OpenSource
/
dify
關注 4
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 152 Wiki 活動
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6126 提交
4 分支
目錄樹: 7f7ea92a45
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 '7f7ea92a45'
${ noResults }
dify/api/services/datasource_provider_service.py

datasource_provider_service.py 8.9KB
原始文件 Blame 歷史記錄

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228 
  1. import logging

  2. 

  3. from flask_login import current_user

  4. 

  5. from constants import HIDDEN_VALUE

  6. from core.helper import encrypter

  7. from core.model_runtime.entities.provider_entities import FormType

  8. from core.model_runtime.errors.validate import CredentialsValidateFailedError

  9. from core.plugin.impl.datasource import PluginDatasourceManager

  10. from extensions.ext_database import db

  11. from models.oauth import DatasourceProvider

  12. 

  13. logger = logging.getLogger(__name__)

  14. 

  15. 

  16. class DatasourceProviderService:

  17.     """

  18.     Model Provider Service

  19.     """

  20. 

  21.     def __init__(self) -> None:

  22.         self.provider_manager = PluginDatasourceManager()

  23. 

  24.     def datasource_provider_credentials_validate(

  25.         self, tenant_id: str, provider: str, plugin_id: str, credentials: dict

  26.     ) -> None:

  27.         """

  28.         validate datasource provider credentials.

  29. 

  30.         :param tenant_id:

  31.         :param provider:

  32.         :param credentials:

  33.         """

  34.         credential_valid = self.provider_manager.validate_provider_credentials(

  35.             tenant_id=tenant_id,

  36.             user_id=current_user.id,

  37.             provider=provider,

  38.             plugin_id=plugin_id,

  39.             credentials=credentials,

  40.         )

  41.         if credential_valid:

  42.             # Get all provider configurations of the current workspace

  43.             datasource_provider = (

  44.                 db.session.query(DatasourceProvider)

  45.                 .filter_by(tenant_id=tenant_id, plugin_id=plugin_id, provider=provider, auth_type="api_key")

  46.                 .first()

  47.             )

  48. 

  49.             provider_credential_secret_variables = self.extract_secret_variables(

  50.                 tenant_id=tenant_id, provider_id=f"{plugin_id}/{provider}"

  51.             )

  52.             for key, value in credentials.items():

  53.                 if key in provider_credential_secret_variables:

  54.                     # if send [__HIDDEN__] in secret input, it will be same as original value

  55.                     credentials[key] = encrypter.encrypt_token(tenant_id, value)

  56.             datasource_provider = DatasourceProvider(

  57.                 tenant_id=tenant_id,

  58.                 provider=provider,

  59.                 plugin_id=plugin_id,

  60.                 auth_type="api_key",

  61.                 encrypted_credentials=credentials,

  62.             )

  63.             db.session.add(datasource_provider)

  64.             db.session.commit()

  65.         else:

  66.             raise CredentialsValidateFailedError()

  67. 

  68.     def extract_secret_variables(self, tenant_id: str, provider_id: str) -> list[str]:

  69.         """

  70.         Extract secret input form variables.

  71. 

  72.         :param credential_form_schemas:

  73.         :return:

  74.         """

  75.         datasource_provider = self.provider_manager.fetch_datasource_provider(

  76.             tenant_id=tenant_id, provider_id=provider_id

  77.         )

  78.         credential_form_schemas = datasource_provider.declaration.credentials_schema

  79.         secret_input_form_variables = []

  80.         for credential_form_schema in credential_form_schemas:

  81.             if credential_form_schema.type == FormType.SECRET_INPUT:

  82.                 secret_input_form_variables.append(credential_form_schema.name)

  83. 

  84.         return secret_input_form_variables

  85. 

  86.     def get_datasource_credentials(self, tenant_id: str, provider: str, plugin_id: str) -> list[dict]:

  87.         """

  88.         get datasource credentials.

  89. 

  90.         :param tenant_id: workspace id

  91.         :param provider_id: provider id

  92.         :return:

  93.         """

  94.         # Get all provider configurations of the current workspace

  95.         datasource_providers: list[DatasourceProvider] = (

  96.             db.session.query(DatasourceProvider)

  97.             .filter(

  98.                 DatasourceProvider.tenant_id == tenant_id,

  99.                 DatasourceProvider.provider == provider,

  100.                 DatasourceProvider.plugin_id == plugin_id,

  101.             )

  102.             .all()

  103.         )

  104.         if not datasource_providers:

  105.             return []

  106.         copy_credentials_list = []

  107.         for datasource_provider in datasource_providers:

  108.             encrypted_credentials = datasource_provider.encrypted_credentials

  109.             # Get provider credential secret variables

  110.             credential_secret_variables = self.extract_secret_variables(

  111.                 tenant_id=tenant_id, provider_id=f"{plugin_id}/{provider}"

  112.             )

  113. 

