validate_name,
        )
-        parser.add_argument(
-            "description",
-            type=str,
-            nullable=True,
-            required=False,
-            default="",
-        )
        parser.add_argument(
            "indexing_technique",
            type=str,
@ -147,7 +140,6 @@ class DatasetListApi(Resource):
            dataset = DatasetService.create_empty_dataset(
                tenant_id=current_user.current_tenant_id,
                name=args["name"],
-                description=args["description"],
                indexing_technique=args["indexing_technique"],
                account=current_user,
                permission=DatasetPermissionEnum.ONLY_ME,
@ -627,7 +619,6 @@ class DatasetRetrievalSettingApi(Resource):
                | VectorType.PGVECTO_RS
                | VectorType.BAIDU
                | VectorType.VIKINGDB
-                | VectorType.UPSTASH
            ):
                return {"retrieval_method": [RetrievalMethod.SEMANTIC_SEARCH.value]}
            case (
@ -639,7 +630,6 @@ class DatasetRetrievalSettingApi(Resource):
                | VectorType.ORACLE
                | VectorType.ELASTICSEARCH
                | VectorType.PGVECTOR
-                | VectorType.TIDB_ON_QDRANT
            ):
                return {
                    "retrieval_method": [
@ -667,7 +657,6 @@ class DatasetRetrievalSettingMockApi(Resource):
                | VectorType.PGVECTO_RS
                | VectorType.BAIDU
                | VectorType.VIKINGDB
-                | VectorType.UPSTASH
            ):
                return {"retrieval_method": [RetrievalMethod.SEMANTIC_SEARCH.value]}
            case (
--- a/api/controllers/console/datasets/datasets_document.py
+++ b/api/controllers/console/datasets/datasets_document.py
@ -46,7 +46,8 @@ from fields.document_fields import (
    document_with_segments_fields,
 )
 from libs.login import login_required
-from models import Dataset, DatasetProcessRule, Document, DocumentSegment, UploadFile
+from models.dataset import Dataset, DatasetProcessRule, Document, DocumentSegment
+from models.model import UploadFile
 from services.dataset_service import DatasetService, DocumentService
 from tasks.add_document_to_index_task import add_document_to_index_task
 from tasks.remove_document_from_index_task import remove_document_from_index_task
--- a/api/controllers/console/datasets/datasets_segments.py
+++ b/api/controllers/console/datasets/datasets_segments.py
@ -24,7 +24,7 @@ from extensions.ext_database import db
 from extensions.ext_redis import redis_client
 from fields.segment_fields import segment_fields
 from libs.login import login_required
-from models import DocumentSegment
+from models.dataset import DocumentSegment
 from services.dataset_service import DatasetService, DocumentService, SegmentService
 from tasks.batch_create_segment_to_index_task import batch_create_segment_to_index_task
 from tasks.disable_segment_from_index_task import disable_segment_from_index_task
--- a/api/controllers/console/datasets/file.py
+++ b/api/controllers/console/datasets/file.py
@ -1,12 +1,9 @@
-import urllib.parse
-
 from flask import request
 from flask_login import current_user
-from flask_restful import Resource, marshal_with, reqparse
+from flask_restful import Resource, marshal_with

 import services
 from configs import dify_config
-from constants import DOCUMENT_EXTENSIONS
 from controllers.console import api
 from controllers.console.datasets.error import (
    FileTooLargeError,
@ -16,10 +13,9 @@ from controllers.console.datasets.error import (
 )
 from controllers.console.setup import setup_required
 from controllers.console.wraps import account_initialization_required, cloud_edition_billing_resource_check
-from core.helper import ssrf_proxy
-from fields.file_fields import file_fields, remote_file_info_fields, upload_config_fields
+from fields.file_fields import file_fields, upload_config_fields
 from libs.login import login_required
-from services.file_service import FileService
+from services.file_service import ALLOWED_EXTENSIONS, UNSTRUCTURED_ALLOWED_EXTENSIONS, FileService

 PREVIEW_WORDS_LIMIT = 3000

@ -30,12 +26,13 @@ class FileApi(Resource):
    @account_initialization_required
    @marshal_with(upload_config_fields)
    def get(self):
+        file_size_limit = dify_config.UPLOAD_FILE_SIZE_LIMIT
+        batch_count_limit = dify_config.UPLOAD_FILE_BATCH_LIMIT
+        image_file_size_limit = dify_config.UPLOAD_IMAGE_FILE_SIZE_LIMIT
        return {
-            "file_size_limit": dify_config.UPLOAD_FILE_SIZE_LIMIT,
-            "batch_count_limit": dify_config.UPLOAD_FILE_BATCH_LIMIT,
-            "image_file_size_limit": dify_config.UPLOAD_IMAGE_FILE_SIZE_LIMIT,
-            "video_file_size_limit": dify_config.UPLOAD_VIDEO_FILE_SIZE_LIMIT,
-            "audio_file_size_limit": dify_config.UPLOAD_AUDIO_FILE_SIZE_LIMIT,
+            "file_size_limit": file_size_limit,
+            "batch_count_limit": batch_count_limit,
+            "image_file_size_limit": image_file_size_limit,
        }, 200

    @setup_required
@ -47,10 +44,6 @@ class FileApi(Resource):
        # get file from request
        file = request.files["file"]

-        parser = reqparse.RequestParser()
-        parser.add_argument("source", type=str, required=False, location="args")
-        source = parser.parse_args().get("source")
-
        # check file
        if "file" not in request.files:
            raise NoFileUploadedError()
@ -58,7 +51,7 @@ class FileApi(Resource):
        if len(request.files) > 1:
            raise TooManyFilesError()
        try:
-            upload_file = FileService.upload_file(file=file, user=current_user, source=source)
+            upload_file = FileService.upload_file(file, current_user)
        except services.errors.file.FileTooLargeError as file_too_large_error:
            raise FileTooLargeError(file_too_large_error.description)
        except services.errors.file.UnsupportedFileTypeError:
@ -82,24 +75,11 @@ class FileSupportTypeApi(Resource):
    @login_required
    @account_initialization_required
    def get(self):
-        return {"allowed_extensions": DOCUMENT_EXTENSIONS}
-
-
-class RemoteFileInfoApi(Resource):
-    @marshal_with(remote_file_info_fields)
-    def get(self, url):
-        decoded_url = urllib.parse.unquote(url)
-        try:
-            response = ssrf_proxy.head(decoded_url)
-            return {
-                "file_type": response.headers.get("Content-Type", "application/octet-stream"),
-                "file_length": int(response.headers.get("Content-Length", 0)),
-            }
-        except Exception as e:
-            return {"error": str(e)}, 400
+        etl_type = dify_config.ETL_TYPE
+        allowed_extensions = UNSTRUCTURED_ALLOWED_EXTENSIONS if etl_type == "Unstructured" else ALLOWED_EXTENSIONS
+        return {"allowed_extensions": allowed_extensions}


 api.add_resource(FileApi, "/files/upload")
 api.add_resource(FilePreviewApi, "/files/<uuid:file_id>/preview")
 api.add_resource(FileSupportTypeApi, "/files/support-type")
-api.add_resource(RemoteFileInfoApi, "/remote-files/<path:url>")
--- a/api/controllers/console/error.py
+++ b/api/controllers/console/error.py
@ -38,27 +38,3 @@ class AlreadyActivateError(BaseHTTPException):
    error_code = "already_activate"
    description = "Auth Token is invalid or account already activated, please check again."
    code = 403
-
-
-class NotAllowedCreateWorkspace(BaseHTTPException):
-    error_code = "not_allowed_create_workspace"
-    description = "Workspace not found, please contact system admin to invite you to join in a workspace."
-    code = 400
-
-
-class AccountBannedError(BaseHTTPException):
-    error_code = "account_banned"
-    description = "Account is banned."
-    code = 400
-
-
-class NotAllowedRegister(BaseHTTPException):
-    error_code = "unauthorized"
-    description = "Account not found."
-    code = 400
-
-
-class EmailSendIpLimitError(BaseHTTPException):
-    error_code = "email_send_ip_limit"
-    description = "Too many emails have been sent from this IP address recently. Please try again later."
-    code = 429
--- a/api/controllers/console/explore/installed_app.py
+++ b/api/controllers/console/explore/installed_app.py
@ -11,7 +11,7 @@ from controllers.console.wraps import account_initialization_required, cloud_edi
 from extensions.ext_database import db
 from fields.installed_app_fields import installed_app_list_fields
 from libs.login import login_required
-from models import App, InstalledApp, RecommendedApp
+from models.model import App, InstalledApp, RecommendedApp
 from services.account_service import TenantService


--- a/api/controllers/console/explore/parameter.py
+++ b/api/controllers/console/explore/parameter.py
@ -21,12 +21,7 @@ class AppParameterApi(InstalledAppResource):
        "options": fields.List(fields.String),
    }

-    system_parameters_fields = {
-        "image_file_size_limit": fields.Integer,
-        "video_file_size_limit": fields.Integer,
-        "audio_file_size_limit": fields.Integer,
-        "file_size_limit": fields.Integer,
-    }
+    system_parameters_fields = {"image_file_size_limit": fields.String}

    parameters_fields = {
        "opening_statement": fields.String,
@ -87,12 +82,7 @@ class AppParameterApi(InstalledAppResource):
                    }
                },
            ),
-            "system_parameters": {
-                "image_file_size_limit": dify_config.UPLOAD_IMAGE_FILE_SIZE_LIMIT,
-                "video_file_size_limit": dify_config.UPLOAD_VIDEO_FILE_SIZE_LIMIT,
-                "audio_file_size_limit": dify_config.UPLOAD_AUDIO_FILE_SIZE_LIMIT,
-                "file_size_limit": dify_config.UPLOAD_FILE_SIZE_LIMIT,
-            },
+            "system_parameters": {"image_file_size_limit": dify_config.UPLOAD_IMAGE_FILE_SIZE_LIMIT},
        }


--- a/api/controllers/console/explore/saved_message.py
+++ b/api/controllers/console/explore/saved_message.py
@ -18,7 +18,7 @@ message_fields = {
    "inputs": fields.Raw,
    "query": fields.String,
    "answer": fields.String,
-    "message_files": fields.List(fields.Nested(message_file_fields)),
+    "message_files": fields.List(fields.Nested(message_file_fields), attribute="files"),
    "feedback": fields.Nested(feedback_fields, attribute="user_feedback", allow_null=True),
    "created_at": TimestampField,
 }
--- a/api/controllers/console/explore/wraps.py
+++ b/api/controllers/console/explore/wraps.py
@ -7,7 +7,7 @@ from werkzeug.exceptions import NotFound
 from controllers.console.wraps import account_initialization_required
 from extensions.ext_database import db
 from libs.login import login_required
-from models import InstalledApp
+from models.model import InstalledApp


 def installed_app_required(view=None):
--- a/api/controllers/console/workspace/account.py
+++ b/api/controllers/console/workspace/account.py
@ -20,7 +20,7 @@ from extensions.ext_database import db
 from fields.member_fields import account_fields
 from libs.helper import TimestampField, timezone
 from libs.login import login_required
-from models import AccountIntegrate, InvitationCode
+from models.account import AccountIntegrate, InvitationCode
 from services.account_service import AccountService
 from services.errors.account import CurrentPasswordIncorrectError as ServiceCurrentPasswordIncorrectError

--- a/api/controllers/console/workspace/tool_providers.py
+++ b/api/controllers/console/workspace/tool_providers.py
@ -360,15 +360,16 @@ class ToolWorkflowProviderCreateApi(Resource):
        args = reqparser.parse_args()

        return WorkflowToolManageService.create_workflow_tool(
-            user_id=user_id,
-            tenant_id=tenant_id,
-            workflow_app_id=args["workflow_app_id"],
-            name=args["name"],
-            label=args["label"],
-            icon=args["icon"],
-            description=args["description"],
-            parameters=args["parameters"],
-            privacy_policy=args["privacy_policy"],
+            user_id,
+            tenant_id,
+            args["workflow_app_id"],
+            args["name"],
+            args["label"],
+            args["icon"],
+            args["description"],
+            args["parameters"],
+            args["privacy_policy"],
+            args.get("labels", []),
        )


--- a/api/controllers/console/workspace/workspace.py
+++ b/api/controllers/console/workspace/workspace.py
@ -198,7 +198,7 @@ class WebappLogoWorkspaceApi(Resource):
            raise UnsupportedFileTypeError()

        try:
-            upload_file = FileService.upload_file(file=file, user=current_user)
+            upload_file = FileService.upload_file(file, current_user, True)

        except services.errors.file.FileTooLargeError as file_too_large_error:
            raise FileTooLargeError(file_too_large_error.description)
--- a/api/controllers/files/image_preview.py
+++ b/api/controllers/files/image_preview.py
@ -1,5 +1,5 @@
 from flask import Response, request
-from flask_restful import Resource, reqparse
+from flask_restful import Resource
 from werkzeug.exceptions import NotFound

 import services
@ -10,10 +10,6 @@ from services.file_service import FileService


 class ImagePreviewApi(Resource):
-    """
-    Deprecated
-    """
-
    def get(self, file_id):
        file_id = str(file_id)

@ -25,57 +21,13 @@ class ImagePreviewApi(Resource):
            return {"content": "Invalid request."}, 400

        try:
-            generator, mimetype = FileService.get_image_preview(
-                file_id=file_id,
-                timestamp=timestamp,
-                nonce=nonce,
-                sign=sign,
-            )
+            generator, mimetype = FileService.get_image_preview(file_id, timestamp, nonce, sign)
        except services.errors.file.UnsupportedFileTypeError:
            raise UnsupportedFileTypeError()

        return Response(generator, mimetype=mimetype)


-class FilePreviewApi(Resource):
-    def get(self, file_id):
-        file_id = str(file_id)
-
-        parser = reqparse.RequestParser()
-        parser.add_argument("timestamp", type=str, required=True, location="args")
-        parser.add_argument("nonce", type=str, required=True, location="args")
-        parser.add_argument("sign", type=str, required=True, location="args")
-        parser.add_argument("as_attachment", type=bool, required=False, default=False, location="args")
-
-        args = parser.parse_args()
-
-        if not args["timestamp"] or not args["nonce"] or not args["sign"]:
-            return {"content": "Invalid request."}, 400
-
-        try:
-            generator, upload_file = FileService.get_file_generator_by_file_id(
-                file_id=file_id,
-                timestamp=args["timestamp"],
-                nonce=args["nonce"],
-                sign=args["sign"],
-            )
-        except services.errors.file.UnsupportedFileTypeError:
-            raise UnsupportedFileTypeError()
-
-        response = Response(
-            generator,
-            mimetype=upload_file.mime_type,
-            direct_passthrough=True,
-            headers={},
-        )
-        if upload_file.size > 0:
-            response.headers["Content-Length"] = str(upload_file.size)
-        if args["as_attachment"]:
-            response.headers["Content-Disposition"] = f"attachment; filename={upload_file.name}"
-
-        return response
-
-
 class WorkspaceWebappLogoApi(Resource):
    def get(self, workspace_id):
        workspace_id = str(workspace_id)
@ -97,5 +49,4 @@ class WorkspaceWebappLogoApi(Resource):


 api.add_resource(ImagePreviewApi, "/files/<uuid:file_id>/image-preview")
-api.add_resource(FilePreviewApi, "/files/<uuid:file_id>/file-preview")
 api.add_resource(WorkspaceWebappLogoApi, "/files/workspaces/<uuid:workspace_id>/webapp-logo")
--- a/api/controllers/files/tool_files.py
+++ b/api/controllers/files/tool_files.py
@ -16,7 +16,6 @@ class ToolFilePreviewApi(Resource):
        parser.add_argument("timestamp", type=str, required=True, location="args")
        parser.add_argument("nonce", type=str, required=True, location="args")
        parser.add_argument("sign", type=str, required=True, location="args")
-        parser.add_argument("as_attachment", type=bool, required=False, default=False, location="args")

        args = parser.parse_args()

@ -29,27 +28,18 @@ class ToolFilePreviewApi(Resource):
            raise Forbidden("Invalid request.")

        try:
-            stream, tool_file = ToolFileManager.get_file_generator_by_tool_file_id(
+            result = ToolFileManager.get_file_generator_by_tool_file_id(
                file_id,
            )

-            if not stream or not tool_file:
+            if not result:
                raise NotFound("file is not found")
+
+            generator, mimetype = result
        except Exception:
            raise UnsupportedFileTypeError()

