Commit Graph

16587 Commits

Author SHA1 Message Date
Timothy Jaeryang Baek
98d3b23085 refac 2026-05-14 13:45:39 +09:00
Timothy Jaeryang Baek
6b1df94bf9 refac 2026-05-14 13:45:31 +09:00
Timothy Jaeryang Baek
95840e307a refac 2026-05-14 13:45:21 +09:00
Timothy Jaeryang Baek
6df09a4039 refac 2026-05-14 13:45:12 +09:00
Timothy Jaeryang Baek
459b1c3fda refac 2026-05-14 13:45:05 +09:00
Timothy Jaeryang Baek
bd9f82d5a6 refac 2026-05-14 13:44:50 +09:00
Timothy Jaeryang Baek
e5c8f8110a refac 2026-05-14 13:19:00 +09:00
Timothy Jaeryang Baek
9c14740ffb refac 2026-05-14 13:12:59 +09:00
Timothy Jaeryang Baek
74ae177d79 refac 2026-05-14 13:10:37 +09:00
Timothy Jaeryang Baek
1ea54c3217 refac 2026-05-14 13:10:22 +09:00
Timothy Jaeryang Baek
f0e88dadc8 refac 2026-05-14 13:08:53 +09:00
Classic298
5cc1eb5170 fix: enforce features.direct_tool_servers on chat-completion tool_servers (#24693)
* fix: enforce features.direct_tool_servers on chat-completion tool_servers

The features.direct_tool_servers per-user permission was correctly
enforced on the storage path (routers/users.py user/settings/update,
which strips toolServers from saved settings when the caller lacks the
permission), but the inference path (/api/chat/completions) popped
tool_servers straight from the request body into metadata with no
permission check. The middleware (utils/middleware.py:2799) then
consumed direct_tool_servers to inject system_prompt into the message
array and register external tool specs that get invoked during the
completion. End result: any authenticated user could bypass the
admin-set per-user feature toggle and use inline tool_servers in their
chat-completion requests, even when admin had explicitly denied the
permission.

Default for USER_PERMISSIONS_FEATURES_DIRECT_TOOL_SERVERS is False
(config.py:2750), so under default config no regular user is supposed
to be able to use direct tool servers — making this a real boundary
bypass on out-of-the-box deployments rather than a corner case.

Mirror the storage-side behaviour at the inference entry point: pop
tool_servers from the request body, then silently drop the value if
the caller is non-admin and lacks features.direct_tool_servers. Admins
always pass; users with the explicit grant always pass; everyone else
gets None propagated into metadata, which the middleware already
handles as the no-tool-servers case.

Reported by berkant-koc in GHSA-f582-c373-jjf6.

Co-authored-by: berkant-koc <berkant-koc@users.noreply.github.com>

* chore: trim verbose comment on tool_servers permission check

---------

Co-authored-by: berkant-koc <berkant-koc@users.noreply.github.com>
2026-05-14 13:08:33 +09:00
Timothy Jaeryang Baek
ae06e199d5 refac 2026-05-14 03:25:54 +09:00
Timothy Jaeryang Baek
cc16e06c32 refac 2026-05-14 03:10:48 +09:00
Timothy Jaeryang Baek
81f611fb73 refac 2026-05-14 03:06:37 +09:00
Timothy Jaeryang Baek
245e0ee029 refac 2026-05-14 03:01:48 +09:00
Classic298
ba78ebea27 fix: validate folder_id ownership on chat create + folder-update endpoints (#24588)
POST /api/v1/chats/new and POST /api/v1/chats/{id}/folder accepted a
caller-supplied folder_id with no validation — neither ownership, nor
existence, nor UUID format. The row was persisted with the supplied
value verbatim, so the DB ended up with chat rows whose folder_id
referenced another user's folder, a non-existent UUID, or even a
non-UUID string.

No read path surfaces this across users — every chat-folder read is
user_id-filtered on both sides — so this is referential-integrity
hardening rather than a security boundary fix. But there's no reason
to accept dangling references either, and the downstream consumers
shouldn't have to assume the column is clean.

Add a Folders.get_folder_by_id_and_user_id() lookup at both writers:
if a folder_id is supplied, it must match a folder owned by the
caller. None remains allowed (chat-without-folder is the default).
Non-existent and non-UUID values fall through to 404.

