MindsDB 25.8.3.0__py3-none-any.whl → 25.9.1.1__py3-none-any.whl

mindsdb/api/executor/utilities/sql.py

@@ -14,19 +14,7 @@ from mindsdb.utilities.exception import format_db_error_message
 from mindsdb.utilities.functions import resolve_table_identifier, resolve_model_identifier
 from mindsdb.utilities.json_encoder import CustomJSONEncoder
 from mindsdb.utilities.render.sqlalchemy_render import SqlalchemyRender
-from mindsdb.api.executor.utilities.mysql_to_duckdb_functions import (
-    adapt_char_fn,
-    adapt_locate_fn,
-    adapt_unhex_fn,
-    adapt_format_fn,
-    adapt_sha2_fn,
-    adapt_length_fn,
-    adapt_regexp_substr_fn,
-    adapt_substring_index_fn,
-    adapt_curtime_fn,
-    adapt_timestampdiff_fn,
-    adapt_extract_fn,
-)
+from mindsdb.api.executor.utilities.mysql_to_duckdb_functions import mysql_to_duckdb_fnc
 
 logger = log.getLogger(__name__)
 
@@ -196,25 +184,15 @@ def query_df(df, query, session=None):
                 node.parts = [node.parts[-1]]
                 return node
         if isinstance(node, Function):
-            fnc_name = node.op.lower()
-
-            mysql_to_duck_fn_map = {
-                "char": adapt_char_fn,
-                "locate": adapt_locate_fn,
-                "insrt": adapt_locate_fn,
-                "unhex": adapt_unhex_fn,
-                "format": adapt_format_fn,
-                "sha2": adapt_sha2_fn,
-                "length": adapt_length_fn,
-                "regexp_substr": adapt_regexp_substr_fn,
-                "substring_index": adapt_substring_index_fn,
-                "curtime": adapt_curtime_fn,
-                "timestampdiff": adapt_timestampdiff_fn,
-                "extract": adapt_extract_fn,
-            }
-            if fnc_name in mysql_to_duck_fn_map:
-                return mysql_to_duck_fn_map[fnc_name](node)
+            fnc = mysql_to_duckdb_fnc(node)
+            if fnc is not None:
+                node2 = fnc(node)
+                if node2 is not None:
+                    # copy alias
+                    node2.alias = node.alias
+                return node2
 
+            fnc_name = node.op.lower()
             if fnc_name == "database" and len(node.args) == 0:
                 if session is not None:
                     cur_db = session.database

mindsdb/api/http/initialize.py

@@ -1,5 +1,4 @@
 import os
-import secrets
 import mimetypes
 import threading
 import traceback
@@ -27,7 +26,7 @@ from mindsdb.api.http.namespaces.chatbots import ns_conf as chatbots_ns
 from mindsdb.api.http.namespaces.jobs import ns_conf as jobs_ns
 from mindsdb.api.http.namespaces.config import ns_conf as conf_ns
 from mindsdb.api.http.namespaces.databases import ns_conf as databases_ns
-from mindsdb.api.http.namespaces.default import ns_conf as default_ns, check_auth
+from mindsdb.api.http.namespaces.default import ns_conf as default_ns
 from mindsdb.api.http.namespaces.file import ns_conf as file_ns
 from mindsdb.api.http.namespaces.handlers import ns_conf as handlers_ns
 from mindsdb.api.http.namespaces.knowledge_bases import ns_conf as knowledge_bases_ns
@@ -47,12 +46,13 @@ from mindsdb.interfaces.jobs.jobs_controller import JobsController
 from mindsdb.interfaces.storage import db
 from mindsdb.metrics.server import init_metrics
 from mindsdb.utilities import log
-from mindsdb.utilities.config import Config
+from mindsdb.utilities.config import config
 from mindsdb.utilities.context import context as ctx
 from mindsdb.utilities.json_encoder import CustomJSONProvider
 from mindsdb.utilities.ps import is_pid_listen_port, wait_func_is_true
 from mindsdb.utilities.sentry import sentry_sdk  # noqa: F401
 from mindsdb.utilities.otel import trace  # noqa: F401
+from mindsdb.api.common.middleware import verify_pat
 
 logger = log.getLogger(__name__)
 
