2025-12-08 01:40:40 +00:00
|
|
|
import logging
|
2025-03-10 11:50:11 +00:00
|
|
|
import time
|
2024-02-28 08:09:56 +00:00
|
|
|
from collections.abc import Callable
|
2025-09-01 07:40:26 +00:00
|
|
|
from enum import StrEnum, auto
|
2023-05-15 00:51:32 +00:00
|
|
|
from functools import wraps
|
2026-03-15 16:20:42 +00:00
|
|
|
from typing import Concatenate, ParamSpec, TypeVar, cast, overload
|
2023-05-15 00:51:32 +00:00
|
|
|
|
2024-01-12 04:34:01 +00:00
|
|
|
from flask import current_app, request
|
2025-08-28 15:17:25 +00:00
|
|
|
from flask_login import user_logged_in
|
2025-08-24 05:45:47 +00:00
|
|
|
from flask_restx import Resource
|
2024-02-28 08:09:56 +00:00
|
|
|
from pydantic import BaseModel
|
2025-06-30 14:13:56 +00:00
|
|
|
from werkzeug.exceptions import Forbidden, NotFound, Unauthorized
|
2024-02-06 05:21:13 +00:00
|
|
|
|
2025-11-03 03:51:09 +00:00
|
|
|
from enums.cloud_plan import CloudPlan
|
2024-02-06 05:21:13 +00:00
|
|
|
from extensions.ext_database import db
|
2025-03-10 11:50:11 +00:00
|
|
|
from extensions.ext_redis import redis_client
|
2025-09-09 17:54:26 +00:00
|
|
|
from libs.login import current_user
|
2025-10-16 06:45:51 +00:00
|
|
|
from models import Account, Tenant, TenantAccountJoin, TenantStatus
|
2025-06-30 14:13:56 +00:00
|
|
|
from models.dataset import Dataset, RateLimitLog
|
2025-11-12 09:59:37 +00:00
|
|
|
from models.model import ApiToken, App
|
2026-02-06 08:25:27 +00:00
|
|
|
from services.api_token_service import ApiTokenCache, fetch_token_with_single_flight, record_token_usage
|
2025-11-12 09:59:37 +00:00
|
|
|
from services.end_user_service import EndUserService
|
2023-12-20 07:37:57 +00:00
|
|
|
from services.feature_service import FeatureService
|
2024-01-12 04:34:01 +00:00
|
|
|
|
2025-09-08 02:40:00 +00:00
|
|
|
P = ParamSpec("P")
|
|
|
|
|
R = TypeVar("R")
|
2025-09-09 08:48:33 +00:00
|
|
|
T = TypeVar("T")
|
2025-09-08 02:40:00 +00:00
|
|
|
|
2025-12-08 01:40:40 +00:00
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
2023-05-15 00:51:32 +00:00
|
|
|
|
2025-09-01 07:40:26 +00:00
|
|
|
class WhereisUserArg(StrEnum):
|
2024-02-28 08:09:56 +00:00
|
|
|
"""
|
|
|
|
|
Enum for whereis_user_arg.
|
|
|
|
|
"""
|
2024-08-26 07:29:10 +00:00
|
|
|
|
2025-09-01 07:40:26 +00:00
|
|
|
QUERY = auto()
|
|
|
|
|
JSON = auto()
|
|
|
|
|
FORM = auto()
|
2024-02-28 08:09:56 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class FetchUserArg(BaseModel):
|
|
|
|
|
fetch_from: WhereisUserArg
|
|
|
|
|
required: bool = False
|
|
|
|
|
|
|
|
|
|
|
2026-03-15 16:20:42 +00:00
|
|
|
@overload
|
|
|
|
|
def validate_app_token(view: Callable[P, R]) -> Callable[P, R]: ...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@overload
|
|
|
|
|
def validate_app_token(
|
|
|
|
|
view: None = None, *, fetch_user_arg: FetchUserArg | None = None
|
|
|
|
|
) -> Callable[[Callable[P, R]], Callable[P, R]]: ...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def validate_app_token(
|
|
|
|
|
view: Callable[P, R] | None = None, *, fetch_user_arg: FetchUserArg | None = None
|
|
|
|
|
) -> Callable[P, R] | Callable[[Callable[P, R]], Callable[P, R]]:
|
|
|
|
|
def decorator(view_func: Callable[P, R]) -> Callable[P, R]:
|
2024-02-28 08:09:56 +00:00
|
|
|
@wraps(view_func)
|
2026-03-15 16:20:42 +00:00
|
|
|
def decorated_view(*args: P.args, **kwargs: P.kwargs) -> R:
|
2024-08-26 07:29:10 +00:00
|
|
|
api_token = validate_and_get_api_token("app")
|
2023-05-15 00:51:32 +00:00
|
|
|
|
2025-07-23 16:57:45 +00:00
|
|
|
app_model = db.session.query(App).where(App.id == api_token.app_id).first()
|
2023-05-15 00:51:32 +00:00
|
|
|
if not app_model:
|
2024-06-04 10:04:10 +00:00
|
|
|
raise Forbidden("The app no longer exists.")
