* remove allowed origins from public chatbot config response
* update how domains are validated in cors middleware
* fix: delete correct allowed domains keys in public chatbot config endpoint
* fix: cors substring issue
* fix: remove cors origins fallback
* fix: error when cors origins is not defined
* fix: update how cors setting is parsed and used
* fix: update how cors setting is parsed and used
* fix: address pr comments
* fix: use workspaceId if available in cors middleware
* fix: global cors blocks chatflow-level validation for predictions
* fix: add error handling to domain validation
* implement parseWithTypeConversion - parse a value against a Zod schema with automatic type conversion for common type mismatches
* Enhance parseWithTypeConversion to include maxDepth parameter for recursion control, preventing infinite loops during parsing.
Update guidelines for task response language and reasoning
Emphasize the importance of responding in the same language as the task description and clarify guidelines for reasoning and conclusions.
* feat: Require workspace ID for API key operations
- Added validation to ensure `activeWorkspaceId` is present in user requests for all API key operations (get, create, update, import, delete).
- Updated `getWorkspaceSearchOptions` and `getWorkspaceSearchOptionsFromReq` to throw an error if `workspaceId` is not provided.
- Modified service methods to enforce `workspaceId` as a required parameter for database operations related to API keys.
* feat: Enforce workspace ID as a required field across multiple interfaces and services
- Updated various interfaces to make `workspaceId` a mandatory field instead of optional.
- Enhanced assistant and export-import service methods to require `workspaceId` for operations, ensuring proper validation and error handling.
- Modified database entity definitions to reflect the change in `workspaceId` from optional to required.
- Improved error handling in controllers to check for `activeWorkspaceId` before proceeding with requests.
* Require workspace ID in various controllers and services
- Updated controllers for credentials, datasets, document stores, evaluations, evaluators, and variables to enforce the presence of `workspaceId`.
- Enhanced error handling to throw appropriate errors when `workspaceId` is not provided.
- Modified service methods to accept `workspaceId` as a mandatory parameter for operations, ensuring consistent validation across the application.
* Update EvaluatorRunner and index to require workspaceId for evaluator retrieval
- Modified the runAdditionalEvaluators function to accept workspaceId as a parameter.
* lint fixes
* Enhancement/Integrate workspaceId in chatflow and flow-config services
- Updated chatflow and flow-config controllers to require workspaceId for fetching chatflows.
- Modified service methods to accept workspaceId as a parameter, ensuring proper context for chatflow retrieval.
* lint fix
* get rid of redundant isApiKeyValidated
* refactor: update permission checks for chatflows and agentflows routes
- Enhanced permission checks in chatflows routes to include agentflows permissions for create, read, update, and delete operations.
- Updated navigation paths in authentication views to redirect to the home page instead of chatflows after successful login or registration.
* fix(DefaultRedirect.jsx): add redirect unauthenticated users to login
* fix(RequireAuth.jsx): check permissions for routes without display property
* fix(DefaultRedirect.jsx): WorkspaceSwitcher api spam
* fix(routes/chatflows/index.ts): use checkAnyPermission for chatflow/has-changed/:id/:lastUpdatedDateTime
* fix(routes/chatflows/index.ts): use checkAnyPermission for delete request chatflow/:id
* fix(controllers/text-to-speech/index.ts): add workspace ID validation in generateTextToSpeech
* fix(controllers/internal-predictions/index.ts): add chatflow retrieval and validation using workspaceId
* feat(services\credentials\index.ts): add filter by workspaceId for getCredentialById
* chore(routes/chat-messages/index.ts): unused chat-messages route
* feat(services/chatflows/index.ts): add filter by workspaceId for deleteChatflow
* feat(services/marketplaces/index.ts): add filter by workspaceId for deleteCustomTemplate
* feat(tools): add filter by workspaceId for read, update, and delete
---------
Co-authored-by: Vinod Paidimarry <vinodkiran@outlook.in>
Co-authored-by: Yau <33013947+chungyau97@users.noreply.github.com>
Co-authored-by: chungyau97 <chungyau97@gmail.com>
* fix shared credentials not showing on ui
* Enhance credential retrieval by including createdDate, updatedDate, and workspaceId fields; sanitize shared item data by omitting encryptedData.
* feat: require old password when changing password
* update account settings page - require old password for changing passwords
* update profile dropdown - go to /account route for updating account details
* Remove all session based on user id after password change
* fix: run lint-fix
* remove unnecessary error page on account
* fix: prevent logout if user provides wrong current password
* fix: remove unused user profile page
* fix: import
---------
Co-authored-by: Henry <hzj94@hotmail.com>
* Sanitize sensitive fields in request header and body in logger
* fix: log request headers, body, and query only when debug logs are enabled
* fix: add missing env to examples
* fix: crash due to missing env vars
variable resolution to support arrays of config objects
- Added handling for arrays of config objects in the resolveVariables function.
- Implemented a recursive search for config values to process all matching parameters, improving flexibility in variable resolution.
* add telemetry for productId
* updated multiple services (chatflows, buildChatflow, upsertVector) to use the new method for fetching product ID from subscriptions, improving consistency and error handling
* add tools warning
* Enhance file handling tools with security features
- Introduced new input parameters: workspacePath, enforceWorkspaceBoundaries, maxFileSize, and allowedExtensions for better control over file operations.
- Added validation for file paths and sizes to prevent unsafe operations.
- Implemented workspace boundary checks to restrict file access based on user-defined settings.
Added background toggle functionality across multiple components (AgentflowCanvas, MarketplaceCanvas, Canvas) with new icons for enabling/disabling background.
Enhance file upload functionality in createAttachment
- Added support for configurable allowed file types and file upload status in createFileAttachment.
- Implemented validation to ensure uploaded files match allowed types, throwing errors for disallowed types.
Henry
Henry Heng
Yi-Cheng Wang
Lê Nam Khánh
Ilango
shou tokunaga
Håvard Homb
Daniel Adeboye
Marko
Shashank Shekhar
Yau
OrbisAI Sec
Bharath
Rostyslav Borovyk