youngkingdom/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-21 01:07:03 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
71e9e8dda67195890e4faf6efb70cb77f3eb71bf
dify/api
History
GareArc 71e9e8dda6 feat(api): lift SSO branch device-flow handlers to /openapi/v1 (Phase D.15-16) 
The four EE-only SSO handlers (sso_initiate, sso_complete,
approval_context, approve_external) move from controllers/oauth_device_sso.py
to controllers/openapi/oauth_device/. Each is registered on openapi_bp
via @bp.route at the canonical path:

  /openapi/v1/oauth/device/sso-initiate
  /openapi/v1/oauth/device/sso-complete
  /openapi/v1/oauth/device/approval-context
  /openapi/v1/oauth/device/approve-external

sso-complete moves under /oauth/device/ from its previous orphan path
/v1/device/sso-complete; the IdP-side ACS callback URL hardcoded in
sso_initiate now points to the canonical path. Operators must
re-register the ACS callback with each IdP before Phase F deletes the
legacy alias.

oauth_device_sso.py shrinks to a thin re-mount file: same legacy bp
with attach_anti_framing applied, four bp.add_url_rule() calls binding
the legacy paths to the imported view functions. Same handler runs
for both mounts — no duplicated logic.

attach_anti_framing(openapi_bp) added in controllers/openapi/__init__.py
so X-Frame-Options + frame-ancestors CSP cover the canonical paths too.

Plan: docs/superpowers/plans/2026-04-26-openapi-migration.md (in difyctl repo).
2026-04-27 00:00:24 -07:00
..
.idea
.vscode
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
commands
chore(api): migrate file factory builders and account commands to use Session(db.engine) (#35236)
2026-04-17 08:12:31 +00:00
configs
feat(api): lift POST /oauth/device/code to /openapi/v1 (Phase B.6)
2026-04-26 23:40:58 -07:00
constants
feat: copy nodes cross apps (#33273)
2026-04-17 10:02:26 +00:00
context
chore(api): align Python support with 3.12 (#34419)
2026-04-02 05:07:32 +00:00
contexts
chore(api): align Python support with 3.12 (#34419)
2026-04-02 05:07:32 +00:00
controllers
feat(api): lift SSO branch device-flow handlers to /openapi/v1 (Phase D.15-16)
2026-04-27 00:00:24 -07:00
core
fix: prevent double /v1 in MCP server URL causing 404 authorization failure (#34596)
2026-04-20 02:42:59 +00:00
docker
fix: add miss celery queue (#35282)
2026-04-16 02:40:14 +00:00
enterprise
chore: reorg imports (#35308)
2026-04-16 08:50:02 +00:00
enums
feat: add trial model list in system features (#31313)
2026-01-26 11:52:05 +08:00
events
chore(api): migrate event handlers to use Session(db.engine) (#35234)
2026-04-17 03:59:41 +00:00
extensions
feat(api): CORS posture for /openapi/v1 (Phase A.5)
2026-04-26 23:30:27 -07:00
factories
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
fields
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
libs
feat(api): add require_scope decorator (Phase A.4)
2026-04-26 23:27:48 -07:00
migrations
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
models
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
providers
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
repositories
chore: reorg imports (#35308)
2026-04-16 08:50:02 +00:00
schedule
feat(api,web): OAuth 2.0 device flow + bearer auth (RFC 8628)
2026-04-26 20:06:43 -07:00
services
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
tasks
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
templates
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
tests
feat(api): lift SSO branch device-flow handlers to /openapi/v1 (Phase D.15-16)
2026-04-27 00:00:24 -07:00
.dockerignore
.env.example
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
.importlinter
refactor(api): use standalone graphon package (#34209)
2026-03-27 21:05:32 +00:00
.ruff.toml
chore: reorg imports (#35308)
2026-04-16 08:50:02 +00:00
AGENTS.md
refactor(api): tighten phase 1 shared type contracts (#33453)
2026-03-17 17:50:51 +08:00
app_factory.py
feat(api,web): OAuth 2.0 device flow + bearer auth (RFC 8628)
2026-04-26 20:06:43 -07:00
app.py
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
celery_entrypoint.py
chore(api): adjust monkey patching in gunicorn.conf.py (#26056)
2025-09-22 18:23:01 +08:00
celery_healthcheck.py
fix: lighten the health checks for the Worker and Worker Beat services, and disable them by default (#34572)
2026-04-06 02:26:26 +00:00
cnt_base.sh
add cnt script and one more example (#28272)
2025-11-18 16:44:14 +09:00
dify_app.py
refactor(api): tighten login and wrapper typing (#34447)
2026-04-02 09:36:58 +00:00
Dockerfile
refactor: move vdb implementations to workspaces (#34900)
2026-04-13 08:56:43 +00:00
gunicorn.conf.py
docs(api): update docs about gevent setup in app.py (#27611)
2025-10-30 15:43:08 +08:00
pyproject.toml
ci: Update pyrefly dependency version to 0.61.1 (#35391)
2026-04-19 15:49:24 +00:00
pyrefly-local-excludes.txt
refactor(api): move trace providers (#35144)
2026-04-17 07:53:35 +00:00
pyrightconfig.json
refactor(api): move trace providers (#35144)
2026-04-17 07:53:35 +00:00
pytest.ini
chore: add pytest XML and branch coverage reports (#33730)
2026-03-19 17:08:34 +08:00
README.md
refactor: introduce pnpm workspace (#34241)
2026-03-30 10:34:50 +00:00
uv.lock
ci: Update pyrefly dependency version to 0.61.1 (#35391)
2026-04-19 15:49:24 +00:00