-        response = Response(
-            stream,
-            mimetype=tool_file.mimetype,
-            direct_passthrough=True,
-            headers={},
-        )
-        if tool_file.size > 0:
-            response.headers["Content-Length"] = str(tool_file.size)
-        if args["as_attachment"]:
-            response.headers["Content-Disposition"] = f"attachment; filename={tool_file.name}"
-
-        return response
+        return Response(generator, mimetype=mimetype)


 api.add_resource(ToolFilePreviewApi, "/files/tools/<uuid:file_id>.<string:extension>")
--- a/api/controllers/inner_api/workspace/workspace.py
+++ b/api/controllers/inner_api/workspace/workspace.py
@ -21,7 +21,7 @@ class EnterpriseWorkspace(Resource):
        if account is None:
            return {"message": "owner account not found."}, 404

-        tenant = TenantService.create_tenant(args["name"], is_from_dashboard=True)
+        tenant = TenantService.create_tenant(args["name"])
        TenantService.create_tenant_member(tenant, account, role="owner")

        tenant_was_created.send(tenant)
--- a/api/controllers/service_api/app/app.py
+++ b/api/controllers/service_api/app/app.py
@ -21,12 +21,7 @@ class AppParameterApi(Resource):
        "options": fields.List(fields.String),
    }

-    system_parameters_fields = {
-        "image_file_size_limit": fields.Integer,
-        "video_file_size_limit": fields.Integer,
-        "audio_file_size_limit": fields.Integer,
-        "file_size_limit": fields.Integer,
-    }
+    system_parameters_fields = {"image_file_size_limit": fields.String}

    parameters_fields = {
        "opening_statement": fields.String,
@ -86,12 +81,7 @@ class AppParameterApi(Resource):
                    }
                },
            ),
-            "system_parameters": {
-                "image_file_size_limit": dify_config.UPLOAD_IMAGE_FILE_SIZE_LIMIT,
-                "video_file_size_limit": dify_config.UPLOAD_VIDEO_FILE_SIZE_LIMIT,
-                "audio_file_size_limit": dify_config.UPLOAD_AUDIO_FILE_SIZE_LIMIT,
-                "file_size_limit": dify_config.UPLOAD_FILE_SIZE_LIMIT,
-            },
+            "system_parameters": {"image_file_size_limit": dify_config.UPLOAD_IMAGE_FILE_SIZE_LIMIT},
        }


--- a/api/controllers/service_api/app/message.py
+++ b/api/controllers/service_api/app/message.py
@ -48,7 +48,7 @@ class MessageListApi(Resource):
        "tool_input": fields.String,
        "created_at": TimestampField,
        "observation": fields.String,
-        "message_files": fields.List(fields.Nested(message_file_fields)),
+        "message_files": fields.List(fields.String, attribute="files"),
    }

    message_fields = {
@ -58,7 +58,7 @@ class MessageListApi(Resource):
        "inputs": fields.Raw,
        "query": fields.String,
        "answer": fields.String(attribute="re_sign_file_url_answer"),
-        "message_files": fields.List(fields.Nested(message_file_fields)),
+        "message_files": fields.List(fields.Nested(message_file_fields), attribute="files"),
        "feedback": fields.Nested(feedback_fields, attribute="user_feedback", allow_null=True),
        "retriever_resources": fields.List(fields.Nested(retriever_resource_fields)),
        "created_at": TimestampField,
--- a/api/controllers/service_api/dataset/dataset.py
+++ b/api/controllers/service_api/dataset/dataset.py
@ -66,13 +66,6 @@ class DatasetListApi(DatasetApiResource):
            help="type is required. Name must be between 1 to 40 characters.",
            type=_validate_name,
        )
-        parser.add_argument(
-            "description",
-            type=str,
-            nullable=True,
-            required=False,
-            default="",
-        )
        parser.add_argument(
            "indexing_technique",
            type=str,
@ -115,7 +108,6 @@ class DatasetListApi(DatasetApiResource):
            dataset = DatasetService.create_empty_dataset(
                tenant_id=tenant_id,
                name=args["name"],
-                description=args["description"],
                indexing_technique=args["indexing_technique"],
                account=current_user,
                permission=args["permission"],
--- a/api/controllers/web/app.py
+++ b/api/controllers/web/app.py
@ -21,12 +21,7 @@ class AppParameterApi(WebApiResource):
        "options": fields.List(fields.String),
    }

-    system_parameters_fields = {
-        "image_file_size_limit": fields.Integer,
-        "video_file_size_limit": fields.Integer,
-        "audio_file_size_limit": fields.Integer,
-        "file_size_limit": fields.Integer,
-    }
+    system_parameters_fields = {"image_file_size_limit": fields.String}

    parameters_fields = {
        "opening_statement": fields.String,
@ -85,12 +80,7 @@ class AppParameterApi(WebApiResource):
                    }
                },
            ),
-            "system_parameters": {
-                "image_file_size_limit": dify_config.UPLOAD_IMAGE_FILE_SIZE_LIMIT,
-                "video_file_size_limit": dify_config.UPLOAD_VIDEO_FILE_SIZE_LIMIT,
-                "audio_file_size_limit": dify_config.UPLOAD_AUDIO_FILE_SIZE_LIMIT,
-                "file_size_limit": dify_config.UPLOAD_FILE_SIZE_LIMIT,
-            },
+            "system_parameters": {"image_file_size_limit": dify_config.UPLOAD_IMAGE_FILE_SIZE_LIMIT},
        }


--- a/api/controllers/web/file.py
+++ b/api/controllers/web/file.py
@ -1,14 +1,11 @@
-import urllib.parse
-
 from flask import request
-from flask_restful import marshal_with, reqparse
+from flask_restful import marshal_with

 import services
 from controllers.web import api
 from controllers.web.error import FileTooLargeError, NoFileUploadedError, TooManyFilesError, UnsupportedFileTypeError
 from controllers.web.wraps import WebApiResource
-from core.helper import ssrf_proxy
-from fields.file_fields import file_fields, remote_file_info_fields
+from fields.file_fields import file_fields
 from services.file_service import FileService


@ -18,10 +15,6 @@ class FileApi(WebApiResource):
        # get file from request
        file = request.files["file"]

-        parser = reqparse.RequestParser()
-        parser.add_argument("source", type=str, required=False, location="args")
-        source = parser.parse_args().get("source")
-
        # check file
        if "file" not in request.files:
            raise NoFileUploadedError()
@ -29,7 +22,7 @@ class FileApi(WebApiResource):
        if len(request.files) > 1:
            raise TooManyFilesError()
        try:
-            upload_file = FileService.upload_file(file=file, user=end_user, source=source)
+            upload_file = FileService.upload_file(file, end_user)
        except services.errors.file.FileTooLargeError as file_too_large_error:
            raise FileTooLargeError(file_too_large_error.description)
        except services.errors.file.UnsupportedFileTypeError:
@ -38,19 +31,4 @@ class FileApi(WebApiResource):
        return upload_file, 201


-class RemoteFileInfoApi(WebApiResource):
-    @marshal_with(remote_file_info_fields)
-    def get(self, url):
-        decoded_url = urllib.parse.unquote(url)
-        try:
-            response = ssrf_proxy.head(decoded_url)
-            return {
-                "file_type": response.headers.get("Content-Type", "application/octet-stream"),
-                "file_length": int(response.headers.get("Content-Length", -1)),
-            }
-        except Exception as e:
-            return {"error": str(e)}, 400
-
-
 api.add_resource(FileApi, "/files/upload")
-api.add_resource(RemoteFileInfoApi, "/remote-files/<path:url>")
--- a/api/controllers/web/message.py
+++ b/api/controllers/web/message.py
@ -22,7 +22,6 @@ from core.errors.error import ModelCurrentlyNotSupportError, ProviderTokenNotIni
 from core.model_runtime.errors.invoke import InvokeError
 from fields.conversation_fields import message_file_fields
 from fields.message_fields import agent_thought_fields
-from fields.raws import FilesContainedField
 from libs import helper
 from libs.helper import TimestampField, uuid_value
 from models.model import AppMode
@ -59,10 +58,10 @@ class MessageListApi(WebApiResource):
        "id": fields.String,
        "conversation_id": fields.String,
        "parent_message_id": fields.String,
-        "inputs": FilesContainedField,
+        "inputs": fields.Raw,
        "query": fields.String,
        "answer": fields.String(attribute="re_sign_file_url_answer"),
-        "message_files": fields.List(fields.Nested(message_file_fields)),
+        "message_files": fields.List(fields.Nested(message_file_fields), attribute="files"),
        "feedback": fields.Nested(feedback_fields, attribute="user_feedback", allow_null=True),
        "retriever_resources": fields.List(fields.Nested(retriever_resource_fields)),
        "created_at": TimestampField,
--- a/api/controllers/web/saved_message.py
+++ b/api/controllers/web/saved_message.py
@ -17,7 +17,7 @@ message_fields = {
    "inputs": fields.Raw,
    "query": fields.String,
    "answer": fields.String,
-    "message_files": fields.List(fields.Nested(message_file_fields)),
+    "message_files": fields.List(fields.Nested(message_file_fields), attribute="files"),
    "feedback": fields.Nested(feedback_fields, attribute="user_feedback", allow_null=True),
    "created_at": TimestampField,
 }
--- a/api/core/agent/base_agent_runner.py
+++ b/api/core/agent/base_agent_runner.py
@ -16,14 +16,13 @@ from core.app.entities.app_invoke_entities import (
 )
 from core.callback_handler.agent_tool_callback_handler import DifyAgentCallbackHandler
 from core.callback_handler.index_tool_callback_handler import DatasetIndexToolCallbackHandler
-from core.file import file_manager
+from core.file.message_file_parser import MessageFileParser
 from core.memory.token_buffer_memory import TokenBufferMemory
 from core.model_manager import ModelInstance
-from core.model_runtime.entities import (
+from core.model_runtime.entities.llm_entities import LLMUsage
+from core.model_runtime.entities.message_entities import (
    AssistantPromptMessage,
-    LLMUsage,
    PromptMessage,
-    PromptMessageContent,
    PromptMessageTool,
    SystemPromptMessage,
    TextPromptMessageContent,
@ -41,9 +40,9 @@ from core.tools.entities.tool_entities import (
 from core.tools.tool.dataset_retriever_tool import DatasetRetrieverTool
 from core.tools.tool.tool import Tool
 from core.tools.tool_manager import ToolManager
+from core.tools.utils.tool_parameter_converter import ToolParameterConverter
 from extensions.ext_database import db
-from factories import file_factory
-from models.model import Conversation, Message, MessageAgentThought, MessageFile
+from models.model import Conversation, Message, MessageAgentThought
 from models.tools import ToolConversationVariables

 logger = logging.getLogger(__name__)
@ -67,6 +66,23 @@ class BaseAgentRunner(AppRunner):
        db_variables: Optional[ToolConversationVariables] = None,
        model_instance: ModelInstance = None,
    ) -> None:
+        """
+        Agent runner
+        :param tenant_id: tenant id
+        :param application_generate_entity: application generate entity
+        :param conversation: conversation
+        :param app_config: app generate entity
+        :param model_config: model config
+        :param config: dataset config
+        :param queue_manager: queue manager
+        :param message: message
+        :param user_id: user id
+        :param memory: memory
+        :param prompt_messages: prompt messages
+        :param variables_pool: variables pool
+        :param db_variables: db variables
+        :param model_instance: model instance
+        """
        self.tenant_id = tenant_id
        self.application_generate_entity = application_generate_entity
        self.conversation = conversation
@ -164,13 +180,7 @@ class BaseAgentRunner(AppRunner):
            if parameter.form != ToolParameter.ToolParameterForm.LLM:
                continue

-            parameter_type = parameter.type.as_normal_type()
-            if parameter.type in {
-                ToolParameter.ToolParameterType.SYSTEM_FILES,
-                ToolParameter.ToolParameterType.FILE,
-                ToolParameter.ToolParameterType.FILES,
-            }:
-                continue
+            parameter_type = ToolParameterConverter.get_parameter_type(parameter.type)
            enum = []
            if parameter.type == ToolParameter.ToolParameterType.SELECT:
                enum = [option.value for option in parameter.options]
@ -255,13 +265,7 @@ class BaseAgentRunner(AppRunner):
            if parameter.form != ToolParameter.ToolParameterForm.LLM:
                continue

-            parameter_type = parameter.type.as_normal_type()
-            if parameter.type in {
-                ToolParameter.ToolParameterType.SYSTEM_FILES,
-                ToolParameter.ToolParameterType.FILE,
-                ToolParameter.ToolParameterType.FILES,
-            }:
-                continue
+            parameter_type = ToolParameterConverter.get_parameter_type(parameter.type)
            enum = []
            if parameter.type == ToolParameter.ToolParameterType.SELECT:
                enum = [option.value for option in parameter.options]
@ -507,24 +511,26 @@ class BaseAgentRunner(AppRunner):
        return result

    def organize_agent_user_prompt(self, message: Message) -> UserPromptMessage:
-        files = db.session.query(MessageFile).filter(MessageFile.message_id == message.id).all()
+        message_file_parser = MessageFileParser(
+            tenant_id=self.tenant_id,
+            app_id=self.app_config.app_id,
+        )
+
+        files = message.message_files
        if files:
            file_extra_config = FileUploadConfigManager.convert(message.app_model_config.to_dict())

            if file_extra_config:
-                file_objs = file_factory.build_from_message_files(
-                    message_files=files, tenant_id=self.tenant_id, config=file_extra_config
-                )
+                file_objs = message_file_parser.transform_message_files(files, file_extra_config)
            else:
                file_objs = []

            if not file_objs:
                return UserPromptMessage(content=message.query)
            else:
-                prompt_message_contents: list[PromptMessageContent] = []
-                prompt_message_contents.append(TextPromptMessageContent(data=message.query))
+                prompt_message_contents = [TextPromptMessageContent(data=message.query)]
                for file_obj in file_objs:
-                    prompt_message_contents.append(file_manager.to_prompt_message_content(file_obj))
+                    prompt_message_contents.append(file_obj.prompt_message_content)

                return UserPromptMessage(content=prompt_message_contents)
        else:
--- a/api/core/agent/cot_chat_agent_runner.py
+++ b/api/core/agent/cot_chat_agent_runner.py
@ -1,11 +1,9 @@
 import json

 from core.agent.cot_agent_runner import CotAgentRunner
-from core.file import file_manager
-from core.model_runtime.entities import (
+from core.model_runtime.entities.message_entities import (
    AssistantPromptMessage,
    PromptMessage,
-    PromptMessageContent,
    SystemPromptMessage,
    TextPromptMessageContent,
    UserPromptMessage,
@ -34,10 +32,9 @@ class CotChatAgentRunner(CotAgentRunner):
        Organize user query
        """
        if self.files:
-            prompt_message_contents: list[PromptMessageContent] = []
-            prompt_message_contents.append(TextPromptMessageContent(data=query))
+            prompt_message_contents = [TextPromptMessageContent(data=query)]
            for file_obj in self.files:
-                prompt_message_contents.append(file_manager.to_prompt_message_content(file_obj))
+                prompt_message_contents.append(file_obj.prompt_message_content)

            prompt_messages.append(UserPromptMessage(content=prompt_message_contents))
        else:
--- a/api/core/agent/fc_agent_runner.py
+++ b/api/core/agent/fc_agent_runner.py
@ -7,15 +7,10 @@ from typing import Any, Optional, Union
 from core.agent.base_agent_runner import BaseAgentRunner
 from core.app.apps.base_app_queue_manager import PublishFrom
 from core.app.entities.queue_entities import QueueAgentThoughtEvent, QueueMessageEndEvent, QueueMessageFileEvent
-from core.file import file_manager
-from core.model_runtime.entities import (
+from core.model_runtime.entities.llm_entities import LLMResult, LLMResultChunk, LLMResultChunkDelta, LLMUsage
+from core.model_runtime.entities.message_entities import (
    AssistantPromptMessage,
-    LLMResult,
-    LLMResultChunk,
-    LLMResultChunkDelta,
-    LLMUsage,
    PromptMessage,
-    PromptMessageContent,
    PromptMessageContentType,
    SystemPromptMessage,
    TextPromptMessageContent,
@ -395,10 +390,9 @@ class FunctionCallAgentRunner(BaseAgentRunner):
        Organize user query
        """
        if self.files:
-            prompt_message_contents: list[PromptMessageContent] = []
-            prompt_message_contents.append(TextPromptMessageContent(data=query))
+            prompt_message_contents = [TextPromptMessageContent(data=query)]
            for file_obj in self.files:
-                prompt_message_contents.append(file_manager.to_prompt_message_content(file_obj))
+                prompt_message_contents.append(file_obj.prompt_message_content)

            prompt_messages.append(UserPromptMessage(content=prompt_message_contents))
        else:
--- a/api/core/app/app_config/easy_ui_based_app/variables/manager.py
+++ b/api/core/app/app_config/easy_ui_based_app/variables/manager.py
@ -53,11 +53,12 @@ class BasicVariablesConfigManager:
                    VariableEntity(
                        type=variable_type,
                        variable=variable.get("variable"),
-                        description=variable.get("description") or "",
+                        description=variable.get("description"),
                        label=variable.get("label"),
                        required=variable.get("required", False),
                        max_length=variable.get("max_length"),
-                        options=variable.get("options") or [],
+                        options=variable.get("options"),
+                        default=variable.get("default"),
                    )
                )

--- a/api/core/app/app_config/entities.py
+++ b/api/core/app/app_config/entities.py
@ -1,12 +1,11 @@
-from collections.abc import Sequence
 from enum import Enum
 from typing import Any, Optional

-from pydantic import BaseModel, Field, field_validator
+from pydantic import BaseModel

-from core.file import FileExtraConfig, FileTransferMethod, FileType
+from core.file.file_obj import FileExtraConfig
 from core.model_runtime.entities.message_entities import PromptMessageRole
-from models.model import AppMode
+from models import AppMode


 class ModelConfigEntity(BaseModel):
@ -70,7 +69,7 @@ class PromptTemplateEntity(BaseModel):
        ADVANCED = "advanced"

        @classmethod
-        def value_of(cls, value: str):
+        def value_of(cls, value: str) -> "PromptType":
            """
            Get value of given mode.

