2026-03-13 16:53:54 +08:00
|
|
|
//
|
|
|
|
|
// Copyright 2026 The InfiniFlow Authors. All Rights Reserved.
|
|
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
package dao
|
|
|
|
|
|
|
|
|
|
import (
|
feat(agent): Go port — canvas engine, 22 components, DSL v2, 13 endpoints (#15952)
Ports the agent canvas subsystem from Python to Go.
## What's included
### Canvas Engine (Phase 0/1)
- State engine, scheduler, variable resolver, Redis checkpoint store,
cancel protocol
- **209 tests** across canvas / component / io packages
### 22 Components (P0–P4)
| Tier | Components |
|---|---|
| P0 T1+T2+T3 | LLM, Agent, ExitLoop, Switch, Categorize, Begin,
Message, Invoke |
| P1 T3 | VariableAggregator, VariableAssigner, StringTransform,
ListOperations, DataOperations |
| P2 T3 | Iteration, IterationItem, Loop, LoopItem |
| P3 T3 | UserFillUp, Fillup |
| P4 T5 | Browser, ExcelProcessor, DocsGenerator |
### DSL v2 Schema (Phase 2.5)
- Typed v2 in-memory model with v1-to-v2 auto-detect converter
- v1 legacy field stripping per plan §2.11.7
### HTTP Endpoints & Bug Fixes (Plans PR1–PR3)
- **DELETE SQL bug fix**: gorm v2 `Where("id = ?", id).Delete(...)`
pattern
- **CreateAgent validation**: title/DSL required, duplicate check, 103
envelope
- **13 new endpoints**: templates, prompts, tags, sessions CRUD,
chat/completions (SSE + non-stream stubs), rerun, test_db_connection,
logs, webhook/logs
- **756 Go unit tests** (745 → 756, +18)
- **17 → 0 Python integration test failures** (test_agents.py +
test_session_management/)
### Tools
21 eino tools: HTTPHelper, search tools, financial/data tools, mandatory
stubs
### Infrastructure
OTel observability, NATS message queue, DeepDoc gRPC client, SSRF
guards, IDOR mitigation
2026-06-12 22:58:28 +08:00
|
|
|
"errors"
|
|
|
|
|
|
2026-03-27 19:25:18 +08:00
|
|
|
"ragflow/internal/entity"
|
2026-03-13 16:53:54 +08:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// APITokenDAO API token data access object
|
|
|
|
|
type APITokenDAO struct{}
|
|
|
|
|
|
|
|
|
|
// NewAPITokenDAO create API token DAO
|
|
|
|
|
func NewAPITokenDAO() *APITokenDAO {
|
|
|
|
|
return &APITokenDAO{}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Create creates a new API token
|
2026-03-27 19:25:18 +08:00
|
|
|
func (dao *APITokenDAO) Create(apiToken *entity.APIToken) error {
|
2026-03-13 16:53:54 +08:00
|
|
|
return DB.Create(apiToken).Error
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetByTenantID gets API tokens by tenant ID
|
2026-03-27 19:25:18 +08:00
|
|
|
func (dao *APITokenDAO) GetByTenantID(tenantID string) ([]*entity.APIToken, error) {
|
|
|
|
|
var tokens []*entity.APIToken
|
2026-03-13 16:53:54 +08:00
|
|
|
err := DB.Where("tenant_id = ?", tenantID).Find(&tokens).Error
|
|
|
|
|
return tokens, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DeleteByTenantID deletes all API tokens by tenant ID (hard delete)
|
|
|
|
|
func (dao *APITokenDAO) DeleteByTenantID(tenantID string) (int64, error) {
|
2026-03-27 19:25:18 +08:00
|
|
|
result := DB.Unscoped().Where("tenant_id = ?", tenantID).Delete(&entity.APIToken{})
|
2026-03-13 16:53:54 +08:00
|
|
|
return result.RowsAffected, result.Error
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-24 20:08:36 +08:00
|
|
|
// GetByToken gets API token by access key
|
2026-03-27 19:25:18 +08:00
|
|
|
func (dao *APITokenDAO) GetUserByAPIToken(token string) (*entity.APIToken, error) {
|
|
|
|
|
var apiToken entity.APIToken
|
2026-03-24 20:08:36 +08:00
|
|
|
err := DB.Where("token = ?", token).First(&apiToken).Error
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return &apiToken, nil
|
2026-06-22 18:17:37 +08:00
|
|
|
}
|
|
|
|
|
|
feat(go): implement chatbots/<dialog_id>/info and searchbots/detail (#15420)
### What problem does this PR solve?
Part of #15240 (rewriting the RAGFlow API server in Go).