|
2023-05-15 00:51:32 +00:00
|
|
|
|
2024-08-26 07:29:10 +00:00
|
|
|
if app_model.status != "normal":
|
2024-06-04 10:04:10 +00:00
|
|
|
raise Forbidden("The app's status is abnormal.")
|
2023-05-15 00:51:32 +00:00
|
|
|
|
|
|
|
|
if not app_model.enable_api:
|
2024-06-04 10:04:10 +00:00
|
|
|
raise Forbidden("The app's API service has been disabled.")
|
2023-05-15 00:51:32 +00:00
|
|
|
|
2025-07-23 16:57:45 +00:00
|
|
|
tenant = db.session.query(Tenant).where(Tenant.id == app_model.tenant_id).first()
|
2024-12-24 10:38:51 +00:00
|
|
|
if tenant is None:
|
|
|
|
|
raise ValueError("Tenant does not exist.")
|
2024-04-18 09:33:32 +00:00
|
|
|
if tenant.status == TenantStatus.ARCHIVE:
|
2024-06-04 10:04:10 +00:00
|
|
|
raise Forbidden("The workspace's status is archived.")
|
2024-04-18 09:33:32 +00:00
|
|
|
|
2024-08-26 07:29:10 +00:00
|
|
|
kwargs["app_model"] = app_model
|
2023-05-15 00:51:32 +00:00
|
|
|
|
2025-11-05 09:37:19 +00:00
|
|
|
# If caller needs end-user context, attach EndUser to current_user
|
2024-02-28 08:46:50 +00:00
|
|
|
if fetch_user_arg:
|
2026-02-02 09:12:03 +00:00
|
|
|
user_id = None
|
|
|
|
|
match fetch_user_arg.fetch_from:
|
|
|
|
|
case WhereisUserArg.QUERY:
|
|
|
|
|
user_id = request.args.get("user")
|
|
|
|
|
case WhereisUserArg.JSON:
|
|
|
|
|
user_id = request.get_json().get("user")
|
|
|
|
|
case WhereisUserArg.FORM:
|
|
|
|
|
user_id = request.form.get("user")
|
2023-05-15 00:51:32 +00:00
|
|
|
|
2024-02-28 08:09:56 +00:00
|
|
|
if not user_id and fetch_user_arg.required:
|
|
|
|
|
raise ValueError("Arg user must be provided.")
|
|
|
|
|
|
2024-02-28 08:46:50 +00:00
|
|
|
if user_id:
|
|
|
|
|
user_id = str(user_id)
|
|
|
|
|
|
2025-11-12 09:59:37 +00:00
|
|
|
end_user = EndUserService.get_or_create_end_user(app_model, user_id)
|
2025-05-27 02:56:23 +00:00
|
|
|
kwargs["end_user"] = end_user
|
|
|
|
|
|
|
|
|
|
# Set EndUser as current logged-in user for flask_login.current_user
|
2026-03-22 13:21:01 +00:00
|
|
|
current_app.login_manager._update_request_context_with_user(end_user) # type: ignore[attr-defined]
|
|
|
|
|
user_logged_in.send(current_app._get_current_object(), user=end_user) # type: ignore[attr-defined]
|
2025-11-05 09:37:19 +00:00
|
|
|
else:
|
|
|
|
|
# For service API without end-user context, ensure an Account is logged in
|
|
|
|
|
# so services relying on current_account_with_tenant() work correctly.
|
|
|
|
|
tenant_owner_info = (
|
|
|
|
|
db.session.query(Tenant, Account)
|
|
|
|
|
.join(TenantAccountJoin, Tenant.id == TenantAccountJoin.tenant_id)
|
|
|
|
|
.join(Account, TenantAccountJoin.account_id == Account.id)
|
|
|
|
|
.where(
|
|
|
|
|
Tenant.id == app_model.tenant_id,
|
|
|
|
|
TenantAccountJoin.role == "owner",
|
|
|
|
|
Tenant.status == TenantStatus.NORMAL,
|
|
|
|
|
)
|
|
|
|
|
.one_or_none()
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
if tenant_owner_info:
|
|
|
|
|
tenant_model, account = tenant_owner_info
|
|
|
|
|
account.current_tenant = tenant_model
|
2026-03-22 13:21:01 +00:00
|
|
|
current_app.login_manager._update_request_context_with_user(account) # type: ignore[attr-defined]
|
|
|
|
|
user_logged_in.send(current_app._get_current_object(), user=current_user) # type: ignore[attr-defined]
|
2025-11-05 09:37:19 +00:00
|
|
|
else:
|
|
|
|
|
raise Unauthorized("Tenant owner account not found or tenant is not active.")
|
2024-02-28 08:09:56 +00:00
|
|
|
|
|
|
|
|
return view_func(*args, **kwargs)
|
2024-08-26 07:29:10 +00:00
|
|
|
|
2024-02-28 08:09:56 +00:00
|
|
|
return decorated_view
|
|
|
|
|
|
|
|
|
|
if view is None:
|
|
|
|
|
return decorator
|
|
|
|
|
else:
|
|
|
|
|
return decorator(view)
|
2023-05-15 00:51:32 +00:00
|
|
|
|
|
|
|
|
|
2024-08-28 10:55:47 +00:00
|
|
|
def cloud_edition_billing_resource_check(resource: str, api_token_type: str):
|
2025-09-08 02:40:00 +00:00
|
|
|
def interceptor(view: Callable[P, R]):
|
|
|
|
|
def decorated(*args: P.args, **kwargs: P.kwargs):
|
2023-12-20 07:37:57 +00:00
|
|
|
api_token = validate_and_get_api_token(api_token_type)
|
|
|
|
|
features = FeatureService.get_features(api_token.tenant_id)
|
2023-12-05 08:53:55 +00:00
|
|
|
|
2023-12-20 07:37:57 +00:00
|
|
|
if features.billing.enabled:
|
|
|
|
|
members = features.members
|
|
|
|
|
apps = features.apps
|
|
|
|
|
vector_space = features.vector_space
|
2024-03-03 04:45:06 +00:00
|
|
|
documents_upload_quota = features.documents_upload_quota
|
2023-12-05 08:53:55 +00:00
|
|
|
|
2024-08-26 07:29:10 +00:00
|
|
|
if resource == "members" and 0 < members.limit <= members.size:
|
2024-08-28 10:55:47 +00:00
|
|
|
raise Forbidden("The number of members has reached the limit of your subscription.")
|
2024-08-26 07:29:10 +00:00
|
|
|
elif resource == "apps" and 0 < apps.limit <= apps.size:
|
2024-08-28 10:55:47 +00:00
|
|
|
raise Forbidden("The number of apps has reached the limit of your subscription.")
|
2024-08-26 07:29:10 +00:00
|
|
|
elif resource == "vector_space" and 0 < vector_space.limit <= vector_space.size:
|
2024-08-28 10:55:47 +00:00
|
|
|
raise Forbidden("The capacity of the vector space has reached the limit of your subscription.")
|
2024-08-26 07:29:10 +00:00
|
|
|
elif resource == "documents" and 0 < documents_upload_quota.limit <= documents_upload_quota.size:
|
2024-08-28 10:55:47 +00:00
|
|
|
raise Forbidden("The number of documents has reached the limit of your subscription.")
|
2023-12-05 08:53:55 +00:00
|
|
|
else:
|
|
|
|
|
return view(*args, **kwargs)
|
|
|
|
|
|
|
|
|
|
return view(*args, **kwargs)
|
2024-08-26 07:29:10 +00:00
|
|
|
|
2023-12-05 08:53:55 +00:00
|
|
|
return decorated
|
2024-08-26 07:29:10 +00:00
|
|
|
|
2023-12-05 08:53:55 +00:00
|
|
|
return interceptor
|
|
|
|
|
|
|
|
|
|
|
2024-08-28 10:55:47 +00:00
|
|
|
def cloud_edition_billing_knowledge_limit_check(resource: str, api_token_type: str):
|
2025-09-08 02:40:00 +00:00
|
|
|
def interceptor(view: Callable[P, R]):
|
2024-04-02 09:55:49 +00:00
|
|
|
@wraps(view)
|
2025-09-08 02:40:00 +00:00
|
|
|
def decorated(*args: P.args, **kwargs: P.kwargs):
|
2024-04-02 09:55:49 +00:00
|
|
|
api_token = validate_and_get_api_token(api_token_type)
|
|
|
|
|
features = FeatureService.get_features(api_token.tenant_id)
|
|
|
|
|
if features.billing.enabled:
|
2024-08-26 07:29:10 +00:00
|
|
|
if resource == "add_segment":
|
2025-11-03 03:51:09 +00:00
|
|
|
if features.billing.subscription.plan == CloudPlan.SANDBOX:
|
2024-08-28 10:55:47 +00:00
|
|
|
raise Forbidden(
|
|
|
|
|
"To unlock this feature and elevate your Dify experience, please upgrade to a paid plan."