@ -94,8 +93,6 @@ class VariableEntityType(str, Enum):
    PARAGRAPH = "paragraph"
    NUMBER = "number"
    EXTERNAL_DATA_TOOL = "external_data_tool"
-    FILE = "file"
-    FILE_LIST = "file-list"


 class VariableEntity(BaseModel):
@ -105,24 +102,13 @@ class VariableEntity(BaseModel):

    variable: str
    label: str
-    description: str = ""
+    description: Optional[str] = None
    type: VariableEntityType
    required: bool = False
    max_length: Optional[int] = None
-    options: Sequence[str] = Field(default_factory=list)
-    allowed_file_types: Sequence[FileType] = Field(default_factory=list)
-    allowed_file_extensions: Sequence[str] = Field(default_factory=list)
-    allowed_file_upload_methods: Sequence[FileTransferMethod] = Field(default_factory=list)
-
-    @field_validator("description", mode="before")
-    @classmethod
-    def convert_none_description(cls, v: Any) -> str:
-        return v or ""
-
-    @field_validator("options", mode="before")
-    @classmethod
-    def convert_none_options(cls, v: Any) -> Sequence[str]:
-        return v or []
+    options: Optional[list[str]] = None
+    default: Optional[str] = None
+    hint: Optional[str] = None


 class ExternalDataVariableEntity(BaseModel):
@ -150,7 +136,7 @@ class DatasetRetrieveConfigEntity(BaseModel):
        MULTIPLE = "multiple"

        @classmethod
-        def value_of(cls, value: str):
+        def value_of(cls, value: str) -> "RetrieveStrategy":
            """
            Get value of given mode.

--- a/api/core/app/app_config/features/file_upload/manager.py
+++ b/api/core/app/app_config/features/file_upload/manager.py
@ -1,13 +1,12 @@
 from collections.abc import Mapping
-from typing import Any
+from typing import Any, Optional

-from core.file.models import FileExtraConfig
-from models import FileUploadConfig
+from core.file.file_obj import FileExtraConfig


 class FileUploadConfigManager:
    @classmethod
-    def convert(cls, config: Mapping[str, Any], is_vision: bool = True):
+    def convert(cls, config: Mapping[str, Any], is_vision: bool = True) -> Optional[FileExtraConfig]:
        """
        Convert model config to model config

@ -16,21 +15,19 @@ class FileUploadConfigManager:
        """
        file_upload_dict = config.get("file_upload")
        if file_upload_dict:
-            if file_upload_dict.get("enabled"):
-                transform_methods = file_upload_dict.get("allowed_file_upload_methods") or file_upload_dict.get(
-                    "allowed_upload_methods", []
-                )
-                data = {
-                    "image_config": {
-                        "number_limits": file_upload_dict["number_limits"],
-                        "transfer_methods": transform_methods,
+            if file_upload_dict.get("image"):
+                if "enabled" in file_upload_dict["image"] and file_upload_dict["image"]["enabled"]:
+                    image_config = {
+                        "number_limits": file_upload_dict["image"]["number_limits"],
+                        "transfer_methods": file_upload_dict["image"]["transfer_methods"],
                    }
-                }

-                if is_vision:
-                    data["image_config"]["detail"] = file_upload_dict.get("image", {}).get("detail", "low")
+                    if is_vision:
+                        image_config["detail"] = file_upload_dict["image"]["detail"]

-                return FileExtraConfig.model_validate(data)
+                    return FileExtraConfig(image_config=image_config)
+
+        return None

    @classmethod
    def validate_and_set_defaults(cls, config: dict, is_vision: bool = True) -> tuple[dict, list[str]]:
@ -42,7 +39,29 @@ class FileUploadConfigManager:
        """
        if not config.get("file_upload"):
            config["file_upload"] = {}
-        else:
-            FileUploadConfig.model_validate(config["file_upload"])
+
+        if not isinstance(config["file_upload"], dict):
+            raise ValueError("file_upload must be of dict type")
+
+        # check image config
+        if not config["file_upload"].get("image"):
+            config["file_upload"]["image"] = {"enabled": False}
+
+        if config["file_upload"]["image"]["enabled"]:
+            number_limits = config["file_upload"]["image"]["number_limits"]
+            if number_limits < 1 or number_limits > 6:
+                raise ValueError("number_limits must be in [1, 6]")
+
+            if is_vision:
+                detail = config["file_upload"]["image"]["detail"]
+                if detail not in {"high", "low"}:
+                    raise ValueError("detail must be in ['high', 'low']")
+
+            transfer_methods = config["file_upload"]["image"]["transfer_methods"]
+            if not isinstance(transfer_methods, list):
+                raise ValueError("transfer_methods must be of list type")
+            for method in transfer_methods:
+                if method not in {"remote_url", "local_file"}:
+                    raise ValueError("transfer_methods must be in ['remote_url', 'local_file']")

        return config, ["file_upload"]
--- a/api/core/app/app_config/workflow_ui_based_app/variables/manager.py
+++ b/api/core/app/app_config/workflow_ui_based_app/variables/manager.py
@ -17,6 +17,6 @@ class WorkflowVariablesConfigManager:

        # variables
        for variable in user_input_form:
-            variables.append(VariableEntity.model_validate(variable))
+            variables.append(VariableEntity(**variable))

        return variables
--- a/api/core/app/apps/advanced_chat/app_generator.py
+++ b/api/core/app/apps/advanced_chat/app_generator.py
@ -21,12 +21,11 @@ from core.app.apps.message_based_app_generator import MessageBasedAppGenerator
 from core.app.apps.message_based_app_queue_manager import MessageBasedAppQueueManager
 from core.app.entities.app_invoke_entities import AdvancedChatAppGenerateEntity, InvokeFrom
 from core.app.entities.task_entities import ChatbotAppBlockingResponse, ChatbotAppStreamResponse
+from core.file.message_file_parser import MessageFileParser
 from core.model_runtime.errors.invoke import InvokeAuthorizationError, InvokeError
 from core.ops.ops_trace_manager import TraceQueueManager
 from extensions.ext_database import db
-from factories import file_factory
 from models.account import Account
-from models.enums import CreatedByRole
 from models.model import App, Conversation, EndUser, Message
 from models.workflow import Workflow

@ -97,16 +96,10 @@ class AdvancedChatAppGenerator(MessageBasedAppGenerator):

        # parse files
        files = args["files"] if args.get("files") else []
+        message_file_parser = MessageFileParser(tenant_id=app_model.tenant_id, app_id=app_model.id)
        file_extra_config = FileUploadConfigManager.convert(workflow.features_dict, is_vision=False)
-        role = CreatedByRole.ACCOUNT if isinstance(user, Account) else CreatedByRole.END_USER
        if file_extra_config:
-            file_objs = file_factory.build_from_mappings(
-                mappings=files,
-                tenant_id=app_model.tenant_id,
-                user_id=user.id,
-                role=role,
-                config=file_extra_config,
-            )
+            file_objs = message_file_parser.validate_and_transform_files_arg(files, file_extra_config, user)
        else:
            file_objs = []

@ -114,9 +107,8 @@ class AdvancedChatAppGenerator(MessageBasedAppGenerator):
        app_config = AdvancedChatAppConfigManager.get_app_config(app_model=app_model, workflow=workflow)

        # get tracing instance
-        trace_manager = TraceQueueManager(
-            app_id=app_model.id, user_id=user.id if isinstance(user, Account) else user.session_id
-        )
+        user_id = user.id if isinstance(user, Account) else user.session_id
+        trace_manager = TraceQueueManager(app_model.id, user_id)

        if invoke_from == InvokeFrom.DEBUGGER:
            # always enable retriever resource in debugger mode
@ -128,9 +120,7 @@ class AdvancedChatAppGenerator(MessageBasedAppGenerator):
            task_id=str(uuid.uuid4()),
            app_config=app_config,
            conversation_id=conversation.id if conversation else None,
-            inputs=conversation.inputs
-            if conversation
-            else self._prepare_user_inputs(user_inputs=inputs, app_config=app_config, user_id=user.id, role=role),
+            inputs=conversation.inputs if conversation else self._get_cleaned_inputs(inputs, app_config),
            query=query,
            files=file_objs,
            parent_message_id=args.get("parent_message_id") if invoke_from != InvokeFrom.SERVICE_API else UUID_NIL,
--- a/api/core/app/apps/advanced_chat/app_runner.py
+++ b/api/core/app/apps/advanced_chat/app_runner.py
@ -1,27 +1,31 @@
 import logging
+import os
 from collections.abc import Mapping
 from typing import Any, cast

 from sqlalchemy import select
 from sqlalchemy.orm import Session

-from configs import dify_config
 from core.app.apps.advanced_chat.app_config_manager import AdvancedChatAppConfig
 from core.app.apps.base_app_queue_manager import AppQueueManager
 from core.app.apps.workflow_app_runner import WorkflowBasedAppRunner
-from core.app.entities.app_invoke_entities import AdvancedChatAppGenerateEntity, InvokeFrom
+from core.app.apps.workflow_logging_callback import WorkflowLoggingCallback
+from core.app.entities.app_invoke_entities import (
+    AdvancedChatAppGenerateEntity,
+    InvokeFrom,
+)
 from core.app.entities.queue_entities import (
    QueueAnnotationReplyEvent,
    QueueStopEvent,
    QueueTextChunkEvent,
 )
 from core.moderation.base import ModerationError
-from core.workflow.callbacks import WorkflowCallback, WorkflowLoggingCallback
+from core.workflow.callbacks.base_workflow_callback import WorkflowCallback
+from core.workflow.entities.node_entities import UserFrom
 from core.workflow.entities.variable_pool import VariablePool
 from core.workflow.enums import SystemVariableKey
 from core.workflow.workflow_entry import WorkflowEntry
 from extensions.ext_database import db
-from models.enums import UserFrom
 from models.model import App, Conversation, EndUser, Message
 from models.workflow import ConversationVariable, WorkflowType

@ -40,6 +44,12 @@ class AdvancedChatAppRunner(WorkflowBasedAppRunner):
        conversation: Conversation,
        message: Message,
    ) -> None:
+        """
+        :param application_generate_entity: application generate entity
+        :param queue_manager: application queue manager
+        :param conversation: conversation
+        :param message: message
+        """
        super().__init__(queue_manager)

        self.application_generate_entity = application_generate_entity
@ -47,6 +57,10 @@ class AdvancedChatAppRunner(WorkflowBasedAppRunner):
        self.message = message

    def run(self) -> None:
+        """
+        Run application
+        :return:
+        """
        app_config = self.application_generate_entity.app_config
        app_config = cast(AdvancedChatAppConfig, app_config)

@ -67,7 +81,7 @@ class AdvancedChatAppRunner(WorkflowBasedAppRunner):
            user_id = self.application_generate_entity.user_id

        workflow_callbacks: list[WorkflowCallback] = []
-        if dify_config.DEBUG:
+        if bool(os.environ.get("DEBUG", "False").lower() == "true"):
            workflow_callbacks.append(WorkflowLoggingCallback())

        if self.application_generate_entity.single_iteration_run:
@ -187,6 +201,15 @@ class AdvancedChatAppRunner(WorkflowBasedAppRunner):
        query: str,
        message_id: str,
    ) -> bool:
+        """
+        Handle input moderation
+        :param app_record: app record
+        :param app_generate_entity: application generate entity
+        :param inputs: inputs
+        :param query: query
+        :param message_id: message id
+        :return:
+        """
        try:
            # process sensitive_word_avoidance
            _, inputs, query = self.moderation_for_inputs(
@ -206,6 +229,14 @@ class AdvancedChatAppRunner(WorkflowBasedAppRunner):
    def handle_annotation_reply(
        self, app_record: App, message: Message, query: str, app_generate_entity: AdvancedChatAppGenerateEntity
    ) -> bool:
+        """
+        Handle annotation reply
+        :param app_record: app record
+        :param message: message
+        :param query: query
+        :param app_generate_entity: application generate entity
+        """
+        # annotation reply
        annotation_reply = self.query_app_annotations_to_reply(
            app_record=app_record,
            message=message,
@ -227,6 +258,8 @@ class AdvancedChatAppRunner(WorkflowBasedAppRunner):
    def _complete_with_stream_output(self, text: str, stopped_by: QueueStopEvent.StopBy) -> None:
        """
        Direct output
+        :param text: text
+        :return:
        """
        self._publish_event(QueueTextChunkEvent(text=text))

--- a/api/core/app/apps/advanced_chat/generate_task_pipeline.py
+++ b/api/core/app/apps/advanced_chat/generate_task_pipeline.py
@ -1,7 +1,7 @@
 import json
 import logging
 import time
-from collections.abc import Generator, Mapping
+from collections.abc import Generator
 from typing import Any, Optional, Union

 from constants.tts_auto_play_timeout import TTS_AUTO_PLAY_TIMEOUT, TTS_AUTO_PLAY_YIELD_CPU_TIME
@ -9,7 +9,6 @@ from core.app.apps.advanced_chat.app_generator_tts_publisher import AppGenerator
 from core.app.apps.base_app_queue_manager import AppQueueManager, PublishFrom
 from core.app.entities.app_invoke_entities import (
    AdvancedChatAppGenerateEntity,
-    InvokeFrom,
 )
 from core.app.entities.queue_entities import (
    QueueAdvancedChatMessageEndEvent,
@ -51,12 +50,10 @@ from core.model_runtime.utils.encoders import jsonable_encoder
 from core.ops.ops_trace_manager import TraceQueueManager
 from core.workflow.enums import SystemVariableKey
 from core.workflow.graph_engine.entities.graph_runtime_state import GraphRuntimeState
-from core.workflow.nodes import NodeType
 from events.message_event import message_was_created
 from extensions.ext_database import db
-from models import Conversation, EndUser, Message, MessageFile
 from models.account import Account
-from models.enums import CreatedByRole
+from models.model import Conversation, EndUser, Message
 from models.workflow import (
    Workflow,
    WorkflowNodeExecution,
@ -123,7 +120,6 @@ class AdvancedChatAppGenerateTaskPipeline(BasedGenerateTaskPipeline, WorkflowCyc
        self._wip_workflow_node_executions = {}

        self._conversation_name_generate_thread = None
-        self._recorded_files: list[Mapping[str, Any]] = []

    def process(self):
        """
@ -302,10 +298,6 @@ class AdvancedChatAppGenerateTaskPipeline(BasedGenerateTaskPipeline, WorkflowCyc
            elif isinstance(event, QueueNodeSucceededEvent):
                workflow_node_execution = self._handle_workflow_node_execution_success(event)

