apunkt/SurfSense
1
0
Fork 0
mirror of https://github.com/MODSetter/SurfSense.git synced 2026-06-18 21:15:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
6775 commits 5 branches 251 tags 416 MiB
Commit graph

6775 commits

This branch
This branch
All branches
Author SHA1 Message Date
Rohan Verma
f75878f907
Merge pull request #1506 from okxint/fix/xinference-relative-image-url 
fix(image-gen): resolve relative URLs returned by Xinference and compatible backends
 2026-06-16 22:41:52 -07:00
okxint
a12cd21f2f fix(image-gen): resolve relative URLs returned by Xinference and compatible backends 
Some OpenAI-compatible image backends (e.g. Xinference) return a relative
URL like /files/image.png in data[0].url instead of an absolute one.
Browsers cannot resolve these, causing images to fail to load.

Track the provider's api_base after resolving model config via to_litellm().
When the returned URL starts with "/", extract the origin (scheme + host + port)
from api_base and prepend it to produce a full absolute URL.

No behaviour change for providers that return absolute URLs (OpenAI, Azure, etc).

Closes #1496
 2026-06-17 10:57:39 +05:30
Rohan Verma
a49103870b
Merge pull request #1503 from dmitrymaranik/fix/connector-index-cross-tenant-authz 
fix(connectors): scope index endpoint authorization to the connector's own search space
 2026-06-16 17:01:13 -07:00
Dmitry Maranik
81fc467187 test(connectors): regression tests for cross-search-space index authorization 
Two integration tests pinning the connector index endpoint's authorization:

- cross-space index (attacker owns space B, connector lives in victim's
  space A, request passes search_space_id=B) is rejected with 404 at the
  search-space reconciliation, before the permission check (which would
  otherwise pass for the attacker's own space).
- same-space index authorizes check_permission against the connector's
  own search space, not the caller-supplied query param.

Mirrors the existing tests/integration harness (direct handler calls with
the savepoint-rolled-back db_session; check_permission patched so the test
needs no real RBAC wiring).
 2026-06-16 16:18:40 -07:00
Dmitry Maranik
e1ea82d7cf fix(connectors): scope index endpoint authorization to the connector's own search space 
The POST /search-source-connectors/{connector_id}/index endpoint loaded
the connector by id and then called check_permission() against the
client-supplied search_space_id query parameter (the caller's own space)
rather than the connector's own search_space_id, and never verified that
the two matched.

A user could therefore index another user's connector by passing their
own search_space_id: the indexer ran with the victim connector's stored
credentials and wrote the fetched content into the attacker's search
space. The read/update/delete handlers already authorize against
connector.search_space_id; this brings the index handler in line.