|
|
|
|
|
)
|
2024-04-02 09:55:49 +00:00
|
|
|
else:
|
|
|
|
|
return view(*args, **kwargs)
|
|
|
|
|
|
|
|
|
|
return view(*args, **kwargs)
|
2025-03-10 11:50:11 +00:00
|
|
|
|
|
|
|
|
return decorated
|
|
|
|
|
|
|
|
|
|
return interceptor
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def cloud_edition_billing_rate_limit_check(resource: str, api_token_type: str):
|
2025-09-08 02:40:00 +00:00
|
|
|
def interceptor(view: Callable[P, R]):
|
2025-03-10 11:50:11 +00:00
|
|
|
@wraps(view)
|
2025-09-08 02:40:00 +00:00
|
|
|
def decorated(*args: P.args, **kwargs: P.kwargs):
|
2025-03-10 11:50:11 +00:00
|
|
|
api_token = validate_and_get_api_token(api_token_type)
|
|
|
|
|
|
|
|
|
|
if resource == "knowledge":
|
|
|
|
|
knowledge_rate_limit = FeatureService.get_knowledge_rate_limit(api_token.tenant_id)
|
|
|
|
|
if knowledge_rate_limit.enabled:
|
|
|
|
|
current_time = int(time.time() * 1000)
|
|
|
|
|
key = f"rate_limit_{api_token.tenant_id}"
|
|
|
|
|
|
|
|
|
|
redis_client.zadd(key, {current_time: current_time})
|
|
|
|
|
|
|
|
|
|
redis_client.zremrangebyscore(key, 0, current_time - 60000)
|
|
|
|
|
|
|
|
|
|
request_count = redis_client.zcard(key)
|
|
|
|
|
|
|
|
|
|
if request_count > knowledge_rate_limit.limit:
|
|
|
|
|
# add ratelimit record
|
|
|
|
|
rate_limit_log = RateLimitLog(
|
|
|
|
|
tenant_id=api_token.tenant_id,
|
|
|
|
|
subscription_plan=knowledge_rate_limit.subscription_plan,
|
|
|
|
|
operation="knowledge",
|
|
|
|
|
)
|
|
|
|
|
db.session.add(rate_limit_log)
|
|
|
|
|
db.session.commit()
|
|
|
|
|
raise Forbidden(
|
|
|
|
|
"Sorry, you have reached the knowledge base request rate limit of your subscription."