-                # Record files if it's an answer node or end node
-                if event.node_type in [NodeType.ANSWER, NodeType.END]:
-                    self._recorded_files.extend(self._fetch_files_from_node_outputs(event.outputs or {}))
-
                response = self._workflow_node_finish_to_stream_response(
                    event=event,
                    task_id=self._application_generate_entity.task_id,
@ -372,7 +364,7 @@ class AdvancedChatAppGenerateTaskPipeline(BasedGenerateTaskPipeline, WorkflowCyc
                    start_at=graph_runtime_state.start_at,
                    total_tokens=graph_runtime_state.total_tokens,
                    total_steps=graph_runtime_state.node_run_steps,
-                    outputs=event.outputs,
+                    outputs=json.dumps(event.outputs) if event.outputs else None,
                    conversation_id=self._conversation.id,
                    trace_manager=trace_manager,
                )
@ -498,6 +490,10 @@ class AdvancedChatAppGenerateTaskPipeline(BasedGenerateTaskPipeline, WorkflowCyc
            self._conversation_name_generate_thread.join()

    def _save_message(self, graph_runtime_state: Optional[GraphRuntimeState] = None) -> None:
+        """
+        Save message.
+        :return:
+        """
        self._refetch_message()

        self._message.answer = self._task_state.answer
@ -505,22 +501,6 @@ class AdvancedChatAppGenerateTaskPipeline(BasedGenerateTaskPipeline, WorkflowCyc
        self._message.message_metadata = (
            json.dumps(jsonable_encoder(self._task_state.metadata)) if self._task_state.metadata else None
        )
-        message_files = [
-            MessageFile(
-                message_id=self._message.id,
-                type=file["type"],
-                transfer_method=file["transfer_method"],
-                url=file["remote_url"],
-                belongs_to="assistant",
-                upload_file_id=file["related_id"],
-                created_by_role=CreatedByRole.ACCOUNT
-                if self._message.invoke_from in {InvokeFrom.EXPLORE, InvokeFrom.DEBUGGER}
-                else CreatedByRole.END_USER,
-                created_by=self._message.from_account_id or self._message.from_end_user_id or "",
-            )
-            for file in self._recorded_files
-        ]
-        db.session.add_all(message_files)

        if graph_runtime_state and graph_runtime_state.llm_usage:
            usage = graph_runtime_state.llm_usage
@ -560,7 +540,7 @@ class AdvancedChatAppGenerateTaskPipeline(BasedGenerateTaskPipeline, WorkflowCyc
                del extras["metadata"]["annotation_reply"]

        return MessageEndStreamResponse(
-            task_id=self._application_generate_entity.task_id, id=self._message.id, files=self._recorded_files, **extras
+            task_id=self._application_generate_entity.task_id, id=self._message.id, **extras
        )

    def _handle_output_moderation_chunk(self, text: str) -> bool:
--- a/api/core/app/apps/agent_chat/app_generator.py
+++ b/api/core/app/apps/agent_chat/app_generator.py
@ -18,12 +18,12 @@ from core.app.apps.base_app_queue_manager import AppQueueManager, GenerateTaskSt
 from core.app.apps.message_based_app_generator import MessageBasedAppGenerator
 from core.app.apps.message_based_app_queue_manager import MessageBasedAppQueueManager
 from core.app.entities.app_invoke_entities import AgentChatAppGenerateEntity, InvokeFrom
+from core.file.message_file_parser import MessageFileParser
 from core.model_runtime.errors.invoke import InvokeAuthorizationError, InvokeError
 from core.ops.ops_trace_manager import TraceQueueManager
 from extensions.ext_database import db
-from factories import file_factory
-from models import Account, App, EndUser
-from models.enums import CreatedByRole
+from models.account import Account
+from models.model import App, EndUser

 logger = logging.getLogger(__name__)

@ -50,12 +50,7 @@ class AgentChatAppGenerator(MessageBasedAppGenerator):
    ) -> dict: ...

    def generate(
-        self,
-        app_model: App,
-        user: Union[Account, EndUser],
-        args: Any,
-        invoke_from: InvokeFrom,
-        stream: bool = True,
+        self, app_model: App, user: Union[Account, EndUser], args: Any, invoke_from: InvokeFrom, stream: bool = True
    ) -> Union[dict, Generator[dict, None, None]]:
        """
        Generate App response.
@ -103,19 +98,12 @@ class AgentChatAppGenerator(MessageBasedAppGenerator):
            # always enable retriever resource in debugger mode
            override_model_config_dict["retriever_resource"] = {"enabled": True}

-        role = CreatedByRole.ACCOUNT if isinstance(user, Account) else CreatedByRole.END_USER
-
        # parse files
-        files = args.get("files") or []
+        files = args["files"] if args.get("files") else []
+        message_file_parser = MessageFileParser(tenant_id=app_model.tenant_id, app_id=app_model.id)
        file_extra_config = FileUploadConfigManager.convert(override_model_config_dict or app_model_config.to_dict())
        if file_extra_config:
-            file_objs = file_factory.build_from_mappings(
-                mappings=files,
-                tenant_id=app_model.tenant_id,
-                user_id=user.id,
-                role=role,
-                config=file_extra_config,
-            )
+            file_objs = message_file_parser.validate_and_transform_files_arg(files, file_extra_config, user)
        else:
            file_objs = []

@ -128,7 +116,8 @@ class AgentChatAppGenerator(MessageBasedAppGenerator):
        )

        # get tracing instance
-        trace_manager = TraceQueueManager(app_model.id, user.id if isinstance(user, Account) else user.session_id)
+        user_id = user.id if isinstance(user, Account) else user.session_id
+        trace_manager = TraceQueueManager(app_model.id, user_id)

        # init application generate entity
        application_generate_entity = AgentChatAppGenerateEntity(
@ -136,9 +125,7 @@ class AgentChatAppGenerator(MessageBasedAppGenerator):
            app_config=app_config,
            model_conf=ModelConfigConverter.convert(app_config),
            conversation_id=conversation.id if conversation else None,
-            inputs=conversation.inputs
-            if conversation
-            else self._prepare_user_inputs(user_inputs=inputs, app_config=app_config, user_id=user.id, role=role),
+            inputs=conversation.inputs if conversation else self._get_cleaned_inputs(inputs, app_config),
            query=query,
            files=file_objs,
            parent_message_id=args.get("parent_message_id") if invoke_from != InvokeFrom.SERVICE_API else UUID_NIL,
--- a/api/core/app/apps/base_app_generator.py
+++ b/api/core/app/apps/base_app_generator.py
@ -1,92 +1,35 @@
 from collections.abc import Mapping
-from typing import TYPE_CHECKING, Any, Optional
+from typing import Any, Optional

-from core.app.app_config.entities import VariableEntityType
-from core.file import File, FileExtraConfig
-from factories import file_factory
-
-if TYPE_CHECKING:
-    from core.app.app_config.entities import AppConfig, VariableEntity
-    from models.enums import CreatedByRole
+from core.app.app_config.entities import AppConfig, VariableEntity, VariableEntityType


 class BaseAppGenerator:
-    def _prepare_user_inputs(
-        self,
-        *,
-        user_inputs: Optional[Mapping[str, Any]],
-        app_config: "AppConfig",
-        user_id: str,
-        role: "CreatedByRole",
-    ) -> Mapping[str, Any]:
+    def _get_cleaned_inputs(self, user_inputs: Optional[Mapping[str, Any]], app_config: AppConfig) -> Mapping[str, Any]:
        user_inputs = user_inputs or {}
        # Filter input variables from form configuration, handle required fields, default values, and option values
        variables = app_config.variables
-        user_inputs = {var.variable: self._validate_input(inputs=user_inputs, var=var) for var in variables}
-        user_inputs = {k: self._sanitize_value(v) for k, v in user_inputs.items()}
-        # Convert files in inputs to File
-        entity_dictionary = {item.variable: item for item in app_config.variables}
-        # Convert single file to File
-        files_inputs = {
-            k: file_factory.build_from_mapping(
-                mapping=v,
-                tenant_id=app_config.tenant_id,
-                user_id=user_id,
-                role=role,
-                config=FileExtraConfig(
-                    allowed_file_types=entity_dictionary[k].allowed_file_types,
-                    allowed_extensions=entity_dictionary[k].allowed_file_extensions,
-                    allowed_upload_methods=entity_dictionary[k].allowed_file_upload_methods,
-                ),
-            )
-            for k, v in user_inputs.items()
-            if isinstance(v, dict) and entity_dictionary[k].type == VariableEntityType.FILE
-        }
-        # Convert list of files to File
-        file_list_inputs = {
-            k: file_factory.build_from_mappings(
-                mappings=v,
-                tenant_id=app_config.tenant_id,
-                user_id=user_id,
-                role=role,
-                config=FileExtraConfig(
-                    allowed_file_types=entity_dictionary[k].allowed_file_types,
-                    allowed_extensions=entity_dictionary[k].allowed_file_extensions,
-                    allowed_upload_methods=entity_dictionary[k].allowed_file_upload_methods,
-                ),
-            )
-            for k, v in user_inputs.items()
-            if isinstance(v, list)
-            # Ensure skip List<File>
-            and all(isinstance(item, dict) for item in v)
-            and entity_dictionary[k].type == VariableEntityType.FILE_LIST
-        }
-        # Merge all inputs
-        user_inputs = {**user_inputs, **files_inputs, **file_list_inputs}
+        filtered_inputs = {var.variable: self._validate_input(inputs=user_inputs, var=var) for var in variables}
+        filtered_inputs = {k: self._sanitize_value(v) for k, v in filtered_inputs.items()}
+        return filtered_inputs

-        # Check if all files are converted to File
-        if any(filter(lambda v: isinstance(v, dict), user_inputs.values())):
-            raise ValueError("Invalid input type")
-        if any(
-            filter(lambda v: isinstance(v, dict), filter(lambda item: isinstance(item, list), user_inputs.values()))
-        ):
-            raise ValueError("Invalid input type")
-
-        return user_inputs
-
-    def _validate_input(self, *, inputs: Mapping[str, Any], var: "VariableEntity"):
+    def _validate_input(self, *, inputs: Mapping[str, Any], var: VariableEntity):
        user_input_value = inputs.get(var.variable)
-        if not user_input_value:
-            if var.required:
-                raise ValueError(f"{var.variable} is required in input form")
-            else:
-                return None
-
-        if var.type in {
-            VariableEntityType.TEXT_INPUT,
-            VariableEntityType.SELECT,
-            VariableEntityType.PARAGRAPH,
-        } and not isinstance(user_input_value, str):
+        if var.required and not user_input_value:
+            raise ValueError(f"{var.variable} is required in input form")
+        if not var.required and not user_input_value:
+            # TODO: should we return None here if the default value is None?
+            return var.default or ""
+        if (
+            var.type
+            in {
+                VariableEntityType.TEXT_INPUT,
+                VariableEntityType.SELECT,
+                VariableEntityType.PARAGRAPH,
+            }
+            and user_input_value
+            and not isinstance(user_input_value, str)
+        ):
            raise ValueError(f"(type '{var.type}') {var.variable} in input form must be a string")
        if var.type == VariableEntityType.NUMBER and isinstance(user_input_value, str):
            # may raise ValueError if user_input_value is not a valid number
@ -98,24 +41,12 @@ class BaseAppGenerator:
            except ValueError:
                raise ValueError(f"{var.variable} in input form must be a valid number")
        if var.type == VariableEntityType.SELECT:
-            options = var.options
+            options = var.options or []
            if user_input_value not in options:
                raise ValueError(f"{var.variable} in input form must be one of the following: {options}")
        elif var.type in {VariableEntityType.TEXT_INPUT, VariableEntityType.PARAGRAPH}:
-            if var.max_length and len(user_input_value) > var.max_length:
+            if var.max_length and user_input_value and len(user_input_value) > var.max_length:
                raise ValueError(f"{var.variable} in input form must be less than {var.max_length} characters")
-        elif var.type == VariableEntityType.FILE:
-            if not isinstance(user_input_value, dict) and not isinstance(user_input_value, File):
-                raise ValueError(f"{var.variable} in input form must be a file")
-        elif var.type == VariableEntityType.FILE_LIST:
-            if not (
-                isinstance(user_input_value, list)
-                and (
-                    all(isinstance(item, dict) for item in user_input_value)
-                    or all(isinstance(item, File) for item in user_input_value)
-                )
-            ):
-                raise ValueError(f"{var.variable} in input form must be a list of files")

        return user_input_value

--- a/api/core/app/apps/base_app_runner.py
+++ b/api/core/app/apps/base_app_runner.py
@ -27,7 +27,7 @@ from core.prompt.simple_prompt_transform import ModelMode, SimplePromptTransform
 from models.model import App, AppMode, Message, MessageAnnotation

 if TYPE_CHECKING:
-    from core.file.models import File
+    from core.file.file_obj import FileVar


 class AppRunner:
@ -37,7 +37,7 @@ class AppRunner:
        model_config: ModelConfigWithCredentialsEntity,
        prompt_template_entity: PromptTemplateEntity,
        inputs: dict[str, str],
-        files: list["File"],
+        files: list["FileVar"],
        query: Optional[str] = None,
    ) -> int:
        """
@ -137,7 +137,7 @@ class AppRunner:
        model_config: ModelConfigWithCredentialsEntity,
        prompt_template_entity: PromptTemplateEntity,
        inputs: dict[str, str],
-        files: list["File"],
+        files: list["FileVar"],
        query: Optional[str] = None,
        context: Optional[str] = None,
        memory: Optional[TokenBufferMemory] = None,
--- a/api/core/app/apps/chat/app_generator.py
+++ b/api/core/app/apps/chat/app_generator.py
@ -18,12 +18,11 @@ from core.app.apps.chat.generate_response_converter import ChatAppGenerateRespon
 from core.app.apps.message_based_app_generator import MessageBasedAppGenerator
 from core.app.apps.message_based_app_queue_manager import MessageBasedAppQueueManager
 from core.app.entities.app_invoke_entities import ChatAppGenerateEntity, InvokeFrom
+from core.file.message_file_parser import MessageFileParser
 from core.model_runtime.errors.invoke import InvokeAuthorizationError, InvokeError
 from core.ops.ops_trace_manager import TraceQueueManager
 from extensions.ext_database import db
-from factories import file_factory
 from models.account import Account
-from models.enums import CreatedByRole
 from models.model import App, EndUser

 logger = logging.getLogger(__name__)
@ -101,19 +100,12 @@ class ChatAppGenerator(MessageBasedAppGenerator):
            # always enable retriever resource in debugger mode
            override_model_config_dict["retriever_resource"] = {"enabled": True}

-        role = CreatedByRole.ACCOUNT if isinstance(user, Account) else CreatedByRole.END_USER
-
        # parse files
        files = args["files"] if args.get("files") else []
+        message_file_parser = MessageFileParser(tenant_id=app_model.tenant_id, app_id=app_model.id)
        file_extra_config = FileUploadConfigManager.convert(override_model_config_dict or app_model_config.to_dict())
        if file_extra_config:
-            file_objs = file_factory.build_from_mappings(
-                mappings=files,
-                tenant_id=app_model.tenant_id,
-                user_id=user.id,
-                role=role,
-                config=file_extra_config,
-            )
+            file_objs = message_file_parser.validate_and_transform_files_arg(files, file_extra_config, user)
        else:
            file_objs = []

@ -126,7 +118,7 @@ class ChatAppGenerator(MessageBasedAppGenerator):
        )

        # get tracing instance
-        trace_manager = TraceQueueManager(app_id=app_model.id)
+        trace_manager = TraceQueueManager(app_model.id)

        # init application generate entity
        application_generate_entity = ChatAppGenerateEntity(
@ -134,17 +126,15 @@ class ChatAppGenerator(MessageBasedAppGenerator):
            app_config=app_config,
            model_conf=ModelConfigConverter.convert(app_config),
            conversation_id=conversation.id if conversation else None,
-            inputs=conversation.inputs
-            if conversation
-            else self._prepare_user_inputs(user_inputs=inputs, app_config=app_config, user_id=user.id, role=role),
+            inputs=conversation.inputs if conversation else self._get_cleaned_inputs(inputs, app_config),
            query=query,
            files=file_objs,
            parent_message_id=args.get("parent_message_id") if invoke_from != InvokeFrom.SERVICE_API else UUID_NIL,
            user_id=user.id,
+            stream=stream,
            invoke_from=invoke_from,
            extras=extras,
            trace_manager=trace_manager,
-            stream=stream,
        )

