Merge remote-tracking branch 'upstream/v2' into upgrade_jsonpath-ng_to_1.8.0

Author: wangliang181230

apps/application/serializers/application.py

@@ -1036,8 +1036,8 @@ def edit(self, instance: Dict, with_valid=True):
         if 'work_flow' in instance:
             # 修改语音配置相关
             self.update_work_flow_model(instance)
-        if 'mcp_servers' in instance:
-            ToolExecutor().validate_mcp_transport(instance.get('mcp_servers'))
+        if 'mcp_servers' in instance and len(instance.get('mcp_servers', {})) > 0:
+            ToolExecutor().validate_mcp_transport(json.dumps(instance.get('mcp_servers')))
         update_keys = ['name', 'desc', 'model_id', 'multiple_rounds_dialogue', 'prologue', 'status',
                        'knowledge_setting', 'model_setting', 'problem_optimization', 'dialogue_number',
                        'stt_model_id', 'tts_model_id', 'tts_model_enable', 'stt_model_enable', 'tts_type',

apps/application/serializers/application_chat.py

@@ -193,6 +193,8 @@ def to_row(row: Dict):
     def reset_value(value):
         if isinstance(value, str):
             value = re.sub(ILLEGAL_CHARACTERS_RE, '', value)
+            if value.startswith(('=', '+', '-', '@')):
+                value = "'" + value
         if isinstance(value, datetime.datetime):
             eastern = pytz.timezone(TIME_ZONE)
             c = datetime.timezone(eastern._utcoffset)

apps/common/utils/tool_code.py

@@ -71,6 +71,7 @@ def init_sandbox_dir():
             os.remove(sandbox_conf_file_path)
         banned_hosts = CONFIG.get("SANDBOX_PYTHON_BANNED_HOSTS", '').strip()
         allow_dl_paths = CONFIG.get("SANDBOX_PYTHON_ALLOW_DL_PATHS",'').strip()
+        allow_dl_open = CONFIG.get("SANDBOX_PYTHON_ALLOW_DL_OPEN",'0')
         allow_subprocess = CONFIG.get("SANDBOX_PYTHON_ALLOW_SUBPROCESS", '0')
         allow_syscall = CONFIG.get("SANDBOX_PYTHON_ALLOW_SYSCALL", '0')
         if banned_hosts:
@@ -81,6 +82,7 @@ def init_sandbox_dir():
         with open(sandbox_conf_file_path, "w") as f:
             f.write(f"SANDBOX_PYTHON_BANNED_HOSTS={banned_hosts}\n")
             f.write(f"SANDBOX_PYTHON_ALLOW_DL_PATHS={','.join(sorted(set(filter(None, sys.path + _sandbox_python_sys_path + allow_dl_paths.split(',')))))}\n")
+            f.write(f"SANDBOX_PYTHON_ALLOW_DL_OPEN={allow_dl_open}\n")
             f.write(f"SANDBOX_PYTHON_ALLOW_SUBPROCESS={allow_subprocess}\n")
             f.write(f"SANDBOX_PYTHON_ALLOW_SYSCALL={allow_syscall}\n")
         os.system(f"chmod -R 550 {_sandbox_path}")

apps/tools/serializers/tool.py

@@ -613,17 +613,19 @@ def one(self):
                     'size': skill_file.file_size,
                 } if skill_file else None
             work_flow = {}
+            is_publish = False
             if tool.tool_type == 'WORKFLOW':
                 tool_workflow = QuerySet(ToolWorkflow).filter(tool_id=tool.id).first()
                 if tool_workflow:
                     work_flow = tool_workflow.work_flow
-
+                    is_publish = tool_workflow.is_publish
             return {
                 **ToolModelSerializer(tool).data,
                 'init_params': tool.init_params if tool.init_params else {},
                 'nick_name': nick_name,
                 'fileList': [skill_file_dict] if tool.tool_type == 'SKILL' else [],
-                'work_flow': work_flow
+                'work_flow': work_flow,
+                'is_publish': is_publish
             }
 
         def export(self):

apps/users/serializers/login.py

@@ -7,8 +7,8 @@
     @desc:
 """
 import base64
-import datetime
 import json
+import logging
 
