auto-coder 0.1.308__py3-none-any.whl → 0.1.309__py3-none-any.whl

{auto_coder-0.1.308.dist-info → auto_coder-0.1.309.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: auto-coder
-Version: 0.1.308
+Version: 0.1.309
 Summary: AutoCoder: AutoCoder
 Author: allwefantasy
 Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
@@ -61,6 +61,7 @@ Requires-Dist: pydub
 Requires-Dist: youtube-transcript-api
 Requires-Dist: SpeechRecognition
 Requires-Dist: pathvalidate
+Requires-Dist: setuptools
 Requires-Dist: mcp ; python_version >= "3.10"
 
 <p align="center">

{auto_coder-0.1.308.dist-info → auto_coder-0.1.309.dist-info}/RECORD

@@ -1,7 +1,7 @@
 autocoder/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 autocoder/auto_coder.py,sha256=ifhdnd39tOIDu_4LdYTxjVCnwmpDoOC90RRwD8bhIKU,65983
 autocoder/auto_coder_lang.py,sha256=Rtupq6N3_HT7JRhDKdgCBcwRaiAnyCOR_Gsp4jUomrI,3229
-autocoder/auto_coder_rag.py,sha256=5TtAfbEBwyt-cB4WcI8eQ1G3AuKij0056wFYRViDhLs,34036
+autocoder/auto_coder_rag.py,sha256=vOqwBHdK_KwMNUUc8ji_tlZ5DoALAG1rDjWAic3rM-4,34561
 autocoder/auto_coder_rag_client_mcp.py,sha256=QRxUbjc6A8UmDMQ8lXgZkjgqtq3lgKYeatJbDY6rSo0,6270
 autocoder/auto_coder_rag_mcp.py,sha256=-RrjNwFaS2e5v8XDIrKR-zlUNUE8UBaeOtojffBrvJo,8521
 autocoder/auto_coder_runner.py,sha256=bvd1UXYzVT2L-I2ZCkdxy9Ap8P2Q6F2JD-F7QLvaIPc,106545
@@ -9,12 +9,12 @@ autocoder/auto_coder_server.py,sha256=E3Z829TPSooRSNhuh3_x9yaZi0f5G0Lm0ntoZhjGao
 autocoder/benchmark.py,sha256=Ypomkdzd1T3GE6dRICY3Hj547dZ6_inqJbBJIp5QMco,4423
 autocoder/chat_auto_coder.py,sha256=Cp5_m3pCxEDcRrVG1uojTfD8xecdl9FvYtD948TvLsg,25223
 autocoder/chat_auto_coder_lang.py,sha256=p1SUPw1_YBHK69yNViXr6iFhHL-PjFnrXExA2mXJ5ko,21655
-autocoder/command_args.py,sha256=9aYJ-AmPxP1sQh6ciw04FWHjSn31f2W9afXFwo8wgx4,30441
+autocoder/command_args.py,sha256=Sfn3TVCoijSm937ZFT_JTsjRIB1gtUr-OZvnWLeS2s8,30732
 autocoder/command_parser.py,sha256=fx1g9E6GaM273lGTcJqaFQ-hoksS_Ik2glBMnVltPCE,10013
 autocoder/lang.py,sha256=U6AjVV8Rs1uLyjFCZ8sT6WWuNUxMBqkXXIOs4S120uk,14511
 autocoder/models.py,sha256=AyoZ-Pzy0oyYUmWCxOIRiOImsqboSfRET7LO9-UOuxI,11172
 autocoder/run_context.py,sha256=IUfSO6_gp2Wt1blFWAmOpN0b0nDrTTk4LmtCYUBIoro,1643
-autocoder/version.py,sha256=Cn-FGSwetliy8k_Sn6xMPmQzEopzQ5Jw26xsX1g7uA8,23
+autocoder/version.py,sha256=pYQUD_mrZAZNxc9Lw3mOsln_cgf30rD3GGdAewKlpVU,23
 autocoder/agent/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 autocoder/agent/auto_demand_organizer.py,sha256=URAq0gSEiHeV_W4zwhOI_83kHz0Ryfj1gcfh5jwCv_w,6501
 autocoder/agent/auto_filegroup.py,sha256=pBsAkBcpFTff-9L5OwI8xhf2xPKpl-aZwz-skF2B6dc,6296
@@ -131,7 +131,7 @@ autocoder/privacy/__init__.py,sha256=LnIVvGu_K66zCE-yhN_-dPO8R80pQyedCsXJ7wRqQaI
 autocoder/privacy/model_filter.py,sha256=-N9ZvxxDKpxU7hkn-tKv-QHyXjvkCopUaKgvJwTOGQs,3369
 autocoder/pyproject/__init__.py,sha256=ms-A_pocgGv0oZPEW8JAdXi7G-VSVhkQ6CnWFe535Ec,14477
 autocoder/rag/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-autocoder/rag/api_server.py,sha256=gsk450_B-qGtBwJ1niG9-QFJAG0RGr2s2KdiMrzzbyQ,9582
+autocoder/rag/api_server.py,sha256=StGyxrM-7-W2vYHJq-i_Fv-MHrl9UgVWY272Hd-6VJ4,13090
 autocoder/rag/conversation_to_queries.py,sha256=xwmErn4WbdADnhK1me-h_6fV3KYrl_y1qPNQl1aoI6o,4810
 autocoder/rag/doc_filter.py,sha256=UduVO2mlrngwJICrefjDJTYfdmQ4GcRXrfWDQ7xXksk,14206
 autocoder/rag/document_retriever.py,sha256=5BDqKVJqLPScEnua5S5suXhWuCaALIfPf5obXeJoWfs,8461
@@ -198,9 +198,9 @@ autocoder/utils/types.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 autocoder/utils/auto_coder_utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 autocoder/utils/auto_coder_utils/chat_stream_out.py,sha256=xuBeWD0YOckqRo8JB1WkVIMOYH6c24m7JfV4svBfPDo,15113
 autocoder/utils/chat_auto_coder_utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-auto_coder-0.1.308.dist-info/LICENSE,sha256=HrhfyXIkWY2tGFK11kg7vPCqhgh5DcxleloqdhrpyMY,11558
-auto_coder-0.1.308.dist-info/METADATA,sha256=9Eqj3xOim16B-cWJRnUGOaF16HLZeCYW2wIIRaNJWAk,2721
-auto_coder-0.1.308.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
-auto_coder-0.1.308.dist-info/entry_points.txt,sha256=0nzHtHH4pNcM7xq4EBA2toS28Qelrvcbrr59GqD_0Ak,350
-auto_coder-0.1.308.dist-info/top_level.txt,sha256=Jqc0_uJSw2GwoFQAa9iJxYns-2mWla-9ok_Y3Gcznjk,10
-auto_coder-0.1.308.dist-info/RECORD,,
+auto_coder-0.1.309.dist-info/LICENSE,sha256=HrhfyXIkWY2tGFK11kg7vPCqhgh5DcxleloqdhrpyMY,11558
+auto_coder-0.1.309.dist-info/METADATA,sha256=PK_1Bf18b0XqyZNBitO_y_KFkBlR2sdlwDwYuJ2HjJM,2747
+auto_coder-0.1.309.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+auto_coder-0.1.309.dist-info/entry_points.txt,sha256=0nzHtHH4pNcM7xq4EBA2toS28Qelrvcbrr59GqD_0Ak,350
+auto_coder-0.1.309.dist-info/top_level.txt,sha256=Jqc0_uJSw2GwoFQAa9iJxYns-2mWla-9ok_Y3Gcznjk,10
+auto_coder-0.1.309.dist-info/RECORD,,

