chore: import upstream snapshot with attribution

This commit is contained in:
wehub-resource-sync
2026-07-13 13:24:55 +08:00
commit 7baeb17845
15305 changed files with 2077301 additions and 0 deletions
+32
View File
@@ -0,0 +1,32 @@
/*
* Copyright 2025 coze-dev Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package middleware
import (
"context"
"github.com/coze-dev/coze-studio/backend/pkg/ctxcache"
"github.com/cloudwego/hertz/pkg/app"
)
func ContextCacheMW() app.HandlerFunc {
return func(c context.Context, ctx *app.RequestContext) {
c = ctxcache.Init(c)
ctx.Next(c)
}
}
+34
View File
@@ -0,0 +1,34 @@
/*
* Copyright 2025 coze-dev Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package middleware
import (
"context"
"github.com/cloudwego/hertz/pkg/app"
"github.com/coze-dev/coze-studio/backend/pkg/ctxcache"
"github.com/coze-dev/coze-studio/backend/types/consts"
)
func SetHostMW() app.HandlerFunc {
return func(c context.Context, ctx *app.RequestContext) {
ctxcache.Store(c, consts.HostKeyInCtx, string(ctx.Host()))
ctxcache.Store(c, consts.RequestSchemeKeyInCtx, string(ctx.GetRequest().Scheme()))
ctx.Next(c)
}
}
+53
View File
@@ -0,0 +1,53 @@
/*
* Copyright 2025 coze-dev Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package middleware
import (
"context"
"strings"
"github.com/cloudwego/hertz/pkg/app"
"github.com/coze-dev/coze-studio/backend/domain/user/entity"
"github.com/coze-dev/coze-studio/backend/pkg/ctxcache"
"github.com/coze-dev/coze-studio/backend/pkg/i18n"
"github.com/coze-dev/coze-studio/backend/types/consts"
)
func I18nMW() app.HandlerFunc {
return func(c context.Context, ctx *app.RequestContext) {
session, ok := ctxcache.Get[*entity.Session](c, consts.SessionDataKeyInCtx)
if ok {
c = i18n.SetLocale(c, session.Locale)
ctx.Next(c)
return
}
acceptLanguage := string(ctx.Request.Header.Get("Accept-Language"))
locale := "en-US"
if acceptLanguage != "" {
languages := strings.Split(acceptLanguage, ",")
if len(languages) > 0 {
locale = languages[0]
}
}
c = i18n.SetLocale(c, locale)
ctx.Next(c)
}
}
+97
View File
@@ -0,0 +1,97 @@
/*
* Copyright 2025 coze-dev Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package middleware
import (
"context"
"fmt"
"net/http"
"path/filepath"
"strings"
"time"
"unsafe"
"github.com/cloudwego/hertz/pkg/app"
"github.com/google/uuid"
"github.com/coze-dev/coze-studio/backend/pkg/i18n"
"github.com/coze-dev/coze-studio/backend/pkg/logs"
"github.com/coze-dev/coze-studio/backend/types/consts"
)
func AccessLogMW() app.HandlerFunc {
return func(c context.Context, ctx *app.RequestContext) {
start := time.Now()
ctx.Next(c)
status := ctx.Response.StatusCode()
path := bytesToString(ctx.Request.URI().PathOriginal())
latency := time.Since(start)
method := bytesToString(ctx.Request.Header.Method())
clientIP := ctx.ClientIP()
handlerPkgPath := strings.Split(ctx.HandlerName(), "/")
handleName := ""
if len(handlerPkgPath) > 0 {
handleName = handlerPkgPath[len(handlerPkgPath)-1]
}
requestType := ctx.GetInt32(RequestAuthTypeStr)
baseLog := fmt.Sprintf("| %s | %s | %d | %v | %s | %s | %v | %s | %d | %s",
