OpenSource
/
dify
Watch 4
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 152 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4835 Commits
4 Branches
Tree: 403e2d58b9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '403e2d58b9'
${ noResults }
dify/api/controllers/console/apikey.py

apikey.py 6.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186 
  1. from typing import Any

  2. 

  3. import flask_restful  # type: ignore

  4. from flask_login import current_user  # type: ignore

  5. from flask_restful import Resource, fields, marshal_with

  6. from sqlalchemy import select

  7. from sqlalchemy.orm import Session

  8. from werkzeug.exceptions import Forbidden

  9. 

  10. from extensions.ext_database import db

  11. from libs.helper import TimestampField

  12. from libs.login import login_required

  13. from models.dataset import Dataset

  14. from models.model import ApiToken, App

  15. 

  16. from . import api

  17. from .wraps import account_initialization_required, setup_required

  18. 

  19. api_key_fields = {

  20.     "id": fields.String,

  21.     "type": fields.String,

  22.     "token": fields.String,

  23.     "last_used_at": TimestampField,

  24.     "created_at": TimestampField,

  25. }

  26. 

  27. api_key_list = {"data": fields.List(fields.Nested(api_key_fields), attribute="items")}

  28. 

  29. 

  30. def _get_resource(resource_id, tenant_id, resource_model):

  31.     if resource_model == App:

  32.         with Session(db.engine) as session:

  33.             resource = session.execute(

  34.                 select(resource_model).filter_by(id=resource_id, tenant_id=tenant_id)

  35.             ).scalar_one_or_none()

  36.     else:

  37.         with Session(db.engine) as session:

  38.             resource = session.execute(

  39.                 select(resource_model).filter_by(id=resource_id, tenant_id=tenant_id)

  40.             ).scalar_one_or_none()

  41. 

  42.     if resource is None:

  43.         flask_restful.abort(404, message=f"{resource_model.__name__} not found.")

  44. 

  45.     return resource

  46. 

  47. 

  48. class BaseApiKeyListResource(Resource):

  49.     method_decorators = [account_initialization_required, login_required, setup_required]

  50. 

  51.     resource_type: str | None = None

  52.     resource_model: Any = None

  53.     resource_id_field: str | None = None

  54.     token_prefix: str | None = None

  55.     max_keys = 10

  56. 

  57.     @marshal_with(api_key_list)

  58.     def get(self, resource_id):

  59.         assert self.resource_id_field is not None, "resource_id_field must be set"

  60.         resource_id = str(resource_id)

  61.         _get_resource(resource_id, current_user.current_tenant_id, self.resource_model)

  62.         keys = (

  63.             db.session.query(ApiToken)

  64.             .filter(ApiToken.type == self.resource_type, getattr(ApiToken, self.resource_id_field) == resource_id)

  65.             .all()

  66.         )

  67.         return {"items": keys}

  68. 

  69.     @marshal_with(api_key_fields)

  70.     def post(self, resource_id):

  71.         assert self.resource_id_field is not None, "resource_id_field must be set"

  72.         resource_id = str(resource_id)

  73.         _get_resource(resource_id, current_user.current_tenant_id, self.resource_model)

  74.         if not current_user.is_editor:

  75.             raise Forbidden()

  76. 

  77.         current_key_count = (

  78.             db.session.query(ApiToken)

  79.             .filter(ApiToken.type == self.resource_type, getattr(ApiToken, self.resource_id_field) == resource_id)

  80.             .count()

  81.         )

  82. 

  83.         if current_key_count >= self.max_keys:

  84.             flask_restful.abort(

  85.                 400,

  86.                 message=f"Cannot create more than {self.max_keys} API keys for this resource type.",

  87.                 code="max_keys_exceeded",

  88.             )

  89. 