Implements the two public bot endpoints from
`api/apps/restful_apis/bot_api.py`:
- **`GET /api/v1/chatbots/<dialog_id>/info`** (`chatbots_inputs`) —
returns `{title, avatar, prologue, has_tavily_key}` for a dialog the
authenticated tenant owns (tenant match + `status == VALID`), otherwise
`"Authentication error: no access to this chatbot!"`.
- **`GET /api/v1/searchbots/detail`** (`detail_share_embedded`) —
returns search-app detail for a `search_id` the tenant can access.
Permission is checked across the tenant's joined tenants; denial returns
`"Has no permission for this operation."` (operating error, `data:
false`) and a missing app returns `"Can't find this Search App!"`.
Both endpoints authenticate with an SDK **beta token** (`Authorization:
Bearer <beta>`) rather than a session — the token is resolved to a
tenant via `APIToken.query(beta=token)`, backed by a new
`APITokenDAO.GetByBeta`. Because they perform their own token-based
auth, the routes are registered on the unauthenticated route group
(mirroring the Python blueprint, which has no `@login_required`).
Both live in a new `internal/handler/bot.go` + `internal/service/bot.go`
since they share the same source module. Handler unit tests cover the
auth, success, and error-mapping paths.
### Type of change
- [x] New Feature (non-breaking change which adds functionality)
---------
Co-authored-by: Claude Code <claude@anthropic.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Ling Qin <qinling0210@163.com>
2026-07-02 00:46:00 -10:00
|
|
|
// GetByBeta gets API tokens by beta key (SDK/bot authorization token).
|
|
|
|
|
// Mirrors Python's APIToken.query(beta=token), which returns a list.
|
|
|
|
|
func (dao *APITokenDAO) GetByBeta(beta string) ([]*entity.APIToken, error) {
|
|
|
|
|
var tokens []*entity.APIToken
|
|
|
|
|
err := DB.Where("beta = ?", beta).Find(&tokens).Error
|
|
|
|
|
return tokens, err
|
2026-03-24 20:08:36 +08:00
|
|
|
}
|
|
|
|
|
|
2026-03-13 16:53:54 +08:00
|
|
|
// DeleteByDialogIDs deletes API tokens by dialog IDs (hard delete)
|
|
|
|
|
func (dao *APITokenDAO) DeleteByDialogIDs(dialogIDs []string) (int64, error) {
|
|
|
|
|
if len(dialogIDs) == 0 {
|
|
|
|
|
return 0, nil
|
|
|
|
|
}
|
2026-03-27 19:25:18 +08:00
|
|
|
result := DB.Unscoped().Where("dialog_id IN ?", dialogIDs).Delete(&entity.APIToken{})
|
2026-03-13 16:53:54 +08:00
|
|
|
return result.RowsAffected, result.Error
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-24 20:08:36 +08:00
|
|
|
// DeleteByTenantIDAndToken deletes a specific API token by tenant ID and token value
|
|
|
|
|
func (dao *APITokenDAO) DeleteByTenantIDAndToken(tenantID, token string) (int64, error) {
|
2026-03-27 19:25:18 +08:00
|
|
|
result := DB.Unscoped().Where("tenant_id = ? AND token = ?", tenantID, token).Delete(&entity.APIToken{})
|
2026-03-24 20:08:36 +08:00
|
|
|
return result.RowsAffected, result.Error
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-13 16:53:54 +08:00
|
|
|
// API4ConversationDAO API for conversation data access object
|
|
|
|
|
type API4ConversationDAO struct{}
|
|
|
|
|
|
|
|
|
|
// NewAPI4ConversationDAO create API4Conversation DAO
|
|
|
|
|
func NewAPI4ConversationDAO() *API4ConversationDAO {
|
|
|
|
|
return &API4ConversationDAO{}
|
|
|
|
|
}
|
|
|
|
|
|
2026-05-29 19:32:21 +08:00
|
|
|
// ConversationStatsRow is one daily aggregate row for api_4_conversation.
