mirror of
https://github.com/infiniflow/ragflow.git
synced 2026-06-29 15:31:05 +08:00
8fb692f10a
## Related issues Closes #15144 ### What problem does this PR solve? `POST /api/v1/agents/rerun` loaded a pipeline operation log by UUID via `PipelineOperationLogService.get_documents_info` with no authorization, then wiped chunks, reset document counters, deleted tasks, and re-queued dataflow for the victim document. Any authenticated user who knew a victim's pipeline log id could disrupt parsing on documents they did not own. ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue) - [ ] New Feature (non-breaking change which adds functionality) - [ ] Documentation Update - [ ] Refactoring - [ ] Performance Improvement - [ ] Other (please describe): ### Changes | File | Change | |------|--------| | `api/apps/restful_apis/agent_api.py` | Call `DocumentService.accessible(doc["id"], tenant_id)` before destructive rerun operations; deny with generic `"Document not found."` | | `test/unit_test/api/apps/restful_apis/test_rerun_agent_authorization.py` | Unit tests: cross-tenant log rejected, missing/unauthorized same message, authorized rerun proceeds | ### Security notes - **CWE-639:** Closes cross-tenant pipeline rerun / chunk wipe via leaked log UUID. - `tenant_id` from `@add_tenant_id_to_kwargs` is `current_user.id`; `DocumentService.accessible` covers team-shared KBs. ### Test plan - [ ] `pytest test/unit_test/api/apps/restful_apis/test_rerun_agent_authorization.py` - [ ] Manual: attacker cannot rerun victim pipeline log id ```bash cd ragflow uv run pytest test/unit_test/api/apps/restful_apis/test_rerun_agent_authorization.py -q ``` --------- Co-authored-by: Zhichang Yu <yuzhichang@gmail.com>
104 lines
3.5 KiB
Python
104 lines
3.5 KiB
Python
#
|
|
# Copyright 2025 The InfiniFlow Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
import hashlib
|
|
import os
|
|
import shutil
|
|
import tiktoken
|
|
|
|
from common.file_utils import get_project_base_directory
|
|
|
|
|
|
def _ensure_tiktoken_cache() -> str:
|
|
cache_dir = get_project_base_directory()
|
|
os.environ["TIKTOKEN_CACHE_DIR"] = cache_dir
|
|
|
|
bundled_encoding_path = get_project_base_directory("ragflow_deps", "cl100k_base.tiktoken")
|
|
encoding_url = "https://openaipublic.blob.core.windows.net/encodings/cl100k_base.tiktoken"
|
|
cached_encoding_path = os.path.join(cache_dir, hashlib.sha1(encoding_url.encode()).hexdigest())
|
|
|
|
if os.path.exists(bundled_encoding_path) and not os.path.exists(cached_encoding_path):
|
|
shutil.copyfile(bundled_encoding_path, cached_encoding_path)
|
|
|
|
return cache_dir
|
|
|
|
|
|
tiktoken_cache_dir = _ensure_tiktoken_cache()
|
|
os.environ["TIKTOKEN_CACHE_DIR"] = tiktoken_cache_dir
|
|
# encoder = tiktoken.encoding_for_model("gpt-3.5-turbo")
|
|
encoder = tiktoken.get_encoding("cl100k_base")
|
|
|
|
|
|
def num_tokens_from_string(string: str) -> int:
|
|
"""Returns the number of tokens in a text string."""
|
|
try:
|
|
code_list = encoder.encode(string)
|
|
return len(code_list)
|
|
except Exception:
|
|
return 0
|
|
|
|
def total_token_count_from_response(resp):
|
|
"""
|
|
Extract token count from LLM response in various formats.
|
|
|
|
Handles None responses and different response structures from various LLM providers.
|
|
Returns 0 if token count cannot be determined.
|
|
"""
|
|
if resp is None:
|
|
return 0
|
|
|
|
try:
|
|
if hasattr(resp, "usage") and hasattr(resp.usage, "total_tokens"):
|
|
return resp.usage.total_tokens
|
|
except Exception:
|
|
pass
|
|
|
|
try:
|
|
if hasattr(resp, "usage_metadata") and hasattr(resp.usage_metadata, "total_tokens"):
|
|
return resp.usage_metadata.total_tokens
|
|
except Exception:
|
|
pass
|
|
|
|
try:
|
|
if hasattr(resp, "meta") and hasattr(resp.meta, "billed_units") and hasattr(resp.meta.billed_units, "input_tokens"):
|
|
return resp.meta.billed_units.input_tokens
|
|
except Exception:
|
|
pass
|
|
|
|
if isinstance(resp, dict) and 'usage' in resp and 'total_tokens' in resp['usage']:
|
|
try:
|
|
return resp["usage"]["total_tokens"]
|
|
except Exception:
|
|
pass
|
|
|
|
if isinstance(resp, dict) and 'usage' in resp and 'input_tokens' in resp['usage'] and 'output_tokens' in resp['usage']:
|
|
try:
|
|
return resp["usage"]["input_tokens"] + resp["usage"]["output_tokens"]
|
|
except Exception:
|
|
pass
|
|
|
|
if isinstance(resp, dict) and 'meta' in resp and 'tokens' in resp['meta'] and 'input_tokens' in resp['meta']['tokens'] and 'output_tokens' in resp['meta']['tokens']:
|
|
try:
|
|
return resp["meta"]["tokens"]["input_tokens"] + resp["meta"]["tokens"]["output_tokens"]
|
|
except Exception:
|
|
pass
|
|
return 0
|
|
|
|
|
|
def truncate(string: str, max_len: int) -> str:
|
|
"""Returns truncated text if the length of text exceed max_len."""
|
|
return encoder.decode(encoder.encode(string)[:max_len])
|