OpenSource
/
dify
Watch 4
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 152 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6014 Commits
4 Branches
Tree: 8a86a2c817
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8a86a2c817'
${ noResults }
dify/api/services/datasource_provider_service.py

datasource_provider_service.py 7.6KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176 
  1. import logging

  2. 

  3. from flask_login import current_user

  4. 

  5. from constants import HIDDEN_VALUE

  6. from core.helper import encrypter

  7. from core.model_runtime.entities.provider_entities import FormType

  8. from core.model_runtime.errors.validate import CredentialsValidateFailedError

  9. from core.plugin.impl.datasource import PluginDatasourceManager

  10. from extensions.ext_database import db

  11. from models.oauth import DatasourceProvider

  12. 

  13. logger = logging.getLogger(__name__)

  14. 

  15. 

  16. class DatasourceProviderService:

  17.     """

  18.     Model Provider Service

  19.     """

  20. 

  21.     def __init__(self) -> None:

  22.         self.provider_manager = PluginDatasourceManager()

  23. 

  24.     def datasource_provider_credentials_validate(

  25.         self, tenant_id: str, provider: str, plugin_id: str, credentials: dict

  26.     ) -> None:

  27.         """

  28.         validate datasource provider credentials.

  29. 

  30.         :param tenant_id:

  31.         :param provider:

  32.         :param credentials:

  33.         """

  34.         credential_valid = self.provider_manager.validate_provider_credentials(

  35.             tenant_id=tenant_id, user_id=current_user.id, provider=provider, plugin_id=plugin_id, credentials=credentials

  36.         )

  37.         if credential_valid:

  38.             # Get all provider configurations of the current workspace

  39.             datasource_provider = (

  40.                 db.session.query(DatasourceProvider)

  41.                 .filter_by(tenant_id=tenant_id, plugin_id=plugin_id, provider=provider, auth_type="api_key")

  42.                 .first()

  43.             )

  44. 

  45.             provider_credential_secret_variables = self.extract_secret_variables(

  46.                                                                                 tenant_id=tenant_id,

  47.                                                                                 provider_id=f"{plugin_id}/{provider}"

  48.                                                                                  )

  49.             for key, value in credentials.items():

  50.                 if key in provider_credential_secret_variables:

  51.                     # if send [__HIDDEN__] in secret input, it will be same as original value

  52.                     credentials[key] = encrypter.encrypt_token(tenant_id, value)

  53.             datasource_provider = DatasourceProvider(

  54.                 tenant_id=tenant_id,

  55.                 provider=provider,

  56.                 plugin_id=plugin_id,

  57.                 auth_type="api_key",

  58.                 encrypted_credentials=credentials,

  59.             )

  60.             db.session.add(datasource_provider)

  61.             db.session.commit()

  62.         else:

  63.             raise CredentialsValidateFailedError()

  64. 

  65.     def extract_secret_variables(self, tenant_id: str, provider_id: str) -> list[str]:

  66.         """

  67.         Extract secret input form variables.

  68. 

  69.         :param credential_form_schemas:

  70.         :return:

  71.         """

  72.         datasource_provider = self.provider_manager.fetch_datasource_provider(tenant_id=tenant_id,

  73.                                                                               provider_id=provider_id

  74.                                                                               )

  75.         credential_form_schemas = datasource_provider.declaration.credentials_schema

  76.         secret_input_form_variables = []

  77.         for credential_form_schema in credential_form_schemas:

  78.             if credential_form_schema.type == FormType.SECRET_INPUT:

  79.                 secret_input_form_variables.append(credential_form_schema.name)

  80. 

  81.         return secret_input_form_variables

  82. 

  83.     def get_datasource_credentials(self, tenant_id: str, provider: str, plugin_id: str) -> list[dict]:

  84.         """

  85.         get datasource credentials.

  86. 