|
|
|
|
|
)
|
|
|
|
|
return view(*args, **kwargs)
|
2024-04-02 09:55:49 +00:00
|
|
|
|
|
|
|
|
return decorated
|
|
|
|
|
|
|
|
|
|
return interceptor
|
|
|
|
|
|
2024-08-26 07:29:10 +00:00
|
|
|
|
2026-03-15 16:20:42 +00:00
|
|
|
@overload
|
|
|
|
|
def validate_dataset_token(view: Callable[Concatenate[T, P], R]) -> Callable[P, R]: ...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@overload
|
|
|
|
|
def validate_dataset_token(view: None = None) -> Callable[[Callable[Concatenate[T, P], R]], Callable[P, R]]: ...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def validate_dataset_token(
|
|
|
|
|
view: Callable[Concatenate[T, P], R] | None = None,
|
|
|
|
|
) -> Callable[P, R] | Callable[[Callable[Concatenate[T, P], R]], Callable[P, R]]:
|
|
|
|
|
def decorator(view_func: Callable[Concatenate[T, P], R]) -> Callable[P, R]:
|
|
|
|
|
@wraps(view_func)
|
|
|
|
|
def decorated(*args: P.args, **kwargs: P.kwargs) -> R:
|
2026-02-09 09:43:36 +00:00
|
|
|
api_token = validate_and_get_api_token("dataset")
|
|
|
|
|
|
2025-09-18 04:49:10 +00:00
|
|
|
# get url path dataset_id from positional args or kwargs
|
|
|
|
|
# Flask passes URL path parameters as positional arguments
|
|
|
|
|
dataset_id = None
|
|
|
|
|
|
|
|
|
|
# First try to get from kwargs (explicit parameter)
|
|
|
|
|
dataset_id = kwargs.get("dataset_id")
|
|
|
|
|
|
|
|
|
|
# If not in kwargs, try to extract from positional args
|
|
|
|
|
if not dataset_id and args:
|
|
|
|
|
# For class methods: args[0] is self, args[1] is dataset_id (if exists)
|
|
|
|
|
# Check if first arg is likely a class instance (has __dict__ or __class__)
|
|
|
|
|
if len(args) > 1 and hasattr(args[0], "__dict__"):
|
|
|
|
|
# This is a class method, dataset_id should be in args[1]
|
|
|
|
|
potential_id = args[1]
|
|
|
|
|
# Validate it's a string-like UUID, not another object
|
|
|
|
|
try:
|
|
|
|
|
# Try to convert to string and check if it's a valid UUID format
|
|
|
|
|
str_id = str(potential_id)
|
|
|
|
|
# Basic check: UUIDs are 36 chars with hyphens
|
|
|
|
|
if len(str_id) == 36 and str_id.count("-") == 4:
|
|
|
|
|
dataset_id = str_id
|
2025-12-08 01:40:40 +00:00
|
|
|
except Exception:
|
|
|
|
|
logger.exception("Failed to parse dataset_id from class method args")
|
2025-09-18 04:49:10 +00:00
|
|
|
elif len(args) > 0:
|
|
|
|
|
# Not a class method, check if args[0] looks like a UUID
|
|
|
|
|
potential_id = args[0]
|
|
|
|
|
try:
|
|
|
|
|
str_id = str(potential_id)
|
|
|
|
|
if len(str_id) == 36 and str_id.count("-") == 4:
|
|
|
|
|
dataset_id = str_id
|
2025-12-08 01:40:40 +00:00
|
|
|
except Exception:
|
|
|
|
|
logger.exception("Failed to parse dataset_id from positional args")
|
2025-09-18 04:49:10 +00:00
|
|
|
|
|
|
|
|
# Validate dataset if dataset_id is provided
|
|
|
|
|
if dataset_id:
|
|
|
|
|
dataset_id = str(dataset_id)
|
2026-02-09 09:43:36 +00:00
|
|
|
dataset = (
|
|
|
|
|
db.session.query(Dataset)
|
|
|
|
|
.where(
|
|
|
|
|
Dataset.id == dataset_id,
|
|
|
|
|
Dataset.tenant_id == api_token.tenant_id,
|
|
|
|
|
)
|
|
|
|
|
.first()
|
|
|
|
|
)
|
2025-09-18 04:49:10 +00:00
|
|
|
if not dataset:
|
|
|
|
|
raise NotFound("Dataset not found.")
|
|
|
|
|
if not dataset.enable_api:
|
|
|
|
|
raise Forbidden("Dataset api access is not enabled.")
|
2024-08-26 07:29:10 +00:00
|
|
|
tenant_account_join = (
|
|
|
|
|
db.session.query(Tenant, TenantAccountJoin)
|
2025-07-23 16:57:45 +00:00
|
|
|
.where(Tenant.id == api_token.tenant_id)
|
|
|
|
|
.where(TenantAccountJoin.tenant_id == Tenant.id)
|
|
|
|
|
.where(TenantAccountJoin.role.in_(["owner"]))
|
|
|
|
|
.where(Tenant.status == TenantStatus.NORMAL)
|
2024-08-26 07:29:10 +00:00
|
|
|
.one_or_none()
|
|
|
|
|
) # TODO: only owner information is required, so only one is returned.
|
2023-09-27 08:06:32 +00:00
|
|
|
if tenant_account_join:
|
|
|
|
|
tenant, ta = tenant_account_join
|
2025-07-23 16:57:45 +00:00
|
|
|
account = db.session.query(Account).where(Account.id == ta.account_id).first()
|
2023-09-27 08:06:32 +00:00
|
|
|
# Login admin
|
|
|
|
|
if account:
|
|
|
|
|
account.current_tenant = tenant
|
2026-03-22 13:21:01 +00:00
|
|
|
current_app.login_manager._update_request_context_with_user(account) # type: ignore[attr-defined]
|
|
|
|
|
user_logged_in.send(current_app._get_current_object(), user=current_user) # type: ignore[attr-defined]
|
2023-09-27 08:06:32 +00:00
|
|
|
else:
|
2024-01-26 04:47:42 +00:00
|
|
|
raise Unauthorized("Tenant owner account does not exist.")