autocoder/auto_coder_rag.py

@@ -289,7 +289,11 @@ def main(input_args: Optional[List[str]] = None):
     serve_parser.add_argument("--ssl_keyfile", default="", help="")
     serve_parser.add_argument("--ssl_certfile", default="", help="")
     serve_parser.add_argument("--response_role", default="assistant", help="")
-    serve_parser.add_argument("--doc_dir", default="", help="")
+    serve_parser.add_argument(
+        "--doc_dir", 
+        default="", 
+        help="Document directory path, also used as the root directory for serving static files"
+    )
     serve_parser.add_argument("--enable_local_image_host", action="store_true", help=" enable local image host for local Chat app")
     serve_parser.add_argument("--tokenizer_path", default=tokenizer_path, help="")
     serve_parser.add_argument(
@@ -305,7 +309,17 @@ def main(input_args: Optional[List[str]] = None):
         action="store_true",
         help="Monitor mode for the doc update",
     )
-
+    serve_parser.add_argument(
+        "--max_static_path_length", 
+        type=int,
+        default=3000,
+        help="Maximum length allowed for static file paths (larger value to better support Chinese characters)"
+    )
+    serve_parser.add_argument(
+        "--enable_nginx_x_accel",
+        action="store_true",
+        help="Enable Nginx X-Accel-Redirect for static file serving when behind Nginx"
+    )
     serve_parser.add_argument(
         "--disable_auto_window",
         action="store_true",