        # init generate records
--- a/api/core/app/apps/completion/app_generator.py
+++ b/api/core/app/apps/completion/app_generator.py
@ -17,12 +17,12 @@ from core.app.apps.completion.generate_response_converter import CompletionAppGe
 from core.app.apps.message_based_app_generator import MessageBasedAppGenerator
 from core.app.apps.message_based_app_queue_manager import MessageBasedAppQueueManager
 from core.app.entities.app_invoke_entities import CompletionAppGenerateEntity, InvokeFrom
+from core.file.message_file_parser import MessageFileParser
 from core.model_runtime.errors.invoke import InvokeAuthorizationError, InvokeError
 from core.ops.ops_trace_manager import TraceQueueManager
 from extensions.ext_database import db
-from factories import file_factory
-from models import Account, App, EndUser, Message
-from models.enums import CreatedByRole
+from models.account import Account
+from models.model import App, EndUser, Message
 from services.errors.app import MoreLikeThisDisabledError
 from services.errors.message import MessageNotExistsError

@ -88,19 +88,12 @@ class CompletionAppGenerator(MessageBasedAppGenerator):
                tenant_id=app_model.tenant_id, config=args.get("model_config")
            )

-        role = CreatedByRole.ACCOUNT if isinstance(user, Account) else CreatedByRole.END_USER
-
        # parse files
        files = args["files"] if args.get("files") else []
+        message_file_parser = MessageFileParser(tenant_id=app_model.tenant_id, app_id=app_model.id)
        file_extra_config = FileUploadConfigManager.convert(override_model_config_dict or app_model_config.to_dict())
        if file_extra_config:
-            file_objs = file_factory.build_from_mappings(
-                mappings=files,
-                tenant_id=app_model.tenant_id,
-                user_id=user.id,
-                role=role,
-                config=file_extra_config,
-            )
+            file_objs = message_file_parser.validate_and_transform_files_arg(files, file_extra_config, user)
        else:
            file_objs = []

@ -110,7 +103,6 @@ class CompletionAppGenerator(MessageBasedAppGenerator):
        )

        # get tracing instance
-        user_id = user.id if isinstance(user, Account) else user.session_id
        trace_manager = TraceQueueManager(app_model.id)

        # init application generate entity
@ -118,7 +110,7 @@ class CompletionAppGenerator(MessageBasedAppGenerator):
            task_id=str(uuid.uuid4()),
            app_config=app_config,
            model_conf=ModelConfigConverter.convert(app_config),
-            inputs=self._prepare_user_inputs(user_inputs=inputs, app_config=app_config, user_id=user.id, role=role),
+            inputs=self._get_cleaned_inputs(inputs, app_config),
            query=query,
            files=file_objs,
            user_id=user.id,
@ -259,16 +251,10 @@ class CompletionAppGenerator(MessageBasedAppGenerator):
        override_model_config_dict["model"] = model_dict

        # parse files
-        role = CreatedByRole.ACCOUNT if isinstance(user, Account) else CreatedByRole.END_USER
-        file_extra_config = FileUploadConfigManager.convert(override_model_config_dict)
+        message_file_parser = MessageFileParser(tenant_id=app_model.tenant_id, app_id=app_model.id)
+        file_extra_config = FileUploadConfigManager.convert(override_model_config_dict or app_model_config.to_dict())
        if file_extra_config:
-            file_objs = file_factory.build_from_mappings(
-                mappings=message.message_files,
-                tenant_id=app_model.tenant_id,
-                user_id=user.id,
-                role=role,
-                config=file_extra_config,
-            )
+            file_objs = message_file_parser.validate_and_transform_files_arg(message.files, file_extra_config, user)
        else:
            file_objs = []

--- a/api/core/app/apps/message_based_app_generator.py
+++ b/api/core/app/apps/message_based_app_generator.py
@ -26,8 +26,7 @@ from core.app.entities.task_entities import (
 from core.app.task_pipeline.easy_ui_based_generate_task_pipeline import EasyUIBasedGenerateTaskPipeline
 from core.prompt.utils.prompt_template_parser import PromptTemplateParser
 from extensions.ext_database import db
-from models import Account
-from models.enums import CreatedByRole
+from models.account import Account
 from models.model import App, AppMode, AppModelConfig, Conversation, EndUser, Message, MessageFile
 from services.errors.app_model_config import AppModelConfigBrokenError
 from services.errors.conversation import ConversationCompletedError, ConversationNotExistsError
@ -236,13 +235,13 @@ class MessageBasedAppGenerator(BaseAppGenerator):
        for file in application_generate_entity.files:
            message_file = MessageFile(
                message_id=message.id,
-                type=file.type,
-                transfer_method=file.transfer_method,
+                type=file.type.value,
+                transfer_method=file.transfer_method.value,
                belongs_to="user",
-                url=file.remote_url,
+                url=file.url,
                upload_file_id=file.related_id,
-                created_by_role=(CreatedByRole.ACCOUNT if account_id else CreatedByRole.END_USER),
-                created_by=account_id or end_user_id or "",
+                created_by_role=("account" if account_id else "end_user"),
+                created_by=account_id or end_user_id,
            )
            db.session.add(message_file)
            db.session.commit()
--- a/api/core/app/apps/workflow/app_generator.py
+++ b/api/core/app/apps/workflow/app_generator.py
@ -3,7 +3,7 @@ import logging
 import os
 import threading
 import uuid
-from collections.abc import Generator, Mapping, Sequence
+from collections.abc import Generator
 from typing import Any, Literal, Optional, Union, overload

 from flask import Flask, current_app
@ -20,12 +20,13 @@ from core.app.apps.workflow.generate_response_converter import WorkflowAppGenera
 from core.app.apps.workflow.generate_task_pipeline import WorkflowAppGenerateTaskPipeline
 from core.app.entities.app_invoke_entities import InvokeFrom, WorkflowAppGenerateEntity
 from core.app.entities.task_entities import WorkflowAppBlockingResponse, WorkflowAppStreamResponse
+from core.file.message_file_parser import MessageFileParser
 from core.model_runtime.errors.invoke import InvokeAuthorizationError, InvokeError
 from core.ops.ops_trace_manager import TraceQueueManager
 from extensions.ext_database import db
-from factories import file_factory
-from models import Account, App, EndUser, Workflow
-from models.enums import CreatedByRole
+from models.account import Account
+from models.model import App, EndUser
+from models.workflow import Workflow

 logger = logging.getLogger(__name__)

@ -62,46 +63,49 @@ class WorkflowAppGenerator(BaseAppGenerator):
        app_model: App,
        workflow: Workflow,
        user: Union[Account, EndUser],
-        args: Mapping[str, Any],
+        args: dict,
        invoke_from: InvokeFrom,
        stream: bool = True,
        call_depth: int = 0,
        workflow_thread_pool_id: Optional[str] = None,
    ):
-        files: Sequence[Mapping[str, Any]] = args.get("files") or []
+        """
+        Generate App response.

-        role = CreatedByRole.ACCOUNT if isinstance(user, Account) else CreatedByRole.END_USER
+        :param app_model: App
+        :param workflow: Workflow
+        :param user: account or end user
+        :param args: request args
+        :param invoke_from: invoke from source
+        :param stream: is stream
+        :param call_depth: call depth
+        :param workflow_thread_pool_id: workflow thread pool id
+        """
+        inputs = args["inputs"]

        # parse files
+        files = args["files"] if args.get("files") else []
+        message_file_parser = MessageFileParser(tenant_id=app_model.tenant_id, app_id=app_model.id)
        file_extra_config = FileUploadConfigManager.convert(workflow.features_dict, is_vision=False)
-        system_files = file_factory.build_from_mappings(
-            mappings=files,
-            tenant_id=app_model.tenant_id,
-            user_id=user.id,
-            role=role,
-            config=file_extra_config,
-        )
+        if file_extra_config:
+            file_objs = message_file_parser.validate_and_transform_files_arg(files, file_extra_config, user)
+        else:
+            file_objs = []

        # convert to app config
-        app_config = WorkflowAppConfigManager.get_app_config(
-            app_model=app_model,
-            workflow=workflow,
-        )
+        app_config = WorkflowAppConfigManager.get_app_config(app_model=app_model, workflow=workflow)

        # get tracing instance
-        trace_manager = TraceQueueManager(
-            app_id=app_model.id,
-            user_id=user.id if isinstance(user, Account) else user.session_id,
-        )
+        user_id = user.id if isinstance(user, Account) else user.session_id
+        trace_manager = TraceQueueManager(app_model.id, user_id)

-        inputs: Mapping[str, Any] = args["inputs"]
        workflow_run_id = str(uuid.uuid4())
        # init application generate entity
        application_generate_entity = WorkflowAppGenerateEntity(
            task_id=str(uuid.uuid4()),
            app_config=app_config,
-            inputs=self._prepare_user_inputs(user_inputs=inputs, app_config=app_config, user_id=user.id, role=role),
-            files=system_files,
+            inputs=self._get_cleaned_inputs(inputs, app_config),
+            files=file_objs,
            user_id=user.id,
            stream=stream,
            invoke_from=invoke_from,
--- a/api/core/app/apps/workflow/app_runner.py
+++ b/api/core/app/apps/workflow/app_runner.py
@ -1,20 +1,21 @@
 import logging
+import os
 from typing import Optional, cast

-from configs import dify_config
 from core.app.apps.base_app_queue_manager import AppQueueManager
 from core.app.apps.workflow.app_config_manager import WorkflowAppConfig
 from core.app.apps.workflow_app_runner import WorkflowBasedAppRunner
+from core.app.apps.workflow_logging_callback import WorkflowLoggingCallback
 from core.app.entities.app_invoke_entities import (
    InvokeFrom,
    WorkflowAppGenerateEntity,
 )
-from core.workflow.callbacks import WorkflowCallback, WorkflowLoggingCallback
+from core.workflow.callbacks.base_workflow_callback import WorkflowCallback
+from core.workflow.entities.node_entities import UserFrom
 from core.workflow.entities.variable_pool import VariablePool
 from core.workflow.enums import SystemVariableKey
 from core.workflow.workflow_entry import WorkflowEntry
 from extensions.ext_database import db
-from models.enums import UserFrom
 from models.model import App, EndUser
 from models.workflow import WorkflowType

@ -70,7 +71,7 @@ class WorkflowAppRunner(WorkflowBasedAppRunner):
        db.session.close()

        workflow_callbacks: list[WorkflowCallback] = []
-        if dify_config.DEBUG:
+        if bool(os.environ.get("DEBUG", "False").lower() == "true"):
            workflow_callbacks.append(WorkflowLoggingCallback())

        # if only single iteration run is requested
--- a/api/core/app/apps/workflow/generate_task_pipeline.py
+++ b/api/core/app/apps/workflow/generate_task_pipeline.py
@ -1,3 +1,4 @@
+import json
 import logging
 import time
 from collections.abc import Generator
@ -333,7 +334,9 @@ class WorkflowAppGenerateTaskPipeline(BasedGenerateTaskPipeline, WorkflowCycleMa
                    start_at=graph_runtime_state.start_at,
                    total_tokens=graph_runtime_state.total_tokens,
                    total_steps=graph_runtime_state.node_run_steps,
-                    outputs=event.outputs,
+                    outputs=json.dumps(event.outputs)
+                    if isinstance(event, QueueWorkflowSucceededEvent) and event.outputs
+                    else None,
                    conversation_id=None,
                    trace_manager=trace_manager,
                )
--- a/api/core/app/apps/workflow_app_runner.py
+++ b/api/core/app/apps/workflow_app_runner.py
@ -20,6 +20,7 @@ from core.app.entities.queue_entities import (
    QueueWorkflowStartedEvent,
    QueueWorkflowSucceededEvent,
 )
+from core.workflow.entities.node_entities import NodeType
 from core.workflow.entities.variable_pool import VariablePool
 from core.workflow.graph_engine.entities.event import (
    GraphEngineEvent,
@ -40,9 +41,9 @@ from core.workflow.graph_engine.entities.event import (
    ParallelBranchRunSucceededEvent,
 )
 from core.workflow.graph_engine.entities.graph import Graph
-from core.workflow.nodes import NodeType
-from core.workflow.nodes.iteration import IterationNodeData
-from core.workflow.nodes.node_mapping import node_type_classes_mapping
+from core.workflow.nodes.base_node import BaseNode
+from core.workflow.nodes.iteration.entities import IterationNodeData
+from core.workflow.nodes.node_mapping import node_classes
 from core.workflow.workflow_entry import WorkflowEntry
 from extensions.ext_database import db
 from models.model import App
@ -136,8 +137,9 @@ class WorkflowBasedAppRunner(AppRunner):
            raise ValueError("iteration node id not found in workflow graph")

        # Get node class
-        node_type = NodeType(iteration_node_config.get("data", {}).get("type"))
-        node_cls = node_type_classes_mapping[node_type]
+        node_type = NodeType.value_of(iteration_node_config.get("data", {}).get("type"))
+        node_cls = node_classes.get(node_type)
+        node_cls = cast(type[BaseNode], node_cls)

        # init variable pool
        variable_pool = VariablePool(
--- a/api/core/workflow/callbacks/workflow_logging_callback.py
+++ b/api/core/workflow/callbacks/workflow_logging_callback.py
@ -1,6 +1,7 @@
 from typing import Optional

 from core.model_runtime.utils.encoders import jsonable_encoder
+from core.workflow.callbacks.base_workflow_callback import WorkflowCallback
 from core.workflow.graph_engine.entities.event import (
    GraphEngineEvent,
    GraphRunFailedEvent,
@ -19,8 +20,6 @@ from core.workflow.graph_engine.entities.event import (
    ParallelBranchRunSucceededEvent,
 )

-from .base_workflow_callback import WorkflowCallback
-
 _TEXT_COLOR_MAPPING = {
    "blue": "36;1",
    "yellow": "33;1",
--- a/api/core/app/entities/app_invoke_entities.py
+++ b/api/core/app/entities/app_invoke_entities.py
@ -1,4 +1,4 @@
-from collections.abc import Mapping, Sequence
+from collections.abc import Mapping
 from enum import Enum
 from typing import Any, Optional

@ -7,7 +7,7 @@ from pydantic import BaseModel, ConfigDict, Field, ValidationInfo, field_validat
 from constants import UUID_NIL
 from core.app.app_config.entities import AppConfig, EasyUIBasedAppConfig, WorkflowUIBasedAppConfig
 from core.entities.provider_configuration import ProviderModelBundle
-from core.file.models import File
+from core.file.file_obj import FileVar
 from core.model_runtime.entities.model_entities import AIModelEntity
 from core.ops.ops_trace_manager import TraceQueueManager

@ -23,7 +23,7 @@ class InvokeFrom(Enum):
    DEBUGGER = "debugger"

    @classmethod
-    def value_of(cls, value: str):
+    def value_of(cls, value: str) -> "InvokeFrom":
        """
        Get value of given mode.