  87.         :param tenant_id: workspace id

  88.         :param provider_id: provider id

  89.         :return:

  90.         """

  91.         # Get all provider configurations of the current workspace

  92.         datasource_providers: list[DatasourceProvider] = (

  93.             db.session.query(DatasourceProvider)

  94.             .filter(

  95.                 DatasourceProvider.tenant_id == tenant_id,

  96.                 DatasourceProvider.provider == provider,

  97.                 DatasourceProvider.plugin_id == plugin_id,

  98.             )

  99.             .all()

  100.         )

  101.         if not datasource_providers:

  102.             return []

  103.         copy_credentials_list = []

  104.         for datasource_provider in datasource_providers:

  105.             encrypted_credentials = datasource_provider.encrypted_credentials

  106.             # Get provider credential secret variables

  107.             credential_secret_variables = self.extract_secret_variables(tenant_id=tenant_id, provider_id=f"{plugin_id}/{provider}")

  108. 

  109.             # Obfuscate provider credentials

  110.             copy_credentials = encrypted_credentials.copy()

  111.             for key, value in copy_credentials.items():

  112.                 if key in credential_secret_variables:

  113.                     copy_credentials[key] = encrypter.obfuscated_token(value)

  114.             copy_credentials_list.append(

  115.                 {

  116.                     "credentials": copy_credentials,

  117.                     "type": datasource_provider.auth_type,

  118.                 }

  119.             )

  120. 

  121.         return copy_credentials_list

  122. 

  123.     def update_datasource_credentials(self, tenant_id: str, auth_id: str, provider: str, plugin_id: str, credentials: dict) -> None:

  124.         """

  125.         update datasource credentials.

  126.         """

  127.         credential_valid = self.provider_manager.validate_provider_credentials(

  128.             tenant_id=tenant_id, user_id=current_user.id, provider=provider,plugin_id=plugin_id, credentials=credentials

  129.         )

  130.         if credential_valid:

  131.             # Get all provider configurations of the current workspace

  132.             datasource_provider = (

  133.                 db.session.query(DatasourceProvider)

  134.                 .filter_by(tenant_id=tenant_id, id=auth_id, provider=provider, plugin_id=plugin_id)

  135.                 .first()

  136.             )

  137. 

  138.             provider_credential_secret_variables = self.extract_secret_variables(

  139.                                                                                 tenant_id=tenant_id,

  140.                                                                                 provider_id=f"{plugin_id}/{provider}"

  141.                                                                                  )

  142.             if not datasource_provider:

  143.                 raise ValueError("Datasource provider not found")

  144.             else:

  145.                 original_credentials = datasource_provider.encrypted_credentials

  146.                 for key, value in credentials.items():

  147.                     if key in provider_credential_secret_variables:

  148.                         # if send [__HIDDEN__] in secret input, it will be same as original value

  149.                         if value == HIDDEN_VALUE and key in original_credentials:

  150.                             original_value = encrypter.encrypt_token(tenant_id, original_credentials[key])

  151.                             credentials[key] = encrypter.encrypt_token(tenant_id, original_value)

  152.                         else:

  153.                             credentials[key] = encrypter.encrypt_token(tenant_id, value)

  154. 

  155.                 datasource_provider.encrypted_credentials = credentials

  156.                 db.session.commit()

  157.         else:

  158.             raise CredentialsValidateFailedError()

  159. 

  160.     def remove_datasource_credentials(self, tenant_id: str, auth_id: str, provider: str, plugin_id: str) -> None:

  161.         """

  162.         remove datasource credentials.

  163. 

  164.         :param tenant_id: workspace id

  165.         :param provider: provider name

  166.         :param plugin_id: plugin id

  167.         :return:

  168.         """

  169.         datasource_provider = (

  170.             db.session.query(DatasourceProvider)

  171.             .filter_by(tenant_id=tenant_id, id=auth_id, provider=provider, plugin_id=plugin_id)

  172.             .first()

  173.         )

  174.         if datasource_provider:

  175.             db.session.delete(datasource_provider)

  176.             db.session.commit()