Skip to content

Commit 9e9408d

Browse files
authored
Merge branch 'main' into fix/tavily-api-key-param
2 parents 3186144 + a82edce commit 9e9408d

27 files changed

Lines changed: 352 additions & 64 deletions

CONTRIBUTING.md

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,33 @@ Flowise has 3 different modules in a single mono repository.
116116

117117
11. Commit code and submit Pull Request from forked branch pointing to [Flowise main](https://github.com/FlowiseAI/Flowise/tree/main).
118118

119+
### Adding or modifying credential definitions
120+
121+
Credential definitions live in `packages/components/credentials/`. Each input field has a `type` that controls both UI rendering and how the value is handled on the server.
122+
123+
**Security rule: any field that contains a secret must use `type: 'url'` or `type: 'password'` — never `type: 'string'`.**
124+
125+
The server redacts both `url` and `password` fields before returning credential data to the client. Fields typed `string` are returned in plaintext, which exposes stored secrets to any authenticated user with `credentials:view` permission.
126+
127+
Use `type: 'url'` for connection strings with embedded credentials:
128+
129+
- Connection URLs that embed a username/password (e.g. `mongodb+srv://user:pass@host/db`, `redis://:pass@host`, `postgresql://user:pass@host/db`)
130+
- Displayed with the password portion masked (e.g. `mongodb+srv://user:••••••@host/db`); users with edit permission can reveal the full URL
131+
132+
Use `type: 'password'` for opaque secrets with no meaningful preview:
133+
134+
- API keys, access keys, secret keys, tokens
135+
- JSON blobs containing private keys or certificates (e.g. Google service account JSON)
136+
- Fully redacted in the UI; users must replace the entire value to update them
137+
138+
Fields that are safe as `type: 'string'`:
139+
140+
- Usernames / account names (when the password is a separate field)
141+
- Region, host, port, database name, project ID
142+
- Non-secret identifiers and configuration values
143+
144+
If in doubt, use `type: 'password'`. The only cost is that the field must be re-entered on edit; the cost of using `type: 'string'` for a secret is that it is exposed via the API.
145+
119146
### Testing
120147

121148
- Unit tests are **co-located** with their source files — a test for `Foo.ts` lives in `Foo.test.ts` in the same directory. This is the standard used across all packages in this repo.

package.json

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,7 @@
3535
"postinstall": "husky install",
3636
"migration:create": "pnpm typeorm migration:create",
3737
"changeset": "changeset",
38-
"changeset:version": "changeset version",
39-
"changeset:publish": "changeset publish"
38+
"changeset:version": "changeset version"
4039
},
4140
"lint-staged": {
4241
"*.{js,jsx,ts,tsx,json,md}": "eslint --fix"

packages/components/credentials/AWSCredential.credential.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ class AWSApi implements INodeCredential {
1919
{
2020
label: 'AWS Access Key',
2121
name: 'awsKey',
22-
type: 'string',
22+
type: 'password',
2323
placeholder: '<AWS_ACCESS_KEY_ID>',
2424
description: 'The access key for your AWS account.',
2525
optional: true

packages/components/credentials/BaiduApi.credential.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ class BaiduQianfanApi implements INodeCredential {
1414
{
1515
label: 'Qianfan Access Key',
1616
name: 'qianfanAccessKey',
17-
type: 'string'
17+
type: 'password'
1818
},
1919
{
2020
label: 'Qianfan Secret Key',

packages/components/credentials/CouchbaseApi.credential.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ class CouchbaseApi implements INodeCredential {
1515
{
1616
label: 'Couchbase Connection String',
1717
name: 'connectionString',
18-
type: 'string'
18+
type: 'url'
1919
},
2020
{
2121
label: 'Couchbase Username',

packages/components/credentials/GoogleAuth.credential.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ class GoogleVertexAuth implements INodeCredential {
3636
"auth_provider_x509_cert_url": ...,
3737
"client_x509_cert_url": ...
3838
}`,
39-
type: 'string',
39+
type: 'password',
4040
rows: 4,
4141
optional: true
4242
},

packages/components/credentials/MongoDBUrlApi.credential.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ class MongoDBUrlApi implements INodeCredential {
1515
{
1616
label: 'ATLAS Connection URL',
1717
name: 'mongoDBConnectUrl',
18-
type: 'string',
18+
type: 'url',
1919
placeholder: 'mongodb+srv://<user>:<pwd>@cluster0.example.mongodb.net/?retryWrites=true&w=majority'
2020
}
2121
]

packages/components/credentials/OpenSearchUrl.credential.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ class OpenSearchUrl implements INodeCredential {
1515
{
1616
label: 'OpenSearch Url',
1717
name: 'openSearchUrl',
18-
type: 'string'
18+
type: 'url'
1919
},
2020
{
2121
label: 'User',

packages/components/credentials/PostgresUrl.credential.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ class PostgresUrl implements INodeCredential {
1515
{
1616
label: 'Postgres URL',
1717
name: 'postgresUrl',
18-
type: 'string',
18+
type: 'url',
1919
placeholder: 'postgresql://localhost/mydb'
2020
}
2121
]

packages/components/credentials/RedisCacheUrlApi.credential.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ class RedisCacheUrlApi implements INodeCredential {
1515
{
1616
label: 'Redis URL',
1717
name: 'redisUrl',
18-
type: 'string',
18+
type: 'url',
1919
default: 'redis://localhost:6379'
2020
}
2121
]

0 commit comments

Comments
 (0)