|
|
|
|
|
type ConversationStatsRow struct {
|
|
|
|
|
Dt string `gorm:"column:dt"`
|
|
|
|
|
PV int64 `gorm:"column:pv"`
|
|
|
|
|
UV int64 `gorm:"column:uv"`
|
|
|
|
|
Tokens float64 `gorm:"column:tokens"`
|
|
|
|
|
Duration float64 `gorm:"column:duration"`
|
|
|
|
|
Round float64 `gorm:"column:round"`
|
|
|
|
|
ThumbUp int64 `gorm:"column:thumb_up"`
|
|
|
|
|
}
|
|
|
|
|
|
feat(agent): Go port — canvas engine, 22 components, DSL v2, 13 endpoints (#15952)
Ports the agent canvas subsystem from Python to Go.
## What's included
### Canvas Engine (Phase 0/1)
- State engine, scheduler, variable resolver, Redis checkpoint store,
cancel protocol
- **209 tests** across canvas / component / io packages
### 22 Components (P0–P4)
| Tier | Components |
|---|---|
| P0 T1+T2+T3 | LLM, Agent, ExitLoop, Switch, Categorize, Begin,
Message, Invoke |
| P1 T3 | VariableAggregator, VariableAssigner, StringTransform,
ListOperations, DataOperations |
| P2 T3 | Iteration, IterationItem, Loop, LoopItem |
| P3 T3 | UserFillUp, Fillup |
| P4 T5 | Browser, ExcelProcessor, DocsGenerator |
### DSL v2 Schema (Phase 2.5)
- Typed v2 in-memory model with v1-to-v2 auto-detect converter
- v1 legacy field stripping per plan §2.11.7
### HTTP Endpoints & Bug Fixes (Plans PR1–PR3)
- **DELETE SQL bug fix**: gorm v2 `Where("id = ?", id).Delete(...)`
pattern
- **CreateAgent validation**: title/DSL required, duplicate check, 103
envelope
- **13 new endpoints**: templates, prompts, tags, sessions CRUD,
chat/completions (SSE + non-stream stubs), rerun, test_db_connection,
logs, webhook/logs
- **756 Go unit tests** (745 → 756, +18)
- **17 → 0 Python integration test failures** (test_agents.py +
test_session_management/)
### Tools
21 eino tools: HTTPHelper, search tools, financial/data tools, mandatory
stubs
### Infrastructure
OTel observability, NATS message queue, DeepDoc gRPC client, SSRF
guards, IDOR mitigation
2026-06-12 22:58:28 +08:00
|
|
|
// Create inserts a new api_4_conversation row. The caller is responsible
|
|
|
|
|
// for setting ID, DialogID, UserID and the BaseModel time fields; the
|
|
|
|
|
// DAO does not assign defaults because session creation paths in the
|
|
|
|
|
// Python agent API generate a uuid + tenant timestamp and rely on the
|
|
|
|
|
// round-trip shape being byte-identical.
|
|
|
|
|
func (dao *API4ConversationDAO) Create(conv *entity.API4Conversation) error {
|
|
|
|
|
if conv == nil {
|
|
|
|
|
return errors.New("api4 conversation: nil row")
|
|
|
|
|
}
|
|
|
|
|
return DB.Create(conv).Error
|
|
|
|
|
}
|
|
|
|
|
|
feat[Go]: port agent attachment download, chatbot + agentbot completion/info endpoints from Python (#16405)
## Summary
Ports five Python agent APIs to Go under the v1 Gin router:
- `GET /api/v1/agents/attachments/<attachment_id>/download`
- `POST /api/v1/chatbots/<dialog_id>/completions` (SSE)
- `GET /api/v1/chatbots/<dialog_id>/info`
- `POST /api/v1/agentbots/<agent_id>/completions` (SSE)
- `GET /api/v1/agentbots/<agent_id>/inputs`
Mirrors the existing Python wire shape (`{code, message,
data:{answer,reference,...}}` per Python `canvas_service.completion`) so
the iframe SDK and existing JS widgets keep working.
