OpenSource
/
dify
Beobachten 4
Favorisieren 0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 152 Wiki Aktivität
Du kannst nicht mehr als 25 Themen auswählen Themen müssen mit entweder einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
7175 Commits
4 Branches
Struktur: 08dd3f7b50
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „08dd3f7b50“
${ noResults }
dify/api/controllers/console/apikey.py

apikey.py 6.3KB
Originalformat Blame Verlauf

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187 
  1. from typing import Optional

  2. 

  3. import flask_restx

  4. from flask_login import current_user

  5. from flask_restx import Resource, fields, marshal_with

  6. from flask_restx._http import HTTPStatus

  7. from sqlalchemy import select

  8. from sqlalchemy.orm import Session

  9. from werkzeug.exceptions import Forbidden

  10. 

  11. from extensions.ext_database import db

  12. from libs.helper import TimestampField

  13. from libs.login import login_required

  14. from models.dataset import Dataset

  15. from models.model import ApiToken, App

  16. 

  17. from . import api

  18. from .wraps import account_initialization_required, setup_required

  19. 

  20. api_key_fields = {

  21.     "id": fields.String,

  22.     "type": fields.String,

  23.     "token": fields.String,

  24.     "last_used_at": TimestampField,

  25.     "created_at": TimestampField,

  26. }

  27. 

  28. api_key_list = {"data": fields.List(fields.Nested(api_key_fields), attribute="items")}

  29. 

  30. 

  31. def _get_resource(resource_id, tenant_id, resource_model):

  32.     if resource_model == App:

  33.         with Session(db.engine) as session:

  34.             resource = session.execute(

  35.                 select(resource_model).filter_by(id=resource_id, tenant_id=tenant_id)

  36.             ).scalar_one_or_none()

  37.     else:

  38.         with Session(db.engine) as session:

  39.             resource = session.execute(

  40.                 select(resource_model).filter_by(id=resource_id, tenant_id=tenant_id)

  41.             ).scalar_one_or_none()

  42. 

  43.     if resource is None:

  44.         flask_restx.abort(HTTPStatus.NOT_FOUND, message=f"{resource_model.__name__} not found.")

  45. 

  46.     return resource

  47. 

  48. 

  49. class BaseApiKeyListResource(Resource):

  50.     method_decorators = [account_initialization_required, login_required, setup_required]

  51. 

  52.     resource_type: str | None = None

  53.     resource_model: Optional[type] = None

  54.     resource_id_field: str | None = None

  55.     token_prefix: str | None = None

  56.     max_keys = 10

  57. 

  58.     @marshal_with(api_key_list)

  59.     def get(self, resource_id):

  60.         assert self.resource_id_field is not None, "resource_id_field must be set"

  61.         resource_id = str(resource_id)

  62.         _get_resource(resource_id, current_user.current_tenant_id, self.resource_model)

  63.         keys = (

  64.             db.session.query(ApiToken)

  65.             .where(ApiToken.type == self.resource_type, getattr(ApiToken, self.resource_id_field) == resource_id)

  66.             .all()

  67.         )

  68.         return {"items": keys}

  69. 

  70.     @marshal_with(api_key_fields)

  71.     def post(self, resource_id):

  72.         assert self.resource_id_field is not None, "resource_id_field must be set"

  73.         resource_id = str(resource_id)

  74.         _get_resource(resource_id, current_user.current_tenant_id, self.resource_model)

  75.         if not current_user.is_editor:

  76.             raise Forbidden()

  77. 

  78.         current_key_count = (

  79.             db.session.query(ApiToken)

  80.             .where(ApiToken.type == self.resource_type, getattr(ApiToken, self.resource_id_field) == resource_id)

  81.             .count()

  82.         )

  83. 

  84.         if current_key_count >= self.max_keys:

  85.             flask_restx.abort(

  86.                 HTTPStatus.BAD_REQUEST,

  87.                 message=f"Cannot create more than {self.max_keys} API keys for this resource type.",

  88.                 custom="max_keys_exceeded",

  89.             )

  90. 