@@ -95,7 +95,7 @@ def custom_output_json(data, code, headers=None):
     return resp
 
 
-def get_last_compatible_gui_version() -> Version:
+def get_last_compatible_gui_version() -> Version | bool:
     logger.debug("Getting last compatible frontend..")
     try:
         res = requests.get(
@@ -164,7 +164,6 @@ def get_last_compatible_gui_version() -> Version:
 
 def get_current_gui_version() -> Version:
     logger.debug("Getting current frontend version...")
-    config = Config()
     static_path = Path(config["paths"]["static"])
     version_txt_path = static_path.joinpath("version.txt")
 
@@ -181,7 +180,6 @@ def get_current_gui_version() -> Version:
 
 def initialize_static():
     logger.debug("Initializing static..")
-    config = Config()
     last_gui_version_lv = get_last_compatible_gui_version()
     current_gui_version_lv = get_current_gui_version()
     required_gui_version = config["gui"].get("version")
@@ -190,17 +188,18 @@ def initialize_static():
         required_gui_version_lv = parse_version(required_gui_version)
         success = True
         if current_gui_version_lv is None or required_gui_version_lv != current_gui_version_lv:
-            logger.debug("Updating gui..")
             success = update_static(required_gui_version_lv)
     else:
         if last_gui_version_lv is False:
+            logger.debug(
+                "The number of the latest version has not been determined, "
+                f"so we will continue using the current version: {current_gui_version_lv}"
+            )
             return False
 
-        # ignore versions like '23.9.2.2'
-        if current_gui_version_lv is not None and len(current_gui_version_lv.release) < 3:
-            if current_gui_version_lv == last_gui_version_lv:
-                return True
-        logger.debug("Updating gui..")
+        if current_gui_version_lv == last_gui_version_lv:
+            logger.debug(f"The latest version is already in use: {current_gui_version_lv}")
+            return True
         success = update_static(last_gui_version_lv)
 
     if db.session:
@@ -208,21 +207,22 @@ def initialize_static():
     return success
 
 
-def initialize_app(config, no_studio):
+def initialize_app():
     static_root = config["paths"]["static"]
     logger.debug(f"Static route: {static_root}")
     gui_exists = Path(static_root).joinpath("index.html").is_file()
     logger.debug(f"Does GUI already exist.. {'YES' if gui_exists else 'NO'}")
     init_static_thread = None
-    if no_studio is False and (config["gui"]["autoupdate"] is True or gui_exists is False):
+
+    if config["gui"]["autoupdate"] is True or (config["gui"]["open_on_start"] is True and gui_exists is False):
         init_static_thread = threading.Thread(target=initialize_static, name="initialize_static")
         init_static_thread.start()
 
     # Wait for static initialization.
-    if not no_studio and init_static_thread is not None:
+    if config["gui"]["open_on_start"] is True and init_static_thread is not None:
         init_static_thread.join()
 
-    app, api = initialize_flask(config, init_static_thread, no_studio)
+    app, api = initialize_flask(config, init_static_thread)
     Compress(app)
 
     initialize_interfaces(app)
@@ -312,14 +312,20 @@ def initialize_app(config, no_studio):
     def before_request():
         logger.debug(f"HTTP {request.method}: {request.path}")
         ctx.set_default()
-        config = Config()
+
+        h = request.headers.get("Authorization")
+        if not h or not h.startswith("Bearer "):
+            bearer = None
+        else:
+            bearer = h.split(" ", 1)[1].strip() or None
 
         # region routes where auth is required
         if (
             config["auth"]["http_auth_enabled"] is True
             and any(request.path.startswith(f"/api{ns.path}") for ns in protected_namespaces)
-            and check_auth() is False
+            and verify_pat(bearer) is False
         ):
+            logger.debug(f"Auth failed for path {request.path}")
             return http_error(
                 HTTPStatus.UNAUTHORIZED,
                 "Unauthorized",
@@ -340,29 +346,23 @@ def initialize_app(config, no_studio):
         except Exception:
             user_id = 0
 
