04954918a5
* fix(oraclevector): SQL Injection Signed-off-by: -LAN- <laipz8200@outlook.com> * fix(oraclevector): Remove bind variables from FETCH FIRST clause Oracle doesn't support bind variables in the FETCH FIRST clause. Fixed by using validated integers directly in the SQL string while maintaining proper input validation to prevent SQL injection. - Updated search_by_vector method to use validated top_k directly - Updated search_by_full_text method to use validated top_k directly - Adjusted parameter numbering for document_ids_filter placeholders 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: Claude <noreply@anthropic.com>
Dify Backend API
Usage
Important
In the v1.3.0 release,
poetryhas been replaced withuvas the package manager for Dify API backend service.
-
Start the docker-compose stack
The backend require some middleware, including PostgreSQL, Redis, and Weaviate, which can be started together using
docker-compose.cd ../docker cp middleware.env.example middleware.env # change the profile to other vector database if you are not using weaviate docker compose -f docker-compose.middleware.yaml --profile weaviate -p dify up -d cd ../api -
Copy
.env.exampleto.envcp .env.example .env -
Generate a
SECRET_KEYin the.envfile.bash for Linux
sed -i "/^SECRET_KEY=/c\SECRET_KEY=$(openssl rand -base64 42)" .envbash for Mac
secret_key=$(openssl rand -base64 42) sed -i '' "/^SECRET_KEY=/c\\ SECRET_KEY=${secret_key}" .env -
Create environment.
Dify API service uses UV to manage dependencies. First, you need to add the uv package manager, if you don't have it already.
pip install uv # Or on macOS brew install uv -
Install dependencies
uv sync --dev -
Run migrate
Before the first launch, migrate the database to the latest version.
uv run flask db upgrade -
Start backend
uv run flask run --host 0.0.0.0 --port=5001 --debug -
Start Dify web service.
-
Setup your application by visiting
http://localhost:3000. -
If you need to handle and debug the async tasks (e.g. dataset importing and documents indexing), please start the worker service.
uv run celery -A app.celery worker -P gevent -c 1 --loglevel INFO -Q dataset,generation,mail,ops_trace,app_deletion,plugin,workflow_storage,conversation
Addition, if you want to debug the celery scheduled tasks, you can use the following command in another terminal:
uv run celery -A app.celery beat
Testing
-
Install dependencies for both the backend and the test environment
uv sync --dev -
Run the tests locally with mocked system environment variables in
tool.pytest_envsection inpyproject.toml, more can check Claude.mduv run pytest # Run all tests uv run pytest tests/unit_tests/ # Unit tests only uv run pytest tests/integration_tests/ # Integration tests # Code quality ../dev/reformat # Run all formatters and linters uv run ruff check --fix ./ # Fix linting issues uv run ruff format ./ # Format code uv run mypy . # Type checking