Reported by ShigekiTsuchiyama in GHSA-4vrg-2vcq-q7jc.

Co-authored-by: ShigekiTsuchiyama <ShigekiTsuchiyama@users.noreply.github.com>
2026-05-14 02:57:57 +09:00
Timothy Jaeryang Baek
f607337582 refac 2026-05-14 02:56:44 +09:00
Aleix Dorca
2a7524056a i18n: Update catalan translation.json (#24569) 2026-05-14 02:49:32 +09:00
Timothy Jaeryang Baek
0214c8db24 fix: korean i18n 2026-05-14 02:41:54 +09:00
Timothy Jaeryang Baek
8aa2a42dc7 refac 2026-05-14 02:40:20 +09:00
Asbjørn Dyhrberg Thegler
f6d8e1e38d Fix translation for 'Authentication' in Danish (#24645) 2026-05-14 02:36:43 +09:00
Timothy Jaeryang Baek
7dcd932ad7 refac 2026-05-14 02:34:19 +09:00
Daniel Nylander
be301c1c27 i18n: Update Swedish (sv-SE) translation — merge with latest dev (#24665)
Co-authored-by: Daniel Nylander <daniel@danielnylander.se>
2026-05-14 02:30:10 +09:00
Taey
5ab32a5086 fix: German i18n translations (#24668) 2026-05-14 02:29:33 +09:00
Timothy Jaeryang Baek
42c86e7283 refac 2026-05-14 02:25:16 +09:00
Timothy Jaeryang Baek
74f95a9b0d refac 2026-05-14 02:08:35 +09:00
Timothy Jaeryang Baek
0b81520e07 refac 2026-05-14 02:08:01 +09:00
Timothy Jaeryang Baek
4e78b355ef refac 2026-05-14 02:00:23 +09:00
Timothy Jaeryang Baek
d74ee34d91 refac 2026-05-14 01:49:34 +09:00
Timothy Jaeryang Baek
3127f1b462 refac 2026-05-14 01:43:33 +09:00
Timothy Jaeryang Baek
ab0ee858b7 refac 2026-05-14 00:07:55 +09:00
Timothy Jaeryang Baek
32a417bbf6 refac 2026-05-13 22:52:09 +09:00
Timothy Jaeryang Baek
e7d2ddbb1d refac 2026-05-13 22:51:23 +09:00
Timothy Jaeryang Baek
171150c1e1 refac 2026-05-13 22:46:00 +09:00
Timothy Jaeryang Baek
2ad327a4dc refac 2026-05-13 22:44:17 +09:00
Timothy Jaeryang Baek
d6dae36da0 refac 2026-05-13 22:39:51 +09:00
Timothy Jaeryang Baek
c2cbc47ca7 feat: knowledge directory 2026-05-13 22:37:53 +09:00
_00_
8ace73da84 upd:i18n: es-ES Translation update v0.9.5 (#24651)
es-ES Translation. Update v0.9.5

Added translation of new strings.
2026-05-13 21:45:44 +09:00
Timothy Jaeryang Baek
3b00e5721a refac 2026-05-13 16:02:11 +09:00
Timothy Jaeryang Baek
2f642754ac refac 2026-05-13 16:00:56 +09:00
Timothy Jaeryang Baek
9ef579ce4b refac 2026-05-13 15:58:52 +09:00
Timothy Jaeryang Baek
ecec86dd32 refac 2026-05-13 15:55:21 +09:00
Timothy Jaeryang Baek
5b125c24d4 feat: kb_exec 2026-05-13 15:41:30 +09:00
Timothy Jaeryang Baek
bc244fdc90 refac 2026-05-13 12:44:12 +09:00
Timothy Jaeryang Baek
6d0295588e refac: modernize type annotations (PEP 604 / PEP 585) 2026-05-12 17:10:15 +09:00
Timothy Jaeryang Baek
a59c967d7e refac: modernize imports, standardize type hints and docstrings 2026-05-12 06:30:38 +09:00
Timothy Jaeryang Baek
998c86a52b style: standardize os.environ.get to os.getenv 2026-05-12 06:12:16 +09:00
Timothy Jaeryang Baek
83736e8dbd style: ruff format 2026-05-12 06:12:06 +09:00
Timothy Jaeryang Baek
4cee7c29a5 refac 2026-05-12 06:01:12 +09:00