-        try:
-            session_id = request.cookies.get("session")
-        except Exception:
-            session_id = "unknown"
-
         if company_id is not None:
             try:
                 company_id = int(company_id)
             except Exception as e:
-                logger.error(f"Cloud not parse company id: {company_id} | exception: {e}")
+                logger.error(f"Could not parse company id: {company_id} | exception: {e}")
                 company_id = None
 
         if user_class is not None:
             try:
                 user_class = int(user_class)
             except Exception as e:
-                logger.error(f"Cloud not parse user_class: {user_class} | exception: {e}")
+                logger.error(f"Could not parse user_class: {user_class} | exception: {e}")
                 user_class = 0
         else:
             user_class = 0
 
         ctx.user_id = user_id
-        ctx.session_id = session_id
         ctx.company_id = company_id
         ctx.user_class = user_class
         ctx.email_confirmed = email_confirmed
@@ -371,21 +371,18 @@ def initialize_app(config, no_studio):
     return app
 
 
-def initialize_flask(config, init_static_thread, no_studio):
+def initialize_flask(config, init_static_thread):
     logger.debug("Initializing flask..")
     # region required for windows https://github.com/mindsdb/mindsdb/issues/2526
     mimetypes.add_type("text/css", ".css")
     mimetypes.add_type("text/javascript", ".js")
     # endregion
 
-    kwargs = {}
-    if no_studio is not True:
-        static_path = os.path.join(config["paths"]["static"], "static/")
-        if os.path.isabs(static_path) is False:
-            static_path = os.path.join(os.getcwd(), static_path)
-        kwargs["static_url_path"] = "/static"
-        kwargs["static_folder"] = static_path
-        logger.debug(f"Static path: {static_path}")
+    static_path = os.path.join(config["paths"]["static"], "static/")
+    if os.path.isabs(static_path) is False:
+        static_path = os.path.join(os.getcwd(), static_path)
+    kwargs = {"static_url_path": "/static", "static_folder": static_path}
+    logger.debug(f"Static path: {static_path}")
 
     app = Flask(__name__, **kwargs)
     init_metrics(app)
@@ -394,14 +391,11 @@ def initialize_flask(config, init_static_thread, no_studio):
     FlaskInstrumentor().instrument_app(app)
     RequestsInstrumentor().instrument()
 
-    app.config["SECRET_KEY"] = os.environ.get("FLASK_SECRET_KEY", secrets.token_hex(32))
-    app.config["SESSION_COOKIE_NAME"] = "session"
-    app.config["PERMANENT_SESSION_LIFETIME"] = config["auth"]["http_permanent_session_lifetime"]
     app.config["SEND_FILE_MAX_AGE_DEFAULT"] = 60
     app.config["SWAGGER_HOST"] = "http://localhost:8000/mindsdb"
     app.json = CustomJSONProvider()
 
-    authorizations = {"apikey": {"type": "session", "in": "query", "name": "session"}}
+    authorizations = {"apikey": {"type": "apiKey", "in": "header", "name": "Authorization"}}
 
     logger.debug("Creating swagger API..")
     api = Swagger_Api(
@@ -418,8 +412,7 @@ def initialize_flask(config, init_static_thread, no_studio):
     port = config["api"]["http"]["port"]
     host = config["api"]["http"]["host"]
 
-    # NOTE rewrite it, that hotfix to see GUI link
-    if not no_studio:
+    if config["gui"]["open_on_start"]:
         if host in ("", "0.0.0.0"):
             url = f"http://127.0.0.1:{port}/"
         else:
@@ -443,8 +436,6 @@ def initialize_interfaces(app):
     app.database_controller = DatabaseController()
     app.file_controller = FileController()
     app.jobs_controller = JobsController()
-    config = Config()
-    app.config_obj = config
 
 
 def _open_webbrowser(url: str, pid: int, port: int, init_static_thread, static_folder):

