youngkingdom/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-20 00:37:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
813da349ec00e5b1a1a28d971713ef11a6b95fcb
dify/api
History
GareArc 813da349ec fix(api,web): post-review hardening for OAuth device flow 
- api: account-flow stores subject_issuer="dify:account" sentinel
  instead of NULL so the rotate-in-place unique index collides as
  intended (Postgres treats NULLs as distinct in unique indices).
  mint_oauth_token validates prefix-specific issuer rules.
- api: enterprise_only inverts to an allowlist (ACTIVE / EXPIRING) so
  any future LicenseStatus value defaults to denial.
- api: consume_on_poll moved to a single Lua script (GET + status-check
  + DEL) so concurrent pollers can't both observe APPROVED.
- web: typed DeviceFlowError + central error-copy mapping; page
  surfaces rate_limited / lookup_failed view states; URL params
  scrubbed after consumption (RFC 8628 §5.4).
2026-04-26 23:05:07 -07:00
..
.idea
.vscode
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
commands
chore(api): migrate file factory builders and account commands to use Session(db.engine) (#35236)
2026-04-17 08:12:31 +00:00
configs
feat(api,web): OAuth 2.0 device flow + bearer auth (RFC 8628)
2026-04-26 20:06:43 -07:00
constants
feat: copy nodes cross apps (#33273)
2026-04-17 10:02:26 +00:00
context
chore(api): align Python support with 3.12 (#34419)
2026-04-02 05:07:32 +00:00
contexts
chore(api): align Python support with 3.12 (#34419)
2026-04-02 05:07:32 +00:00
controllers
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
core
fix: prevent double /v1 in MCP server URL causing 404 authorization failure (#34596)
2026-04-20 02:42:59 +00:00
docker
fix: add miss celery queue (#35282)
2026-04-16 02:40:14 +00:00
enterprise
chore: reorg imports (#35308)
2026-04-16 08:50:02 +00:00
enums
feat: add trial model list in system features (#31313)
2026-01-26 11:52:05 +08:00
events
chore(api): migrate event handlers to use Session(db.engine) (#35234)
2026-04-17 03:59:41 +00:00
extensions
feat(api,web): OAuth 2.0 device flow + bearer auth (RFC 8628)
2026-04-26 20:06:43 -07:00
factories
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
fields
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
libs
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
migrations
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
models
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
providers
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
repositories
chore: reorg imports (#35308)
2026-04-16 08:50:02 +00:00
schedule
feat(api,web): OAuth 2.0 device flow + bearer auth (RFC 8628)
2026-04-26 20:06:43 -07:00
services
fix(api,web): post-review hardening for OAuth device flow
2026-04-26 23:05:07 -07:00
tasks
chore(api): adapt Graphon 0.2.2 upgrade (#35377)
2026-04-18 11:16:24 +00:00
templates
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
tests
fix: prevent double /v1 in MCP server URL causing 404 authorization failure (#34596)
2026-04-20 02:42:59 +00:00
.dockerignore
.env.example
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
.importlinter
refactor(api): use standalone graphon package (#34209)
2026-03-27 21:05:32 +00:00
.ruff.toml
chore: reorg imports (#35308)
2026-04-16 08:50:02 +00:00
AGENTS.md
refactor(api): tighten phase 1 shared type contracts (#33453)
2026-03-17 17:50:51 +08:00
app_factory.py
feat(api,web): OAuth 2.0 device flow + bearer auth (RFC 8628)
2026-04-26 20:06:43 -07:00
app.py
feat: collaboration (#30781)
2026-04-16 02:21:04 +00:00
celery_entrypoint.py
chore(api): adjust monkey patching in gunicorn.conf.py (#26056)
2025-09-22 18:23:01 +08:00
celery_healthcheck.py
fix: lighten the health checks for the Worker and Worker Beat services, and disable them by default (#34572)
2026-04-06 02:26:26 +00:00
cnt_base.sh
add cnt script and one more example (#28272)
2025-11-18 16:44:14 +09:00
dify_app.py
refactor(api): tighten login and wrapper typing (#34447)
2026-04-02 09:36:58 +00:00
Dockerfile
refactor: move vdb implementations to workspaces (#34900)
2026-04-13 08:56:43 +00:00
gunicorn.conf.py
docs(api): update docs about gevent setup in app.py (#27611)
2025-10-30 15:43:08 +08:00
pyproject.toml
ci: Update pyrefly dependency version to 0.61.1 (#35391)
2026-04-19 15:49:24 +00:00
pyrefly-local-excludes.txt
refactor(api): move trace providers (#35144)
2026-04-17 07:53:35 +00:00
pyrightconfig.json
refactor(api): move trace providers (#35144)
2026-04-17 07:53:35 +00:00
pytest.ini
chore: add pytest XML and branch coverage reports (#33730)
2026-03-19 17:08:34 +08:00
README.md
refactor: introduce pnpm workspace (#34241)
2026-03-30 10:34:50 +00:00
uv.lock
ci: Update pyrefly dependency version to 0.61.1 (#35391)
2026-04-19 15:49:24 +00:00

README.md

Dify Backend API

Setup and Run

Important

In the v1.3.0 release, poetry has been replaced with uv as the package manager for Dify API backend service.

uv and pnpm are required to run the setup and development commands below.

Using scripts (recommended)

The scripts resolve paths relative to their location, so you can run them from anywhere.

  1. Run setup (copies env files and installs dependencies).

    ./dev/setup

  2. Review api/.env, web/.env.local, and docker/middleware.env values (see the SECRET_KEY note below).

  3. Start middleware (PostgreSQL/Redis/Weaviate).

    ./dev/start-docker-compose

  4. Start backend (runs migrations first).

    ./dev/start-api

  5. Start Dify web service.

    ./dev/start-web

    ./dev/setup and ./dev/start-web install JavaScript dependencies through the repository root workspace, so you do not need a separate cd web && pnpm install step.

  6. Set up your application by visiting http://localhost:3000.

  7. Start the worker service (async and scheduler tasks, runs from api).

    ./dev/start-worker

  8. Optional: start Celery Beat (scheduled tasks).

    ./dev/start-beat

Environment notes

Important

When the frontend and backend run on different subdomains, set COOKIE_DOMAIN to the sites top-level domain (e.g., example.com). The frontend and backend must be under the same top-level domain in order to share authentication cookies.

  • Generate a SECRET_KEY in the .env file.

    bash for Linux

    sed -i "/^SECRET_KEY=/c\\SECRET_KEY=$(openssl rand -base64 42)" .env

    bash for Mac

    secret_key=$(openssl rand -base64 42)
sed -i '' "/^SECRET_KEY=/c\\
SECRET_KEY=${secret_key}" .env

Testing

  1. Install dependencies for both the backend and the test environment

    cd api
uv sync --group dev

  2. Run the tests locally with mocked system environment variables in tool.pytest_env section in pyproject.toml, more can check Claude.md

    cd api
uv run pytest                           # Run all tests
uv run pytest tests/unit_tests/         # Unit tests only
uv run pytest tests/integration_tests/  # Integration tests

# Code quality
./dev/reformat               # Run all formatters and linters
uv run ruff check --fix ./   # Fix linting issues
uv run ruff format ./        # Format code
uv run basedpyright .        # Type checking