Merge branch 'main' into pr@main/mobile-voice

Author: wangdan-fit2cloud

apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py

@@ -139,7 +139,7 @@ def event_content(response,
         logging.getLogger("max_kb_error").error(f'{str(e)}:{traceback.format_exc()}')
         all_text = 'Exception:' + str(e)
         write_context(step, manage, 0, 0, all_text)
-        asker = manage.context.get('asker', None)
+        asker = manage.context.get('form_data', {}).get('asker', None)
         post_response_handler.handler(chat_id, chat_record_id, paragraph_list, problem_text,
                                       all_text, manage, step, padding_problem_text, client_id, reasoning_content='',
                                       asker=asker)
@@ -307,7 +307,7 @@ def execute_block(self, message_list: List[BaseMessage],
             else:
                 reasoning_content = reasoning_result.get('reasoning_content') + reasoning_result_end.get(
                     'reasoning_content')
-            asker = manage.context.get('asker', None)
+            asker = manage.context.get('form_data', {}).get('asker', None)
             post_response_handler.handler(chat_id, chat_record_id, paragraph_list, problem_text,
                                           content, manage, self, padding_problem_text, client_id,
                                           reasoning_content=reasoning_content if reasoning_content_enable else '',
@@ -325,7 +325,7 @@ def execute_block(self, message_list: List[BaseMessage],
         except Exception as e:
             all_text = 'Exception:' + str(e)
             write_context(self, manage, 0, 0, all_text)
-            asker = manage.context.get('asker', None)
+            asker = manage.context.get('form_data', {}).get('asker', None)
             post_response_handler.handler(chat_id, chat_record_id, paragraph_list, problem_text,
                                           all_text, manage, self, padding_problem_text, client_id, reasoning_content='',
                                           asker=asker)

apps/application/serializers/application_serializers.py

@@ -39,7 +39,7 @@
 from common.field.common import UploadedImageField, UploadedFileField
 from common.models.db_model_manage import DBModelManage
 from common.response import result
-from common.util.common import valid_license, password_encrypt
+from common.util.common import valid_license, password_encrypt, restricted_loads
 from common.util.field_message import ErrMessage
 from common.util.file_util import get_file_content
 from dataset.models import DataSet, Document, Image
@@ -60,6 +60,7 @@
 
 
 class MKInstance:
+
     def __init__(self, application: dict, function_lib_list: List[dict], version: str):
         self.application = application
         self.function_lib_list = function_lib_list
@@ -727,7 +728,7 @@ def import_(self, with_valid=True):
             user_id = self.data.get('user_id')
             mk_instance_bytes = self.data.get('file').read()
             try:
-                mk_instance = pickle.loads(mk_instance_bytes)
+                mk_instance = restricted_loads(mk_instance_bytes)
             except Exception as e:
                 raise AppApiException(1001, _("Unsupported file format"))
             application = mk_instance.application
@@ -813,7 +814,7 @@ def list_function_lib(self, with_valid=True):
             return FunctionLibSerializer.Query(
                 data={'user_id': application.user_id, 'is_active': True,
                       'function_type': FunctionType.PUBLIC}
-                ).list(with_valid=True)
+            ).list(with_valid=True)
 
         def get_function_lib(self, function_lib_id, with_valid=True):
             if with_valid:
@@ -983,6 +984,7 @@ def profile(self, with_valid=True):
                                                 'draggable': application_setting.draggable,
                                                 'show_guide': application_setting.show_guide,
                                                 'avatar': application_setting.avatar,
+                                                'show_avatar': application_setting.show_avatar,
                                                 'float_icon': application_setting.float_icon,
                                                 'authentication': application_setting.authentication,
                                                 'authentication_type': application_setting.authentication_value.get(
@@ -991,6 +993,7 @@ def profile(self, with_valid=True):
                                                 'disclaimer_value': application_setting.disclaimer_value,
                                                 'custom_theme': application_setting.custom_theme,
                                                 'user_avatar': application_setting.user_avatar,
+                                                'show_user_avatar': application_setting.show_user_avatar,
                                                 'float_location': application_setting.float_location}
             return ApplicationSerializer.Query.reset_application(
                 {**ApplicationSerializer.ApplicationModel(application).data,

apps/common/util/common.py

@@ -10,6 +10,7 @@
 import importlib
 import io
 import mimetypes
+import pickle
 import re
 import shutil
 from functools import reduce
@@ -23,6 +24,31 @@
 from ..exception.app_exception import AppApiException
 from ..models.db_model_manage import DBModelManage
 
+safe_builtins = {
+    'MKInstance'
+}
+
+ALLOWED_CLASSES = {
+    ("builtins", "dict"),
+    ('uuid', 'UUID'),
+    ("application.serializers.application_serializers", "MKInstance"),
+    ("function_lib.serializers.function_lib_serializer", "FlibInstance")
+}
+
+
+class RestrictedUnpickler(pickle.Unpickler):
+
+    def find_class(self, module, name):
+        if (module, name) in ALLOWED_CLASSES:
+            return super().find_class(module, name)
+        raise pickle.UnpicklingError("global '%s.%s' is forbidden" %
+                                     (module, name))
+
+
+def restricted_loads(s):
+    """Helper function analogous to pickle.loads()."""
+    return RestrictedUnpickler(io.BytesIO(s)).load()
+
 
 def encryption(message: str):
     """

apps/function_lib/serializers/function_lib_serializer.py

@@ -6,6 +6,7 @@
     @date：2024/8/2 17:35
     @desc:
 """
+import io
 import json
 import pickle
 import re
@@ -22,6 +23,7 @@
 from common.exception.app_exception import AppApiException
 from common.field.common import UploadedFileField, UploadedImageField
 from common.response import result
+from common.util.common import restricted_loads
 from common.util.field_message import ErrMessage
 from common.util.function_code import FunctionExecutor
 from common.util.rsa_util import rsa_long_decrypt, rsa_long_encrypt
@@ -288,7 +290,7 @@ def edit(self, instance, with_valid=True):
                 if function_lib.init_params:
                     old_init_params = json.loads(rsa_long_decrypt(function_lib.init_params))
                     for key in edit_dict['init_params']:
-                        if edit_dict['init_params'][key] == encryption(old_init_params[key]):
+                        if key in old_init_params and edit_dict['init_params'][key] == encryption(old_init_params[key]):
                             edit_dict['init_params'][key] = old_init_params[key]
 
                 edit_dict['init_params'] = rsa_long_encrypt(json.dumps(edit_dict['init_params']))
@@ -308,7 +310,7 @@ def one(self, with_valid=True):
                 password_fields = [i["field"] for i in function_lib.init_field_list if i.get("input_type") == "PasswordInput"]
                 if function_lib.init_params:
                     for k in function_lib.init_params:
-                        if k in password_fields:
+                        if k in password_fields and function_lib.init_params[k]:
                             function_lib.init_params[k] = encryption(function_lib.init_params[k])
             return {**FunctionLibModelSerializer(function_lib).data, 'init_params': function_lib.init_params}
 
@@ -338,7 +340,7 @@ def import_(self, with_valid=True):
             user_id = self.data.get('user_id')
             flib_instance_bytes = self.data.get('file').read()
             try:
-                flib_instance = pickle.loads(flib_instance_bytes)
+                flib_instance = restricted_loads(flib_instance_bytes)
             except Exception as e:
                 raise AppApiException(1001, _("Unsupported file format"))
             function_lib = flib_instance.function_lib