mindsdb/api/http/namespaces/auth.py

@@ -4,7 +4,7 @@ import time
 import urllib
 
 import requests
-from flask import redirect, request, session, url_for
+from flask import redirect, request, url_for
 from flask_restx import Resource
 
 from mindsdb.api.http.namespaces.configs.auth import ns_conf
@@ -21,9 +21,7 @@ def get_access_token() -> str:
     Returns:
         str: token
     """
-    return (
-        Config().get("auth", {}).get("oauth", {}).get("tokens", {}).get("access_token")
-    )
+    return Config().get("auth", {}).get("oauth", {}).get("tokens", {}).get("access_token")
 
 
 def request_user_info(access_token: str = None) -> dict:
@@ -58,7 +56,7 @@ def request_user_info(access_token: str = None) -> dict:
 @ns_conf.hide
 class Auth(Resource):
     @ns_conf.doc(params={"code": "authentification code"})
-    @api_endpoint_metrics('GET', '/auth/code')
+    @api_endpoint_metrics("GET", "/auth/code")
     def get(self):
         """callback from auth server if authentification is successful"""
         config = Config()
@@ -72,9 +70,7 @@ class Auth(Resource):
         client_id = oauth_meta["client_id"]
         client_secret = oauth_meta["client_secret"]
         auth_server = oauth_meta["server_host"]
-        client_basic = base64.b64encode(
-            f"{client_id}:{client_secret}".encode()
-        ).decode()
+        client_basic = base64.b64encode(f"{client_id}:{client_secret}".encode()).decode()
 
         redirect_uri = f"https://{public_hostname}{request.path}"
         response = requests.post(
@@ -115,7 +111,7 @@ class Auth(Resource):
                     "public_hostname": public_hostname,
                     "ami_id": aws_meta_data.get("ami-id"),
                 },
-                headers={"Authorization": f'Bearer {tokens["access_token"]}'},
+                headers={"Authorization": f"Bearer {tokens['access_token']}"},
                 timeout=5,
             )
             if resp.status_code != 200:
@@ -123,10 +119,6 @@ class Auth(Resource):
         except Exception as e:
             logger.warning(f"Cant't send request to cloud server: {e}")
 
-        session["username"] = user_data["name"]
-        session["auth_provider"] = "cloud"
-        session.permanent = True
-
         if request.path.endswith("/auth/callback/cloud_home"):
             return redirect(f"https://{auth_server}")
         else:
@@ -140,7 +132,7 @@ class CloudLoginRoute(Resource):
         responses={302: "Redirect to auth server"},
         params={"location": "final redirection should lead to that location"},
     )
-    @api_endpoint_metrics('GET', '/auth/cloud_login')
+    @api_endpoint_metrics("GET", "/auth/cloud_login")
     def get(self):
         """redirect to cloud login form"""
         location = request.args.get("location")

mindsdb/api/http/namespaces/config.py

@@ -32,8 +32,6 @@ class GetConfig(Resource):
             value = config.get(key)
             if value is not None:
                 resp[key] = value
-        if "a2a" in config["api"]:
-            resp["a2a"] = config["api"]["a2a"]
         return resp
 
     @ns_conf.doc("put_config")

mindsdb/api/http/namespaces/default.py

@@ -1,6 +1,4 @@
-import time
-
-from flask import request, session
+from flask import request
 from flask_restx import Resource
 from flask_restx import fields
 
@@ -10,143 +8,113 @@ from mindsdb.api.http.utils import http_error
 from mindsdb.metrics.metrics import api_endpoint_metrics
 from mindsdb.utilities.config import Config
 from mindsdb.utilities import log
+from mindsdb.api.common.middleware import generate_pat, revoke_pat, verify_pat
 
 
 logger = log.getLogger(__name__)
 
