Sultan
/
Flowise
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixing comments from PR

This commit is contained in:
automaton82 2024-01-25 15:29:02 -05:00
parent 3be2393412
commit 657dace89e
7 changed files with 32 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CONTRIBUTING.md
View File

@ -123,6 +123,8 @@ Flowise support different environment variables to configure your instance. You
| Variable | Description | Type | Default | | Variable | Description | Type | Default |
| --------------------------- | ---------------------------------------------------------------------------- | ------------------------------------------------ | ----------------------------------- | | --------------------------- | ---------------------------------------------------------------------------- | ------------------------------------------------ | ----------------------------------- |
| PORT | The HTTP port Flowise runs on | Number | 3000 | | PORT | The HTTP port Flowise runs on | Number | 3000 |
| CORS_ORIGINS | The allowed origins for all cross-origin HTTP calls | String | |
| IFRAME_ORIGINS | The allowed origins for iframe src embedding | String | |
| FLOWISE_USERNAME | Username to login | String | | | FLOWISE_USERNAME | Username to login | String | |
| FLOWISE_PASSWORD | Password to login | String | | | FLOWISE_PASSWORD | Password to login | String | |
| DEBUG | Print logs from components | Boolean | | | DEBUG | Print logs from components | Boolean | |

3
docker/.env.example
View File

@ -4,6 +4,9 @@ APIKEY_PATH=/root/.flowise
SECRETKEY_PATH=/root/.flowise SECRETKEY_PATH=/root/.flowise
LOG_PATH=/root/.flowise/logs LOG_PATH=/root/.flowise/logs
# CORS_ORIGINS="*"
# IFRAME_ORIGINS="*"
# NUMBER_OF_PROXIES= 1 # NUMBER_OF_PROXIES= 1
# DATABASE_TYPE=postgres # DATABASE_TYPE=postgres

2
docker/docker-compose.yml
View File

@ -6,6 +6,8 @@ services:
restart: always restart: always
environment: environment:
- PORT=${PORT} - PORT=${PORT}
- CORS_ORIGINS=${CORS_ORIGINS}
- IFRAME_ORIGINS=${IFRAME_ORIGINS}
- FLOWISE_USERNAME=${FLOWISE_USERNAME} - FLOWISE_USERNAME=${FLOWISE_USERNAME}
- FLOWISE_PASSWORD=${FLOWISE_PASSWORD} - FLOWISE_PASSWORD=${FLOWISE_PASSWORD}
- DEBUG=${DEBUG} - DEBUG=${DEBUG}

2
packages/server/.env.example
View File

@ -1,6 +1,6 @@
PORT=3000 PORT=3000
# CORS_ORIGINS="*" # CORS_ORIGINS="*"
# EMBEDDING_ORIGINS="*" # IFRAME_ORIGINS="*"
# DATABASE_PATH=/your_database_path/.flowise # DATABASE_PATH=/your_database_path/.flowise
# APIKEY_PATH=/your_api_key_path/.flowise # APIKEY_PATH=/your_api_key_path/.flowise
# SECRETKEY_PATH=/your_api_key_path/.flowise # SECRETKEY_PATH=/your_api_key_path/.flowise

4
packages/server/src/commands/start.ts
View File

@ -19,6 +19,8 @@ export default class Start extends Command {
FLOWISE_USERNAME: Flags.string(), FLOWISE_USERNAME: Flags.string(),
FLOWISE_PASSWORD: Flags.string(), FLOWISE_PASSWORD: Flags.string(),
PORT: Flags.string(), PORT: Flags.string(),
CORS_ORIGINS: Flags.string(),
IFRAME_ORIGINS: Flags.string(),
DEBUG: Flags.string(), DEBUG: Flags.string(),
APIKEY_PATH: Flags.string(), APIKEY_PATH: Flags.string(),
SECRETKEY_PATH: Flags.string(), SECRETKEY_PATH: Flags.string(),
@ -78,6 +80,8 @@ export default class Start extends Command {
const { flags } = await this.parse(Start) const { flags } = await this.parse(Start)
if (flags.PORT) process.env.PORT = flags.PORT if (flags.PORT) process.env.PORT = flags.PORT
if (flags.CORS_ORIGINS) process.env.CORS_ORIGINS = flags.CORS_ORIGINS
if (flags.IFRAME_ORIGINS) process.env.IFRAME_ORIGINS = flags.IFRAME_ORIGINS
if (flags.DEBUG) process.env.DEBUG = flags.DEBUG if (flags.DEBUG) process.env.DEBUG = flags.DEBUG
if (flags.NUMBER_OF_PROXIES) process.env.NUMBER_OF_PROXIES = flags.NUMBER_OF_PROXIES if (flags.NUMBER_OF_PROXIES) process.env.NUMBER_OF_PROXIES = flags.NUMBER_OF_PROXIES

