mirror of
https://github.com/langgenius/dify.git
synced 2026-05-20 08:46:57 +08:00
cf5ebe9430
Ports service_api/app/{completion,workflow}.py to bearer-authed
/openapi/v1/apps/<app_id>/{info,chat-messages,completion-messages,workflows/run}.
Architecture:
- New controllers/openapi/auth/ package: Pipeline + Step protocol over
one mutable Context. Endpoints attach via @APP_PIPELINE.guard(scope=...)
— single attachment point; forgetting auth is structurally impossible.
- Pipeline order: BearerCheck -> ScopeCheck -> AppResolver -> AppAuthzCheck
-> CallerMount.
- Strategies vary along independent axes: AclStrategy (EE webapp-auth inner
API) vs MembershipStrategy (CE TenantAccountJoin); AccountMounter vs
EndUserMounter dispatched by SubjectType.
- App is in URL path (not header). Each non-GET has typed Pydantic Request;
each non-SSE response has typed Pydantic Response. Bearer-as-identity:
body 'user' field stripped, ignored if present.
Adds InvokeFrom.OPENAPI enum variant. Emits app.run.openapi audit log
on successful invocation via standard logger extra={"audit": True, ...}
convention.
33 lines
907 B
Python
33 lines
907 B
Python
"""Audit emission for openapi app-run endpoints.
|
|
|
|
Pattern: logger.info with extra={"audit": True, "event": "app.run.openapi", ...}
|
|
matches the existing oauth_device convention. The EE OTel exporter consults
|
|
its own allowlist to decide whether to ship the line.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
import logging
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
EVENT_APP_RUN_OPENAPI = "app.run.openapi"
|
|
|
|
|
|
def emit_app_run(*, app_id: str, tenant_id: str, caller_kind: str, mode: str) -> None:
|
|
logger.info(
|
|
"audit: %s app_id=%s tenant_id=%s caller_kind=%s mode=%s",
|
|
EVENT_APP_RUN_OPENAPI,
|
|
app_id,
|
|
tenant_id,
|
|
caller_kind,
|
|
mode,
|
|
extra={
|
|
"audit": True,
|
|
"event": EVENT_APP_RUN_OPENAPI,
|
|
"app_id": app_id,
|
|
"tenant_id": tenant_id,
|
|
"caller_kind": caller_kind,
|
|
"mode": mode,
|
|
},
|
|
)
|