youngkingdom/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-20 16:57:01 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
501c0b874675da84154a888e236d2cdff4b6ee38
dify/api
History
GareArc 501c0b8746 feat(api): add require_scope decorator (Phase A.4) 
Route-level scope gate; pairs with validate_bearer. Bearer holding the
catch-all SCOPE_FULL ('full', carried by dfoa_) passes any check;
narrower bearers (dfoe_, future PATs) need the exact scope listed in
the route decorator.

No v1.0 route applies it yet — apps/datasets controllers will be the
first consumers when those plans land. Programming-error guard: if
@require_scope runs without @validate_bearer above it, raises
RuntimeError instead of silently allowing.

Plan: docs/superpowers/plans/2026-04-26-openapi-migration.md (in difyctl repo).
2026-04-26 23:27:48 -07:00
..
.idea
.vscode
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
commands
chore(api): migrate file factory builders and account commands to use Session(db.engine) (#35236)
2026-04-17 08:12:31 +00:00
configs
feat(api,web): OAuth 2.0 device flow + bearer auth (RFC 8628)
2026-04-26 20:06:43 -07:00
constants
feat: copy nodes cross apps (#33273)
2026-04-17 10:02:26 +00:00
context
chore(api): align Python support with 3.12 (#34419)
2026-04-02 05:07:32 +00:00
contexts
chore(api): align Python support with 3.12 (#34419)
2026-04-02 05:07:32 +00:00
controllers
refactor(api): hoist bearer_feature_required to libs/oauth_bearer (Phase A.3)
2026-04-26 23:26:13 -07:00
core
fix: prevent double /v1 in MCP server URL causing 404 authorization failure (#34596)
2026-04-20 02:42:59 +00:00
docker
fix: add miss celery queue (#35282)
2026-04-16 02:40:14 +00:00
enterprise
chore: reorg imports (#35308)
2026-04-16 08:50:02 +00:00
enums
feat: add trial model list in system features (#31313)
2026-01-26 11:52:05 +08:00
events
chore(api): migrate event handlers to use Session(db.engine) (#35234)
2026-04-17 03:59:41 +00:00
extensions
feat(api): scaffold /openapi/v1 blueprint (Phase A.1)
2026-04-26 23:08:15 -07:00
factories
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
fields
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
libs
feat(api): add require_scope decorator (Phase A.4)
2026-04-26 23:27:48 -07:00
migrations
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
models
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
providers
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
repositories
chore: reorg imports (#35308)
2026-04-16 08:50:02 +00:00
schedule
feat(api,web): OAuth 2.0 device flow + bearer auth (RFC 8628)
2026-04-26 20:06:43 -07:00
services
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
tasks
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
templates
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
tests
feat(api): add require_scope decorator (Phase A.4)
2026-04-26 23:27:48 -07:00
.dockerignore
.env.example
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
.importlinter
refactor(api): use standalone graphon package (#34209)
2026-03-27 21:05:32 +00:00
.ruff.toml
chore: reorg imports (#35308)
2026-04-16 08:50:02 +00:00
AGENTS.md
refactor(api): tighten phase 1 shared type contracts (#33453)
2026-03-17 17:50:51 +08:00
app_factory.py
feat(api,web): OAuth 2.0 device flow + bearer auth (RFC 8628)
2026-04-26 20:06:43 -07:00
app.py
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
celery_entrypoint.py
chore(api): adjust monkey patching in gunicorn.conf.py (#26056)
2025-09-22 18:23:01 +08:00
celery_healthcheck.py
fix: lighten the health checks for the Worker and Worker Beat services, and disable them by default (#34572)
2026-04-06 02:26:26 +00:00
cnt_base.sh
add cnt script and one more example (#28272)
2025-11-18 16:44:14 +09:00
dify_app.py
refactor(api): tighten login and wrapper typing (#34447)
2026-04-02 09:36:58 +00:00
Dockerfile
refactor: move vdb implementations to workspaces (#34900)
2026-04-13 08:56:43 +00:00
gunicorn.conf.py
docs(api): update docs about gevent setup in app.py (#27611)
2025-10-30 15:43:08 +08:00
pyproject.toml
ci: Update pyrefly dependency version to 0.61.1 (#35391)
2026-04-19 15:49:24 +00:00
pyrefly-local-excludes.txt
refactor(api): move trace providers (#35144)
2026-04-17 07:53:35 +00:00
pyrightconfig.json
refactor(api): move trace providers (#35144)
2026-04-17 07:53:35 +00:00
pytest.ini
chore: add pytest XML and branch coverage reports (#33730)
2026-03-19 17:08:34 +08:00
README.md
refactor: introduce pnpm workspace (#34241)
2026-03-30 10:34:50 +00:00
uv.lock
ci: Update pyrefly dependency version to 0.61.1 (#35391)
2026-04-19 15:49:24 +00:00

README.md

Dify Backend API

Setup and Run

Important

In the v1.3.0 release, poetry has been replaced with uv as the package manager for Dify API backend service.

uv and pnpm are required to run the setup and development commands below.

Using scripts (recommended)

The scripts resolve paths relative to their location, so you can run them from anywhere.

  1. Run setup (copies env files and installs dependencies).

    ./dev/setup

  2. Review api/.env, web/.env.local, and docker/middleware.env values (see the SECRET_KEY note below).

  3. Start middleware (PostgreSQL/Redis/Weaviate).

    ./dev/start-docker-compose

  4. Start backend (runs migrations first).

    ./dev/start-api

  5. Start Dify web service.

    ./dev/start-web

    ./dev/setup and ./dev/start-web install JavaScript dependencies through the repository root workspace, so you do not need a separate cd web && pnpm install step.

  6. Set up your application by visiting http://localhost:3000.

  7. Start the worker service (async and scheduler tasks, runs from api).

    ./dev/start-worker

  8. Optional: start Celery Beat (scheduled tasks).

    ./dev/start-beat

Environment notes

Important

When the frontend and backend run on different subdomains, set COOKIE_DOMAIN to the sites top-level domain (e.g., example.com). The frontend and backend must be under the same top-level domain in order to share authentication cookies.

  • Generate a SECRET_KEY in the .env file.

    bash for Linux

    sed -i "/^SECRET_KEY=/c\\SECRET_KEY=$(openssl rand -base64 42)" .env

    bash for Mac

    secret_key=$(openssl rand -base64 42)
sed -i '' "/^SECRET_KEY=/c\\
SECRET_KEY=${secret_key}" .env

Testing

  1. Install dependencies for both the backend and the test environment

    cd api
uv sync --group dev

  2. Run the tests locally with mocked system environment variables in tool.pytest_env section in pyproject.toml, more can check Claude.md

    cd api
uv run pytest                           # Run all tests
uv run pytest tests/unit_tests/         # Unit tests only
uv run pytest tests/integration_tests/  # Integration tests

# Code quality
./dev/reformat               # Run all formatters and linters
uv run ruff check --fix ./   # Fix linting issues
uv run ruff format ./        # Format code
uv run basedpyright .        # Type checking