dify

2025-12-01 17:21:38 +08:00
parent 32fee2b8ab
commit fab8c13cb3
7511 changed files with 996300 additions and 0 deletions
--- a/dify/api/controllers/files/init.py
+++ b/dify/api/controllers/files/init.py
@@ -0,0 +1,28 @@
+from flask import Blueprint
+from flask_restx import Namespace
+
+from libs.external_api import ExternalApi
+
+bp = Blueprint("files", __name__, url_prefix="/files")
+
+api = ExternalApi(
+    bp,
+    version="1.0",
+    title="Files API",
+    description="API for file operations including upload and preview",
+)
+
+files_ns = Namespace("files", description="File operations", path="/")
+
+from . import image_preview, tool_files, upload
+
+api.add_namespace(files_ns)
+
+__all__ = [
+    "api",
+    "bp",
+    "files_ns",
+    "image_preview",
+    "tool_files",
+    "upload",
+]
--- a/dify/api/controllers/files/image_preview.py
+++ b/dify/api/controllers/files/image_preview.py
@@ -0,0 +1,168 @@
+from urllib.parse import quote
+
+from flask import Response, request
+from flask_restx import Resource, reqparse
+from werkzeug.exceptions import NotFound
+
+import services
+from controllers.common.errors import UnsupportedFileTypeError
+from controllers.files import files_ns
+from extensions.ext_database import db
+from services.account_service import TenantService
+from services.file_service import FileService
+
+
+@files_ns.route("/<uuid:file_id>/image-preview")
+class ImagePreviewApi(Resource):
+    """Deprecated endpoint for retrieving image previews."""
+
+    @files_ns.doc("get_image_preview")
+    @files_ns.doc(description="Retrieve a signed image preview for a file")
+    @files_ns.doc(
+        params={
+            "file_id": "ID of the file to preview",
+            "timestamp": "Unix timestamp used in the signature",
+            "nonce": "Random string used in the signature",
+            "sign": "HMAC signature verifying the request",
+        }
+    )
+    @files_ns.doc(
+        responses={
+            200: "Image preview returned successfully",
+            400: "Missing or invalid signature parameters",
+            415: "Unsupported file type",
+        }
+    )
+    def get(self, file_id):
+        file_id = str(file_id)
+
+        timestamp = request.args.get("timestamp")
+        nonce = request.args.get("nonce")
+        sign = request.args.get("sign")
+
+        if not timestamp or not nonce or not sign:
+            return {"content": "Invalid request."}, 400
+
+        try:
+            generator, mimetype = FileService(db.engine).get_image_preview(
+                file_id=file_id,
+                timestamp=timestamp,
+                nonce=nonce,
+                sign=sign,
+            )
+        except services.errors.file.UnsupportedFileTypeError:
+            raise UnsupportedFileTypeError()
+
+        return Response(generator, mimetype=mimetype)
+
+
+@files_ns.route("/<uuid:file_id>/file-preview")
+class FilePreviewApi(Resource):
+    @files_ns.doc("get_file_preview")
+    @files_ns.doc(description="Download a file preview or attachment using signed parameters")
+    @files_ns.doc(
+        params={
+            "file_id": "ID of the file to preview",
+            "timestamp": "Unix timestamp used in the signature",
+            "nonce": "Random string used in the signature",
+            "sign": "HMAC signature verifying the request",
+            "as_attachment": "Whether to download the file as an attachment",
+        }
+    )
+    @files_ns.doc(
+        responses={
+            200: "File stream returned successfully",
+            400: "Missing or invalid signature parameters",
+            404: "File not found",
+            415: "Unsupported file type",
+        }
+    )
+    def get(self, file_id):
+        file_id = str(file_id)
+
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("timestamp", type=str, required=True, location="args")
+            .add_argument("nonce", type=str, required=True, location="args")
+            .add_argument("sign", type=str, required=True, location="args")
+            .add_argument("as_attachment", type=bool, required=False, default=False, location="args")
+        )
+
+        args = parser.parse_args()
+
+        if not args["timestamp"] or not args["nonce"] or not args["sign"]:
+            return {"content": "Invalid request."}, 400
+
+        try:
+            generator, upload_file = FileService(db.engine).get_file_generator_by_file_id(
+                file_id=file_id,
+                timestamp=args["timestamp"],
+                nonce=args["nonce"],