 from captcha.image import ImageCaptcha
 from django.core import signing
@@ -23,9 +23,10 @@
 from common.database_model_manage.database_model_manage import DatabaseModelManage
 from common.exception.app_exception import AppApiException
 from common.utils.common import password_encrypt, get_random_chars
-from common.utils.rsa_util import encrypt, decrypt
+from common.utils.rsa_util import decrypt
 from maxkb.const import CONFIG
 from users.models import User
+from common.utils.logger import maxkb_logger
 
 
 class LoginRequest(serializers.Serializer):
@@ -48,26 +49,34 @@ class LoginResponse(serializers.Serializer):
 
 
 def record_login_fail(username: str, expire: int = 600):
-    """记录登录失败次数"""
+    """记录登录失败次数（原子）返回当前失败计数"""
     if not username:
-        return
+        return 0
     fail_key = system_get_key(f'system_{username}')
-    fail_count = cache.get(fail_key, version=system_version)
-    if fail_count is None:
+    try:
+        fail_count = cache.incr(fail_key, 1, version=system_version)
+    except ValueError:
+        # key 不存在，初始化并设置过期
         cache.set(fail_key, 1, timeout=expire, version=system_version)
-    else:
-        cache.incr(fail_key, 1, version=system_version)
+        fail_count = 1
+    return fail_count
 
 
 def record_login_fail_lock(username: str, expire: int = 10):
+    """
+    使用 cache.incr 保证原子递增，并在不存在时初始化计数器并返回当前值。
+    这里的计数器用于判断是否应当进入“锁定”分支，避免依赖非原子 get -> set 的组合。
+    """
     if not username:
-        return
+        return 0
     fail_key = system_get_key(f'system_{username}_lock_count')
-    fail_count = cache.get(fail_key, version=system_version)
-    if fail_count is None:
+    try:
+        fail_count = cache.incr(fail_key, 1, version=system_version)
+    except ValueError:
+        # key 不存在，初始化并设置过期（分钟转秒）
         cache.set(fail_key, 1, timeout=expire * 60, version=system_version)
-    else:
-        cache.incr(fail_key, 1, version=system_version)
+        fail_count = 1
+    return fail_count
 
 
 class LoginSerializer(serializers.Serializer):
@@ -93,8 +102,16 @@ def login(instance):
         encrypted_data = instance.get("encryptedData", "")
 
         if encrypted_data:
-            decrypted_data = json.loads(decrypt(encrypted_data))
-            instance.update(decrypted_data)
+            try:
+                decrypted_raw = decrypt(encrypted_data)
+                # decrypt 可能返回非 JSON 字符串，防护解析异常
+                decrypted_data = json.loads(decrypted_raw) if decrypted_raw else {}
+                if isinstance(decrypted_data, dict):
+                    instance.update(decrypted_data)
+            except Exception as e:
+                maxkb_logger.exception("Failed to decrypt/parse encryptedData for user %s: %s", username, e)
+                raise AppApiException(500, _("Invalid encrypted data"))
+
         try:
             LoginRequest(data=instance).is_valid(raise_exception=True)
         except serializers.ValidationError:
@@ -128,7 +145,7 @@ def login(instance):
                 LoginSerializer._validate_captcha(username, captcha)
 
         # 验证用户凭据
-        user = QuerySet(User).filter(
+        user = User.objects.filter(
             username=username,
             password=password_encrypt(password)
         ).first()
@@ -190,34 +207,61 @@ def _validate_captcha(username: str, captcha: str) -> None:
 
     @staticmethod
     def _handle_failed_login(username: str, is_license_valid: bool, failed_attempts: int, lock_time: int) -> None:
-        """处理登录失败"""
-        record_login_fail(username)
-        record_login_fail_lock(username, lock_time)
+        """处理登录失败
+
+        修复要点：
+        - 使用 record_login_fail / record_login_fail_lock 两个原子 incr 来记录失败；
+        - 不再依赖精确等于 0 的比较来触发锁，而是基于原子计数 >= 阈值来决定进入锁定分支；
+        - 使用 cache.add 原子创建锁键，cache.add 保证只有第一个成功创建者可写入该键；
+          其他并发到达的请求若发现计数已到达阈值也应当返回“已锁定”响应，避免出现绕过。
+        """
+        # 记录普通失败计数（供验证码触发使用）
+        try:
+            record_login_fail(username)
+        except Exception:
+            maxkb_logger.exception("Failed to record login fail for user %s", username)
+
+        # 记录用于锁定判断的失败计数（按 lock_time 作为初始化过期分钟）
+        lock_fail_count = 0
+        try:
+            lock_fail_count = record_login_fail_lock(username, lock_time)
+        except Exception:
+            maxkb_logger.exception("Failed to record lock fail count for user %s", username)
 
