首页 探索 帮助
注册 登录
shenzhen
/
tjdify
关注 2
点赞 0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 14784f0b6d
分支列表 标签列表
tjdify
/
api
/
controllers
/
inner_api
/
wraps.py

wraps.py 2.1 KB
文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. from base64 import b64encode
    2. 

  2. from functools import wraps
    3. 

  3. from hashlib import sha1
    4. 

  4. from hmac import new as hmac_new
    5. 

  5. 

  6. from flask import abort, request
    7. 

  7. 

  8. from configs import dify_config
    9. 

  9. from extensions.ext_database import db
    10. 

  10. from models.model import EndUser
    11. 

  11. 

  12. 

  13. def enterprise_inner_api_only(view):
    14. 

  14.     @wraps(view)
    15. 

  15.     def decorated(*args, **kwargs):
    16. 

  16.         if not dify_config.INNER_API:
    17. 

  17.             abort(404)
    18. 

  18. 

  19.         # get header 'X-Inner-Api-Key'
    20. 

  20.         inner_api_key = request.headers.get("X-Inner-Api-Key")
    21. 

  21.         if not inner_api_key or inner_api_key != dify_config.INNER_API_KEY_FOR_PLUGIN:
    22. 

  22.             abort(401)
    23. 

  23. 

  24.         return view(*args, **kwargs)
    25. 

  25. 

  26.     return decorated
    27. 

  27. 

  28. 

  29. def enterprise_inner_api_user_auth(view):
    30. 

  30.     @wraps(view)
    31. 

  31.     def decorated(*args, **kwargs):
    32. 

  32.         if not dify_config.INNER_API:
    33. 

  33.             return view(*args, **kwargs)
    34. 

  34. 

  35.         # get header 'X-Inner-Api-Key'
    36. 

  36.         authorization = request.headers.get("Authorization")
    37. 

  37.         if not authorization:
    38. 

  38.             return view(*args, **kwargs)
    39. 

  39. 

  40.         parts = authorization.split(":")
    41. 

  41.         if len(parts) != 2:
    42. 

  42.             return view(*args, **kwargs)
    43. 

  43. 

  44.         user_id, token = parts
    45. 

  45.         if " " in user_id:
    46. 

  46.             user_id = user_id.split(" ")[1]
    47. 

  47. 

  48.         inner_api_key = request.headers.get("X-Inner-Api-Key", "")
    49. 

  49. 

  50.         data_to_sign = f"DIFY {user_id}"
    51. 

  51. 

  52.         signature = hmac_new(inner_api_key.encode("utf-8"), data_to_sign.encode("utf-8"), sha1)
    53. 

  53.         signature_base64 = b64encode(signature.digest()).decode("utf-8")
    54. 

  54. 

  55.         if signature_base64 != token:
    56. 

  56.             return view(*args, **kwargs)
    57. 

  57. 

  58.         kwargs["user"] = db.session.query(EndUser).filter(EndUser.id == user_id).first()
    59. 

  59. 

  60.         return view(*args, **kwargs)
    61. 

  61. 

  62.     return decorated
    63. 

  63. 

  64. 

  65. def plugin_inner_api_only(view):
    66. 

  66.     @wraps(view)
    67. 

  67.     def decorated(*args, **kwargs):
    68. 

  68.         if not dify_config.PLUGIN_DAEMON_KEY:
    69. 

  69.             abort(404)
    70. 

  70. 

  71.         # get header 'X-Inner-Api-Key'
    72. 

  72.         inner_api_key = request.headers.get("X-Inner-Api-Key")
    73. 

  73.         if not inner_api_key or inner_api_key != dify_config.INNER_API_KEY_FOR_PLUGIN:
    74. 

  74.             abort(404)
    75. 

  75. 

  76.         return view(*args, **kwargs)
    77. 

  77. 

  78.     return decorated
    79. 

  79.