首页 发现 帮助
登录
biheng
/
dify
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 741c548f3c
分支列表 标签列表
dify
/
api
/
controllers
/
web
/
passport.py

passport.py 2.4 KB
文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. import uuid
    2. 

  2. 

  3. from flask import request
    4. 

  4. from flask_restful import Resource
    5. 

  5. from werkzeug.exceptions import NotFound, Unauthorized
    6. 

  6. 

  7. from controllers.web import api
    8. 

  8. from controllers.web.error import WebSSOAuthRequiredError
    9. 

  9. from extensions.ext_database import db
    10. 

  10. from libs.passport import PassportService
    11. 

  11. from models.model import App, EndUser, Site
    12. 

  12. from services.enterprise.enterprise_service import EnterpriseService
    13. 

  13. from services.feature_service import FeatureService
    14. 

  14. 

  15. 

  16. class PassportResource(Resource):
    17. 

  17.     """Base resource for passport."""
    18. 

  18.     def get(self):
    19. 

  19.         system_features = FeatureService.get_system_features()
    20. 

  20.         app_code = request.headers.get('X-App-Code')
    21. 

  21.         if app_code is None:
    22. 

  22.             raise Unauthorized('X-App-Code header is missing.')
    23. 

  23. 

  24.         if system_features.sso_enforced_for_web:
    25. 

  25.             app_web_sso_enabled = EnterpriseService.get_app_web_sso_enabled(app_code).get('enabled', False)
    26. 

  26.             if app_web_sso_enabled:
    27. 

  27.                 raise WebSSOAuthRequiredError()
    28. 

  28.         
    29. 

  29.         # get site from db and check if it is normal
    30. 

  30.         site = db.session.query(Site).filter(
    31. 

  31.             Site.code == app_code,
    32. 

  32.             Site.status == 'normal'
    33. 

  33.         ).first()
    34. 

  34.         if not site:
    35. 

  35.             raise NotFound()
    36. 

  36.         # get app from db and check if it is normal and enable_site
    37. 

  37.         app_model = db.session.query(App).filter(App.id == site.app_id).first()
    38. 

  38.         if not app_model or app_model.status != 'normal' or not app_model.enable_site:
    39. 

  39.             raise NotFound()
    40. 

  40. 

  41.         end_user = EndUser(
    42. 

  42.             tenant_id=app_model.tenant_id,
    43. 

  43.             app_id=app_model.id,
    44. 

  44.             type='browser',
    45. 

  45.             is_anonymous=True,
    46. 

  46.             session_id=generate_session_id(),
    47. 

  47.         )
    48. 

  48. 

  49.         db.session.add(end_user)
    50. 

  50.         db.session.commit()
    51. 

  51. 

  52.         payload = {
    53. 

  53.             "iss": site.app_id,
    54. 

  54.             'sub': 'Web API Passport',
    55. 

  55.             'app_id': site.app_id,
    56. 

  56.             'app_code': app_code,
    57. 

  57.             'end_user_id': end_user.id,
    58. 

  58.         }
    59. 

  59. 

  60.         tk = PassportService().issue(payload)
    61. 

  61. 

  62.         return {
    63. 

  63.             'access_token': tk,
    64. 

  64.         }
    65. 

  65. 

  66. 

  67. api.add_resource(PassportResource, '/passport')
    68. 

  68. 

  69. 

  70. def generate_session_id():
    71. 

  71.     """
    72. 

  72.     Generate a unique session ID.
    73. 

  73.     """
    74. 

  74.     while True:
    75. 

  75.         session_id = str(uuid.uuid4())
    76. 

  76.         existing_count = db.session.query(EndUser) \
    77. 

  77.             .filter(EndUser.session_id == session_id).count()
    78. 

  78.         if existing_count == 0:
    79. 

  79.             return session_id
    80.