farcasclaudiu/Flowise
1
0
Fork 0
mirror of https://github.com/farcasclaudiu/Flowise.git synced 2026-06-29 01:01:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

Feature update public-chatflow access control (#4978)

Browse Source 
* feat: update public-chatflow access control

* chore: deprecate getSinglePublicChatflow method

* chore: remove RequireAuthIfNotpublic
This commit is contained in:
Ong Chung Yau
2025-08-05 01:57:28 +08:00
committed by GitHub
parent e3e4d6a904
commit 78144f37b5
2 changed files with 19 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/server/src/controllers/chatflows/index.ts
+19 -2
View File
@@ -9,6 +9,9 @@ import { getRunningExpressApp } from '../../utils/getRunningExpressApp'
import { checkUsageLimit } from '../../utils/quotaUsage' import { checkUsageLimit } from '../../utils/quotaUsage'
import { RateLimiterManager } from '../../utils/rateLimit' import { RateLimiterManager } from '../../utils/rateLimit'
import { getPageAndLimitParams } from '../../utils/pagination' import { getPageAndLimitParams } from '../../utils/pagination'
import { WorkspaceUserErrorMessage, WorkspaceUserService } from '../../enterprise/services/workspace-user.service'
import { QueryRunner } from 'typeorm'
import { GeneralErrorMessage } from '../../utils/constants'
const checkIfChatflowIsValidForStreaming = async (req: Request, res: Response, next: NextFunction) => { const checkIfChatflowIsValidForStreaming = async (req: Request, res: Response, next: NextFunction) => {
try { try {
@@ -197,6 +200,7 @@ const updateChatflow = async (req: Request, res: Response, next: NextFunction) =
} }
const getSinglePublicChatflow = async (req: Request, res: Response, next: NextFunction) => { const getSinglePublicChatflow = async (req: Request, res: Response, next: NextFunction) => {
let queryRunner: QueryRunner | undefined
try { try {
if (typeof req.params === 'undefined' || !req.params.id) { if (typeof req.params === 'undefined' || !req.params.id) {
throw new InternalFlowiseError( throw new InternalFlowiseError(
@@ -204,10 +208,23 @@ const getSinglePublicChatflow = async (req: Request, res: Response, next: NextFu
`Error: chatflowsController.getSinglePublicChatflow - id not provided!` `Error: chatflowsController.getSinglePublicChatflow - id not provided!`
) )
} }
const apiResponse = await chatflowsService.getSinglePublicChatflow(req.params.id) const chatflow = await chatflowsService.getChatflowById(req.params.id)
return res.json(apiResponse) if (!chatflow) return res.status(StatusCodes.NOT_FOUND).json({ message: 'Chatflow not found' })
if (chatflow.isPublic) return res.status(StatusCodes.OK).json(chatflow)
if (!req.user) return res.status(StatusCodes.UNAUTHORIZED).json({ message: GeneralErrorMessage.UNAUTHORIZED })
queryRunner = getRunningExpressApp().AppDataSource.createQueryRunner()
const workspaceUserService = new WorkspaceUserService()
const workspaceUser = await workspaceUserService.readWorkspaceUserByUserId(req.user.id, queryRunner)
if (workspaceUser.length === 0)
return res.status(StatusCodes.NOT_FOUND).json({ message: WorkspaceUserErrorMessage.WORKSPACE_USER_NOT_FOUND })
const workspaceIds = workspaceUser.map((user) => user.workspaceId)
if (!workspaceIds.includes(chatflow.workspaceId))
return res.status(StatusCodes.BAD_REQUEST).json({ message: 'You are not in the workspace that owns this chatflow' })
return res.status(StatusCodes.OK).json(chatflow)
} catch (error) { } catch (error) {
next(error) next(error)
} finally {
if (queryRunner) await queryRunner.release()
} }
} }
packages/server/src/services/chatflows/index.ts
-26
View File
@@ -339,31 +339,6 @@ const updateChatflow = async (
} }
} }
// Get specific chatflow via id (PUBLIC endpoint, used when sharing chatbot link)
const getSinglePublicChatflow = async (chatflowId: string): Promise<any> => {
try {
const appServer = getRunningExpressApp()
const dbResponse = await appServer.AppDataSource.getRepository(ChatFlow).findOneBy({
id: chatflowId
})
if (dbResponse && dbResponse.isPublic) {
return dbResponse
} else if (dbResponse && !dbResponse.isPublic) {
throw new InternalFlowiseError(StatusCodes.UNAUTHORIZED, `Unauthorized`)
}
throw new InternalFlowiseError(StatusCodes.NOT_FOUND, `Chatflow ${chatflowId} not found`)
} catch (error) {
if (error instanceof InternalFlowiseError && error.statusCode === StatusCodes.UNAUTHORIZED) {
throw error
} else {
throw new InternalFlowiseError(
StatusCodes.INTERNAL_SERVER_ERROR,
`Error: chatflowsService.getSinglePublicChatflow - ${getErrorMessage(error)}`
)
}
}
}
// Get specific chatflow chatbotConfig via id (PUBLIC endpoint, used to retrieve config for embedded chat) // Get specific chatflow chatbotConfig via id (PUBLIC endpoint, used to retrieve config for embedded chat)
// Safe as public endpoint as chatbotConfig doesn't contain sensitive credential // Safe as public endpoint as chatbotConfig doesn't contain sensitive credential
const getSinglePublicChatbotConfig = async (chatflowId: string): Promise<any> => { const getSinglePublicChatbotConfig = async (chatflowId: string): Promise<any> => {
@@ -438,7 +413,6 @@ export default {
getChatflowById, getChatflowById,
saveChatflow, saveChatflow,
updateChatflow, updateChatflow,
getSinglePublicChatflow,
getSinglePublicChatbotConfig, getSinglePublicChatbotConfig,
checkIfChatflowHasChanged, checkIfChatflowHasChanged,
getAllChatflowsCountByOrganization getAllChatflowsCountByOrganization