kanshan/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-01-14 06:07:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

refactor(encryption): update encryption utility references and clean up sandbox provider service logic

Browse Source
This commit is contained in:
Harry 2026-01-09 17:22:23 +08:00
parent 925825a41b
commit eb821efda7
3 changed files with 19 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api/commands.py
View File

@ -21,7 +21,7 @@ from core.rag.datasource.vdb.vector_factory import Vector
from core.rag.datasource.vdb.vector_type import VectorType
from core.rag.index_processor.constant.built_in_field import BuiltInField
from core.rag.models.document import Document
from core.tools.utils.system_oauth_encryption import encrypt_system_oauth_params
from core.tools.utils.system_encryption import encrypt_system_params
from events.app_event import app_was_created
from extensions.ext_database import db
from extensions.ext_redis import redis_client
@ -1147,7 +1147,7 @@ def remove_orphaned_files_on_storage(force: bool):
click.echo(click.style(f"- Scanning files on storage path {storage_path}", fg="white"))
files = storage.scan(path=storage_path, files=True, directories=False)
all_files_on_storage.extend(files)
except FileNotFoundError as e:
except FileNotFoundError:
click.echo(click.style(f" -> Skipping path {storage_path} as it does not exist.", fg="yellow"))
continue
except Exception as e:
@ -1414,7 +1414,7 @@ def setup_system_tool_oauth_client(provider, client_params):
click.echo(click.style(f"Encrypting client params: {client_params}", fg="yellow"))
click.echo(click.style(f"Using SECRET_KEY: `{dify_config.SECRET_KEY}`", fg="yellow"))
oauth_client_params = encrypt_system_oauth_params(client_params_dict)
oauth_client_params = encrypt_system_params(client_params_dict)
click.echo(click.style("Client params encrypted successfully.", fg="green"))
except Exception as e:
click.echo(click.style(f"Error parsing client params: {str(e)}", fg="red"))
@ -1463,7 +1463,7 @@ def setup_system_trigger_oauth_client(provider, client_params):
click.echo(click.style(f"Encrypting client params: {client_params}", fg="yellow"))
click.echo(click.style(f"Using SECRET_KEY: `{dify_config.SECRET_KEY}`", fg="yellow"))
oauth_client_params = encrypt_system_oauth_params(client_params_dict)
oauth_client_params = encrypt_system_params(client_params_dict)
click.echo(click.style("Client params encrypted successfully.", fg="green"))
except Exception as e:
click.echo(click.style(f"Error parsing client params: {str(e)}", fg="red"))

4
api/models/sandbox.py
View File

@ -40,10 +40,6 @@ class SandboxProviderSystemConfig(TypeBase):
init=False,
)
@property
def config(self) -> Mapping[str, Any]:
return cast(Mapping[str, Any], json.loads(self.encrypted_config or "{}"))
class SandboxProvider(TypeBase):
"""

49
api/services/sandbox/sandbox_provider_service.py
View File

@ -19,8 +19,8 @@ from sqlalchemy.orm import Session
from configs import dify_config
from constants import HIDDEN_VALUE
from core.entities.provider_entities import BasicProviderConfig
from core.tools.utils.system_oauth_encryption import (
decrypt_system_oauth_params,
from core.tools.utils.system_encryption import (
decrypt_system_params,
)
from core.virtual_environment.__base.virtual_environment import VirtualEnvironment
from core.virtual_environment.factory import SandboxFactory, SandboxType
@ -317,6 +317,7 @@ class SandboxProviderService:
environments: Mapping[str, str] | None = None,
) -> VirtualEnvironment:
with Session(db.engine, expire_on_commit=False) as session:
# Get config: tenant config > system default > raise error
tenant_config = (
session.query(SandboxProvider)
.filter(
@ -325,45 +326,25 @@ class SandboxProviderService:
)
.first()
)
config: Mapping[str, Any] = {}
provider_type = None
if tenant_config:
schema = PROVIDER_CONFIG_SCHEMAS.get(tenant_config.provider_type, [])
encrypter, _ = create_sandbox_config_encrypter(tenant_id, schema, tenant_config.provider_type)
config = encrypter.decrypt(tenant_config.config)
provider_type = tenant_config.provider_type
else:
provider_type = (
SandboxProviderType.DOCKER if dify_config.EDITION == "SELF_HOSTED" else SandboxProviderType.E2B
)
logger.warning(
"No active sandbox provider for tenant %s, using default: %s",
tenant_id,
provider_type,
)
system_default = session.query(SandboxProviderSystemConfig).first()
if system_default:
config = decrypt_system_params(system_default.encrypted_config)
provider_type = system_default.provider_type
# Get effective config: tenant config > system default > empty
config: Mapping[str, Any] = {}
provider_config = (
session.query(SandboxProvider)
.filter(
SandboxProvider.tenant_id == tenant_id,
SandboxProvider.provider_type == provider_type,
)
.first()
)
if provider_config and provider_config.config:
schema = PROVIDER_CONFIG_SCHEMAS.get(provider_type, [])
encrypter, _ = create_sandbox_config_encrypter(tenant_id, schema, provider_type)
config = encrypter.decrypt(provider_config.config)
else:
system_default = (
session.query(SandboxProviderSystemConfig)
.filter(SandboxProviderSystemConfig.provider_type == provider_type)
.first()
)
if system_default and system_default.encrypted_config:
config = decrypt_system_oauth_params(system_default.encrypted_config)
if not config or not provider_type:
raise ValueError(f"No active sandbox provider for tenant {tenant_id} or system default")
return SandboxFactory.create(
tenant_id=tenant_id,
sandbox_type=SandboxType(provider_type),
options=dict(config) if config else {},
options=dict(config),
environments=environments or {},
)