string(ctx.GetRequest().Scheme()), ctx.Host(), status,
latency, clientIP, method, path, handleName, requestType, i18n.GetLocale(c))
switch {
case status >= http.StatusInternalServerError:
logs.CtxErrorf(c, "%s", baseLog)
case status >= http.StatusBadRequest:
logs.CtxWarnf(c, "%s", baseLog)
default:
urlQuery := ctx.Request.URI().QueryString()
reqBody := bytesToString(ctx.Request.Body())
respBody := bytesToString(ctx.Response.Body())
maxPrintLen := 3 * 1024
if len(respBody) > maxPrintLen {
respBody = respBody[:maxPrintLen]
}
if len(reqBody) > maxPrintLen {
reqBody = reqBody[:maxPrintLen]
}
requestAuthType := ctx.GetInt32(RequestAuthTypeStr)
if requestAuthType != int32(RequestAuthTypeStaticFile) && filepath.Ext(path) == "" {
logs.CtxInfof(c, "%s ", baseLog)
logs.CtxDebugf(c, "query : %s \nreq : %s \nresp: %s",
urlQuery, reqBody, respBody)
}
}
}
}
func SetLogIDMW() app.HandlerFunc {
return func(ctx context.Context, c *app.RequestContext) {
logID := uuid.New().String()
ctx = context.WithValue(ctx, consts.CtxLogIDKey, logID)
c.Header("X-Log-ID", logID)
c.Next(ctx)
}
}
func bytesToString(b []byte) string {
return *(*string)(unsafe.Pointer(&b)) // nolint
}
+161
View File
@@ -0,0 +1,161 @@
/*
* Copyright 2025 coze-dev Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package middleware
import (
"context"
"crypto/md5"
"encoding/hex"
"regexp"
"strings"
"github.com/cloudwego/hertz/pkg/app"
"github.com/coze-dev/coze-studio/backend/api/internal/httputil"
"github.com/coze-dev/coze-studio/backend/application/openauth"
"github.com/coze-dev/coze-studio/backend/pkg/ctxcache"
"github.com/coze-dev/coze-studio/backend/pkg/errorx"
"github.com/coze-dev/coze-studio/backend/pkg/lang/conv"
"github.com/coze-dev/coze-studio/backend/pkg/logs"
"github.com/coze-dev/coze-studio/backend/types/consts"
"github.com/coze-dev/coze-studio/backend/types/errno"
)
const HeaderAuthorizationKey = "Authorization"
var needAuthPath = map[string]bool{
"/v3/chat": true,
"/v1/conversations": true,
"/v1/conversation/create": true,
"/v1/conversation/message/list": true,
"/v1/files/upload": true,
"/v1/workflow/run": true,
"/v1/workflow/stream_run": true,
"/v1/workflow/stream_resume": true,
"/v1/workflow/get_run_history": true,
"/v1/bot/get_online_info": true,
"/v1/workflows/chat": true,
"/v1/workflow/conversation/create": true,
"/v3/chat/cancel": true,
"/v1/conversation/retrieve": true,
"/v3/chat/retrieve": true,
"/v3/chat/message/list": true,
"/open_api/knowledge/document/delete": true,
"/open_api/knowledge/document/create": true,
"/open_api/knowledge/document/update": true,
"/open_api/knowledge/document/list": true,
"/v1/datasets": true,
}
var needAuthFunc = map[string]bool{
"^/v1/conversations/[0-9]+/clear$": true, // v1/conversations/:conversation_id/clear
"^/v1/bots/[0-9]+$": true,
"^/v1/conversations/[0-9]+$": true,
"^/v1/workflows/[0-9]+$": true,
"^/v1/apps/[0-9]+$": true,
"^/v1/datasets/[0-9]+$": true, // v1/datasets/:dataset_id
"^/v1/datasets/[0-9]+/images$": true, // v1/datasets/:dataset_id/images
"^/v1/datasets/[0-9]+/process$": true, // v1/datasets/:dataset_id/process
