mirror of
https://github.com/langgenius/dify.git
synced 2026-05-26 20:07:46 +08:00
a728e0ac69
Co-authored-by: GareArc <garethcxy@dify.ai> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: L1nSn0w <l1nsn0w@qq.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: gigglewang <gigglewang@dify.ai> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: Xiyuan Chen <52963600+GareArc@users.noreply.github.com>
33 lines
1.0 KiB
Python
33 lines
1.0 KiB
Python
"""Single-source visibility filter for the /openapi/v1/* surface.
|
|
|
|
Keep every openapi-surface app query routed through ``_apply_openapi_gate``;
|
|
retiring or replacing the gate then becomes a one-line change here.
|
|
|
|
The Service API (/v1/* app-key surface) does NOT use this helper — that
|
|
surface has its own per-request guard (``service_api_disabled``) wired
|
|
into the legacy ``validate_app_token`` decorator.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from typing import Any
|
|
|
|
from models.model import App
|
|
|
|
|
|
def apply_openapi_gate(query: Any) -> Any:
|
|
"""Filter a SQLAlchemy Select/Query to apps visible on /openapi/v1/*.
|
|
|
|
Works with both legacy ``Query.filter`` and 2.0-style ``Select.filter``
|
|
(alias of ``.where``).
|
|
"""
|
|
return query.filter(App.enable_api.is_(True))
|
|
|
|
|
|
def is_openapi_visible(app: App) -> bool:
|
|
"""Per-row counterpart for code paths that fetch an App by primary key
|
|
(``session.get`` / ``session.scalar``) and need the same visibility check
|
|
the query gate would have applied.
|
|
"""
|
|
return bool(app.enable_api)
|