@ -82,7 +82,7 @@ class AppGenerateEntity(BaseModel):
    app_config: AppConfig

    inputs: Mapping[str, Any]
-    files: Sequence[File]
+    files: list[FileVar] = []
    user_id: str

    # extras
--- a/api/core/app/entities/queue_entities.py
+++ b/api/core/app/entities/queue_entities.py
@ -5,10 +5,9 @@ from typing import Any, Optional
 from pydantic import BaseModel, field_validator

 from core.model_runtime.entities.llm_entities import LLMResult, LLMResultChunk
-from core.workflow.entities.node_entities import NodeRunMetadataKey
+from core.workflow.entities.base_node_data_entities import BaseNodeData
+from core.workflow.entities.node_entities import NodeRunMetadataKey, NodeType
 from core.workflow.graph_engine.entities.graph_runtime_state import GraphRuntimeState
-from core.workflow.nodes import NodeType
-from core.workflow.nodes.base import BaseNodeData


 class QueueEvent(str, Enum):
--- a/api/core/app/entities/task_entities.py
+++ b/api/core/app/entities/task_entities.py
@ -1,4 +1,3 @@
-from collections.abc import Mapping, Sequence
 from enum import Enum
 from typing import Any, Optional

@ -120,7 +119,6 @@ class MessageEndStreamResponse(StreamResponse):
    event: StreamEvent = StreamEvent.MESSAGE_END
    id: str
    metadata: dict = {}
-    files: Optional[Sequence[Mapping[str, Any]]] = None


 class MessageFileStreamResponse(StreamResponse):
@ -213,7 +211,7 @@ class WorkflowFinishStreamResponse(StreamResponse):
        created_by: Optional[dict] = None
        created_at: int
        finished_at: int
-        files: Optional[Sequence[Mapping[str, Any]]] = []
+        files: Optional[list[dict]] = []

    event: StreamEvent = StreamEvent.WORKFLOW_FINISHED
    workflow_run_id: str
@ -298,7 +296,7 @@ class NodeFinishStreamResponse(StreamResponse):
        execution_metadata: Optional[dict] = None
        created_at: int
        finished_at: int
-        files: Optional[Sequence[Mapping[str, Any]]] = []
+        files: Optional[list[dict]] = []
        parallel_id: Optional[str] = None
        parallel_start_node_id: Optional[str] = None
        parent_parallel_id: Optional[str] = None
--- a/api/core/app/segments/init.py
+++ b/api/core/app/segments/init.py
@ -1,12 +1,7 @@
 from .segment_group import SegmentGroup
 from .segments import (
    ArrayAnySegment,
-    ArrayFileSegment,
-    ArrayNumberSegment,
-    ArrayObjectSegment,
    ArraySegment,
-    ArrayStringSegment,
-    FileSegment,
    FloatSegment,
    IntegerSegment,
    NoneSegment,
@ -20,7 +15,6 @@ from .variables import (
    ArrayNumberVariable,
    ArrayObjectVariable,
    ArrayStringVariable,
-    FileVariable,
    FloatVariable,
    IntegerVariable,
    NoneVariable,
@ -52,10 +46,4 @@ __all__ = [
    "ArrayNumberVariable",
    "ArrayObjectVariable",
    "ArraySegment",
-    "ArrayFileSegment",
-    "ArrayNumberSegment",
-    "ArrayObjectSegment",
-    "ArrayStringSegment",
-    "FileSegment",
-    "FileVariable",
 ]
--- a/api/core/app/segments/exc.py
+++ b/api/core/app/segments/exc.py
--- a/api/factories/variable_factory.py
+++ b/api/factories/variable_factory.py
@ -2,32 +2,29 @@ from collections.abc import Mapping
 from typing import Any

 from configs import dify_config
-from core.file import File
-from core.variables import (
+
+from .exc import VariableError
+from .segments import (
    ArrayAnySegment,
-    ArrayFileSegment,
-    ArrayNumberSegment,
-    ArrayNumberVariable,
-    ArrayObjectSegment,
-    ArrayObjectVariable,
-    ArrayStringSegment,
-    ArrayStringVariable,
-    FileSegment,
    FloatSegment,
-    FloatVariable,
    IntegerSegment,
-    IntegerVariable,
    NoneSegment,
    ObjectSegment,
+    Segment,
+    StringSegment,
+)
+from .types import SegmentType
+from .variables import (
+    ArrayNumberVariable,
+    ArrayObjectVariable,
+    ArrayStringVariable,
+    FloatVariable,
+    IntegerVariable,
    ObjectVariable,
    SecretVariable,
-    Segment,
-    SegmentType,
-    StringSegment,
    StringVariable,
    Variable,
 )
-from core.variables.exc import VariableError


 def build_variable_from_mapping(mapping: Mapping[str, Any], /) -> Variable:
@ -74,22 +71,6 @@ def build_segment(value: Any, /) -> Segment:
        return FloatSegment(value=value)
    if isinstance(value, dict):
        return ObjectSegment(value=value)
-    if isinstance(value, File):
-        return FileSegment(value=value)
    if isinstance(value, list):
-        items = [build_segment(item) for item in value]
-        types = {item.value_type for item in items}
-        if len(types) != 1:
-            return ArrayAnySegment(value=value)
-        match types.pop():
-            case SegmentType.STRING:
-                return ArrayStringSegment(value=value)
-            case SegmentType.NUMBER:
-                return ArrayNumberSegment(value=value)
-            case SegmentType.OBJECT:
-                return ArrayObjectSegment(value=value)
-            case SegmentType.FILE:
-                return ArrayFileSegment(value=value)
-            case _:
-                raise ValueError(f"not supported value {value}")
+        return ArrayAnySegment(value=value)
    raise ValueError(f"not supported value {value}")
--- a/api/core/app/segments/parser.py
+++ b/api/core/app/segments/parser.py
@ -0,0 +1,18 @@
+import re
+
+from core.workflow.entities.variable_pool import VariablePool
+
+from . import SegmentGroup, factory
+
+VARIABLE_PATTERN = re.compile(r"\{\{#([a-zA-Z0-9_]{1,50}(?:\.[a-zA-Z_][a-zA-Z0-9_]{0,29}){1,10})#\}\}")
+
+
+def convert_template(*, template: str, variable_pool: VariablePool):
+    parts = re.split(VARIABLE_PATTERN, template)
+    segments = []
+    for part in filter(lambda x: x, parts):
+        if "." in part and (value := variable_pool.get(part.split("."))):
+            segments.append(value)
+        else:
+            segments.append(factory.build_segment(part))
+    return SegmentGroup(value=segments)
--- a/api/core/app/segments/segment_group.py
+++ b/api/core/app/segments/segment_group.py
--- a/api/core/app/segments/segments.py
+++ b/api/core/app/segments/segments.py
@ -5,8 +5,6 @@ from typing import Any

 from pydantic import BaseModel, ConfigDict, field_validator

-from core.file import File
-
 from .types import SegmentType


@ -41,9 +39,6 @@ class Segment(BaseModel):

    @property
    def size(self) -> int:
-        """
-        Return the size of the value in bytes.
-        """
        return sys.getsizeof(self.value)

    def to_object(self) -> Any:
@ -56,15 +51,15 @@ class NoneSegment(Segment):

    @property
    def text(self) -> str:
-        return ""
+        return "null"

    @property
    def log(self) -> str:
-        return ""
+        return "null"

    @property
    def markdown(self) -> str:
-        return ""
+        return "null"


 class StringSegment(Segment):
@ -104,27 +99,13 @@ class ArraySegment(Segment):
    def markdown(self) -> str:
        items = []
        for item in self.value:
-            items.append(str(item))
+            if hasattr(item, "to_markdown"):
+                items.append(item.to_markdown())
+            else:
+                items.append(str(item))
        return "\n".join(items)


-class FileSegment(Segment):
-    value_type: SegmentType = SegmentType.FILE
-    value: File
-
-    @property
-    def markdown(self) -> str:
-        return self.value.markdown
-
-    @property
-    def log(self) -> str:
-        return str(self.value)
-
-    @property
-    def text(self) -> str:
-        return str(self.value)
-
-
 class ArrayAnySegment(ArraySegment):
    value_type: SegmentType = SegmentType.ARRAY_ANY
    value: Sequence[Any]
@ -143,15 +124,3 @@ class ArrayNumberSegment(ArraySegment):
 class ArrayObjectSegment(ArraySegment):
    value_type: SegmentType = SegmentType.ARRAY_OBJECT
    value: Sequence[Mapping[str, Any]]
-
-
-class ArrayFileSegment(ArraySegment):
-    value_type: SegmentType = SegmentType.ARRAY_FILE
-    value: Sequence[File]
-
-    @property
-    def markdown(self) -> str:
-        items = []
-        for item in self.value:
-            items.append(item.markdown)
-        return "\n".join(items)
--- a/api/core/app/segments/types.py
+++ b/api/core/app/segments/types.py
@ -11,7 +11,5 @@ class SegmentType(str, Enum):
    ARRAY_NUMBER = "array[number]"
    ARRAY_OBJECT = "array[object]"
    OBJECT = "object"
-    FILE = "file"
-    ARRAY_FILE = "array[file]"

    GROUP = "group"
--- a/api/core/app/segments/variables.py
+++ b/api/core/app/segments/variables.py
@ -7,7 +7,6 @@ from .segments import (
    ArrayNumberSegment,
    ArrayObjectSegment,
    ArrayStringSegment,
-    FileSegment,
    FloatSegment,
    IntegerSegment,
    NoneSegment,
@ -74,7 +73,3 @@ class SecretVariable(StringVariable):
 class NoneVariable(NoneSegment, Variable):
    value_type: SegmentType = SegmentType.NONE
    value: None = None
-
-
-class FileVariable(FileSegment, Variable):
-    pass
--- a/api/core/app/task_pipeline/based_generate_task_pipeline.py
+++ b/api/core/app/task_pipeline/based_generate_task_pipeline.py
@ -53,7 +53,7 @@ class BasedGenerateTaskPipeline:
        self._output_moderation_handler = self._init_output_moderation()
        self._stream = stream

-    def _handle_error(self, event: QueueErrorEvent, message: Optional[Message] = None):
+    def _handle_error(self, event: QueueErrorEvent, message: Optional[Message] = None) -> Exception:
        """
        Handle error event.
        :param event: event
@ -100,7 +100,7 @@ class BasedGenerateTaskPipeline:

        return message

-    def _error_to_stream_response(self, e: Exception):
+    def _error_to_stream_response(self, e: Exception) -> ErrorStreamResponse:
        """
        Error to stream response.
        :param e: exception
--- a/api/core/app/task_pipeline/workflow_cycle_manage.py
+++ b/api/core/app/task_pipeline/workflow_cycle_manage.py
@ -1,11 +1,8 @@
 import json
 import time
-from collections.abc import Mapping, Sequence
 from datetime import datetime, timezone
 from typing import Any, Optional, Union, cast

-from sqlalchemy.orm import Session
-
 from core.app.entities.app_invoke_entities import AdvancedChatAppGenerateEntity, InvokeFrom, WorkflowAppGenerateEntity
 from core.app.entities.queue_entities import (
    QueueIterationCompletedEvent,
@ -30,26 +27,27 @@ from core.app.entities.task_entities import (
    WorkflowStartStreamResponse,
    WorkflowTaskState,
 )
-from core.file import FILE_MODEL_IDENTITY, File
+from core.file.file_obj import FileVar
 from core.model_runtime.utils.encoders import jsonable_encoder
 from core.ops.entities.trace_entity import TraceTaskName
 from core.ops.ops_trace_manager import TraceQueueManager, TraceTask
 from core.tools.tool_manager import ToolManager
+from core.workflow.entities.node_entities import NodeType
 from core.workflow.enums import SystemVariableKey
-from core.workflow.nodes import NodeType
 from core.workflow.nodes.tool.entities import ToolNodeData
 from core.workflow.workflow_entry import WorkflowEntry
 from extensions.ext_database import db
 from models.account import Account
-from models.enums import CreatedByRole, WorkflowRunTriggeredFrom
 from models.model import EndUser
 from models.workflow import (
+    CreatedByRole,
    Workflow,
    WorkflowNodeExecution,
    WorkflowNodeExecutionStatus,
    WorkflowNodeExecutionTriggeredFrom,
    WorkflowRun,
    WorkflowRunStatus,
+    WorkflowRunTriggeredFrom,
 )


@ -119,7 +117,7 @@ class WorkflowCycleManage:
        start_at: float,
        total_tokens: int,
        total_steps: int,
-        outputs: Mapping[str, Any] | None = None,
+        outputs: Optional[str] = None,
        conversation_id: Optional[str] = None,
        trace_manager: Optional[TraceQueueManager] = None,
    ) -> WorkflowRun:
@ -135,10 +133,8 @@ class WorkflowCycleManage:
        """
        workflow_run = self._refetch_workflow_run(workflow_run.id)

-        outputs = WorkflowEntry.handle_special_values(outputs)
-
        workflow_run.status = WorkflowRunStatus.SUCCEEDED.value
-        workflow_run.outputs = json.dumps(outputs or {})
+        workflow_run.outputs = outputs
        workflow_run.elapsed_time = time.perf_counter() - start_at
        workflow_run.total_tokens = total_tokens
        workflow_run.total_steps = total_steps
@ -234,30 +230,30 @@ class WorkflowCycleManage:
        self, workflow_run: WorkflowRun, event: QueueNodeStartedEvent
    ) -> WorkflowNodeExecution:
        # init workflow node execution
+        workflow_node_execution = WorkflowNodeExecution()
+        workflow_node_execution.tenant_id = workflow_run.tenant_id
+        workflow_node_execution.app_id = workflow_run.app_id
+        workflow_node_execution.workflow_id = workflow_run.workflow_id
+        workflow_node_execution.triggered_from = WorkflowNodeExecutionTriggeredFrom.WORKFLOW_RUN.value
+        workflow_node_execution.workflow_run_id = workflow_run.id
+        workflow_node_execution.predecessor_node_id = event.predecessor_node_id
+        workflow_node_execution.index = event.node_run_index
+        workflow_node_execution.node_execution_id = event.node_execution_id
+        workflow_node_execution.node_id = event.node_id
+        workflow_node_execution.node_type = event.node_type.value
+        workflow_node_execution.title = event.node_data.title
+        workflow_node_execution.status = WorkflowNodeExecutionStatus.RUNNING.value
+        workflow_node_execution.created_by_role = workflow_run.created_by_role
+        workflow_node_execution.created_by = workflow_run.created_by
+        workflow_node_execution.created_at = datetime.now(timezone.utc).replace(tzinfo=None)

-        with Session(db.engine, expire_on_commit=False) as session:
-            workflow_node_execution = WorkflowNodeExecution()
-            workflow_node_execution.tenant_id = workflow_run.tenant_id
-            workflow_node_execution.app_id = workflow_run.app_id
-            workflow_node_execution.workflow_id = workflow_run.workflow_id
-            workflow_node_execution.triggered_from = WorkflowNodeExecutionTriggeredFrom.WORKFLOW_RUN.value
-            workflow_node_execution.workflow_run_id = workflow_run.id
-            workflow_node_execution.predecessor_node_id = event.predecessor_node_id
-            workflow_node_execution.index = event.node_run_index
-            workflow_node_execution.node_execution_id = event.node_execution_id
-            workflow_node_execution.node_id = event.node_id
-            workflow_node_execution.node_type = event.node_type.value
-            workflow_node_execution.title = event.node_data.title
-            workflow_node_execution.status = WorkflowNodeExecutionStatus.RUNNING.value
-            workflow_node_execution.created_by_role = workflow_run.created_by_role
-            workflow_node_execution.created_by = workflow_run.created_by
-            workflow_node_execution.created_at = datetime.now(timezone.utc).replace(tzinfo=None)
-
-            session.add(workflow_node_execution)
-            session.commit()
-            session.refresh(workflow_node_execution)
+        db.session.add(workflow_node_execution)
+        db.session.commit()
+        db.session.refresh(workflow_node_execution)
+        db.session.close()

        self._wip_workflow_node_executions[workflow_node_execution.node_execution_id] = workflow_node_execution
+
        return workflow_node_execution

    def _handle_workflow_node_execution_success(self, event: QueueNodeSucceededEvent) -> WorkflowNodeExecution:
@ -269,7 +265,6 @@ class WorkflowCycleManage:
        workflow_node_execution = self._refetch_workflow_node_execution(event.node_execution_id)

        inputs = WorkflowEntry.handle_special_values(event.inputs)
-        process_data = WorkflowEntry.handle_special_values(event.process_data)
        outputs = WorkflowEntry.handle_special_values(event.outputs)
        execution_metadata = (
            json.dumps(jsonable_encoder(event.execution_metadata)) if event.execution_metadata else None
@ -281,7 +276,7 @@ class WorkflowCycleManage:
            {
                WorkflowNodeExecution.status: WorkflowNodeExecutionStatus.SUCCEEDED.value,
                WorkflowNodeExecution.inputs: json.dumps(inputs) if inputs else None,
-                WorkflowNodeExecution.process_data: json.dumps(process_data) if event.process_data else None,
+                WorkflowNodeExecution.process_data: json.dumps(event.process_data) if event.process_data else None,
                WorkflowNodeExecution.outputs: json.dumps(outputs) if outputs else None,
                WorkflowNodeExecution.execution_metadata: execution_metadata,
                WorkflowNodeExecution.finished_at: finished_at,
@ -291,11 +286,10 @@ class WorkflowCycleManage:

        db.session.commit()
        db.session.close()
-        process_data = WorkflowEntry.handle_special_values(event.process_data)

        workflow_node_execution.status = WorkflowNodeExecutionStatus.SUCCEEDED.value
        workflow_node_execution.inputs = json.dumps(inputs) if inputs else None
-        workflow_node_execution.process_data = json.dumps(process_data) if process_data else None
+        workflow_node_execution.process_data = json.dumps(event.process_data) if event.process_data else None
        workflow_node_execution.outputs = json.dumps(outputs) if outputs else None
        workflow_node_execution.execution_metadata = execution_metadata
        workflow_node_execution.finished_at = finished_at
@ -314,7 +308,6 @@ class WorkflowCycleManage:
        workflow_node_execution = self._refetch_workflow_node_execution(event.node_execution_id)

        inputs = WorkflowEntry.handle_special_values(event.inputs)
-        process_data = WorkflowEntry.handle_special_values(event.process_data)
        outputs = WorkflowEntry.handle_special_values(event.outputs)
        finished_at = datetime.now(timezone.utc).replace(tzinfo=None)
        elapsed_time = (finished_at - event.start_at).total_seconds()
@ -324,7 +317,7 @@ class WorkflowCycleManage:
                WorkflowNodeExecution.status: WorkflowNodeExecutionStatus.FAILED.value,
                WorkflowNodeExecution.error: event.error,
                WorkflowNodeExecution.inputs: json.dumps(inputs) if inputs else None,
-                WorkflowNodeExecution.process_data: json.dumps(process_data) if event.process_data else None,
+                WorkflowNodeExecution.process_data: json.dumps(event.process_data) if event.process_data else None,
                WorkflowNodeExecution.outputs: json.dumps(outputs) if outputs else None,
                WorkflowNodeExecution.finished_at: finished_at,
                WorkflowNodeExecution.elapsed_time: elapsed_time,
@ -333,12 +326,11 @@ class WorkflowCycleManage:

        db.session.commit()
        db.session.close()
-        process_data = WorkflowEntry.handle_special_values(event.process_data)

        workflow_node_execution.status = WorkflowNodeExecutionStatus.FAILED.value
        workflow_node_execution.error = event.error
        workflow_node_execution.inputs = json.dumps(inputs) if inputs else None
-        workflow_node_execution.process_data = json.dumps(process_data) if process_data else None
+        workflow_node_execution.process_data = json.dumps(event.process_data) if event.process_data else None
        workflow_node_execution.outputs = json.dumps(outputs) if outputs else None
        workflow_node_execution.finished_at = finished_at
        workflow_node_execution.elapsed_time = elapsed_time
@ -645,7 +637,7 @@ class WorkflowCycleManage:
            ),
        )