autocoder/command_args.py

@@ -433,7 +433,11 @@ def parse_args(input_args: Optional[List[str]] = None) -> AutoCoderArgs:
     doc_serve_parse.add_argument("--ssl_certfile", default="", help="")
     doc_serve_parse.add_argument(
         "--response_role", default="assistant", help="")
-    doc_serve_parse.add_argument("--doc_dir", default="", help="")
+    doc_serve_parse.add_argument(
+        "--doc_dir", 
+        default="", 
+        help="Document directory path, also used as the root directory for serving static files"
+    )
     doc_serve_parse.add_argument("--tokenizer_path", default="", help="")
     doc_serve_parse.add_argument(
         "--collections", default="", help="Collection name for indexing"
@@ -453,6 +457,12 @@ def parse_args(input_args: Optional[List[str]] = None) -> AutoCoderArgs:
         action="store_true",
         help="Monitor mode for the doc update",
     )
+    doc_serve_parse.add_argument(
+        "--max_static_path_length", 
+        type=int,
+        default=1000, 
+        help="Maximum length allowed for static file paths"
+    )
 
     agent_parser = subparsers.add_parser("agent", help="Run an agent")
     agent_subparsers = agent_parser.add_subparsers(dest="agent_command")

autocoder/rag/api_server.py

@@ -49,6 +49,8 @@ TIMEOUT_KEEP_ALIVE = 5  # seconds
 # timeout in 10 minutes. Streaming can take longer than 3 min
 TIMEOUT = float(os.environ.get("BYZERLLM_APISERVER_HTTP_TIMEOUT", 600))
 
+# Static file serving security settings
+
 router_app = FastAPI()
 
 
@@ -178,46 +180,51 @@ async def embed(body: EmbeddingCompletionRequest):
     )
 
 @router_app.get("/static/{full_path:path}")
-async def serve_image(full_path: str, request: Request):
-    
-    allowed_file_type = ['.png', '.jpg', '.jpeg', '.gif', '.bmp', '.webp']
+async def serve_static_file(full_path: str, request: Request):
     
-    if any(full_path.endswith(ext) for ext in allowed_file_type):
-        try:
-            # 获取文件的完整路径，并进行URL解码
-            file_path = unquote(full_path)
-            # 使用 os.path.normpath 来标准化路径，自动处理不同操作系统的路径分隔符
-            file_path = os.path.normpath(file_path)
-            if not os.path.isabs(file_path):
-                file_path = os.path.join("/", file_path)
-            
-            # 检查文件是否存在
-            if not os.path.exists(file_path):
-                raise FileNotFoundError(f"File not found: {file_path}")
-                
-            # 异步读取文件内容
-            async with aiofiles.open(file_path, "rb") as f:
-                content = await f.read()
-            
+    try:
+        # 路径安全检查已经在中间件中完成
+        # 直接使用规范化的路径
+        file_path = os.path.join("/", os.path.normpath(unquote(full_path)))
+        
+        # 检查文件是否存在
+        if not os.path.exists(file_path):
+            raise FileNotFoundError(f"File not found: {file_path}")
+        
+        # 如果启用了Nginx X-Accel-Redirect，使用X-Accel特性
+        if hasattr(request.app.state, "enable_nginx_x_accel") and request.app.state.enable_nginx_x_accel:
             # 获取文件的 MIME 类型
             content_type = mimetypes.guess_type(file_path)[0]
             if not content_type:
                 content_type = "application/octet-stream"
                 
-            # 返回文件内容
-            return Response(content=content, media_type=content_type)
-        except FileNotFoundError as e:
-            logger.error(f"Image not found: {str(e)}")
-            raise HTTPException(status_code=404, detail=f"Image not found: {str(e)}")
-        except PermissionError as e:
-            logger.error(f"Permission denied: {str(e)}")
-            raise HTTPException(status_code=403, detail=f"Permission denied: {str(e)}")
-        except Exception as e:
-            logger.error(f"Error serving image: {str(e)}")
-            raise HTTPException(status_code=500, detail=f"Error serving image: {str(e)}")
-    
-    # 如果路径中没有图片, 返回 404
-    raise HTTPException(status_code=404, detail="Only images are supported")
+            # 返回带X-Accel-Redirect头的响应
+            # 通过添加X-Accel-Redirect头告诉Nginx直接提供该文件
+            # 注意：Nginx配置必须正确设置内部路径映射
+            response = Response(content="", media_type=content_type)
+            response.headers["X-Accel-Redirect"] = f"/internal{file_path}"
+            return response
+            
+        # 默认行为：异步读取文件内容
+        async with aiofiles.open(file_path, "rb") as f:
+            content = await f.read()
+        
+        # 获取文件的 MIME 类型
+        content_type = mimetypes.guess_type(file_path)[0]
+        if not content_type:
+            content_type = "application/octet-stream"
+            
+        # 返回文件内容
+        return Response(content=content, media_type=content_type)
+    except FileNotFoundError as e:
+        logger.error(f"File not found: {str(e)}")
+        raise HTTPException(status_code=404, detail=f"File not found: {str(e)}")
+    except PermissionError as e:
+        logger.error(f"Permission denied: {str(e)}")
+        raise HTTPException(status_code=403, detail=f"Permission denied: {str(e)}")
+    except Exception as e:
+        logger.error(f"Error serving file: {str(e)}")
+        raise HTTPException(status_code=500, detail=f"Error serving file: {str(e)}")
 