}
func parseBearerAuthToken(authHeader string) string {
if len(authHeader) == 0 {
return ""
}
parts := strings.Split(authHeader, "Bearer")
if len(parts) != 2 {
return ""
}
token := strings.TrimSpace(parts[1])
if len(token) == 0 {
return ""
}
return token
}
func isNeedOpenapiAuth(c *app.RequestContext) bool {
isNeedAuth := false
uriPath := c.URI().Path()
for rule, res := range needAuthFunc {
if regexp.MustCompile(rule).MatchString(string(uriPath)) {
isNeedAuth = res
break
}
}
if needAuthPath[string(c.GetRequest().URI().Path())] {
isNeedAuth = true
}
return isNeedAuth
}
func OpenapiAuthMW() app.HandlerFunc {
return func(ctx context.Context, c *app.RequestContext) {
requestAuthType := c.GetInt32(RequestAuthTypeStr)
if requestAuthType != int32(RequestAuthTypeOpenAPI) {
c.Next(ctx)
return
}
// open api auth
if len(c.Request.Header.Get(HeaderAuthorizationKey)) == 0 {
httputil.InternalError(ctx, c,
errorx.New(errno.ErrUserAuthenticationFailed, errorx.KV("reason", "missing authorization in header")))
return
}
apiKey := parseBearerAuthToken(c.Request.Header.Get(HeaderAuthorizationKey))
if len(apiKey) == 0 {
httputil.InternalError(ctx, c,
errorx.New(errno.ErrUserAuthenticationFailed, errorx.KV("reason", "missing api_key in request")))
return
}
md5Hash := md5.Sum([]byte(apiKey))
md5Key := hex.EncodeToString(md5Hash[:])
apiKeyInfo, err := openauth.OpenAuthApplication.CheckPermission(ctx, md5Key)
if err != nil {
logs.CtxErrorf(ctx, "OpenAuthApplication.CheckPermission failed, err=%v", err)
httputil.InternalError(ctx, c,
errorx.New(errno.ErrUserAuthenticationFailed, errorx.KV("reason", err.Error())))
return
}
if apiKeyInfo == nil {
httputil.InternalError(ctx, c,
errorx.New(errno.ErrUserAuthenticationFailed, errorx.KV("reason", "api key invalid")))
return
}
apiKeyInfo.ConnectorID = consts.APIConnectorID
logs.CtxInfof(ctx, "OpenapiAuthMW: apiKeyInfo=%v", conv.DebugJsonToStr(apiKeyInfo))
ctxcache.Store(ctx, consts.OpenapiAuthKeyInCtx, apiKeyInfo)
err = openauth.OpenAuthApplication.UpdateLastUsedAt(ctx, apiKeyInfo.ID, apiKeyInfo.UserID)
if err != nil {
logs.CtxErrorf(ctx, "OpenAuthApplication.UpdateLastUsedAt failed, err=%v", err)
}
c.Next(ctx)
}
}
@@ -0,0 +1,76 @@
/*
* Copyright 2025 coze-dev Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package middleware
import (
"context"
"strings"
"github.com/cloudwego/hertz/pkg/app"
)
const RequestAuthTypeStr = "RequestAuthTypeStr"
type RequestAuthType = int32
const (
RequestAuthTypeWebAPI RequestAuthType = 0
RequestAuthTypeOpenAPI RequestAuthType = 1
RequestAuthTypeStaticFile RequestAuthType = 2
)
func RequestInspectorMW() app.HandlerFunc {
return func(c context.Context, ctx *app.RequestContext) {
authType := RequestAuthTypeWebAPI // default is web api, session auth
if isNeedOpenapiAuth(ctx) {
authType = RequestAuthTypeOpenAPI
} else if isStaticFile(ctx) {
authType = RequestAuthTypeStaticFile
}
ctx.Set(RequestAuthTypeStr, authType)
ctx.Next(c)
}
}
var staticFilePath = map[string]bool{
"/static": true,
"/": true,
"/sign": true,
"/favicon.png": true,