|
2023-09-27 08:06:32 +00:00
|
|
|
else:
|
2024-01-26 04:47:42 +00:00
|
|
|
raise Unauthorized("Tenant does not exist.")
|
2026-03-15 16:20:42 +00:00
|
|
|
return view_func(api_token.tenant_id, *args, **kwargs) # type: ignore[arg-type]
|
2024-08-26 07:29:10 +00:00
|
|
|
|
2023-05-15 00:51:32 +00:00
|
|
|
return decorated
|
|
|
|
|
|
|
|
|
|
if view:
|
|
|
|
|
return decorator(view)
|
|
|
|
|
|
|
|
|
|
# if view is None, it means that the decorator is used without parentheses
|
|
|
|
|
# use the decorator as a function for method_decorators
|
|
|
|
|
return decorator
|
|
|
|
|
|
|
|
|
|
|
2025-01-07 10:04:41 +00:00
|
|
|
def validate_and_get_api_token(scope: str | None = None):
|
2023-05-15 00:51:32 +00:00
|
|
|
"""
|
2026-02-06 08:25:27 +00:00
|
|
|
Validate and get API token with Redis caching.
|
|
|
|
|
|
|
|
|
|
This function uses a two-tier approach:
|
|
|
|
|
1. First checks Redis cache for the token
|
|
|
|
|
2. If not cached, queries database and caches the result
|
|
|
|
|
|
|
|
|
|
The last_used_at field is updated asynchronously via Celery task
|
|
|
|
|
to avoid blocking the request.
|
2023-05-15 00:51:32 +00:00
|
|
|
"""
|
2024-08-26 07:29:10 +00:00
|
|
|
auth_header = request.headers.get("Authorization")
|
|
|
|
|
if auth_header is None or " " not in auth_header:
|
2023-08-18 12:32:44 +00:00
|
|
|
raise Unauthorized("Authorization header must be provided and start with 'Bearer'")
|
2023-05-15 00:51:32 +00:00
|
|
|
|
|
|
|
|
auth_scheme, auth_token = auth_header.split(None, 1)
|
|
|
|
|
auth_scheme = auth_scheme.lower()
|
|
|
|
|
|
2024-08-26 07:29:10 +00:00
|
|
|
if auth_scheme != "bearer":
|
2023-08-18 12:32:44 +00:00
|
|
|
raise Unauthorized("Authorization scheme must be 'Bearer'")
|
2023-05-15 00:51:32 +00:00
|
|
|
|
2026-02-06 08:25:27 +00:00
|
|
|
# Try to get token from cache first
|
|
|
|
|
# Returns a CachedApiToken (plain Python object), not a SQLAlchemy model
|
|
|
|
|
cached_token = ApiTokenCache.get(auth_token, scope)
|
|
|
|
|
if cached_token is not None:
|
|
|
|
|
logger.debug("Token validation served from cache for scope: %s", scope)
|
|
|
|
|
# Record usage in Redis for later batch update (no Celery task per request)
|
|
|
|
|
record_token_usage(auth_token, scope)
|
|
|
|
|
return cast(ApiToken, cached_token)
|
|
|
|
|
|
|
|
|
|
# Cache miss - use Redis lock for single-flight mode
|
|
|
|
|
# This ensures only one request queries DB for the same token concurrently
|
|
|
|
|
return fetch_token_with_single_flight(auth_token, scope)
|
2023-05-15 00:51:32 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class DatasetApiResource(Resource):
|
|
|
|
|
method_decorators = [validate_dataset_token]
|
2025-06-30 14:13:56 +00:00
|
|
|
|
|
|
|
|
def get_dataset(self, dataset_id: str, tenant_id: str) -> Dataset:
|
2025-07-23 16:57:45 +00:00
|
|
|
dataset = db.session.query(Dataset).where(Dataset.id == dataset_id, Dataset.tenant_id == tenant_id).first()
|
2025-06-30 14:13:56 +00:00
|
|
|
|
|
|
|
|
if not dataset:
|
|
|
|
|
raise NotFound("Dataset not found.")
|
|
|
|
|
|
|
|
|
|
return dataset
|
