🔧 Add env variable for time signature (#4650)

langgenius · May 27, 2024 · f407431 · f407431
1 parent e852a21
commit f407431
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 2 deletions.
diff --git a/api/.env.example b/api/.env.example
@@ -17,6 +17,9 @@ APP_WEB_URL=http://127.0.0.1:3000
 # Files URL
 FILES_URL=http://127.0.0.1:5001
 
+# The time in seconds after the signature is rejected
+FILES_ACCESS_TIMEOUT=300
+
 # celery configuration
 CELERY_BROKER_URL=redis://:difyai123456@localhost:6379/1
 

diff --git a/api/config.py b/api/config.py
@@ -23,6 +23,7 @@
     'SERVICE_API_URL': 'https://api.dify.ai',
     'APP_WEB_URL': 'https://udify.app',
     'FILES_URL': '',
+    'FILES_ACCESS_TIMEOUT': 300,
     'S3_ADDRESS_STYLE': 'auto',
     'STORAGE_TYPE': 'local',
     'STORAGE_LOCAL_PATH': 'storage',
@@ -143,6 +144,10 @@ def __init__(self):
         # Url is signed and has expiration time.
         self.FILES_URL = get_env('FILES_URL') if get_env('FILES_URL') else self.CONSOLE_API_URL
 
+        # File Access Time specifies a time interval in seconds for the file to be accessed.
+        # The default value is 300 seconds.
+        self.FILES_ACCESS_TIMEOUT = int(get_env('FILES_ACCESS_TIMEOUT'))
+
         # Your App secret key will be used for securely signing the session cookie
         # Make sure you are changing this key for your deployment with a strong key.
         # You can generate a strong key using `openssl rand -base64 42`.

diff --git a/api/core/file/upload_file_parser.py b/api/core/file/upload_file_parser.py
@@ -77,4 +77,4 @@ def verify_image_file_signature(cls, upload_file_id: str, timestamp: str, nonce:
             return False
 
         current_time = int(time.time())
-        return current_time - int(timestamp) <= 300  # expired after 5 minutes
+        return current_time - int(timestamp) <= current_app.config.get('FILES_ACCESS_TIMEOUT')
diff --git a/api/core/tools/tool_file_manager.py b/api/core/tools/tool_file_manager.py
@@ -53,7 +53,7 @@ def verify_file(file_id: str, timestamp: str, nonce: str, sign: str) -> bool:
             return False
 
         current_time = int(time.time())
-        return current_time - int(timestamp) <= 300  # expired after 5 minutes
+        return current_time - int(timestamp) <= current_app.config.get('FILES_ACCESS_TIMEOUT')
 
     @staticmethod
     def create_file_by_raw(user_id: str, tenant_id: str,

diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml
@@ -36,6 +36,9 @@ services:
       # used to display File preview or download Url to the front-end or as Multi-model inputs;
       # Url is signed and has expiration time.
       FILES_URL: ''
+      # File Access Time specifies a time interval in seconds for the file to be accessed.
+      # The default value is 300 seconds.
+      FILES_ACCESS_TIMEOUT: 300
       # When enabled, migrations will be executed prior to application startup and the application will start after the migrations have completed.
       MIGRATION_ENABLED: 'true'
       # The configurations of postgres database connection.