}
func isStaticFile(ctx *app.RequestContext) bool {
path := string(ctx.GetRequest().URI().Path())
if staticFilePath[path] {
return true
}
if strings.HasPrefix(path, "/static/") ||
strings.HasPrefix(path, "/explore/") ||
strings.HasPrefix(path, "/admin/") ||
strings.HasPrefix(path, "/space/") {
return true
}
if path == "/information/auth/success" {
return true
}
return false
}
+113
View File
@@ -0,0 +1,113 @@
/*
* Copyright 2025 coze-dev Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package middleware
import (
"context"
"os"
"strings"
"github.com/cloudwego/hertz/pkg/app"
"github.com/coze-dev/coze-studio/backend/api/internal/httputil"
"github.com/coze-dev/coze-studio/backend/application/user"
"github.com/coze-dev/coze-studio/backend/bizpkg/config"
"github.com/coze-dev/coze-studio/backend/domain/user/entity"
"github.com/coze-dev/coze-studio/backend/pkg/ctxcache"
"github.com/coze-dev/coze-studio/backend/pkg/errorx"
"github.com/coze-dev/coze-studio/backend/pkg/logs"
"github.com/coze-dev/coze-studio/backend/types/consts"
"github.com/coze-dev/coze-studio/backend/types/errno"
)
var noNeedSessionCheckPath = map[string]bool{
"/api/passport/web/email/login/": true,
"/api/passport/web/email/register/v2/": true,
}
func SessionAuthMW() app.HandlerFunc {
return func(c context.Context, ctx *app.RequestContext) {
requestAuthType := ctx.GetInt32(RequestAuthTypeStr)
if requestAuthType != int32(RequestAuthTypeWebAPI) {
ctx.Next(c)
return
}
if noNeedSessionCheckPath[string(ctx.GetRequest().URI().Path())] {
ctx.Next(c)
return
}
s := ctx.Cookie(entity.SessionKey)
if len(s) == 0 {
logs.Errorf("[SessionAuthMW] session id is nil")
httputil.Unauthorized(ctx, "missing session_key in cookie")
return
}
// sessionID -> sessionData
session, err := user.UserApplicationSVC.ValidateSession(c, string(s))
if err != nil {
logs.Errorf("[SessionAuthMW] validate session failed, err: %v", err)
httputil.InternalError(c, ctx, err)
return
}
if session != nil {
ctxcache.Store(c, consts.SessionDataKeyInCtx, session)
}
ctx.Next(c)
}
}
func AdminAuthMW() app.HandlerFunc {
return func(c context.Context, ctx *app.RequestContext) {
session, ok := ctxcache.Get[*entity.Session](c, consts.SessionDataKeyInCtx)
if !ok {
logs.Errorf("[AdminAuthMW] session data is nil")
httputil.InternalError(c, ctx,
errorx.New(errno.ErrUserAuthenticationFailed, errorx.KV("reason", "session data is nil")))
return
}
baseConf, err := config.Base().GetBaseConfig(c)
if err != nil {
logs.Errorf("[AdminAuthMW] get base config failed, err: %v", err)
httputil.InternalError(c, ctx, err)
return
}
if baseConf.AdminEmails == "" {
baseConf.AdminEmails = os.Getenv(consts.AllowRegistrationEmail)
}
if baseConf.AdminEmails == "" {
logs.CtxWarnf(c, "[AdminAuthMW] admin emails is empty, you can set it by env %s", consts.AllowRegistrationEmail)
}
adminEmails := strings.Split(baseConf.AdminEmails, ",")
for _, adminEmail := range adminEmails {
if strings.EqualFold(adminEmail, session.UserEmail) {
ctx.Next(c)
return
}
}
httputil.Unauthorized(ctx, "the account does not have permission to access")
}
}