OpenSource
/
dify
关注 4
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 152 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
855 提交
4 分支
目录树: 6b499b9a16
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '6b499b9a16'
${ noResults }
dify/api/controllers/service_api/wraps.py

wraps.py 4.8KB
原始文件 普通视图 文件历史

Initial commit
2 年前
Feat/dataset service api (#1245) Co-authored-by: jyong <jyong@dify.ai> Co-authored-by: StyleZhang <jasonapring2015@outlook.com>
2 年前
Initial commit
2 年前
feat: move login_required wrapper outside (#1281)
2 年前
Initial commit
2 年前
Feat/dataset service api (#1245) Co-authored-by: jyong <jyong@dify.ai> Co-authored-by: StyleZhang <jasonapring2015@outlook.com>
2 年前
Initial commit
2 年前
feat: billing enhancement 20231204 (#1691) Co-authored-by: jyong <jyong@dify.ai>
1年前
Initial commit
2 年前
feat: optimize service api authorization header invalid error (#910)
2 年前
Initial commit
2 年前
feat: billing enhancement 20231204 (#1691) Co-authored-by: jyong <jyong@dify.ai>
1年前
Initial commit
2 年前
Feat/dataset service api (#1245) Co-authored-by: jyong <jyong@dify.ai> Co-authored-by: StyleZhang <jasonapring2015@outlook.com>
2 年前
Initial commit
2 年前
feat: optimize service api authorization header invalid error (#910)
2 年前
Initial commit
2 年前
feat: optimize service api authorization header invalid error (#910)
2 年前
Initial commit
2 年前
feat: optimize service api authorization header invalid error (#910)
2 年前
Initial commit
2 年前
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137 
  1. # -*- coding:utf-8 -*-

  2. from datetime import datetime

  3. from functools import wraps

  4. 

  5. from flask import request, current_app

  6. from flask_login import user_logged_in

  7. from flask_restful import Resource

  8. from werkzeug.exceptions import NotFound, Unauthorized

  9. 

  10. from libs.login import _get_user

  11. from extensions.ext_database import db

  12. from models.account import Tenant, TenantAccountJoin, Account

  13. from models.model import ApiToken, App

  14. from services.billing_service import BillingService

  15. 

  16. 

  17. def validate_app_token(view=None):

  18.     def decorator(view):

  19.         @wraps(view)

  20.         def decorated(*args, **kwargs):

  21.             api_token = validate_and_get_api_token('app')

  22. 

  23.             app_model = db.session.query(App).filter(App.id == api_token.app_id).first()

  24.             if not app_model:

  25.                 raise NotFound()

  26. 

  27.             if app_model.status != 'normal':

  28.                 raise NotFound()

  29. 

  30.             if not app_model.enable_api:

  31.                 raise NotFound()

  32. 

  33.             return view(app_model, None, *args, **kwargs)

  34.         return decorated

  35. 

  36.     if view:

  37.         return decorator(view)

  38. 

  39.     # if view is None, it means that the decorator is used without parentheses

  40.     # use the decorator as a function for method_decorators

  41.     return decorator

  42. 

  43. 

  44. def cloud_edition_billing_resource_check(resource: str,

  45.                                          api_token_type: str,

  46.                                          error_msg: str = "You have reached the limit of your subscription."):

  47.     def interceptor(view):

  48.         def decorated(*args, **kwargs):

  49.             if current_app.config['EDITION'] == 'CLOUD':

  50.                 api_token = validate_and_get_api_token(api_token_type)

  51.                 billing_info = BillingService.get_info(api_token.tenant_id)

  52. 

  53.                 members = billing_info['members']

  54.                 apps = billing_info['apps']

  55.                 vector_space = billing_info['vector_space']

  56. 

  57.                 if resource == 'members' and 0 < members['limit'] <= members['size']:

  58.                     raise Unauthorized(error_msg)

  59.                 elif resource == 'apps' and 0 < apps['limit'] <= apps['size']:

  60.                     raise Unauthorized(error_msg)

  61.                 elif resource == 'vector_space' and 0 < vector_space['limit'] <= vector_space['size']:

  62.                     raise Unauthorized(error_msg)

  63.                 else:

  64.                     return view(*args, **kwargs)

  65. 

  66.             return view(*args, **kwargs)

  67.         return decorated

  68.     return interceptor

  69. 

  70. 

  71. def validate_dataset_token(view=None):

  72.     def decorator(view):

  73.         @wraps(view)

  74.         def decorated(*args, **kwargs):

  75.             api_token = validate_and_get_api_token('dataset')

  76.             tenant_account_join = db.session.query(Tenant, TenantAccountJoin) \

  77.                 .filter(Tenant.id == api_token.tenant_id) \

  78.                 .filter(TenantAccountJoin.tenant_id == Tenant.id) \

  79.                 .filter(TenantAccountJoin.role == 'owner') \

  80.                 .one_or_none()

  81.             if tenant_account_join:

  82.                 tenant, ta = tenant_account_join

  83.                 account = Account.query.filter_by(id=ta.account_id).first()

  84.                 # Login admin

  85.                 if account:

  86.                     account.current_tenant = tenant

  87.                     current_app.login_manager._update_request_context_with_user(account)

  88.                     user_logged_in.send(current_app._get_current_object(), user=_get_user())

  89.                 else:

  90.                     raise Unauthorized("Tenant owner account is not exist.")

  91.             else:

  92.                 raise Unauthorized("Tenant is not exist.")

  93.             return view(api_token.tenant_id, *args, **kwargs)

  94.         return decorated

  95. 

  96.     if view:

  97.         return decorator(view)

  98. 

  99.     # if view is None, it means that the decorator is used without parentheses

  100.     # use the decorator as a function for method_decorators

  101.     return decorator

  102. 

  103. 

  104. def validate_and_get_api_token(scope=None):

  105.     """

  106.     Validate and get API token.

  107.     """

  108.     auth_header = request.headers.get('Authorization')

  109.     if auth_header is None or ' ' not in auth_header:

  110.         raise Unauthorized("Authorization header must be provided and start with 'Bearer'")

  111. 

  112.     auth_scheme, auth_token = auth_header.split(None, 1)

  113.     auth_scheme = auth_scheme.lower()

  114. 

  115.     if auth_scheme != 'bearer':

  116.         raise Unauthorized("Authorization scheme must be 'Bearer'")

  117. 

  118.     api_token = db.session.query(ApiToken).filter(

  119.         ApiToken.token == auth_token,

  120.         ApiToken.type == scope,

  121.     ).first()

  122. 

  123.     if not api_token:

  124.         raise Unauthorized("Access token is invalid")

  125. 

  126.     api_token.last_used_at = datetime.utcnow()

  127.     db.session.commit()

  128. 

  129.     return api_token

  130. 

  131. 

  132. class AppApiResource(Resource):

  133.     method_decorators = [validate_app_token]

  134. 

  135. 

  136. class DatasetApiResource(Resource):

  137.     method_decorators = [validate_dataset_token]