Reject a connector that does not belong to the requested search space
(404, to avoid disclosing connectors in other spaces) and authorize the
permission check against connector.search_space_id.
 2026-06-16 15:58:30 -07:00
DESKTOP-RTLN3BA\$punk
8172f0f586 chore(migration): added dead users cleanup 2026-06-16 15:48:17 -07:00
DESKTOP-RTLN3BA\$punk
5d99489f4b feat(migration): implement chunk position backfill with batched updates and indexing for improved performance 2026-06-16 15:19:56 -07:00
Rohan Verma
b6d25d3828
Merge pull request #1499 from AnishSarkar22/feat/reverse-proxy 
feat: Add single-origin reverse proxy deployment with runtime web config
 2026-06-16 14:03:27 -07:00
Anish Sarkar
61f071ae68 refactor(web): replace Card component with Alert for messaging channels notification to enhance user experience 2026-06-17 00:06:41 +05:30
Anish Sarkar
9b7e278114 refactor(config): update GATEWAY_ENABLED variable to FALSE and adjust related configurations for improved messaging gateway handling 2026-06-16 23:49:26 +05:30
Anish Sarkar
4ed6343b91 refactor(docker): remove docker-entrypoint.sh and update Dockerfile to use CMD for server execution 2026-06-16 22:01:23 +05:30
Anish Sarkar
55c2e5c0d8 refactor(web): enhance redirect response in callback route 2026-06-16 21:00:53 +05:30
Anish Sarkar
c3a96aa532 refactor(web): simplify redirect response construction in callback route 2026-06-16 20:13:00 +05:30
Anish Sarkar
97ac02eba8 refactor(web): update environment variable references to use HOSTED_BACKEND_URL for improved consistency across workflows and scripts 2026-06-16 16:15:45 +05:30
Anish Sarkar
695da76f2e refactor(web): update environment variable handling to use build-time constants for auth type, deployment mode, and ETL service 2026-06-16 15:55:57 +05:30
Anish Sarkar
3f69bfd5e4 refactor(web): replace instances of BACKEND_URL with buildBackendUrl for improved URL handling 2026-06-16 14:51:25 +05:30
Anish Sarkar
371ff866c7 refactor(web): replace BACKEND_URL with buildBackendUrl for dynamic URL construction 2026-06-16 04:56:23 +05:30
Anish Sarkar
66659ee8d3 feat(docker): update Caddyfile to include specific reverse proxy routes for frontend auth and backend user profiles 2026-06-16 04:36:26 +05:30
Anish Sarkar
34a49df8a3 docs: document runtime env vars and same-origin proxy access 2026-06-16 02:12:11 +05:30
Anish Sarkar
2fb0f0c050 ci: align workflows and playwright with runtime env vars 2026-06-16 02:11:48 +05:30
Anish Sarkar
1313ec2109 fix(docker): disable response buffering for backend streaming 2026-06-16 02:11:32 +05:30
Anish Sarkar
cd5e0abe53 refactor(docker): drop build-time NEXT_PUBLIC injection for runtime env 2026-06-16 02:11:13 +05:30
Anish Sarkar
2a840fcc10 refactor(backend): derive frontend and backend urls from SURFSENSE_PUBLIC_URL 2026-06-16 02:10:50 +05:30
Anish Sarkar
1d050e7d40 refactor(web): drop google sign-in cta from marketing pages 2026-06-16 02:10:00 +05:30
Anish Sarkar
bc31b10ca6 refactor(web): consume runtime config in connectors and document uploads 2026-06-16 01:39:52 +05:30
Anish Sarkar
c5dd55e964 refactor(web): consume runtime config in auth and dashboard flows 2026-06-16 01:39:32 +05:30
Anish Sarkar
9ef2c6a60e refactor(web): route server proxies through SURFSENSE_BACKEND_INTERNAL_URL 2026-06-16 01:39:00 +05:30
Anish Sarkar
2da4a29a4d refactor(web): treat NEXT_PUBLIC env-config as packaged-client fallback 2026-06-16 01:38:33 +05:30
Anish Sarkar
5613908d0d feat(web): add runtime config provider for server-injected flags 2026-06-16 01:38:14 +05:30
Anish Sarkar
6b31997599 Merge remote-tracking branch 'upstream/dev' into experiment/lean-url-port-architecture 2026-06-15 20:52:15 +05:30
Anish Sarkar
cb1565c8f3 docs(docker): update .env.example for improved proxy configuration and clarity 2026-06-15 19:42:37 +05:30
Anish Sarkar
6d9540a1e8 docs(docker): document single-origin proxy deployment 2026-06-15 11:04:31 +05:30
Anish Sarkar
2c6cf8d795 refactor(docker): update installer output for proxy access 2026-06-15 11:04:02 +05:30
Anish Sarkar
f5d04cf8ba refactor(web): support same-origin backend and zero urls 2026-06-15 11:03:45 +05:30
Anish Sarkar
2373014943 feat(docker): route production stack through bundled proxy 2026-06-15 11:03:33 +05:30
Anish Sarkar
1f835d2818 feat(docker): add caddy reverse proxy assets 2026-06-15 11:03:12 +05:30
Rohan Verma
69bdcf5946
Merge pull request #1491 from AnishSarkar22/feat/unified-model-connections 
feat: Fix model attribution for prefix-stripped token usage callbacks
 2026-06-14 17:50:48 -07:00
Rohan Verma
ea23c46b3a
Merge pull request #1489 from CREDO23/features/documents-injestion-layered-cached 
[Performance] Document ingestion : Layered caching and Incremental chunk re-indexing
 2026-06-14 17:47:17 -07:00
Anish Sarkar
f2214b3db0 Merge remote-tracking branch 'upstream/dev' into feat/unified-model-connections 2026-06-15 02:15:00 +05:30
Anish Sarkar
792f6eba92 fix(model-selector): update chat model display logic and replace icon for manage models button 2026-06-14 21:59:06 +05:30
Anish Sarkar
e38c569e89 fix(DocumentsSidebar): simplify connector button label logic for clarity 2026-06-14 21:40:59 +05:30
Anish Sarkar
5937ce2292 feat(model-selector): implement chat model filtering and improve selection handling 2026-06-14 21:31:05 +05:30
Anish Sarkar
0c15a37618 chore: update dependencies in pyproject.toml and uv.lock, removing flower 2026-06-14 20:29:52 +05:30
Anish Sarkar
25541e8d3b chore: remove commented-out FLOWER_PORT from .env.example 2026-06-14 20:23:43 +05:30
CREDO23
32a6e54ce6 Merge remote-tracking branch 'upstream/dev' into features/documents-injestion-layered-cached 2026-06-14 11:30:33 +02:00
Anish Sarkar
381d17d9b3 feat(chat-ui): integrate chat model selection handling in Composer and related components 2026-06-14 12:40:49 +05:30
Anish Sarkar
d9a4f14f99 feat(token-tracking): enhance model metadata reconciliation by adding bare model name handling 2026-06-14 12:18:22 +05:30
Rohan Verma
7654e909cf
Merge pull request #1488 from AnishSarkar22/feat/unified-model-connections 
feat: unify provider-based model connection management
 2026-06-13 16:26:23 -07:00
Anish Sarkar
7926814070 refactor(model-connections): remove unused fields and update verification logic 2026-06-14 02:46:19 +05:30
Anish Sarkar
3ba92dca13 refactor(layout): update container class for documentation 2026-06-13 23:00:53 +05:30