+                sign=args["sign"],
+            )
+        except services.errors.file.UnsupportedFileTypeError:
+            raise UnsupportedFileTypeError()
+
+        response = Response(
+            generator,
+            mimetype=upload_file.mime_type,
+            direct_passthrough=True,
+            headers={},
+        )
+        # add Accept-Ranges header for audio/video files
+        if upload_file.mime_type in [
+            "audio/mpeg",
+            "audio/wav",
+            "audio/mp4",
+            "audio/ogg",
+            "audio/flac",
+            "audio/aac",
+            "video/mp4",
+            "video/webm",
+            "video/quicktime",
+            "audio/x-m4a",
+        ]:
+            response.headers["Accept-Ranges"] = "bytes"
+        if upload_file.size > 0:
+            response.headers["Content-Length"] = str(upload_file.size)
+        if args["as_attachment"]:
+            encoded_filename = quote(upload_file.name)
+            response.headers["Content-Disposition"] = f"attachment; filename*=UTF-8''{encoded_filename}"
+            response.headers["Content-Type"] = "application/octet-stream"
+
+        return response
+
+
+@files_ns.route("/workspaces/<uuid:workspace_id>/webapp-logo")
+class WorkspaceWebappLogoApi(Resource):
+    @files_ns.doc("get_workspace_webapp_logo")
+    @files_ns.doc(description="Fetch the custom webapp logo for a workspace")
+    @files_ns.doc(
+        params={
+            "workspace_id": "Workspace identifier",
+        }
+    )
+    @files_ns.doc(
+        responses={
+            200: "Logo returned successfully",
+            404: "Webapp logo not configured",
+            415: "Unsupported file type",
+        }
+    )
+    def get(self, workspace_id):
+        workspace_id = str(workspace_id)
+
+        custom_config = TenantService.get_custom_config(workspace_id)
+        webapp_logo_file_id = custom_config.get("replace_webapp_logo") if custom_config is not None else None
+
+        if not webapp_logo_file_id:
+            raise NotFound("webapp logo is not found")
+
+        try:
+            generator, mimetype = FileService(db.engine).get_public_image_preview(
+                webapp_logo_file_id,
+            )
+        except services.errors.file.UnsupportedFileTypeError:
+            raise UnsupportedFileTypeError()
+
+        return Response(generator, mimetype=mimetype)
--- a/dify/api/controllers/files/tool_files.py
+++ b/dify/api/controllers/files/tool_files.py
@@ -0,0 +1,76 @@
+from urllib.parse import quote
+
+from flask import Response
+from flask_restx import Resource, reqparse
+from werkzeug.exceptions import Forbidden, NotFound
+
+from controllers.common.errors import UnsupportedFileTypeError
+from controllers.files import files_ns
+from core.tools.signature import verify_tool_file_signature
+from core.tools.tool_file_manager import ToolFileManager
+from extensions.ext_database import db as global_db
+
+
+@files_ns.route("/tools/<uuid:file_id>.<string:extension>")
+class ToolFileApi(Resource):
+    @files_ns.doc("get_tool_file")
+    @files_ns.doc(description="Download a tool file by ID using signed parameters")
+    @files_ns.doc(
+        params={
+            "file_id": "Tool file identifier",
+            "extension": "Expected file extension",
+            "timestamp": "Unix timestamp used in the signature",
+            "nonce": "Random string used in the signature",
+            "sign": "HMAC signature verifying the request",
+            "as_attachment": "Whether to download the file as an attachment",
+        }
+    )
+    @files_ns.doc(
+        responses={
+            200: "Tool file stream returned successfully",
+            403: "Forbidden - invalid signature",
+            404: "File not found",
+            415: "Unsupported file type",
+        }
+    )
+    def get(self, file_id, extension):
+        file_id = str(file_id)
+
+        parser = (
+            reqparse.RequestParser()
+            .add_argument("timestamp", type=str, required=True, location="args")
+            .add_argument("nonce", type=str, required=True, location="args")
+            .add_argument("sign", type=str, required=True, location="args")
+            .add_argument("as_attachment", type=bool, required=False, default=False, location="args")
+        )
+
+        args = parser.parse_args()
+        if not verify_tool_file_signature(
+            file_id=file_id, timestamp=args["timestamp"], nonce=args["nonce"], sign=args["sign"]
+        ):
+            raise Forbidden("Invalid request.")
