diff --git a/api/commands.py b/api/commands.py index 7ebf5b4874..11db0e0398 100644 --- a/api/commands.py +++ b/api/commands.py @@ -21,7 +21,7 @@ from core.rag.datasource.vdb.vector_factory import Vector from core.rag.datasource.vdb.vector_type import VectorType from core.rag.index_processor.constant.built_in_field import BuiltInField from core.rag.models.document import Document -from core.tools.utils.system_oauth_encryption import encrypt_system_oauth_params +from core.tools.utils.system_encryption import encrypt_system_params from events.app_event import app_was_created from extensions.ext_database import db from extensions.ext_redis import redis_client @@ -1147,7 +1147,7 @@ def remove_orphaned_files_on_storage(force: bool): click.echo(click.style(f"- Scanning files on storage path {storage_path}", fg="white")) files = storage.scan(path=storage_path, files=True, directories=False) all_files_on_storage.extend(files) - except FileNotFoundError as e: + except FileNotFoundError: click.echo(click.style(f" -> Skipping path {storage_path} as it does not exist.", fg="yellow")) continue except Exception as e: @@ -1414,7 +1414,7 @@ def setup_system_tool_oauth_client(provider, client_params): click.echo(click.style(f"Encrypting client params: {client_params}", fg="yellow")) click.echo(click.style(f"Using SECRET_KEY: `{dify_config.SECRET_KEY}`", fg="yellow")) - oauth_client_params = encrypt_system_oauth_params(client_params_dict) + oauth_client_params = encrypt_system_params(client_params_dict) click.echo(click.style("Client params encrypted successfully.", fg="green")) except Exception as e: click.echo(click.style(f"Error parsing client params: {str(e)}", fg="red")) @@ -1463,7 +1463,7 @@ def setup_system_trigger_oauth_client(provider, client_params): click.echo(click.style(f"Encrypting client params: {client_params}", fg="yellow")) click.echo(click.style(f"Using SECRET_KEY: `{dify_config.SECRET_KEY}`", fg="yellow")) - oauth_client_params = encrypt_system_oauth_params(client_params_dict) + oauth_client_params = encrypt_system_params(client_params_dict) click.echo(click.style("Client params encrypted successfully.", fg="green")) except Exception as e: click.echo(click.style(f"Error parsing client params: {str(e)}", fg="red")) diff --git a/api/models/sandbox.py b/api/models/sandbox.py index 00dc369d9e..1ca95eba29 100644 --- a/api/models/sandbox.py +++ b/api/models/sandbox.py @@ -40,10 +40,6 @@ class SandboxProviderSystemConfig(TypeBase): init=False, ) - @property - def config(self) -> Mapping[str, Any]: - return cast(Mapping[str, Any], json.loads(self.encrypted_config or "{}")) - class SandboxProvider(TypeBase): """ diff --git a/api/services/sandbox/sandbox_provider_service.py b/api/services/sandbox/sandbox_provider_service.py index 85a67af1b7..fb749ae0ff 100644 --- a/api/services/sandbox/sandbox_provider_service.py +++ b/api/services/sandbox/sandbox_provider_service.py @@ -19,8 +19,8 @@ from sqlalchemy.orm import Session from configs import dify_config from constants import HIDDEN_VALUE from core.entities.provider_entities import BasicProviderConfig -from core.tools.utils.system_oauth_encryption import ( - decrypt_system_oauth_params, +from core.tools.utils.system_encryption import ( + decrypt_system_params, ) from core.virtual_environment.__base.virtual_environment import VirtualEnvironment from core.virtual_environment.factory import SandboxFactory, SandboxType @@ -317,6 +317,7 @@ class SandboxProviderService: environments: Mapping[str, str] | None = None, ) -> VirtualEnvironment: with Session(db.engine, expire_on_commit=False) as session: + # Get config: tenant config > system default > raise error tenant_config = ( session.query(SandboxProvider) .filter( @@ -325,45 +326,25 @@ class SandboxProviderService: ) .first() ) - + config: Mapping[str, Any] = {} + provider_type = None if tenant_config: + schema = PROVIDER_CONFIG_SCHEMAS.get(tenant_config.provider_type, []) + encrypter, _ = create_sandbox_config_encrypter(tenant_id, schema, tenant_config.provider_type) + config = encrypter.decrypt(tenant_config.config) provider_type = tenant_config.provider_type else: - provider_type = ( - SandboxProviderType.DOCKER if dify_config.EDITION == "SELF_HOSTED" else SandboxProviderType.E2B - ) - logger.warning( - "No active sandbox provider for tenant %s, using default: %s", - tenant_id, - provider_type, - ) + system_default = session.query(SandboxProviderSystemConfig).first() + if system_default: + config = decrypt_system_params(system_default.encrypted_config) + provider_type = system_default.provider_type - # Get effective config: tenant config > system default > empty - config: Mapping[str, Any] = {} - provider_config = ( - session.query(SandboxProvider) - .filter( - SandboxProvider.tenant_id == tenant_id, - SandboxProvider.provider_type == provider_type, - ) - .first() - ) - if provider_config and provider_config.config: - schema = PROVIDER_CONFIG_SCHEMAS.get(provider_type, []) - encrypter, _ = create_sandbox_config_encrypter(tenant_id, schema, provider_type) - config = encrypter.decrypt(provider_config.config) - else: - system_default = ( - session.query(SandboxProviderSystemConfig) - .filter(SandboxProviderSystemConfig.provider_type == provider_type) - .first() - ) - if system_default and system_default.encrypted_config: - config = decrypt_system_oauth_params(system_default.encrypted_config) + if not config or not provider_type: + raise ValueError(f"No active sandbox provider for tenant {tenant_id} or system default") return SandboxFactory.create( tenant_id=tenant_id, sandbox_type=SandboxType(provider_type), - options=dict(config) if config else {}, + options=dict(config), environments=environments or {}, )