mirror of
https://github.com/langgenius/dify.git
synced 2026-05-20 16:57:01 +08:00
cf5ebe9430
Ports service_api/app/{completion,workflow}.py to bearer-authed
/openapi/v1/apps/<app_id>/{info,chat-messages,completion-messages,workflows/run}.
Architecture:
- New controllers/openapi/auth/ package: Pipeline + Step protocol over
one mutable Context. Endpoints attach via @APP_PIPELINE.guard(scope=...)
— single attachment point; forgetting auth is structurally impossible.
- Pipeline order: BearerCheck -> ScopeCheck -> AppResolver -> AppAuthzCheck
-> CallerMount.
- Strategies vary along independent axes: AclStrategy (EE webapp-auth inner
API) vs MembershipStrategy (CE TenantAccountJoin); AccountMounter vs
EndUserMounter dispatched by SubjectType.
- App is in URL path (not header). Each non-GET has typed Pydantic Request;
each non-SSE response has typed Pydantic Response. Bearer-as-identity:
body 'user' field stripped, ignored if present.
Adds InvokeFrom.OPENAPI enum variant. Emits app.run.openapi audit log
on successful invocation via standard logger extra={"audit": True, ...}
convention.
22 lines
639 B
Python
22 lines
639 B
Python
from unittest.mock import MagicMock
|
|
|
|
from controllers.openapi.auth.context import Context
|
|
|
|
|
|
def test_context_starts_unpopulated():
|
|
ctx = Context(request=MagicMock(), required_scope="apps:run")
|
|
assert ctx.subject_type is None
|
|
assert ctx.subject_email is None
|
|
assert ctx.account_id is None
|
|
assert ctx.scopes == frozenset()
|
|
assert ctx.app is None
|
|
assert ctx.tenant is None
|
|
assert ctx.caller is None
|
|
assert ctx.caller_kind is None
|
|
|
|
|
|
def test_context_fields_are_mutable():
|
|
ctx = Context(request=MagicMock(), required_scope="apps:run")
|
|
ctx.scopes = frozenset({"full"})
|
|
assert "full" in ctx.scopes
|