youngkingdom/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-24 02:47:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
73771cb58cea6d1b7e69e4f339e2a1ef19826b75
dify/api
History
GareArc 73771cb58c refactor(api): drop vestigial Accepts.APP from validate_bearer (Phase A.2) 
Accepts.APP and the matching app- short-circuit existed to let routes
declare "I accept either OAuth or app- tokens", but no production
caller ever did, and the short-circuit returned without doing the
tenant/app/end-user setup that app- tokens actually need (that lives
in service_api/wraps.py:validate_app_token).

After this change, validate_bearer is OAuth-only. app- bearers fall
through the prefix dispatch and surface as InvalidBearer -> 401, which
is what we already promised on /openapi/* (no app- accepted) and what
the docstring claimed all along.

Pre-check rg "Accepts\\.APP" returned zero hits outside the function
being edited; no callers to update.

Plan: docs/superpowers/plans/2026-04-26-openapi-migration.md (in difyctl repo).
2026-04-26 23:24:56 -07:00
..
.idea
.vscode
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
commands
chore(api): migrate file factory builders and account commands to use Session(db.engine) (#35236)
2026-04-17 08:12:31 +00:00
configs
feat(api,web): OAuth 2.0 device flow + bearer auth (RFC 8628)
2026-04-26 20:06:43 -07:00
constants
feat: copy nodes cross apps (#33273)
2026-04-17 10:02:26 +00:00
context
chore(api): align Python support with 3.12 (#34419)
2026-04-02 05:07:32 +00:00
contexts
chore(api): align Python support with 3.12 (#34419)
2026-04-02 05:07:32 +00:00
controllers
feat(api): scaffold /openapi/v1 blueprint (Phase A.1)
2026-04-26 23:08:15 -07:00
core
fix: prevent double /v1 in MCP server URL causing 404 authorization failure (#34596)
2026-04-20 02:42:59 +00:00
docker
fix: add miss celery queue (#35282)
2026-04-16 02:40:14 +00:00
enterprise
chore: reorg imports (#35308)
2026-04-16 08:50:02 +00:00
enums
feat: add trial model list in system features (#31313)
2026-01-26 11:52:05 +08:00
events
chore(api): migrate event handlers to use Session(db.engine) (#35234)
2026-04-17 03:59:41 +00:00
extensions
feat(api): scaffold /openapi/v1 blueprint (Phase A.1)
2026-04-26 23:08:15 -07:00
factories
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
fields
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
libs
refactor(api): drop vestigial Accepts.APP from validate_bearer (Phase A.2)
2026-04-26 23:24:56 -07:00
migrations
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
models
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
providers
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
repositories
chore: reorg imports (#35308)
2026-04-16 08:50:02 +00:00
schedule
feat(api,web): OAuth 2.0 device flow + bearer auth (RFC 8628)
2026-04-26 20:06:43 -07:00
services
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
tasks
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
templates
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
tests
feat(api): scaffold /openapi/v1 blueprint (Phase A.1)
2026-04-26 23:08:15 -07:00
.dockerignore
.env.example
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
.importlinter
refactor(api): use standalone graphon package (#34209)
2026-03-27 21:05:32 +00:00
.ruff.toml
chore: reorg imports (#35308)
2026-04-16 08:50:02 +00:00
AGENTS.md
refactor(api): tighten phase 1 shared type contracts (#33453)
2026-03-17 17:50:51 +08:00
app_factory.py
feat(api,web): OAuth 2.0 device flow + bearer auth (RFC 8628)
2026-04-26 20:06:43 -07:00
app.py
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
celery_entrypoint.py
chore(api): adjust monkey patching in gunicorn.conf.py (#26056)
2025-09-22 18:23:01 +08:00
celery_healthcheck.py
fix: lighten the health checks for the Worker and Worker Beat services, and disable them by default (#34572)
2026-04-06 02:26:26 +00:00
cnt_base.sh
add cnt script and one more example (#28272)
2025-11-18 16:44:14 +09:00
dify_app.py
refactor(api): tighten login and wrapper typing (#34447)
2026-04-02 09:36:58 +00:00
Dockerfile
refactor: move vdb implementations to workspaces (#34900)
2026-04-13 08:56:43 +00:00
gunicorn.conf.py
docs(api): update docs about gevent setup in app.py (#27611)
2025-10-30 15:43:08 +08:00
pyproject.toml
ci: Update pyrefly dependency version to 0.61.1 (#35391)
2026-04-19 15:49:24 +00:00
pyrefly-local-excludes.txt
refactor(api): move trace providers (#35144)
2026-04-17 07:53:35 +00:00
pyrightconfig.json
refactor(api): move trace providers (#35144)
2026-04-17 07:53:35 +00:00
pytest.ini
chore: add pytest XML and branch coverage reports (#33730)
2026-03-19 17:08:34 +08:00
README.md
refactor: introduce pnpm workspace (#34241)
2026-03-30 10:34:50 +00:00
uv.lock
ci: Update pyrefly dependency version to 0.61.1 (#35391)
2026-04-19 15:49:24 +00:00

README.md

Dify Backend API

Setup and Run

Important

In the v1.3.0 release, poetry has been replaced with uv as the package manager for Dify API backend service.

uv and pnpm are required to run the setup and development commands below.

Using scripts (recommended)

The scripts resolve paths relative to their location, so you can run them from anywhere.

  1. Run setup (copies env files and installs dependencies).

    ./dev/setup

  2. Review api/.env, web/.env.local, and docker/middleware.env values (see the SECRET_KEY note below).

  3. Start middleware (PostgreSQL/Redis/Weaviate).

    ./dev/start-docker-compose

  4. Start backend (runs migrations first).

    ./dev/start-api

  5. Start Dify web service.

    ./dev/start-web

    ./dev/setup and ./dev/start-web install JavaScript dependencies through the repository root workspace, so you do not need a separate cd web && pnpm install step.

  6. Set up your application by visiting http://localhost:3000.

  7. Start the worker service (async and scheduler tasks, runs from api).

    ./dev/start-worker

  8. Optional: start Celery Beat (scheduled tasks).

    ./dev/start-beat

Environment notes

Important

When the frontend and backend run on different subdomains, set COOKIE_DOMAIN to the sites top-level domain (e.g., example.com). The frontend and backend must be under the same top-level domain in order to share authentication cookies.

  • Generate a SECRET_KEY in the .env file.

    bash for Linux

    sed -i "/^SECRET_KEY=/c\\SECRET_KEY=$(openssl rand -base64 42)" .env

    bash for Mac

    secret_key=$(openssl rand -base64 42)
sed -i '' "/^SECRET_KEY=/c\\
SECRET_KEY=${secret_key}" .env

Testing

  1. Install dependencies for both the backend and the test environment

    cd api
uv sync --group dev

  2. Run the tests locally with mocked system environment variables in tool.pytest_env section in pyproject.toml, more can check Claude.md

    cd api
uv run pytest                           # Run all tests
uv run pytest tests/unit_tests/         # Unit tests only
uv run pytest tests/integration_tests/  # Integration tests

# Code quality
./dev/reformat               # Run all formatters and linters
uv run ruff check --fix ./   # Fix linting issues
uv run ruff format ./        # Format code
uv run basedpyright .        # Type checking