-    def _fetch_files_from_node_outputs(self, outputs_dict: dict) -> Sequence[Mapping[str, Any]]:
+    def _fetch_files_from_node_outputs(self, outputs_dict: dict) -> list[dict]:
        """
        Fetch files from node outputs
        :param outputs_dict: node outputs dict
@ -654,15 +646,15 @@ class WorkflowCycleManage:
        if not outputs_dict:
            return []

-        files = [self._fetch_files_from_variable_value(output_value) for output_value in outputs_dict.values()]
-        # Remove None
-        files = [file for file in files if file]
-        # Flatten list
-        files = [file for sublist in files for file in sublist]
+        files = []
+        for output_var, output_value in outputs_dict.items():
+            file_vars = self._fetch_files_from_variable_value(output_value)
+            if file_vars:
+                files.extend(file_vars)

        return files

-    def _fetch_files_from_variable_value(self, value: Union[dict, list]) -> Sequence[Mapping[str, Any]]:
+    def _fetch_files_from_variable_value(self, value: Union[dict, list]) -> list[dict]:
        """
        Fetch files from variable value
        :param value: variable value
@ -674,17 +666,17 @@ class WorkflowCycleManage:
        files = []
        if isinstance(value, list):
            for item in value:
-                file = self._get_file_var_from_value(item)
-                if file:
-                    files.append(file)
+                file_var = self._get_file_var_from_value(item)
+                if file_var:
+                    files.append(file_var)
        elif isinstance(value, dict):
-            file = self._get_file_var_from_value(value)
-            if file:
-                files.append(file)
+            file_var = self._get_file_var_from_value(value)
+            if file_var:
+                files.append(file_var)

        return files

-    def _get_file_var_from_value(self, value: Union[dict, list]) -> Mapping[str, Any] | None:
+    def _get_file_var_from_value(self, value: Union[dict, list]) -> Optional[dict]:
        """
        Get file var from value
        :param value: variable value
@ -693,11 +685,14 @@ class WorkflowCycleManage:
        if not value:
            return None

-        if isinstance(value, dict) and value.get("dify_model_identity") == FILE_MODEL_IDENTITY:
-            return value
-        elif isinstance(value, File):
+        if isinstance(value, dict):
+            if "__variant" in value and value["__variant"] == FileVar.__name__:
+                return value
+        elif isinstance(value, FileVar):
            return value.to_dict()

