dify/api/controllers/inner_api/wraps.py

from base64 import b64encode
from functools import wraps
from hashlib import sha1
from hmac import new as hmac_new

from flask import abort, request

from configs import dify_config
from extensions.ext_database import db
from models.model import EndUser


def enterprise_inner_api_only(view):
    @wraps(view)
    def decorated(*args, **kwargs):
        if not dify_config.INNER_API:
            abort(404)

        # get header 'X-Inner-Api-Key'
        inner_api_key = request.headers.get("X-Inner-Api-Key")
        if not inner_api_key or inner_api_key != dify_config.INNER_API_KEY_FOR_PLUGIN:
            abort(401)

        return view(*args, **kwargs)

    return decorated


def enterprise_inner_api_user_auth(view):
    @wraps(view)
    def decorated(*args, **kwargs):
        if not dify_config.INNER_API:
            return view(*args, **kwargs)

        # get header 'X-Inner-Api-Key'
        authorization = request.headers.get("Authorization")
        if not authorization:
            return view(*args, **kwargs)

        parts = authorization.split(":")
        if len(parts) != 2:
            return view(*args, **kwargs)

        user_id, token = parts
        if " " in user_id:
            user_id = user_id.split(" ")[1]

        inner_api_key = request.headers.get("X-Inner-Api-Key", "")

        data_to_sign = f"DIFY {user_id}"

        signature = hmac_new(inner_api_key.encode("utf-8"), data_to_sign.encode("utf-8"), sha1)
        signature_base64 = b64encode(signature.digest()).decode("utf-8")

        if signature_base64 != token:
            return view(*args, **kwargs)

        kwargs["user"] = db.session.query(EndUser).filter(EndUser.id == user_id).first()

        return view(*args, **kwargs)

    return decorated


def plugin_inner_api_only(view):
    @wraps(view)
    def decorated(*args, **kwargs):
        if not dify_config.PLUGIN_DAEMON_KEY:
            abort(404)

        # get header 'X-Inner-Api-Key'
        inner_api_key = request.headers.get("X-Inner-Api-Key")
        if not inner_api_key or inner_api_key != dify_config.INNER_API_KEY_FOR_PLUGIN:
            abort(404)

        return view(*args, **kwargs)

    return decorated
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00			`from base64 import b64encode`
			`from functools import wraps`
			`from hashlib import sha1`
			`from hmac import new as hmac_new`

refactor(api): switch to dify_config with Pydantic in controllers and schedule (#6237) 2024-07-12 16:51:43 +08:00			`from flask import abort, request`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00
feat: plugin call dify 2024-07-08 22:37:20 +08:00			`from configs import dify_config`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00			`from extensions.ext_database import db`
			`from models.model import EndUser`


feat: plugin call dify 2024-07-08 22:37:20 +08:00			`def enterprise_inner_api_only(view):`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00			`@wraps(view)`
			`def decorated(args, *kwargs):`
refactor(api): switch to dify_config with Pydantic in controllers and schedule (#6237) 2024-07-12 16:51:43 +08:00			`if not dify_config.INNER_API:`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00			`abort(404)`

			`# get header 'X-Inner-Api-Key'`
chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`inner_api_key = request.headers.get("X-Inner-Api-Key")`
feat: add inner api key 2024-09-20 13:32:11 +08:00			`if not inner_api_key or inner_api_key != dify_config.INNER_API_KEY_FOR_PLUGIN:`
fix: Change API key authentication failure response code from 404 to 401 (#6885) 2024-08-01 17:41:35 +08:00			`abort(401)`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00
			`return view(args, *kwargs)`

			`return decorated`


feat: plugin call dify 2024-07-08 22:37:20 +08:00			`def enterprise_inner_api_user_auth(view):`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00			`@wraps(view)`
			`def decorated(args, *kwargs):`
refactor(api): switch to dify_config with Pydantic in controllers and schedule (#6237) 2024-07-12 16:51:43 +08:00			`if not dify_config.INNER_API:`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00			`return view(args, *kwargs)`

			`# get header 'X-Inner-Api-Key'`
chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`authorization = request.headers.get("Authorization")`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00			`if not authorization:`
			`return view(args, *kwargs)`

chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`parts = authorization.split(":")`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00			`if len(parts) != 2:`
			`return view(args, *kwargs)`

			`user_id, token = parts`
chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`if " " in user_id:`
			`user_id = user_id.split(" ")[1]`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00
feat: mypy for all type check (#10921) 2024-12-24 18:38:51 +08:00			`inner_api_key = request.headers.get("X-Inner-Api-Key", "")`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00
chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`data_to_sign = f"DIFY {user_id}"`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00
chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`signature = hmac_new(inner_api_key.encode("utf-8"), data_to_sign.encode("utf-8"), sha1)`
feat: mypy for all type check (#10921) 2024-12-24 18:38:51 +08:00			`signature_base64 = b64encode(signature.digest()).decode("utf-8")`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00
feat: mypy for all type check (#10921) 2024-12-24 18:38:51 +08:00			`if signature_base64 != token:`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00			`return view(args, *kwargs)`

chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`kwargs["user"] = db.session.query(EndUser).filter(EndUser.id == user_id).first()`
Feat/enterprise sso (#3602) 2024-04-18 17:33:32 +08:00
			`return view(args, *kwargs)`

			`return decorated`
feat: plugin call dify 2024-07-08 22:37:20 +08:00
Merge main 2024-09-14 02:47:01 +08:00
feat: plugin call dify 2024-07-08 22:37:20 +08:00			`def plugin_inner_api_only(view):`
			`@wraps(view)`
			`def decorated(args, *kwargs):`
Unify plugin endpoint configuration for api and worker: An alternative solution to PR #13214 (#13239) 2025-02-06 11:29:37 +08:00			`if not dify_config.PLUGIN_DAEMON_KEY:`
feat: plugin call dify 2024-07-08 22:37:20 +08:00			`abort(404)`

			`# get header 'X-Inner-Api-Key'`
feat: add inner api key 2024-09-20 13:32:11 +08:00			`inner_api_key = request.headers.get("X-Inner-Api-Key")`
			`if not inner_api_key or inner_api_key != dify_config.INNER_API_KEY_FOR_PLUGIN:`
feat: plugin call dify 2024-07-08 22:37:20 +08:00			`abort(404)`

			`return view(args, *kwargs)`

feat: add inner api key 2024-09-20 13:32:11 +08:00			`return decorated`