From 9f1e998b8b9b552e606d5f7a5812c10881085a78 Mon Sep 17 00:00:00 2001 From: -LAN- Date: Thu, 10 Jul 2025 14:44:05 +0800 Subject: [PATCH] refactor(api_workflow_node_execution_repository): Refactors workflow run query for clarity Signed-off-by: -LAN- --- .../api_workflow_node_execution_repository.py | 2 +- .../sqlalchemy_api_workflow_run_repository.py | 22 ++++++++----------- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/api/repositories/api_workflow_node_execution_repository.py b/api/repositories/api_workflow_node_execution_repository.py index 3ca4b3e27e..507787a997 100644 --- a/api/repositories/api_workflow_node_execution_repository.py +++ b/api/repositories/api_workflow_node_execution_repository.py @@ -96,7 +96,7 @@ class DifyAPIWorkflowNodeExecutionRepository(WorkflowNodeExecutionRepository, Pr Tenant filtering is optional for cases where the execution ID is globally unique. When `tenant_id` is None, it's the caller's responsibility to ensure proper data isolation between tenants. - If the `execution_id` comes from untrusted sources (e.g., retrieved from an API request), the caller should + If the `execution_id` comes from untrusted sources (e.g., retrieved from an API request), the caller should set `tenant_id` to prevent horizontal privilege escalation. Args: diff --git a/api/repositories/sqlalchemy_api_workflow_run_repository.py b/api/repositories/sqlalchemy_api_workflow_run_repository.py index e61ae57594..3bcd8af0a0 100644 --- a/api/repositories/sqlalchemy_api_workflow_run_repository.py +++ b/api/repositories/sqlalchemy_api_workflow_run_repository.py @@ -25,7 +25,7 @@ from datetime import datetime from typing import Optional, cast from sqlalchemy import delete, select -from sqlalchemy.orm import sessionmaker +from sqlalchemy.orm import Session, sessionmaker from libs.infinite_scroll_pagination import InfiniteScrollPagination from models.workflow import WorkflowRun @@ -45,7 +45,7 @@ class DifyAPISQLAlchemyWorkflowRunRepository: session_maker: SQLAlchemy sessionmaker instance for database connections """ - def __init__(self, session_maker: sessionmaker) -> None: + def __init__(self, session_maker: sessionmaker[Session]) -> None: """ Initialize the repository with a sessionmaker. @@ -86,17 +86,13 @@ class DifyAPISQLAlchemyWorkflowRunRepository: raise ValueError("Last workflow run not exists") # Get records created before the last run's timestamp - workflow_runs = session.scalars( - base_stmt.where( - WorkflowRun.created_at < last_workflow_run.created_at, - WorkflowRun.id != last_workflow_run.id, - ) - .order_by(WorkflowRun.created_at.desc()) - .limit(limit) - ).all() - else: - # First page - get most recent records - workflow_runs = session.scalars(base_stmt.order_by(WorkflowRun.created_at.desc()).limit(limit)).all() + base_stmt = base_stmt.where( + WorkflowRun.created_at < last_workflow_run.created_at, + WorkflowRun.id != last_workflow_run.id, + ) + + # First page - get most recent records + workflow_runs = session.scalars(base_stmt.order_by(WorkflowRun.created_at.desc()).limit(limit)).all() # Check if there are more records for pagination has_more = False