 
-def check_auth() -> bool:
-    ''' checking whether current user is authenticated
-
-        Returns:
-            bool: True if user authentication is approved
-    '''
-    config = Config()
-    if config['auth']['http_auth_enabled'] is False:
-        return True
-
-    if config['auth'].get('provider') == 'cloud':
-        if isinstance(session.get('username'), str) is False:
-            return False
-
-        if config['auth']['oauth']['tokens']['expires_at'] < time.time():
-            return False
-
-        return True
-
-    return session.get('username') == config['auth']['username']
-
-
-@ns_conf.route('/login', methods=['POST'])
+@ns_conf.route("/login", methods=["POST"])
 class LoginRoute(Resource):
     @ns_conf.doc(
-        responses={
-            200: 'Success',
-            400: 'Error in username or password',
-            401: 'Invalid username or password'
-        },
-        body=ns_conf.model('request_login', {
-            'username': fields.String(description='Username'),
-            'password': fields.String(description='Password')
-        })
+        responses={200: "Success", 400: "Error in username or password", 401: "Invalid username or password"},
+        body=ns_conf.model(
+            "request_login",
+            {"username": fields.String(description="Username"), "password": fields.String(description="Password")},
+        ),
     )
-    @api_endpoint_metrics('POST', '/default/login')
+    @api_endpoint_metrics("POST", "/default/login")
     def post(self):
-        ''' Check user's credentials and creates a session
-        '''
-        username = request.json.get('username')
-        password = request.json.get('password')
+        """Check user's credentials and creates a session"""
+        username = request.json.get("username")
+        password = request.json.get("password")
         if (
-            isinstance(username, str) is False or len(username) == 0
-            or isinstance(password, str) is False or len(password) == 0
+            isinstance(username, str) is False
+            or len(username) == 0
+            or isinstance(password, str) is False
+            or len(password) == 0
         ):
-            return http_error(
-                400, 'Error in username or password',
-                'Username and password should be string'
-            )
+            return http_error(400, "Error in username or password", "Username and password should be string")
 
         config = Config()
-        inline_username = config['auth']['username']
-        inline_password = config['auth']['password']
+        inline_username = config["auth"]["username"]
+        inline_password = config["auth"]["password"]
 
-        if (
-            username != inline_username
-            or password != inline_password
-        ):
-            return http_error(
-                401, 'Forbidden',
-                'Invalid username or password'
-            )
+        if username != inline_username or password != inline_password:
+            return http_error(401, "Forbidden", "Invalid username or password")
 
-        session.clear()
-        session['username'] = username
-        session.permanent = True
+        logger.info(f"User '{username}' logged in successfully")
 
-        return '', 200
+        return {"token": generate_pat()}, 200
 
 
-@ns_conf.route('/logout', methods=['POST'])
+@ns_conf.route("/logout", methods=["POST"])
 class LogoutRoute(Resource):
-    @ns_conf.doc(
-        responses={
-            200: 'Success'
-        }
-    )
-    @api_endpoint_metrics('POST', '/default/logout')
+    @ns_conf.doc(responses={200: "Success"})
+    @api_endpoint_metrics("POST", "/default/logout")
     def post(self):
-        session.clear()
-        return '', 200
+        # We can't forcibly log out a user with the
+        h = request.headers.get("Authorization")
+        if not h or not h.startswith("Bearer "):
+            bearer = None
+        else:
+            bearer = h.split(" ", 1)[1].strip() or None
+        revoke_pat(bearer)
+        return "", 200
 
 
-@ns_conf.route('/status')
+@ns_conf.route("/status")
 class StatusRoute(Resource):
     @ns_conf.doc(
-        responses={
-            200: 'Success'
-        },
-        model=ns_conf.model('response_status', {
-            'environment': fields.String(description='The name of current environment: cloud, local or other'),
-            'mindsdb_version': fields.String(description='Current version of mindsdb'),
-            'auth': fields.Nested(
-                ns_conf.model('response_status_auth', {
-                    'confirmed': fields.Boolean(description='is current user authenticated'),
-                    'required': fields.Boolean(description='is authenticated required'),
-                    'provider': fields.Boolean(description='current authenticated provider: local of 3d-party')
-                })
-            )
-        })
+        responses={200: "Success"},
+        model=ns_conf.model(
+            "response_status",
+            {
+                "environment": fields.String(description="The name of current environment: cloud, local or other"),
+                "mindsdb_version": fields.String(description="Current version of mindsdb"),
+                "auth": fields.Nested(
+                    ns_conf.model(
+                        "response_status_auth",
+                        {
+                            "confirmed": fields.Boolean(description="is current user authenticated"),
+                            "required": fields.Boolean(description="is authenticated required"),
+                            "provider": fields.Boolean(description="current authenticated provider: local of 3d-party"),
+                        },
+                    )
+                ),
+            },
+        ),
     )
-    @api_endpoint_metrics('GET', '/default/status')
+    @api_endpoint_metrics("GET", "/default/status")
     def get(self):
-        ''' returns auth and environment data
-        '''
-        environment = 'local'
+        """returns auth and environment data"""
+        environment = "local"
         config = Config()
 
