From 2b6c50734fa658d06a3acf75e1e7d39c9b1482d9 Mon Sep 17 00:00:00 2001
From: Jin Hai <haijin.chn@gmail.com>
Date: Tue, 14 Apr 2026 15:03:46 +0800
Subject: [PATCH] Sync code from EE (#14080)

### What problem does this PR solve?

As title.

### Type of change

- [x] Refactoring

---------

Signed-off-by: Jin Hai <haijin.chn@gmail.com>
---
 admin/server/auth.py                         | 29 +++++++++++++++-----
 admin/server/config.py                       | 21 ++++++++++++++
 agent/component/llm.py                       |  3 +-
 agent/component/message.py                   |  7 +++--
 agent/sandbox/executor_manager/api/routes.py |  1 +
 api/apps/kb_app.py                           |  4 +--
 6 files changed, 53 insertions(+), 12 deletions(-)

diff --git a/admin/server/auth.py b/admin/server/auth.py
index 9fb4f70ca6..bd3c0c058a 100644
--- a/admin/server/auth.py
+++ b/admin/server/auth.py
@@ -22,7 +22,6 @@ from datetime import datetime
 
 from flask import jsonify, request
 from flask_login import current_user, login_user
-from itsdangerous.url_safe import URLSafeTimedSerializer as Serializer
 
 from api.common.exceptions import AdminException, UserNotFoundError
 from api.common.base64 import encode_to_base64
@@ -40,18 +39,34 @@ from common import settings
 def setup_auth(login_manager):
     @login_manager.request_loader
     def load_user(web_request):
-        jwt = Serializer(secret_key=settings.SECRET_KEY)
+        # Authorization header contains JWT-encoded access token
+        # First decode JWT to get the UUID, then query database
+        from itsdangerous.url_safe import URLSafeTimedSerializer as Serializer
+        from common import settings
+
         authorization = web_request.headers.get("Authorization")
         if authorization:
             try:
-                access_token = str(jwt.loads(authorization))
+                # Strip "Bearer " prefix if present
+                jwt_token = authorization
+                if jwt_token.startswith("Bearer "):
+                    jwt_token = jwt_token[7:]
 
-                if not access_token or not access_token.strip():
-                    logging.warning("Authentication attempt with empty access token")
+                jwt_token = jwt_token.strip()
+                if not jwt_token:
+                    logging.warning("Authentication attempt with empty JWT token")
                     return None
 
-                # Access tokens should be UUIDs (32 hex characters)
-                if len(access_token.strip()) < 32:
+                # Decode JWT to get the UUID access_token
+                jwt = Serializer(secret_key=settings.SECRET_KEY)
+                access_token = str(jwt.loads(jwt_token))
+
+                if not access_token or not access_token.strip():
+                    logging.warning("Authentication attempt with empty access token after JWT decode")
+                    return None
+
+                # Access tokens stored in database are UUIDs (32 hex characters)
+                if len(access_token) < 32:
                     logging.warning(f"Authentication attempt with invalid token format: {len(access_token)} chars")
                     return None
 
diff --git a/admin/server/config.py b/admin/server/config.py
index 43f079d4f2..61432ff29f 100644
--- a/admin/server/config.py
+++ b/admin/server/config.py
@@ -264,6 +264,19 @@ def load_configurations(config_path: str) -> list[BaseConfig]:
                                         db_name=database, detail_func_name="get_infinity_status")
                 configurations.append(config)
                 id_count += 1
+            case "minio_0":
+                name: str = 'minio_0'
+                url = v['host']
+                parts = url.split(':', 1)
+                host = parts[0]
+                port = int(parts[1])
+                user = v.get('user')
+                password = v.get('password')
+                config = MinioConfig(id=id_count, name=name, host=host, port=port, user=user, password=password,
+                                     service_type="file_store",
+                                     store_type="minio", detail_func_name="check_minio_alive")
+                configurations.append(config)
+                id_count += 1
             case "minio":
                 name: str = 'minio'
                 url = v['host']
@@ -310,6 +323,14 @@ def load_configurations(config_path: str) -> list[BaseConfig]:
                                             service_type="task_executor", detail_func_name="check_task_executor_alive")
                 configurations.append(config)
                 id_count += 1
+            case "rabbitmq":
+                name: str = 'rabbitmq'
+                host: str = v.get('host')
+                port: int = v.get('port')
+                config = RabbitMQConfig(id=id_count, name=name, host=host, port=port,
+                                        service_type="message_queue", mq_type="rabbitmq", detail_func_name="check_rabbitmq_alive")
+                configurations.append(config)
+                id_count += 1
             case _:
                 logging.warning(f"Unknown configuration key: {k}")
                 continue
diff --git a/agent/component/llm.py b/agent/component/llm.py
index 24254ce20c..b4e66690a3 100644
--- a/agent/component/llm.py
+++ b/agent/component/llm.py
@@ -227,7 +227,8 @@ class LLM(ComponentBase):
     def _prepare_prompt_variables(self):
         self.imgs = []
         if self._param.visual_files_var:
-            self.imgs.extend(self._extract_data_images(self._canvas.get_variable_value(self._param.visual_files_var)))
+            visual_val = self._canvas.get_variable_value(self._param.visual_files_var)
+            self.imgs.extend(self._extract_data_images(visual_val))
 
         args = {}
         vars = self.get_input_elements() if not self._param.debug_inputs else self._param.debug_inputs
diff --git a/agent/component/message.py b/agent/component/message.py
index c589a55373..cc26ca52ba 100644
--- a/agent/component/message.py
+++ b/agent/component/message.py
@@ -14,8 +14,11 @@
 #  limitations under the License.
 #
 import asyncio
-import nest_asyncio
-nest_asyncio.apply()
+try:
+    import nest_asyncio
+    nest_asyncio.apply()
+except Exception:
+    pass
 import inspect
 import json
 import os
diff --git a/agent/sandbox/executor_manager/api/routes.py b/agent/sandbox/executor_manager/api/routes.py
index 3a338a6a47..86a034d6f3 100644
--- a/agent/sandbox/executor_manager/api/routes.py
+++ b/agent/sandbox/executor_manager/api/routes.py
@@ -19,6 +19,7 @@ from api.handlers import healthz_handler, run_code_handler
 
 router = APIRouter()
 
+router.get("/")(healthz_handler)
 router.get("/healthz")(healthz_handler)
 router.post("/run")(run_code_handler)
 
diff --git a/api/apps/kb_app.py b/api/apps/kb_app.py
index f817de6330..d3e70663f4 100644
--- a/api/apps/kb_app.py
+++ b/api/apps/kb_app.py
@@ -525,8 +525,8 @@ async def list_pipeline_logs():
     suffix = req.get("suffix", [])
 
     try:
-        logs, tol = PipelineOperationLogService.get_file_logs_by_kb_id(kb_id, page_number, items_per_page, orderby, desc, keywords, operation_status, types, suffix, create_date_from, create_date_to)
-        return get_json_result(data={"total": tol, "logs": logs})
+        logs, count = PipelineOperationLogService.get_file_logs_by_kb_id(kb_id, page_number, items_per_page, orderby, desc, keywords, operation_status, types, suffix, create_date_from, create_date_to)
+        return get_json_result(data={"total": count, "logs": logs})
     except Exception as e:
         return server_error_response(e)