+        # 如果不是企业版或禁用锁定功能，直接返回（但计数已经记录）
         if not is_license_valid or failed_attempts <= 0:
             return
 
-        fail_count = cache.get(system_get_key(f'system_{username}_lock_count'), version=system_version) or 0
-        remain_attempts = failed_attempts - fail_count
-
-        if remain_attempts > 0:
+        # 当计数小于阈值，告知剩余尝试次数
+        if lock_fail_count < failed_attempts:
+            remain_attempts = failed_attempts - lock_fail_count
             raise AppApiException(
                 1005,
                 _("Login failed %s times, account will be locked, you have %s more chances !") % (
                     failed_attempts, remain_attempts
                 )
             )
-        elif remain_attempts == 0:
-            cache.set(
+
+        # 当计数达到或超过阈值时，尝试原子创建锁键；无论 cache.add 返回 True/False，都返回已锁定响应，
+        # 因为若为 False 说明其他并发请求已将账户标记为锁定，行为应一致。
+        try:
+            locked = cache.add(
                 system_get_key(f'system_{username}_lock'),
                 1,
                 timeout=lock_time * 60,
                 version=system_version
             )
-            raise AppApiException(
-                1005,
-                _("This account has been locked for %s minutes, please try again later") % lock_time
-            )
+            if locked:
+                maxkb_logger.info("Account %s locked by setting cache key", username)
+            else:
+                maxkb_logger.info("Account %s lock key already present (another request set it)", username)
+        except Exception:
+            maxkb_logger.exception("Failed to set lock key for user %s", username)
+
+        raise AppApiException(
+            1005,
+            _("This account has been locked for %s minutes, please try again later") % lock_time
+        )
 
 
 class CaptchaResponse(serializers.Serializer):

installer/sandbox.c

@@ -22,15 +22,18 @@
 #include <pty.h>
 #include <stdint.h>
 #include <stdbool.h>
+#include <execinfo.h>
 
 #define CONFIG_FILE ".sandbox.conf"
 #define KEY_BANNED_HOSTS "SANDBOX_PYTHON_BANNED_HOSTS"
 #define KEY_ALLOW_DL_PATHS "SANDBOX_PYTHON_ALLOW_DL_PATHS"
+#define KEY_ALLOW_DL_OPEN "SANDBOX_PYTHON_ALLOW_DL_OPEN"
 #define KEY_ALLOW_SUBPROCESS "SANDBOX_PYTHON_ALLOW_SUBPROCESS"
 #define KEY_ALLOW_SYSCALL "SANDBOX_PYTHON_ALLOW_SYSCALL"
 
 static char *banned_hosts = NULL;
 static char *allow_dl_paths = NULL;
+static int allow_dl_open = 0;
 static int allow_subprocess = 0; // 默认禁止
 static int allow_syscall = 0;
 
