gmakstutis/ragflow
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ragflow/api/apps
History
Chaoxi Weng 6ed81d6774
Feat: Add OAuth state parameter for CSRF protection (#7709) 
### What problem does this PR solve?

Add OAuth `state` parameter for CSRF protection:
- Updated `get_authorization_url()` to accept an optional state
parameter
- Generated a unique state value during OAuth login and stored in
session
- Verified state parameter in callback to ensure request legitimacy

This PR follows OAuth 2.0 security best practices by ensuring that the
authorization request originates from the same user who initiated the
flow.

### Type of change

- [x] New Feature (non-breaking change which adds functionality)
2025-05-20 09:40:31 +08:00
..
auth Feat: Add OAuth state parameter for CSRF protection (#7709) 2025-05-20 09:40:31 +08:00
sdk Fix:Fail to get list_sessions (#7678) 2025-05-16 10:58:28 +08:00
__init__.py Fix:When you create a new API module named xxxa_api, the access route will become xxx instead of xxxa. For example, when I create a new API module named 'data_api', the access route will become 'dat' instead of 'data (#7325) 2025-05-20 09:39:26 +08:00
api_app.py FIX:ZeroDivisionError when using large page_size in client.retrieve() (#7595) 2025-05-13 10:46:31 +08:00
canvas_app.py Fix:Agent running message i10n (#7635) 2025-05-14 14:27:12 +08:00
chunk_app.py Feat: When Delete Chunk Will Also Delete Chunk Related Image (#7656) 2025-05-15 11:53:47 +08:00
conversation_app.py Fix: value too long error for chat name (#7697) 2025-05-19 10:25:41 +08:00
dialog_app.py When creating an assistant, no dataset is specified, a different default system promt is used (#7690) 2025-05-19 11:33:54 +08:00
document_app.py Feat: repair corrupted PDF files on upload automatically (#7693) 2025-05-19 14:54:06 +08:00
file2document_app.py Fix: link to KB from filemanager. (#6530) 2025-03-26 09:41:14 +08:00
file_app.py fix: After the file is deleted, it still remains in the bucket. (#7482) 2025-05-06 19:30:42 +08:00
kb_app.py Fix:When you create a new API module named xxxa_api, the access route will become xxx instead of xxxa. For example, when I create a new API module named 'data_api', the access route will become 'dat' instead of 'data (#7325) 2025-05-20 09:39:26 +08:00
langfuse_app.py Feat: add project_id and project_name to Langfuse API (#6481) 2025-03-25 10:36:34 +08:00
llm_app.py Fix: Hunyuan model adding error. (#6531) 2025-03-26 10:33:33 +08:00
plugin_app.py Feat: Support tool calling in Generate component (#7572) 2025-05-16 16:32:19 +08:00
system_app.py Feat: Add user registration toggle feature (#6327) 2025-03-21 09:38:15 +08:00
tenant_app.py Update team invite message (#4085) 2024-12-18 14:20:09 +08:00
user_app.py Feat: Add OAuth state parameter for CSRF protection (#7709) 2025-05-20 09:40:31 +08:00