-        environment = config.get('environment')
+        environment = config.get("environment")
         if environment is None:
-            if config.get('cloud', False):
-                environment = 'cloud'
-            elif config.get('aws_marketplace', False):
-                environment = 'aws_marketplace'
+            if config.get("cloud", False):
+                environment = "cloud"
+            elif config.get("aws_marketplace", False):
+                environment = "aws_marketplace"
             else:
-                environment = 'local'
+                environment = "local"
 
-        auth_provider = 'disabled'
-        if config['auth']['http_auth_enabled'] is True:
-            if config['auth'].get('provider') is not None:
-                auth_provider = config['auth'].get('provider')
+        auth_provider = "disabled"
+        if config["auth"]["http_auth_enabled"] is True:
+            if config["auth"].get("provider") is not None:
+                auth_provider = config["auth"].get("provider")
             else:
-                auth_provider = 'local'
+                auth_provider = "local"
 
         resp = {
-            'mindsdb_version': mindsdb_version,
-            'environment': environment,
-            'auth': {
-                'confirmed': check_auth(),
-                'http_auth_enabled': config['auth']['http_auth_enabled'],
-                'provider': auth_provider
-            }
+            "mindsdb_version": mindsdb_version,
+            "environment": environment,
+            "auth": {
+                "confirmed": verify_pat(request.headers.get("Authorization", "").replace("Bearer ", "")),
+                "http_auth_enabled": config["auth"]["http_auth_enabled"],
+                "provider": auth_provider,
+            },
         }
 
         return resp

mindsdb/api/http/namespaces/file.py

@@ -3,6 +3,7 @@ import shutil
 import tarfile
 import tempfile
 import zipfile
+from pathlib import Path
 from urllib.parse import urlparse
 
 import multipart
@@ -60,7 +61,10 @@ class File(Resource):
 
         def on_file(file):
             nonlocal file_object
-            data["file"] = file.file_name.decode()
+            file_name = file.file_name.decode()
+            data["file"] = file_name
+            if Path(file_name).name != file_name:
+                raise ValueError(f"Wrong file name: {file_name}")
             file_object = file.file_object
 
         temp_dir_path = tempfile.mkdtemp(prefix="mindsdb_file_")
@@ -72,8 +76,9 @@ class File(Resource):
                 on_file=on_file,
                 config={
                     "UPLOAD_DIR": temp_dir_path.encode(),  # bytes required
-                    "UPLOAD_KEEP_FILENAME": True,
+                    "UPLOAD_KEEP_FILENAME": False,
                     "UPLOAD_KEEP_EXTENSIONS": True,
+                    "UPLOAD_DELETE_TMP": False,
                     "MAX_MEMORY_FILE_SIZE": 0,
                 },
             )
@@ -93,6 +98,7 @@ class File(Resource):
                     except (AttributeError, ValueError, OSError):
                         logger.debug("Failed to flush file_object before closing.", exc_info=True)
                     file_object.close()
+                Path(file_object.name).rename(Path(file_object.name).parent / data["file"])
                 file_object = None
         else:
             data = request.json
@@ -101,7 +107,7 @@ class File(Resource):
             return http_error(
                 400,
                 "File already exists",
-                f"File with name '{data['file']}' already exists",
+                f"File with name '{mindsdb_file_name}' already exists",
             )
 
         if data.get("source_type") == "url":