@@ -39,6 +42,7 @@ static void load_sandbox_config() {
     if (dladdr((void *)load_sandbox_config, &info) == 0 || !info.dli_fname) {
         banned_hosts = strdup("");
         allow_dl_paths = strdup("");
+        allow_dl_open = 0;
         allow_subprocess = 0;
         allow_syscall = 0;
         return;
@@ -53,6 +57,7 @@ static void load_sandbox_config() {
     if (!fp) {
         banned_hosts = strdup("");
         allow_dl_paths = strdup("");
+        allow_dl_open = 0;
         allow_subprocess = 0;
         allow_syscall = 0;
         return;
@@ -62,6 +67,7 @@ static void load_sandbox_config() {
     if (allow_dl_paths) { free(allow_dl_paths); allow_dl_paths = NULL; }
     banned_hosts = strdup("");
     allow_dl_paths = strdup("");
+    allow_dl_open = 0;
     allow_subprocess = 0;
     allow_syscall = 0;
     while (fgets(line, sizeof(line), fp)) {
@@ -80,6 +86,8 @@ static void load_sandbox_config() {
         } else if (strcmp(key, KEY_ALLOW_DL_PATHS) == 0) {
             free(allow_dl_paths);
             allow_dl_paths = strdup(value);  // 逗号分隔字符串
+        } else if (strcmp(key, KEY_ALLOW_DL_OPEN) == 0) {
+            allow_dl_open = atoi(value);
         } else if (strcmp(key, KEY_ALLOW_SUBPROCESS) == 0) {
             allow_subprocess = atoi(value);
         } else if (strcmp(key, KEY_ALLOW_SYSCALL) == 0) {
@@ -503,6 +511,7 @@ long syscall(long number, ...) {
         case SYS_accept:
         case SYS_accept4:
         case SYS_sendto:
+        case SYS_sendmsg:
         case SYS_recvmsg:
         case SYS_getsockopt:
         case SYS_setsockopt:
@@ -519,6 +528,7 @@ long syscall(long number, ...) {
 #endif
         case SYS_fchmodat:
         case SYS_mprotect:
+        case SYS_pkey_mprotect:
 #ifdef SYS_open
         case SYS_open:
 #endif
@@ -533,6 +543,9 @@ long syscall(long number, ...) {
         case SYS_shmget:
         case SYS_shmctl:
         case SYS_prctl:
+        case SYS_io_uring_setup:
+        case SYS_io_uring_enter:
+        case SYS_io_uring_register:
             if (!allow_access_syscall()) {
                 throw_permission_denied_err(true, "access syscall %ld", number);
              }
@@ -543,7 +556,24 @@ long syscall(long number, ...) {
 /**
  * 限制加载动态链接库
  */
-static int is_in_allow_dl_paths(const char *filename) {
+static int called_from_python_import() {
+    if (allow_dl_open) return 1;
+    void *buf[32];
+    int n = backtrace(buf, 32);
+    for (int i = 0; i < n; i++) {
+        Dl_info info;
+        if (dladdr(buf[i], &info) && info.dli_sname) {
+            if (strstr(info.dli_sname, "PyImport") ||
+                strstr(info.dli_sname, "_PyImport")) {
+                return 1;
+            }
+        }
+    }
+    throw_permission_denied_err(true, "open dynamic link library");
+    return 0;
+}
+static int is_allow_dl(const char *filename) {
+    if (!called_from_python_import()) return 0;
     if (!filename || !*filename) return 1;
     ensure_config_loaded();
     if (!allow_dl_paths || !*allow_dl_paths) return 0;
@@ -570,7 +600,7 @@ static int is_in_allow_dl_paths(const char *filename) {
 }
 void *dlopen(const char *filename, int flag) {
     RESOLVE_REAL(dlopen);
-    if (is_sandbox_user() && !is_in_allow_dl_paths(filename)) {
+    if (is_sandbox_user() && !is_allow_dl(filename)) {
         throw_permission_denied_err(true, "access file %s", filename);
     }
     return real_dlopen(filename, flag);
@@ -580,7 +610,7 @@ void *__dlopen(const char *filename, int flag) {
 }
 void *dlmopen(Lmid_t lmid, const char *filename, int flags) {
     RESOLVE_REAL(dlmopen);
-    if (is_sandbox_user() && !is_in_allow_dl_paths(filename)) {
+    if (is_sandbox_user() && !is_allow_dl(filename)) {
         throw_permission_denied_err(true, "access file %s", filename);
     }
     return real_dlmopen(lmid, filename, flags);
@@ -602,7 +632,7 @@ void* mmap(void *addr, size_t len, int prot, int flags, int fd, off_t off) {
             throw_permission_denied_err(true, "mmap(readlink failed)");
         }
         real_path[n] = '\0';
-        if (!is_in_allow_dl_paths(real_path)) {
+        if (!is_allow_dl(real_path)) {
             throw_permission_denied_err(true, "mmap %s", real_path);
         }
     }

installer/start-maxkb.sh

@@ -11,4 +11,16 @@ fi
 mkdir -p /opt/maxkb/python-packages
 
 rm -f /opt/maxkb-app/tmp/*
+
+INIT_SHELL_DIR="/opt/maxkb/local/init-shells"
+if [ -d "$INIT_SHELL_DIR" ]; then
+    find "$INIT_SHELL_DIR" -maxdepth 1 -type f -name "*.sh" | sort | while IFS= read -r f; do
+        if bash "$f"; then
+            echo "[OK] init-shell >>> $f"
+        else
+            echo "[ERROR] init-shell >>> $f failed with exit code $?" >&2
+        fi
+    done
+fi
+
 python /opt/maxkb-app/main.py start