+        return None
+
    def _refetch_workflow_run(self, workflow_run_id: str) -> WorkflowRun:
        """
        Refetch workflow run
--- a/api/core/entities/message_entities.py
+++ b/api/core/entities/message_entities.py
@ -0,0 +1,29 @@
+import enum
+from typing import Any
+
+from pydantic import BaseModel
+
+
+class PromptMessageFileType(enum.Enum):
+    IMAGE = "image"
+
+    @staticmethod
+    def value_of(value):
+        for member in PromptMessageFileType:
+            if member.value == value:
+                return member
+        raise ValueError(f"No matching enum found for value '{value}'")
+
+
+class PromptMessageFile(BaseModel):
+    type: PromptMessageFileType
+    data: Any = None
+
+
+class ImagePromptMessageFile(PromptMessageFile):
+    class DETAIL(enum.Enum):
+        LOW = "low"
+        HIGH = "high"
+
+    type: PromptMessageFileType = PromptMessageFileType.IMAGE
+    detail: DETAIL = DETAIL.LOW
--- a/api/core/file/init.py
+++ b/api/core/file/init.py
@ -1,19 +0,0 @@
-from .constants import FILE_MODEL_IDENTITY
-from .enums import ArrayFileAttribute, FileAttribute, FileBelongsTo, FileTransferMethod, FileType
-from .models import (
-    File,
-    FileExtraConfig,
-    ImageConfig,
-)
-
-__all__ = [
-    "FileType",
-    "FileExtraConfig",
-    "FileTransferMethod",
-    "FileBelongsTo",
-    "File",
-    "ImageConfig",
-    "FileAttribute",
-    "ArrayFileAttribute",
-    "FILE_MODEL_IDENTITY",
-]
--- a/api/core/file/constants.py
+++ b/api/core/file/constants.py
@ -1 +0,0 @@
-FILE_MODEL_IDENTITY = "__dify__file__"
--- a/api/core/file/enums.py
+++ b/api/core/file/enums.py
@ -1,55 +0,0 @@
-from enum import Enum
-
-
-class FileType(str, Enum):
-    IMAGE = "image"
-    DOCUMENT = "document"
-    AUDIO = "audio"
-    VIDEO = "video"
-    CUSTOM = "custom"
-
-    @staticmethod
-    def value_of(value):
-        for member in FileType:
-            if member.value == value:
-                return member
-        raise ValueError(f"No matching enum found for value '{value}'")
-
-
-class FileTransferMethod(str, Enum):
-    REMOTE_URL = "remote_url"
-    LOCAL_FILE = "local_file"
-    TOOL_FILE = "tool_file"
-
-    @staticmethod
-    def value_of(value):
-        for member in FileTransferMethod:
-            if member.value == value:
-                return member
-        raise ValueError(f"No matching enum found for value '{value}'")
-
-
-class FileBelongsTo(str, Enum):
-    USER = "user"
-    ASSISTANT = "assistant"
-
-    @staticmethod
-    def value_of(value):
-        for member in FileBelongsTo:
-            if member.value == value:
-                return member
-        raise ValueError(f"No matching enum found for value '{value}'")
-
-
-class FileAttribute(str, Enum):
-    TYPE = "type"
-    SIZE = "size"
-    NAME = "name"
-    MIME_TYPE = "mime_type"
-    TRANSFER_METHOD = "transfer_method"
-    URL = "url"
-    EXTENSION = "extension"
-
-
-class ArrayFileAttribute(str, Enum):
-    LENGTH = "length"
--- a/api/core/file/file_manager.py
+++ b/api/core/file/file_manager.py
@ -1,164 +0,0 @@
-import base64
-
-from configs import dify_config
-from core.file import file_repository
-from core.helper import ssrf_proxy
-from core.model_runtime.entities import AudioPromptMessageContent, ImagePromptMessageContent
-from extensions.ext_database import db
-from extensions.ext_storage import storage
-
-from . import helpers
-from .enums import FileAttribute
-from .models import File, FileTransferMethod, FileType
-from .tool_file_parser import ToolFileParser
-
-
-def get_attr(*, file: File, attr: FileAttribute):
-    match attr:
-        case FileAttribute.TYPE:
-            return file.type.value
-        case FileAttribute.SIZE:
-            return file.size
-        case FileAttribute.NAME:
-            return file.filename
-        case FileAttribute.MIME_TYPE:
-            return file.mime_type
-        case FileAttribute.TRANSFER_METHOD:
-            return file.transfer_method.value
-        case FileAttribute.URL:
-            return file.remote_url
-        case FileAttribute.EXTENSION:
-            return file.extension
-        case _:
-            raise ValueError(f"Invalid file attribute: {attr}")
-
-
-def to_prompt_message_content(f: File, /):
-    """
-    Convert a File object to an ImagePromptMessageContent object.
-
-    This function takes a File object and converts it to an ImagePromptMessageContent
-    object, which can be used as a prompt for image-based AI models.
-
-    Args:
-        file (File): The File object to convert. Must be of type FileType.IMAGE.
-
-    Returns:
-        ImagePromptMessageContent: An object containing the image data and detail level.
-
-    Raises:
-        ValueError: If the file is not an image or if the file data is missing.
-
-    Note:
-        The detail level of the image prompt is determined by the file's extra_config.
-        If not specified, it defaults to ImagePromptMessageContent.DETAIL.LOW.
-    """
-    match f.type:
-        case FileType.IMAGE:
-            if dify_config.MULTIMODAL_SEND_IMAGE_FORMAT == "url":
-                data = _to_url(f)
-            else:
-                data = _to_base64_data_string(f)
-
-            if f._extra_config and f._extra_config.image_config and f._extra_config.image_config.detail:
-                detail = f._extra_config.image_config.detail
-            else:
-                detail = ImagePromptMessageContent.DETAIL.LOW
-
-            return ImagePromptMessageContent(data=data, detail=detail)
-        case FileType.AUDIO:
-            encoded_string = _file_to_encoded_string(f)
-            if f.extension is None:
-                raise ValueError("Missing file extension")
-            return AudioPromptMessageContent(data=encoded_string, format=f.extension.lstrip("."))
-        case _:
-            raise ValueError(f"file type {f.type} is not supported")
-
-
-def download(f: File, /):
-    if f.transfer_method == FileTransferMethod.TOOL_FILE:
-        tool_file = file_repository.get_tool_file(session=db.session(), file=f)
-        return _download_file_content(tool_file.file_key)
-    elif f.transfer_method == FileTransferMethod.LOCAL_FILE:
-        upload_file = file_repository.get_upload_file(session=db.session(), file=f)
-        return _download_file_content(upload_file.key)
-    # remote file
-    response = ssrf_proxy.get(f.remote_url, follow_redirects=True)
-    response.raise_for_status()
-    return response.content
-
-
-def _download_file_content(path: str, /):
-    """
-    Download and return the contents of a file as bytes.
-
-    This function loads the file from storage and ensures it's in bytes format.
-
-    Args:
-        path (str): The path to the file in storage.
-
-    Returns:
-        bytes: The contents of the file as a bytes object.
-
-    Raises:
-        ValueError: If the loaded file is not a bytes object.
-    """
-    data = storage.load(path, stream=False)
-    if not isinstance(data, bytes):
-        raise ValueError(f"file {path} is not a bytes object")
-    return data
-
-
-def _get_encoded_string(f: File, /):
-    match f.transfer_method:
-        case FileTransferMethod.REMOTE_URL:
-            response = ssrf_proxy.get(f.remote_url)
-            response.raise_for_status()
-            content = response.content
-            encoded_string = base64.b64encode(content).decode("utf-8")
-            return encoded_string
-        case FileTransferMethod.LOCAL_FILE:
-            upload_file = file_repository.get_upload_file(session=db.session(), file=f)
-            data = _download_file_content(upload_file.key)
-            encoded_string = base64.b64encode(data).decode("utf-8")
-            return encoded_string
-        case FileTransferMethod.TOOL_FILE:
-            tool_file = file_repository.get_tool_file(session=db.session(), file=f)
-            data = _download_file_content(tool_file.file_key)
-            encoded_string = base64.b64encode(data).decode("utf-8")
-            return encoded_string
-        case _:
-            raise ValueError(f"Unsupported transfer method: {f.transfer_method}")
-
-
-def _to_base64_data_string(f: File, /):
-    encoded_string = _get_encoded_string(f)
-    return f"data:{f.mime_type};base64,{encoded_string}"
-
-
-def _file_to_encoded_string(f: File, /):
-    match f.type:
-        case FileType.IMAGE:
-            return _to_base64_data_string(f)
-        case FileType.AUDIO:
-            return _get_encoded_string(f)
-        case _:
-            raise ValueError(f"file type {f.type} is not supported")
-
-
-def _to_url(f: File, /):
-    if f.transfer_method == FileTransferMethod.REMOTE_URL:
-        if f.remote_url is None:
-            raise ValueError("Missing file remote_url")
-        return f.remote_url
-    elif f.transfer_method == FileTransferMethod.LOCAL_FILE:
-        if f.related_id is None:
-            raise ValueError("Missing file related_id")
-        return helpers.get_signed_file_url(upload_file_id=f.related_id)
-    elif f.transfer_method == FileTransferMethod.TOOL_FILE:
-        # add sign url
-        if f.related_id is None or f.extension is None:
-            raise ValueError("Missing file related_id or extension")
-        return ToolFileParser.get_tool_file_manager().sign_file(tool_file_id=f.related_id, extension=f.extension)
-    else:
-        raise ValueError(f"Unsupported transfer method: {f.transfer_method}")
--- a/api/core/file/file_obj.py
+++ b/api/core/file/file_obj.py
@ -0,0 +1,145 @@
+import enum
+from typing import Any, Optional
+
+from pydantic import BaseModel
+
+from core.file.tool_file_parser import ToolFileParser
+from core.file.upload_file_parser import UploadFileParser
+from core.model_runtime.entities.message_entities import ImagePromptMessageContent
+from extensions.ext_database import db
+
+
+class FileExtraConfig(BaseModel):
+    """
+    File Upload Entity.
+    """
+
+    image_config: Optional[dict[str, Any]] = None
+
+
+class FileType(enum.Enum):
+    IMAGE = "image"
+
+    @staticmethod
+    def value_of(value):
+        for member in FileType:
+            if member.value == value:
+                return member
+        raise ValueError(f"No matching enum found for value '{value}'")
+
+
+class FileTransferMethod(enum.Enum):
+    REMOTE_URL = "remote_url"
+    LOCAL_FILE = "local_file"
+    TOOL_FILE = "tool_file"
+
+    @staticmethod
+    def value_of(value):
+        for member in FileTransferMethod:
+            if member.value == value:
+                return member
+        raise ValueError(f"No matching enum found for value '{value}'")
+
+
+class FileBelongsTo(enum.Enum):
+    USER = "user"
+    ASSISTANT = "assistant"
+
+    @staticmethod
+    def value_of(value):
+        for member in FileBelongsTo:
+            if member.value == value:
+                return member
+        raise ValueError(f"No matching enum found for value '{value}'")
+
+
+class FileVar(BaseModel):
+    id: Optional[str] = None  # message file id
+    tenant_id: str
+    type: FileType
+    transfer_method: FileTransferMethod
+    url: Optional[str] = None  # remote url
+    related_id: Optional[str] = None
+    extra_config: Optional[FileExtraConfig] = None
+    filename: Optional[str] = None
+    extension: Optional[str] = None
+    mime_type: Optional[str] = None
+
+    def to_dict(self) -> dict:
+        return {
+            "__variant": self.__class__.__name__,
+            "tenant_id": self.tenant_id,
+            "type": self.type.value,
+            "transfer_method": self.transfer_method.value,
+            "url": self.preview_url,
+            "remote_url": self.url,
+            "related_id": self.related_id,
+            "filename": self.filename,
+            "extension": self.extension,
+            "mime_type": self.mime_type,
+        }
+
+    def to_markdown(self) -> str:
+        """
+        Convert file to markdown
+        :return:
+        """
+        preview_url = self.preview_url
+        if self.type == FileType.IMAGE:
+            text = f'![{self.filename or ""}]({preview_url})'
+        else:
+            text = f"[{self.filename or preview_url}]({preview_url})"
+
+        return text
+
+    @property
+    def data(self) -> Optional[str]:
+        """
+        Get image data, file signed url or base64 data
+        depending on config MULTIMODAL_SEND_IMAGE_FORMAT
+        :return:
+        """
+        return self._get_data()
+
+    @property
+    def preview_url(self) -> Optional[str]:
+        """
+        Get signed preview url
+        :return:
+        """
+        return self._get_data(force_url=True)
+
+    @property
+    def prompt_message_content(self) -> ImagePromptMessageContent:
+        if self.type == FileType.IMAGE:
+            image_config = self.extra_config.image_config
+
+            return ImagePromptMessageContent(
+                data=self.data,
+                detail=ImagePromptMessageContent.DETAIL.HIGH
+                if image_config.get("detail") == "high"
+                else ImagePromptMessageContent.DETAIL.LOW,
+            )
+
+    def _get_data(self, force_url: bool = False) -> Optional[str]:
+        from models.model import UploadFile
+
+        if self.type == FileType.IMAGE:
+            if self.transfer_method == FileTransferMethod.REMOTE_URL:
+                return self.url
+            elif self.transfer_method == FileTransferMethod.LOCAL_FILE:
+                upload_file = (
+                    db.session.query(UploadFile)
+                    .filter(UploadFile.id == self.related_id, UploadFile.tenant_id == self.tenant_id)
+                    .first()
+                )
+
+                return UploadFileParser.get_image_data(upload_file=upload_file, force_url=force_url)
+            elif self.transfer_method == FileTransferMethod.TOOL_FILE:
+                extension = self.extension
+                # add sign url
+                return ToolFileParser.get_tool_file_manager().sign_file(
+                    tool_file_id=self.related_id, extension=extension
+                )
+
+        return None
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
AkaraChen	2fe28279c8	build: update react refresh ignore	2024-10-22 14:09:31 +08:00
AkaraChen	3d165ec7d9	build: eslint plugin react-refresh	2024-10-22 13:49:39 +08:00
Yi	0b8c896481	Merge branch 'feat/plugins' of github.com:langgenius/dify into feat/plugins	2024-10-22 13:43:15 +08:00
Yi	15fe635465	chore: install package from GitHub	2024-10-22 13:43:01 +08:00
AkaraChen	f8c3189f4d	build: fix eslint undef	2024-10-22 11:43:23 +08:00
AkaraChen	f215db87e3	build: fix eslint undef	2024-10-22 11:36:42 +08:00
Joel	67d02212b4	chore: pnpm	2024-10-22 11:18:30 +08:00
Joel	cff9adaf8e	chore: tools ts problems	2024-10-22 11:06:28 +08:00
AkaraChen	cdd2a40086	style: minimium codemod	2024-10-22 02:24:59 +00:00
AkaraChen	024028bc52	build: sync eslint rule	2024-10-22 10:24:10 +08:00
AkaraChen	0ae085b48a	build: add eslint common rule	2024-10-22 10:24:10 +08:00
AkaraChen	2094c54951	build: update eslint config antfu	2024-10-22 10:24:10 +08:00
AkaraChen	f4f11135d3	build: using eslint flat config	2024-10-22 10:24:10 +08:00
Joel	8e9d7a229d	feat: scroll to view and fix action hidden	2024-10-21 18:21:45 +08:00
Joel	8f49572f85	chore: from marketplace tilte ui	2024-10-21 15:07:18 +08:00
JzoNg	5aa7696cc3	update style of action list	2024-10-21 11:34:21 +08:00
JzoNg	15dd79e822	provider detail data binding	2024-10-21 11:34:21 +08:00
JzoNg	4651ab4195	new style of provider detail	2024-10-21 11:34:21 +08:00
JzoNg	5e3160e6f6	fix title & description of tool provider	2024-10-21 11:34:21 +08:00
JzoNg	973cd126bb	create & update endpoint	2024-10-21 11:34:21 +08:00
JzoNg	ebaf8766ef	endpoint form	2024-10-21 11:34:21 +08:00
JzoNg	d2190e9c3a	remove endpoint	2024-10-21 11:34:21 +08:00
JzoNg	37f55098fe	switch endpoint service state	2024-10-21 11:34:21 +08:00
JzoNg	b1771194cc	servise of endpoints	2024-10-21 11:34:21 +08:00
JzoNg	0279bd8c75	endpoint card databing	2024-10-21 11:34:21 +08:00
JzoNg	5e077e4ce8	endpoints data binding	2024-10-21 11:34:21 +08:00
JzoNg	64067e1f20	plugin detail header operations	2024-10-21 11:34:21 +08:00
JzoNg	5295c72ca1	endpoints mock data	2024-10-21 11:34:21 +08:00
JzoNg	1ecea62052	add verified tag	2024-10-21 11:34:21 +08:00
JzoNg	307af29b65	add plugin description	2024-10-21 11:34:21 +08:00
JzoNg	10190a9aa5	plugin detail header data binding	2024-10-21 11:34:21 +08:00
JzoNg	7c5c35600c	plugin detail type	2024-10-21 11:34:21 +08:00
JzoNg	63b333cdb1	modify plugin detail panel	2024-10-21 11:34:21 +08:00
JzoNg	a6776190bd	chore: update remix icon	2024-10-21 11:34:19 +08:00
AkaraChen	9577cbac27	build: docker use pnpm	2024-10-21 11:27:01 +08:00
AkaraChen	f6ae13abad	ci: migrate to pnpm	2024-10-21 11:14:30 +08:00
AkaraChen	f3d501e7d5	fix: gen-icon script phantom deps	2024-10-21 10:43:52 +08:00
AkaraChen	2eab8fcc33	build: switch to pnpm	2024-10-21 10:43:52 +08:00
Joel	bdb81fe20d	feat: choose tool sticky	2024-10-18 18:18:59 +08:00
Yi	0f60fe7f2a	chore: update workspace name (truncated for long name)	2024-10-18 14:17:53 +08:00
Yi	425f624de5	chore: add plugin panel	2024-10-18 14:02:40 +08:00
Yi	b1919745e2	Merge branch 'feat/plugins' of github.com:langgenius/dify into feat/plugins	2024-10-18 14:01:34 +08:00
twwu	9a242bcac9	Merge branch 'main' into feat/plugins	2024-10-18 09:59:43 +08:00
Yi	a6109a60b8	Merge branch 'feat/plugins' of github.com:langgenius/dify into feat/plugins	2024-10-17 15:22:08 +08:00
Yi	28f7bbf83a	chore: installation progress bar	2024-10-17 15:21:56 +08:00
Joel	cac04c5f3c	refactor: chagne card to client component	2024-10-17 15:06:06 +08:00
Joel	18f5f9cc37	feat: plugin upgrade	2024-10-16 18:05:55 +08:00
Joel	1787c5c93f	chore: handle tag name too long	2024-10-16 16:39:47 +08:00
Joel	f981494613	feat: plugin support emoji icon	2024-10-16 16:28:19 +08:00
Joel	fbc853af92	feat: remove config	2024-10-16 16:28:18 +08:00
StyleZhang	1a64c660ba	enable marketplace	2024-10-16 15:50:18 +08:00
Joel	846555af1b	fix: action buttion ui	2024-10-16 11:45:25 +08:00
Joel	bca94854f7	feat: plugin info	2024-10-16 11:30:04 +08:00
Joel	1bd70bd8bf	chore: copy button	2024-10-16 11:05:51 +08:00
Joel	d1dcd39191	feat: add debug info i18n and extract common to components	2024-10-16 10:52:16 +08:00
Joel	35384bda41	chore: refactor card loading	2024-10-15 22:52:57 +08:00
Joel	89fb6eb648	chore: set hideCornerMark to optional	2024-10-15 21:45:30 +08:00
Joel	aa61a890b2	chore: change downloadCount to optional	2024-10-15 21:43:20 +08:00
Joel	31ece363c3	chore: chagne mangament attr name	2024-10-15 21:35:56 +08:00
Joel	70a5d78cc5	chore: priviege i18n	2024-10-15 21:31:06 +08:00
Joel	57f4dfdb6f	feat: add permission data logic	2024-10-15 19:20:59 +08:00
Yi	aa9028a607	Merge branch 'feat/plugins' of github.com:langgenius/dify into feat/plugins	2024-10-15 15:48:05 +08:00
Yi	d83f94c55c	fix: set constrain for uploading packages only works in the Plugins tab	2024-10-15 15:47:54 +08:00
StyleZhang	a8c5e0b0b0	tool list item click	2024-10-15 15:13:00 +08:00
Yi	177e8cbf73	Merge branch 'feat/plugins' of github.com:langgenius/dify into feat/plugins	2024-10-15 14:57:37 +08:00
Yi	23828fd15a	Merge branch 'feat/plugins' of github.com:langgenius/dify into feat/plugins	2024-10-15 14:57:11 +08:00
StyleZhang	2cc37ac8e5	tool list	2024-10-15 14:57:00 +08:00
Yi	c9ee1e9ff2	feat: install difypkg ui	2024-10-15 14:56:59 +08:00
Joel	4f10f5d5f4	chore: hover show action	2024-10-15 11:57:44 +08:00
Yi	c48c84674e	Merge branch 'feat/plugins' of github.com:langgenius/dify into feat/plugins	2024-10-15 11:02:45 +08:00
Yi	1e9fbbf41b	fix: dynamic sub header color	2024-10-15 11:02:25 +08:00
StyleZhang	4dd144ce43	tools list	2024-10-15 10:41:10 +08:00
Yi	a387ff1c38	Merge branch 'feat/plugins' of github.com:langgenius/dify into feat/plugins	2024-10-14 18:43:24 +08:00
Yi	a9e367e6de	feat: use-uploader hook	2024-10-14 18:43:08 +08:00
Joel	e2fec587f8	feat: from marketplace	2024-10-14 18:35:13 +08:00
StyleZhang	39a6f0943d	marketplace	2024-10-14 12:38:53 +08:00
JzoNg	684896d100	merge main	2024-10-14 10:29:52 +08:00
JzoNg	54f911f6cd	endpoints	2024-10-13 10:49:55 +08:00
Joel	0e5c16d0c2	feat: view to ui and fix some ui promblem	2024-10-12 18:15:11 +08:00
Joel	b8cd6ea478	feat: support view choose	2024-10-12 17:36:35 +08:00
JzoNg	fc61fd0f50	action list	2024-10-12 17:08:45 +08:00
JzoNg	2fbfc988c4	plugin panel detail	2024-10-12 16:37:57 +08:00
JzoNg	99f5fea001	plugin detail panel header	2024-10-12 16:37:57 +08:00
StyleZhang	ecd2a1be9f	marketplace	2024-10-12 16:34:18 +08:00
Joel	49ee9ca5f1	feat: tool item support action	2024-10-12 16:04:16 +08:00
Joel	6d0eef12b1	feat: split tools data to out and add demo	2024-10-12 14:30:46 +08:00
StyleZhang	c1e0a939b0	marketplace	2024-10-12 12:46:49 +08:00
JzoNg	060a894bd1	interaction of plugin detail panel	2024-10-12 12:36:29 +08:00
JzoNg	c75e02b5b2	update provider card	2024-10-12 12:36:29 +08:00
StyleZhang	fcf43ee845	plugin page context	2024-10-12 11:33:12 +08:00
StyleZhang	466f61d044	relocate file	2024-10-12 11:05:03 +08:00
StyleZhang	27ae74af50	hook	2024-10-12 11:03:00 +08:00
Joel	8dd941e3d2	chore: instal plug add tag	2024-10-11 18:18:32 +08:00
Joel	dec4bf6b98	fix: install modal item server	2024-10-11 18:06:23 +08:00
Joel	e2c33fc40f	fix: plugin item i18n	2024-10-11 18:05:45 +08:00
Yi	c74e59d1f4	Merge branch 'feat/plugins' of github.com:langgenius/dify into feat/plugins	2024-10-11 17:28:27 +08:00
Yi	1fcb902715	feat: add cards to "install from marketplace"	2024-10-11 17:25:33 +08:00
JzoNg	c08f98218c	hide search in other pages	2024-10-11 17:13:28 +08:00
Yi	c6377f6e38	fix: naming styles	2024-10-11 16:29:07 +08:00
Yi	3cb0a5bd68	Merge branch 'feat/plugins' of github.com:langgenius/dify into feat/plugins	2024-10-11 16:28:04 +08:00
Yi	95777d23e0	fix: naming styles	2024-10-11 16:27:31 +08:00
JzoNg	e7dc16fd08	provider card	2024-10-11 16:21:19 +08:00
JzoNg	495dec143c	unconfigured provider	2024-10-11 16:21:19 +08:00
JzoNg	4cc6dfa232	new style of provider card	2024-10-11 16:21:18 +08:00
JzoNg	d1452d4af4	no provider installed	2024-10-11 16:21:18 +08:00
JzoNg	d68ca56b3a	system default model	2024-10-11 16:21:18 +08:00
JzoNg	49856d8d17	setting content header & close button	2024-10-11 16:21:18 +08:00
JzoNg	902de72cc0	new style of settings	2024-10-11 16:21:18 +08:00
StyleZhang	76f6b8d104	marketplace	2024-10-11 16:15:24 +08:00
StyleZhang	f111e605c4	marketplace	2024-10-11 15:27:14 +08:00
Joel	b358ed3a5b	fix: init workflow image crash	2024-10-11 14:31:14 +08:00
Joel	88dbf639e0	chore: enchance locale props	2024-10-11 14:24:43 +08:00
Joel	aa8b525b48	fix: icon tsx to router problem	2024-10-11 14:10:24 +08:00
Yi	c990bc61db	feat: install plugins (partial)	2024-10-11 12:39:27 +08:00
Joel	6d7588f236	chore: fix ui	2024-10-10 17:53:13 +08:00
Joel	8257c7bf02	chore: remove useless data	2024-10-10 17:49:23 +08:00
Joel	946068967b	feat: finish card components	2024-10-10 17:47:04 +08:00
Joel	19f5684960	feat: add label and fix some ui problem	2024-10-10 11:29:11 +08:00
Joel	6d62840aff	chore: split card component	2024-10-10 10:40:26 +08:00
Joel	ab868ac979	fix: error igm	2024-10-10 10:25:25 +08:00
Joel	1d74e693ea	chore: fix imge name	2024-10-10 10:22:18 +08:00
Joel	fa43d4202f	feat: plugin item	2024-10-09 18:36:15 +08:00
Joel	6b29860788	feat: add installed	2024-10-09 18:12:14 +08:00
Joel	36800eeaba	feat: base card component	2024-10-09 17:51:54 +08:00
Yi	67acd174ac	add different styles to plugins and discover	2024-10-09 15:55:33 +08:00
StyleZhang	b5edc64b2a	plugin type switch	2024-10-09 15:06:09 +08:00
Yi	d00b2724cc	Merge branch 'feat/plugins' of github.com:langgenius/dify into feat/plugins	2024-10-09 12:53:56 +08:00
Yi	43f87c0b86	make the drop plugin only appears when the user selects "plugins"	2024-10-09 12:53:43 +08:00
Joel	7a43f48c95	chore: add test page	2024-10-09 11:35:16 +08:00
StyleZhang	58a913b09d	marketplace	2024-10-08 17:58:05 +08:00
Joel	cd03795f2c	chore: add endpoint types	2024-10-08 15:44:52 +08:00
Joel	36f8b5711d	feat: plugin types	2024-09-30 15:29:53 +08:00
Joel	f9c48e9ea9	fix: eslint to find top dir	2024-09-29 18:27:36 +08:00
JzoNg	3b48f8c98e	Merge branch 'main' into tp	2024-09-27 16:47:57 +08:00
JzoNg	cef1010cb5	style update	2024-09-27 16:47:01 +08:00
Joel	cb4875a3a7	chore: split the common tailwind config	2024-09-26 15:06:36 +08:00
StyleZhang	bbca708832	add marketplace card	2024-09-24 11:18:34 +08:00
JzoNg	05aec43ee3	Merge branch 'main' into tp	2024-09-23 11:39:46 +08:00
Yi	e8127756e0	Merge branch 'main' of github.com:langgenius/dify into feat/plugins	2024-09-18 20:57:52 +08:00
Yi	792595a46f	update page header	2024-09-18 18:32:33 +08:00
Yi	d7d7281c93	feat: plugin homepage	2024-09-16 18:58:39 +08:00
Yi	21193c2fbf	update the plugins page	2024-09-14 17:09:25 +08:00