## Behavioural parity with Python
| # | Concern | How it's met |
|---|---------|--------------|
| R0 | Bot routes must not require regular user session | Routes mount
on `apiNoAuth` (router.go:198-202), with `BetaAuthMiddleware` only |
| R3 | Two SSE formats in Go drift | F2: `AgentChatCompletions` and
`AgentbotCompletion` share `service.WriteChatbotRunEvent` |
| R7 | `GetBySessionID` returns `(nil, nil)` on miss | Defensive
nil-check before `session.UserID != tenantID` |
| R8 | Begin component name vs ID | `FindBeginComponentID` resolves name
→ ID first, then `ExtractComponentInputForm(dsl, beginID)` |
| R9 | Defensive PromptConfig parsing | `stringFromMap` helper used for
`prologue` and `tavily_api_key` |
| R10 | `BetaAuthMiddleware` Bearer-prefix pre-filter | Removed —
`GetUserByToken` is called unconditionally, falls back to
`GetUserByBetaAPIToken` |
| F8 | Multi-turn chatbot history | `ChatbotCompletion` reads prior
turns from `session.Message`, appends user turn, calls LLM, persists new
pair via new `API4ConversationDAO.Update` |
| F9 | UUID gate stricter than plan | Removed — only `filepath.Base` +
CR/LF/quote header sanitization remains |
| H2 | Defence-in-depth IDOR | `AgentbotCompletion` calls `loadCanvas`
before delegating to `RunAgent` |
| M2 | SSE error leakage | `WriteChatbotFrame` emits generic `"an
internal error occurred"`; real error logged via `common.Error` |
## Verification
```bash
$ go vet ./... # clean (only pre-existing issues)
$ go build ./... # success
$ go test ./internal/handler/ ./internal/service/ ./internal/agent/dsl/ ./internal/common/ ./internal/dao/
ok ragflow/internal/handler 0.617s
ok ragflow/internal/service 1.729s
ok ragflow/internal/agent/dsl 0.008s
ok ragflow/internal/common 0.087s
ok ragflow/internal/dao 0.083s
```
1199 tests pass across 5 packages.
## Known follow-ups (out of scope for this PR)
- **F1**: token-level streaming in `ChatbotCompletion` (currently emits
one frame per turn)
- **F3**: per-route `auth_types` attribute in Go (currently applied via
route group middleware)
---------
Co-authored-by: Claude <noreply@anthropic.com>
2026-06-27 16:52:21 +08:00
|
|
|
// Update writes back an existing api_4_conversation row. The bot
|
|
|
|
|
// completion path calls this with the updated Message JSON after each
|
|
|
|
|
// turn so multi-turn chatbot sessions carry prior history into the next
|
|
|
|
|
// LLM call. Matches the Python conversation_service.update pattern at
|
|
|
|
|
// api/db/services/conversation_service.py:236 (async_iframe_completion).
|
|
|
|
|
func (dao *API4ConversationDAO) Update(conv *entity.API4Conversation) error {
|
|
|
|
|
if conv == nil {
|
|
|
|
|
return errors.New("api4 conversation: nil row")
|
|
|
|
|
}
|
|
|
|
|
if conv.ID == "" {
|
|
|
|
|
return errors.New("api4 conversation: empty id")
|
|
|
|
|
}
|
|
|
|
|
return DB.Save(conv).Error
|
|
|
|
|
}
|
|
|
|
|
|
2026-05-29 19:32:21 +08:00
|
|
|
// Stats returns daily conversation aggregates for a tenant.