+
+        try:
+            tool_file_manager = ToolFileManager(engine=global_db.engine)
+            stream, tool_file = tool_file_manager.get_file_generator_by_tool_file_id(
+                file_id,
+            )
+
+            if not stream or not tool_file:
+                raise NotFound("file is not found")
+        except Exception:
+            raise UnsupportedFileTypeError()
+
+        response = Response(
+            stream,
+            mimetype=tool_file.mimetype,
+            direct_passthrough=True,
+            headers={},
+        )
+        if tool_file.size > 0:
+            response.headers["Content-Length"] = str(tool_file.size)
+        if args["as_attachment"]:
+            encoded_filename = quote(tool_file.name)
+            response.headers["Content-Disposition"] = f"attachment; filename*=UTF-8''{encoded_filename}"
+
+        return response
--- a/dify/api/controllers/files/upload.py
+++ b/dify/api/controllers/files/upload.py
@@ -0,0 +1,126 @@
+from mimetypes import guess_extension
+
+from flask_restx import Resource, reqparse
+from flask_restx.api import HTTPStatus
+from werkzeug.datastructures import FileStorage
+from werkzeug.exceptions import Forbidden
+
+import services
+from controllers.common.errors import (
+    FileTooLargeError,
+    UnsupportedFileTypeError,
+)
+from controllers.console.wraps import setup_required
+from controllers.files import files_ns
+from controllers.inner_api.plugin.wraps import get_user
+from core.file.helpers import verify_plugin_file_signature
+from core.tools.tool_file_manager import ToolFileManager
+from fields.file_fields import build_file_model
+
+# Define parser for both documentation and validation
+upload_parser = (
+    reqparse.RequestParser()
+    .add_argument("file", location="files", type=FileStorage, required=True, help="File to upload")
+    .add_argument(
+        "timestamp", type=str, required=True, location="args", help="Unix timestamp for signature verification"
+    )
+    .add_argument("nonce", type=str, required=True, location="args", help="Random string for signature verification")
+    .add_argument("sign", type=str, required=True, location="args", help="HMAC signature for request validation")
+    .add_argument("tenant_id", type=str, required=True, location="args", help="Tenant identifier")
+    .add_argument("user_id", type=str, required=False, location="args", help="User identifier")
+)
+
+
+@files_ns.route("/upload/for-plugin")
+class PluginUploadFileApi(Resource):
+    @setup_required
+    @files_ns.expect(upload_parser)
+    @files_ns.doc("upload_plugin_file")
+    @files_ns.doc(description="Upload a file for plugin usage with signature verification")
+    @files_ns.doc(
+        responses={
+            201: "File uploaded successfully",
+            400: "Invalid request parameters",
+            403: "Forbidden - Invalid signature or missing parameters",
+            413: "File too large",
+            415: "Unsupported file type",
+        }
+    )
+    @files_ns.marshal_with(build_file_model(files_ns), code=HTTPStatus.CREATED)
+    def post(self):
+        """Upload a file for plugin usage.
+
+        Accepts a file upload with signature verification for security.
+        The file must be accompanied by valid timestamp, nonce, and signature parameters.
+
+        Returns:
+            dict: File metadata including ID, URLs, and properties
+            int: HTTP status code (201 for success)
+
+        Raises:
+            Forbidden: Invalid signature or missing required parameters
+            FileTooLargeError: File exceeds size limit
+            UnsupportedFileTypeError: File type not supported
+        """
+        # Parse and validate all arguments
+        args = upload_parser.parse_args()
+
+        file: FileStorage = args["file"]
+        timestamp: str = args["timestamp"]
+        nonce: str = args["nonce"]
+        sign: str = args["sign"]
+        tenant_id: str = args["tenant_id"]
+        user_id: str | None = args.get("user_id")
+        user = get_user(tenant_id, user_id)
+
+        filename: str | None = file.filename
+        mimetype: str | None = file.mimetype
+
+        if not filename or not mimetype:
+            raise Forbidden("Invalid request.")
+
+        if not verify_plugin_file_signature(
+            filename=filename,
+            mimetype=mimetype,
+            tenant_id=tenant_id,
+            user_id=user.id,
+            timestamp=timestamp,
+            nonce=nonce,
+            sign=sign,
+        ):
+            raise Forbidden("Invalid request.")
+
+        try:
+            tool_file = ToolFileManager().create_file_by_raw(
+                user_id=user.id,
+                tenant_id=tenant_id,
+                file_binary=file.read(),
+                mimetype=mimetype,
+                filename=filename,
+                conversation_id=None,
+            )
+
+            extension = guess_extension(tool_file.mimetype) or ".bin"
+            preview_url = ToolFileManager.sign_file(tool_file_id=tool_file.id, extension=extension)
+
+            # Create a dictionary with all the necessary attributes
+            result = {
+                "id": tool_file.id,
+                "user_id": tool_file.user_id,
+                "tenant_id": tool_file.tenant_id,
+                "conversation_id": tool_file.conversation_id,
+                "file_key": tool_file.file_key,
+                "mimetype": tool_file.mimetype,
+                "original_url": tool_file.original_url,
+                "name": tool_file.name,
+                "size": tool_file.size,
+                "mime_type": mimetype,
+                "extension": extension,
+                "preview_url": preview_url,
+            }
+
+            return result, 201
+        except services.errors.file.FileTooLargeError as file_too_large_error:
+            raise FileTooLargeError(file_too_large_error.description)
+        except services.errors.file.UnsupportedFileTypeError:
+            raise UnsupportedFileTypeError()