ngskcloud
/
gcgj-dify-1.7.0
17
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(oauth): add credential validation for providers

Browse Source
feat/tool-plugin-oauth
Harry 11 months ago
parent 0dc5bfb2c7
commit ef330fec2c
1 changed files with 55 additions and 44 deletions
Show Stats Download Patch File Download Diff File

65
api/services/tools/builtin_tools_manage_service.py
Unescape Escape View File

@ -95,9 +95,7 @@ class BuiltinToolManageService:
return entity return entity
@staticmethod @staticmethod
def list_builtin_provider_credentials_schema( def list_builtin_provider_credentials_schema(provider_name: str, credential_type: CredentialType, tenant_id: str):
provider_name: str, credential_type: CredentialType, tenant_id: str
):
""" """
list builtin provider credentials schema list builtin provider credentials schema
@ -141,6 +139,7 @@ class BuiltinToolManageService:
if key in masked_credentials and value == masked_credentials[key]: if key in masked_credentials and value == masked_credentials[key]:
credentials[key] = original_credentials[key] credentials[key] = original_credentials[key]
if CredentialType.of(db_provider.credential_type).is_validate_allowed():
provider_controller.validate_credentials(user_id, credentials) provider_controller.validate_credentials(user_id, credentials)
# encrypt credentials # encrypt credentials
@ -159,6 +158,7 @@ class BuiltinToolManageService:
ToolNotFoundError, ToolNotFoundError,
ToolProviderCredentialValidationError, ToolProviderCredentialValidationError,
) as e: ) as e:
db.session.rollback()
raise ValueError(str(e)) raise ValueError(str(e))
return {"result": "success"} return {"result": "success"}
@ -176,46 +176,59 @@ class BuiltinToolManageService:
add builtin tool provider add builtin tool provider
""" """
lock = f"builtin_tool_provider_create_lock:{tenant_id}_{provider}" lock = f"builtin_tool_provider_create_lock:{tenant_id}_{provider}"
try:
with redis_client.lock(lock, timeout=20): with redis_client.lock(lock, timeout=20):
# check if the provider count is over the limit provider_controller = ToolManager.get_builtin_provider(provider, tenant_id)
if not provider_controller.need_credentials:
raise ValueError(f"provider {provider} does not need credentials")
provider_count = ( provider_count = (
db.session.query(BuiltinToolProvider).filter_by(tenant_id=tenant_id, provider=provider).count() db.session.query(BuiltinToolProvider).filter_by(tenant_id=tenant_id, provider=provider).count()
) )
# check if the provider count is reached the limit
if provider_count >= BuiltinToolManageService.__MAX_BUILTIN_TOOL_PROVIDER_COUNT__: if provider_count >= BuiltinToolManageService.__MAX_BUILTIN_TOOL_PROVIDER_COUNT__:
raise ValueError(f"you have reached the maximum number of providers for {provider}") raise ValueError(f"you have reached the maximum number of providers for {provider}")
# TODO should we get name from oauth authentication? # validate credentials if allowed
name = ( if CredentialType.of(api_type).is_validate_allowed():
name provider_controller.validate_credentials(user_id, credentials)
if name
else BuiltinToolManageService.generate_builtin_tool_provider_name( # generate name if not provided
if name is None:
name = BuiltinToolManageService.generate_builtin_tool_provider_name(
tenant_id=tenant_id, provider=provider, credential_type=api_type tenant_id=tenant_id, provider=provider, credential_type=api_type
) )
# create encrypter
encrypter, _ = create_provider_encrypter(
tenant_id=tenant_id,
config=[
x.to_basic_provider_config()
for x in provider_controller.get_credentials_schema_by_type(api_type)
],
cache=NoOpProviderCredentialCache(),
) )
db_provider = BuiltinToolProvider( db_provider = BuiltinToolProvider(
tenant_id=tenant_id, tenant_id=tenant_id,
user_id=user_id, user_id=user_id,
provider=provider, provider=provider,
encrypted_credentials=json.dumps(credentials), encrypted_credentials=json.dumps(encrypter.encrypt(credentials)),
credential_type=api_type.value, credential_type=api_type.value,
name=name, name=name,
) )
provider_controller = ToolManager.get_builtin_provider(provider, tenant_id)
if not provider_controller.need_credentials:
raise ValueError(f"provider {provider} does not need credentials")
encrypter, cache = BuiltinToolManageService.create_tool_encrypter(
tenant_id, db_provider, provider, provider_controller
)
# encrypt credentials
db_provider.encrypted_credentials = json.dumps(encrypter.encrypt(credentials))
cache.delete()
db.session.add(db_provider) db.session.add(db_provider)
db.session.commit() db.session.commit()
except (
PluginDaemonClientSideError,
ToolProviderNotFoundError,
ToolNotFoundError,
ToolProviderCredentialValidationError,
) as e:
db.session.rollback()
raise ValueError(str(e))
return {"result": "success"} return {"result": "success"}
@staticmethod @staticmethod
@ -236,9 +249,7 @@ class BuiltinToolManageService:
return encrypter, cache return encrypter, cache
@staticmethod @staticmethod
def generate_builtin_tool_provider_name( def generate_builtin_tool_provider_name(tenant_id: str, provider: str, credential_type: CredentialType) -> str:
tenant_id: str, provider: str, credential_type: CredentialType
) -> str:
try: try:
db_providers = ( db_providers = (
db.session.query(BuiltinToolProvider) db.session.query(BuiltinToolProvider)
@ -362,8 +373,8 @@ class BuiltinToolManageService:
# clear default provider # clear default provider
session.query(BuiltinToolProvider).filter_by( session.query(BuiltinToolProvider).filter_by(
tenant_id=tenant_id, user_id=user_id, provider=provider, default=True tenant_id=tenant_id, user_id=user_id, provider=provider, is_default=True
).update({"default": False}) ).update({"is_default": False})
# set new default provider # set new default provider
target_provider.is_default = True target_provider.is_default = True

Write Preview
Loading…
Cancel
Save