27
packages/server/src/index.ts
View File

@ -62,7 +62,7 @@ import { CachePool } from './CachePool'
import { ICommonObject, IMessage, INodeOptionsValue, handleEscapeCharacters } from 'flowise-components' import { ICommonObject, IMessage, INodeOptionsValue, handleEscapeCharacters } from 'flowise-components'
import { createRateLimiter, getRateLimiter, initializeRateLimiter } from './utils/rateLimit' import { createRateLimiter, getRateLimiter, initializeRateLimiter } from './utils/rateLimit'
import { addAPIKey, compareKeys, deleteAPIKey, getApiKey, getAPIKeys, updateAPIKey } from './utils/apiKey' import { addAPIKey, compareKeys, deleteAPIKey, getApiKey, getAPIKeys, updateAPIKey } from './utils/apiKey'
import { sanitizeMiddleware, getAllowedCorsOrigins, getAllowedEmbeddingOrigins } from './utils/XSS' import { sanitizeMiddleware, getCorsOptions, getAllowedIframeOrigins } from './utils/XSS'
import axios from 'axios' import axios from 'axios'
import { Client } from 'langchainhub' import { Client } from 'langchainhub'
import { parsePrompt } from './utils/hub' import { parsePrompt } from './utils/hub'
@ -127,21 +127,11 @@ export class App {
this.app.set('trust proxy', parseInt(process.env.NUMBER_OF_PROXIES)) this.app.set('trust proxy', parseInt(process.env.NUMBER_OF_PROXIES))
// Allow access from specified domains // Allow access from specified domains
const corsOptions = { this.app.use(cors(getCorsOptions()))
origin: function (origin: string | undefined, callback: (err: Error | null, allow?: boolean) => void) {
const allowedOrigins = getAllowedCorsOrigins()
if (!origin || allowedOrigins == '*' || allowedOrigins.indexOf(origin) !== -1) {
callback(null, true)
} else {
callback(new Error('Not allowed by CORS'))
}
}
}
this.app.use(cors(corsOptions))
// Allow embedding from specified domains. // Allow embedding from specified domains.
this.app.use((req, res, next) => { this.app.use((req, res, next) => {
const allowedOrigins = getAllowedEmbeddingOrigins() const allowedOrigins = getAllowedIframeOrigins()
if (allowedOrigins == '*') { if (allowedOrigins == '*') {
next() next()
} else { } else {
@ -1884,16 +1874,7 @@ export async function start(): Promise<void> {
const server = http.createServer(serverApp.app) const server = http.createServer(serverApp.app)
const io = new Server(server, { const io = new Server(server, {
cors: { cors: getCorsOptions()
origin: function (origin: string | undefined, callback: (err: Error | null, allow?: boolean) => void) {
const allowedOrigins = getAllowedCorsOrigins()
if (!origin || allowedOrigins == '*' || allowedOrigins.indexOf(origin) !== -1) {
callback(null, true)
} else {
callback(new Error('Not allowed by CORS'))
}
}
}
}) })
await serverApp.initDatabase() await serverApp.initDatabase()

18
packages/server/src/utils/XSS.ts
View File

@ -24,8 +24,22 @@ export function getAllowedCorsOrigins(): string {
return process.env.CORS_ORIGINS ?? '*' return process.env.CORS_ORIGINS ?? '*'
} }
export function getAllowedEmbeddingOrigins(): string { export function getCorsOptions(): any {
const corsOptions = {
origin: function (origin: string | undefined, callback: (err: Error | null, allow?: boolean) => void) {
const allowedOrigins = getAllowedCorsOrigins()
if (!origin || allowedOrigins == '*' || allowedOrigins.indexOf(origin) !== -1) {
callback(null, true)
} else {
callback(new Error('Not allowed by CORS'))
}
}
}
return corsOptions
}
export function getAllowedIframeOrigins(): string {
// Expects FQDN separated by commas, otherwise nothing or * for all. // Expects FQDN separated by commas, otherwise nothing or * for all.
// Also CSP allowed values: self or none // Also CSP allowed values: self or none
return process.env.EMBEDDING_ORIGINS ?? '*' return process.env.IFRAME_ORIGINS ?? '*'
} }