mirror of
https://github.com/langgenius/dify.git
synced 2026-05-21 01:07:03 +08:00
8a62c1d915
Type and lint pass over the openapi controllers, auth pipeline, and
oauth bearer/device-flow plumbing. Down from 36 pyright errors and 16
ruff errors to 0/0; 93 openapi unit tests pass.
Logic fixes:
- libs/oauth_bearer.py: drop private-naming on the friend-API methods
consumed by _VariantResolver (cache_get / cache_set_positive /
cache_set_negative / hard_expire / session_factory). They were always
cross-class accessors — leading underscore was misleading. Add public
registry property on BearerAuthenticator. _hard_expire row_id widened
to UUID | str (matches the StringUUID column type).
- libs/oauth_bearer.py: type validate_bearer / bearer_feature_required
with ParamSpec / PEP-695 so wrapped routes preserve their signature.
- libs/rate_limit.py: same — typed rate_limit decorator.
- services/oauth_device_flow.py: mint_oauth_token / _upsert accept
Session | scoped_session (Flask-SQLAlchemy proxy). Guard row-is-None
after upsert.
- controllers/openapi/{chat,completion,workflow}_messages.py: tuple-vs-
Mapping shape narrowing on AppGenerateService.generate return —
production returns Mapping, tests mock as (body, status). Validate
through Pydantic Response model in both shapes.
- controllers/openapi/oauth_device.py: replace flask_restx.reqparse (banned)
with Pydantic Request/Query models — DeviceCodeRequest, DevicePollRequest,
DeviceLookupQuery, DeviceMutateRequest. Two PEP-695 generic helpers
(_validate_json / _validate_query) translate ValidationError to BadRequest.
- controllers/openapi/auth/strategies.py: Protocol param-name match
(subject_type), Optional narrowing on app/tenant/account_id/subject_email.
- controllers/openapi/auth/steps.py: subject_type-is-None guard before
mounter dispatch.
- core/app/apps/workflow/generate_task_pipeline.py + models/workflow.py:
add WorkflowAppLogCreatedFrom.OPENAPI + matching match-case branch.
Fixes match-exhaustiveness and possibly-unbound created_from.
- libs/device_flow_security.py: pyright ignore on flask after_request
hook (registered by the framework, pyright sees as unused).
- services/oauth_device_flow.py: rename Exceptions to *Error suffix
(StateNotFoundError / InvalidTransitionError / UserCodeExhaustedError);
same for libs/oauth_bearer.py (InvalidBearerError / TokenExpiredError).
Update all callers across openapi controllers.
- controllers/openapi/{oauth_device,oauth_device_sso}.py +
services/oauth_device_flow.py: switch logger.error in except blocks
to logger.exception (TRY400) — keeps the traceback for ops.
- configs/feature/__init__.py: OPENAPI_KNOWN_CLIENT_IDS computed_field
needs an @property alongside for pyright to see it as a value, not a
method. Matches the existing line-451 pattern.
Plus ruff format + import-sort across the openapi tree (pure formatting).
41 lines
1.1 KiB
Python
41 lines
1.1 KiB
Python
"""Mutable per-request context for the openapi auth pipeline.
|
|
|
|
Every field starts None / empty and is filled in by a step. The pipeline
|
|
is the only thing that should construct or mutate Context — handlers
|
|
read populated values via the decorator's kwargs unpacking.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from dataclasses import dataclass, field
|
|
from datetime import datetime
|
|
from typing import Literal, Protocol
|
|
|
|
from flask import Request
|
|
|
|
from libs.oauth_bearer import SubjectType
|
|
|
|
|
|
@dataclass
|
|
class Context:
|
|
request: Request
|
|
required_scope: str
|
|
subject_type: SubjectType | None = None
|
|
subject_email: str | None = None
|
|
subject_issuer: str | None = None
|
|
account_id: str | None = None
|
|
scopes: frozenset[str] = field(default_factory=frozenset)
|
|
token_id: str | None = None
|
|
source: str | None = None
|
|
expires_at: datetime | None = None
|
|
app: object | None = None
|
|
tenant: object | None = None
|
|
caller: object | None = None
|
|
caller_kind: Literal["account", "end_user"] | None = None
|
|
|
|
|
|
class Step(Protocol):
|
|
"""One responsibility. Mutate ctx or raise to short-circuit."""
|
|
|
|
def __call__(self, ctx: Context) -> None: ...
|