 class ServerArgs(BaseModel):
     host: str = None
@@ -234,14 +241,38 @@ class ServerArgs(BaseModel):
     response_role: str = "assistant"
     ssl_keyfile: str = None
     ssl_certfile: str = None 
-    doc_dir: str = "" 
-    tokenizer_path: Optional[str] = None     
+    doc_dir: str = ""  # Document directory path, also used as the root directory for serving static files
+    tokenizer_path: Optional[str] = None
+    max_static_path_length: int = int(os.environ.get("BYZERLLM_MAX_STATIC_PATH_LENGTH", 3000))  # Maximum length allowed for static file paths (larger value to better support Chinese characters)
+    enable_nginx_x_accel: bool = False  # Enable Nginx X-Accel-Redirect for static file serving
 
 def serve(llm:ByzerLLM, args: ServerArgs):
     
     logger.info(f"ByzerLLM API server version {version}")
     logger.info(f"args: {args}")
 
+    # 设置静态文件路径长度限制
+    max_path_length = args.max_static_path_length
+    logger.info(f"Maximum static file path length: {max_path_length}")
+    
+    # 存储Nginx X-Accel设置到应用状态
+    router_app.state.enable_nginx_x_accel = args.enable_nginx_x_accel
+    if args.enable_nginx_x_accel:
+        logger.info("Nginx X-Accel-Redirect enabled for static file serving")
+    
+    # 确定允许访问的静态文件目录
+    # 优先级：1. 环境变量 BYZERLLM_ALLOWED_STATIC_DIR
+    #        2. 命令行参数 doc_dir
+    #        3. 默认值 "/tmp"
+    allowed_static_dir = os.environ.get("BYZERLLM_ALLOWED_STATIC_DIR")
+    if not allowed_static_dir and args.doc_dir:
+        allowed_static_dir = args.doc_dir
+    if not allowed_static_dir:
+        allowed_static_dir = "/tmp"
+    
+    allowed_static_abs = os.path.abspath(allowed_static_dir)
+    logger.info(f"Static files root directory: {allowed_static_abs}")
+    
     router_app.add_middleware(
         CORSMiddleware,
         allow_origins=args.allowed_origins,
@@ -250,6 +281,47 @@ def serve(llm:ByzerLLM, args: ServerArgs):
         allow_headers=args.allowed_headers,
     )
     
+    # Add static file security middleware
+    @router_app.middleware("http")
+    async def static_file_security(request: Request, call_next):
+        # Only apply to static routes
+        if request.url.path.startswith("/static/"):
+            # Extract the full_path from the URL
+            path_parts = request.url.path.split("/static/", 1)
+            if len(path_parts) > 1:
+                full_path = path_parts[1]
+                
+                # Check path length
+                if len(full_path) > max_path_length:
+                    logger.warning(f"Path too long: {len(full_path)} > {max_path_length}")
+                    return JSONResponse(
+                        content={"error": "Path too long"},
+                        status_code=401
+                    )
+                
+                # Add warning when path length approaches the limit (80% of max)
+                if len(full_path) > (max_path_length * 0.8):
+                    logger.warning(f"Path length approaching limit: {len(full_path)} is {(len(full_path) / max_path_length * 100):.1f}% of max ({max_path_length})")
+                
+                # Decode and normalize path
+                decoded_path = unquote(full_path)
+                normalized_path = os.path.normpath(decoded_path)
+                
+                # Check if path is in allowed directory
+                abs_path = os.path.abspath(os.path.join("/", normalized_path))
+                
+                # 使用预先计算好的allowed_static_abs
+                is_allowed = abs_path.startswith(allowed_static_abs)
+                
+                if not is_allowed:
+                    logger.warning(f"Unauthorized path access: {abs_path}")
+                    return JSONResponse(
+                        content={"error": "Unauthorized path"},
+                        status_code=401
+                    )
+        
+        return await call_next(request)
+    
     if token := os.environ.get("BYZERLLM_API_KEY") or args.api_key:
 
         @router_app.middleware("http")

autocoder/version.py

@@ -1 +1 @@
-__version__ = "0.1.308"
+__version__ = "0.1.309"