  91.         key = ApiToken.generate_api_key(self.token_prefix or "", 24)

  92.         api_token = ApiToken()

  93.         setattr(api_token, self.resource_id_field, resource_id)

  94.         api_token.tenant_id = current_user.current_tenant_id

  95.         api_token.token = key

  96.         api_token.type = self.resource_type

  97.         db.session.add(api_token)

  98.         db.session.commit()

  99.         return api_token, 201

  100. 

  101. 

  102. class BaseApiKeyResource(Resource):

  103.     method_decorators = [account_initialization_required, login_required, setup_required]

  104. 

  105.     resource_type: str | None = None

  106.     resource_model: Optional[type] = None

  107.     resource_id_field: str | None = None

  108. 

  109.     def delete(self, resource_id, api_key_id):

  110.         assert self.resource_id_field is not None, "resource_id_field must be set"

  111.         resource_id = str(resource_id)

  112.         api_key_id = str(api_key_id)

  113.         _get_resource(resource_id, current_user.current_tenant_id, self.resource_model)

  114. 

  115.         # The role of the current user in the ta table must be admin or owner

  116.         if not current_user.is_admin_or_owner:

  117.             raise Forbidden()

  118. 

  119.         key = (

  120.             db.session.query(ApiToken)

  121.             .where(

  122.                 getattr(ApiToken, self.resource_id_field) == resource_id,

  123.                 ApiToken.type == self.resource_type,

  124.                 ApiToken.id == api_key_id,

  125.             )

  126.             .first()

  127.         )

  128. 

  129.         if key is None:

  130.             flask_restx.abort(HTTPStatus.NOT_FOUND, message="API key not found")

  131. 

  132.         db.session.query(ApiToken).where(ApiToken.id == api_key_id).delete()

  133.         db.session.commit()

  134. 

  135.         return {"result": "success"}, 204

  136. 

  137. 

  138. class AppApiKeyListResource(BaseApiKeyListResource):

  139.     def after_request(self, resp):

  140.         resp.headers["Access-Control-Allow-Origin"] = "*"

  141.         resp.headers["Access-Control-Allow-Credentials"] = "true"

  142.         return resp

  143. 

  144.     resource_type = "app"

  145.     resource_model = App

  146.     resource_id_field = "app_id"

  147.     token_prefix = "app-"

  148. 

  149. 

  150. class AppApiKeyResource(BaseApiKeyResource):

  151.     def after_request(self, resp):

  152.         resp.headers["Access-Control-Allow-Origin"] = "*"

  153.         resp.headers["Access-Control-Allow-Credentials"] = "true"

  154.         return resp

  155. 

  156.     resource_type = "app"

  157.     resource_model = App

  158.     resource_id_field = "app_id"

  159. 

  160. 

  161. class DatasetApiKeyListResource(BaseApiKeyListResource):

  162.     def after_request(self, resp):

  163.         resp.headers["Access-Control-Allow-Origin"] = "*"

  164.         resp.headers["Access-Control-Allow-Credentials"] = "true"

  165.         return resp

  166. 

  167.     resource_type = "dataset"

  168.     resource_model = Dataset

  169.     resource_id_field = "dataset_id"

  170.     token_prefix = "ds-"

  171. 

  172. 

  173. class DatasetApiKeyResource(BaseApiKeyResource):

  174.     def after_request(self, resp):

  175.         resp.headers["Access-Control-Allow-Origin"] = "*"

  176.         resp.headers["Access-Control-Allow-Credentials"] = "true"

  177.         return resp

  178. 

  179.     resource_type = "dataset"

  180.     resource_model = Dataset

  181.     resource_id_field = "dataset_id"

  182. 

  183. 

  184. api.add_resource(AppApiKeyListResource, "/apps/<uuid:resource_id>/api-keys")

  185. api.add_resource(AppApiKeyResource, "/apps/<uuid:resource_id>/api-keys/<uuid:api_key_id>")

  186. api.add_resource(DatasetApiKeyListResource, "/datasets/<uuid:resource_id>/api-keys")

  187. api.add_resource(DatasetApiKeyResource, "/datasets/<uuid:resource_id>/api-keys/<uuid:api_key_id>")