  90.         key = ApiToken.generate_api_key(self.token_prefix, 24)

  91.         api_token = ApiToken()

  92.         setattr(api_token, self.resource_id_field, resource_id)

  93.         api_token.tenant_id = current_user.current_tenant_id

  94.         api_token.token = key

  95.         api_token.type = self.resource_type

  96.         db.session.add(api_token)

  97.         db.session.commit()

  98.         return api_token, 201

  99. 

  100. 

  101. class BaseApiKeyResource(Resource):

  102.     method_decorators = [account_initialization_required, login_required, setup_required]

  103. 

  104.     resource_type: str | None = None

  105.     resource_model: Any = None

  106.     resource_id_field: str | None = None

  107. 

  108.     def delete(self, resource_id, api_key_id):

  109.         assert self.resource_id_field is not None, "resource_id_field must be set"

  110.         resource_id = str(resource_id)

  111.         api_key_id = str(api_key_id)

  112.         _get_resource(resource_id, current_user.current_tenant_id, self.resource_model)

  113. 

  114.         # The role of the current user in the ta table must be admin or owner

  115.         if not current_user.is_admin_or_owner:

  116.             raise Forbidden()

  117. 

  118.         key = (

  119.             db.session.query(ApiToken)

  120.             .filter(

  121.                 getattr(ApiToken, self.resource_id_field) == resource_id,

  122.                 ApiToken.type == self.resource_type,

  123.                 ApiToken.id == api_key_id,

  124.             )

  125.             .first()

  126.         )

  127. 

  128.         if key is None:

  129.             flask_restful.abort(404, message="API key not found")

  130. 

  131.         db.session.query(ApiToken).filter(ApiToken.id == api_key_id).delete()

  132.         db.session.commit()

  133. 

  134.         return {"result": "success"}, 204

  135. 

  136. 

  137. class AppApiKeyListResource(BaseApiKeyListResource):

  138.     def after_request(self, resp):

  139.         resp.headers["Access-Control-Allow-Origin"] = "*"

  140.         resp.headers["Access-Control-Allow-Credentials"] = "true"

  141.         return resp

  142. 

  143.     resource_type = "app"

  144.     resource_model = App

  145.     resource_id_field = "app_id"

  146.     token_prefix = "app-"

  147. 

  148. 

  149. class AppApiKeyResource(BaseApiKeyResource):

  150.     def after_request(self, resp):

  151.         resp.headers["Access-Control-Allow-Origin"] = "*"

  152.         resp.headers["Access-Control-Allow-Credentials"] = "true"

  153.         return resp

  154. 

  155.     resource_type = "app"

  156.     resource_model = App

  157.     resource_id_field = "app_id"

  158. 

  159. 

  160. class DatasetApiKeyListResource(BaseApiKeyListResource):

  161.     def after_request(self, resp):

  162.         resp.headers["Access-Control-Allow-Origin"] = "*"

  163.         resp.headers["Access-Control-Allow-Credentials"] = "true"

  164.         return resp

  165. 

  166.     resource_type = "dataset"

  167.     resource_model = Dataset

  168.     resource_id_field = "dataset_id"

  169.     token_prefix = "ds-"

  170. 

  171. 

  172. class DatasetApiKeyResource(BaseApiKeyResource):

  173.     def after_request(self, resp):

  174.         resp.headers["Access-Control-Allow-Origin"] = "*"

  175.         resp.headers["Access-Control-Allow-Credentials"] = "true"

  176.         return resp

  177. 

  178.     resource_type = "dataset"

  179.     resource_model = Dataset

  180.     resource_id_field = "dataset_id"

  181. 

  182. 

  183. api.add_resource(AppApiKeyListResource, "/apps/<uuid:resource_id>/api-keys")

  184. api.add_resource(AppApiKeyResource, "/apps/<uuid:resource_id>/api-keys/<uuid:api_key_id>")

  185. api.add_resource(DatasetApiKeyListResource, "/datasets/<uuid:resource_id>/api-keys")

  186. api.add_resource(DatasetApiKeyResource, "/datasets/<uuid:resource_id>/api-keys/<uuid:api_key_id>")