  114.             # Obfuscate provider credentials

  115.             copy_credentials = encrypted_credentials.copy()

  116.             for key, value in copy_credentials.items():

  117.                 if key in credential_secret_variables:

  118.                     copy_credentials[key] = encrypter.obfuscated_token(value)

  119.             copy_credentials_list.append(

  120.                 {

  121.                     "credentials": copy_credentials,

  122.                     "type": datasource_provider.auth_type,

  123.                 }

  124.             )

  125. 

  126.         return copy_credentials_list

  127. 

  128.     def get_real_datasource_credentials(self, tenant_id: str, provider: str, plugin_id: str) -> list[dict]:

  129.         """

  130.         get datasource credentials.

  131. 

  132.         :param tenant_id: workspace id

  133.         :param provider_id: provider id

  134.         :return:

  135.         """

  136.         # Get all provider configurations of the current workspace

  137.         datasource_providers: list[DatasourceProvider] = (

  138.             db.session.query(DatasourceProvider)

  139.             .filter(

  140.                 DatasourceProvider.tenant_id == tenant_id,

  141.                 DatasourceProvider.provider == provider,

  142.                 DatasourceProvider.plugin_id == plugin_id,

  143.             )

  144.             .all()

  145.         )

  146.         if not datasource_providers:

  147.             return []

  148.         copy_credentials_list = []

  149.         for datasource_provider in datasource_providers:

  150.             encrypted_credentials = datasource_provider.encrypted_credentials

  151.             # Get provider credential secret variables

  152.             credential_secret_variables = self.extract_secret_variables(

  153.                 tenant_id=tenant_id, provider_id=f"{plugin_id}/{provider}"

  154.             )

  155. 

  156.             # Obfuscate provider credentials

  157.             copy_credentials = encrypted_credentials.copy()

  158.             for key, value in copy_credentials.items():

  159.                 if key in credential_secret_variables:

  160.                     copy_credentials[key] = encrypter.decrypt_token(tenant_id, value)

  161.             copy_credentials_list.append(

  162.                 {

  163.                     "credentials": copy_credentials,

  164.                     "type": datasource_provider.auth_type,

  165.                 }

  166.             )

  167. 

  168.         return copy_credentials_list

  169. 

  170.     def update_datasource_credentials(

  171.         self, tenant_id: str, auth_id: str, provider: str, plugin_id: str, credentials: dict

  172.     ) -> None:

  173.         """

  174.         update datasource credentials.

  175.         """

  176.         credential_valid = self.provider_manager.validate_provider_credentials(

  177.             tenant_id=tenant_id,

  178.             user_id=current_user.id,

  179.             provider=provider,

  180.             plugin_id=plugin_id,

  181.             credentials=credentials,

  182.         )

  183.         if credential_valid:

  184.             # Get all provider configurations of the current workspace

  185.             datasource_provider = (

  186.                 db.session.query(DatasourceProvider)

  187.                 .filter_by(tenant_id=tenant_id, id=auth_id, provider=provider, plugin_id=plugin_id)

  188.                 .first()

  189.             )

  190. 

  191.             provider_credential_secret_variables = self.extract_secret_variables(

  192.                 tenant_id=tenant_id, provider_id=f"{plugin_id}/{provider}"

  193.             )

  194.             if not datasource_provider:

  195.                 raise ValueError("Datasource provider not found")

  196.             else:

  197.                 original_credentials = datasource_provider.encrypted_credentials

  198.                 for key, value in credentials.items():

  199.                     if key in provider_credential_secret_variables:

  200.                         # if send [__HIDDEN__] in secret input, it will be same as original value

  201.                         if value == HIDDEN_VALUE and key in original_credentials:

  202.                             original_value = encrypter.encrypt_token(tenant_id, original_credentials[key])

  203.                             credentials[key] = encrypter.encrypt_token(tenant_id, original_value)

  204.                         else:

  205.                             credentials[key] = encrypter.encrypt_token(tenant_id, value)

  206. 

  207.                 datasource_provider.encrypted_credentials = credentials

  208.                 db.session.commit()

  209.         else:

  210.             raise CredentialsValidateFailedError()

  211. 

  212.     def remove_datasource_credentials(self, tenant_id: str, auth_id: str, provider: str, plugin_id: str) -> None:

  213.         """

  214.         remove datasource credentials.

  215. 

  216.         :param tenant_id: workspace id

  217.         :param provider: provider name

  218.         :param plugin_id: plugin id

  219.         :return:

  220.         """

  221.         datasource_provider = (

  222.             db.session.query(DatasourceProvider)

  223.             .filter_by(tenant_id=tenant_id, id=auth_id, provider=provider, plugin_id=plugin_id)

  224.             .first()

  225.         )

  226.         if datasource_provider:

  227.             db.session.delete(datasource_provider)

  228.             db.session.commit()