README.md

Dify Backend API

Setup and Run

Important

In the v1.3.0 release, poetry has been replaced with uv as the package manager for Dify API backend service.

uv and pnpm are required to run the setup and development commands below.

Using scripts (recommended)

The scripts resolve paths relative to their location, so you can run them from anywhere.

  1. Run setup (copies env files and installs dependencies).

    ./dev/setup

  2. Review api/.env, web/.env.local, and docker/middleware.env values (see the SECRET_KEY note below).

  3. Start middleware (PostgreSQL/Redis/Weaviate).

    ./dev/start-docker-compose

  4. Start backend (runs migrations first).

    ./dev/start-api

  5. Start Dify web service.

    ./dev/start-web

    ./dev/setup and ./dev/start-web install JavaScript dependencies through the repository root workspace, so you do not need a separate cd web && pnpm install step.

  6. Set up your application by visiting http://localhost:3000.

  7. Start the worker service (async and scheduler tasks, runs from api).

    ./dev/start-worker

  8. Optional: start Celery Beat (scheduled tasks).

    ./dev/start-beat

Environment notes

Important

When the frontend and backend run on different subdomains, set COOKIE_DOMAIN to the sites top-level domain (e.g., example.com). The frontend and backend must be under the same top-level domain in order to share authentication cookies.

  • Generate a SECRET_KEY in the .env file.

    bash for Linux

    sed -i "/^SECRET_KEY=/c\\SECRET_KEY=$(openssl rand -base64 42)" .env

    bash for Mac

    secret_key=$(openssl rand -base64 42)
sed -i '' "/^SECRET_KEY=/c\\
SECRET_KEY=${secret_key}" .env

Testing

  1. Install dependencies for both the backend and the test environment

    cd api
uv sync --group dev

  2. Run the tests locally with mocked system environment variables in tool.pytest_env section in pyproject.toml, more can check Claude.md

    cd api
uv run pytest                           # Run all tests
uv run pytest tests/unit_tests/         # Unit tests only
uv run pytest tests/integration_tests/  # Integration tests

# Code quality
./dev/reformat               # Run all formatters and linters
uv run ruff check --fix ./   # Fix linting issues
uv run ruff format ./        # Format code
uv run basedpyright .        # Type checking