|
|
|
|
|
func (dao *API4ConversationDAO) Stats(tenantID, fromDate, toDate string, source *string) ([]ConversationStatsRow, error) {
|
|
|
|
|
var rows []ConversationStatsRow
|
|
|
|
|
dateExpr := "DATE_FORMAT(a.create_date, '%Y-%m-%d 00:00:00')"
|
|
|
|
|
db := DB.Table("api_4_conversation AS a").
|
|
|
|
|
Select(`
|
|
|
|
|
DATE_FORMAT(a.create_date, '%Y-%m-%d 00:00:00') AS dt,
|
|
|
|
|
COUNT(a.id) AS pv,
|
|
|
|
|
COUNT(DISTINCT a.user_id) AS uv,
|
|
|
|
|
COALESCE(SUM(a.tokens), 0) AS tokens,
|
|
|
|
|
COALESCE(SUM(a.duration), 0) AS duration,
|
|
|
|
|
COALESCE(AVG(a.round), 0) AS round,
|
|
|
|
|
COALESCE(SUM(a.thumb_up), 0) AS thumb_up
|
|
|
|
|
`).
|
|
|
|
|
Joins("JOIN dialog AS d ON a.dialog_id = d.id AND d.tenant_id = ?", tenantID).
|
|
|
|
|
Where("a.create_date >= ? AND a.create_date <= ?", fromDate, toDate)
|
|
|
|
|
|
|
|
|
|
if source == nil {
|
|
|
|
|
db = db.Where("a.source IS NULL")
|
|
|
|
|
} else {
|
|
|
|
|
db = db.Where("a.source = ?", *source)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err := db.Group(dateExpr).
|
|
|
|
|
Order(dateExpr).
|
|
|
|
|
Scan(&rows).Error
|
|
|
|
|
return rows, err
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-08 16:26:27 +08:00
|
|
|
func (dao *API4ConversationDAO) GetBySessionID(sessionID, agentID string) (*entity.API4Conversation, error) {
|
|
|
|
|
var result entity.API4Conversation
|
|
|
|
|
tx := DB.Where("id = ? AND dialog_id = ?", sessionID, agentID).Find(&result)
|
|
|
|
|
if tx.Error != nil {
|
|
|
|
|
return nil, tx.Error
|
|
|
|
|
}
|
|
|
|
|
if tx.RowsAffected == 0 {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
return &result, nil
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-10 09:54:07 +08:00
|
|
|
// ListIDsByAgentID lists conversation IDs for one agent.
|
|
|
|
|
func (dao *API4ConversationDAO) ListIDsByAgentID(agentID string) ([]string, error) {
|
|
|
|
|
var ids []string
|
|
|
|
|
err := DB.Model(&entity.API4Conversation{}).Where("dialog_id = ?", agentID).Pluck("id", &ids).Error
|
|
|
|
|
return ids, err
|
|
|
|
|
}
|
|
|
|
|
|
2026-06-08 16:26:27 +08:00
|
|
|
// DeleteBySessionIDAndAgentID deletes API4Conversations by sessionID and agentID
|
|
|
|
|
func (dao *API4ConversationDAO) DeleteBySessionIDAndAgentID(sessionID, agentID string) (int64, error) {
|
|
|
|
|
result := DB.Where("id = ? AND dialog_id = ?", sessionID, agentID).Delete(&entity.API4Conversation{})
|
|
|
|
|
return result.RowsAffected, result.Error
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-13 16:53:54 +08:00
|
|
|
// DeleteByDialogIDs deletes API4Conversations by dialog IDs (hard delete)
|
|
|
|
|
func (dao *API4ConversationDAO) DeleteByDialogIDs(dialogIDs []string) (int64, error) {
|
|
|
|
|
if len(dialogIDs) == 0 {
|
|
|
|
|
return 0, nil
|
|
|
|
|
}
|
2026-03-27 19:25:18 +08:00
|
|
|
result := DB.Unscoped().Where("dialog_id IN ?", dialogIDs).Delete(&entity.API4Conversation{})
|
2026-03-13 16:53:54 +08:00
|
|
|
return result.RowsAffected, result.Error
|
|
|
|
|
}
|