security: fix api image security issues (langgenius#6971)

liuhaoran1212 · Aug 5, 2024 · 6da14c2 · 6da14c2
1 parent a342851
commit 6da14c2
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 47 deletions.
diff --git a/api/Dockerfile b/api/Dockerfile
@@ -41,8 +41,12 @@ ENV TZ=UTC
 WORKDIR /app/api
 
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends curl wget vim nodejs ffmpeg libgmp-dev libmpfr-dev libmpc-dev \
-    && apt-get autoremove \
+    && apt-get install -y --no-install-recommends curl nodejs libgmp-dev libmpfr-dev libmpc-dev \
+    && echo "deb http://deb.debian.org/debian testing main" > /etc/apt/sources.list \
+    && apt-get update \
+    # For Security
+    && apt-get install -y --no-install-recommends zlib1g=1:1.3.dfsg+really1.3.1-1 expat=2.6.2-1 libldap-2.5-0=2.5.18+dfsg-2 perl=5.38.2-5 libsqlite3-0=3.46.0-1 \
+    && apt-get autoremove -y \
     && rm -rf /var/lib/apt/lists/*
 
 # Copy Python environment and packages

diff --git a/api/core/model_runtime/model_providers/__base/tts_model.py b/api/core/model_runtime/model_providers/__base/tts_model.py
@@ -1,18 +1,16 @@
-import hashlib
 import logging
 import re
-import subprocess
-import uuid
 from abc import abstractmethod
 from typing import Optional
 
 from pydantic import ConfigDict
 
 from core.model_runtime.entities.model_entities import ModelPropertyKey, ModelType
-from core.model_runtime.errors.invoke import InvokeBadRequestError
 from core.model_runtime.model_providers.__base.ai_model import AIModel
 
 logger = logging.getLogger(__name__)
+
+
 class TTSModel(AIModel):
     """
     Model class for ttstext model.
@@ -37,8 +35,6 @@ def invoke(self, model: str, tenant_id: str, credentials: dict, content_text: st
         :return: translated audio file
         """
         try:
-            logger.info(f"Invoke TTS model: {model} , invoke content : {content_text}")
-            self._is_ffmpeg_installed()
             return self._invoke(model=model, credentials=credentials, user=user,
                                 content_text=content_text, voice=voice, tenant_id=tenant_id)
         except Exception as e:
@@ -75,7 +71,8 @@ def get_tts_model_voices(self, model: str, credentials: dict, language: Optional
         if model_schema and ModelPropertyKey.VOICES in model_schema.model_properties:
             voices = model_schema.model_properties[ModelPropertyKey.VOICES]
             if language:
-                return [{'name': d['name'], 'value': d['mode']} for d in voices if language and language in d.get('language')]
+                return [{'name': d['name'], 'value': d['mode']} for d in voices if
+                        language and language in d.get('language')]
             else:
                 return [{'name': d['name'], 'value': d['mode']} for d in voices]
 
@@ -146,28 +143,3 @@ def _split_text_into_sentences(org_text, max_length=2000, pattern=r'[。.!?]'):
         if one_sentence != '':
             result.append(one_sentence)
         return result
-
-    @staticmethod
-    def _is_ffmpeg_installed():
-        try:
-            output = subprocess.check_output("ffmpeg -version", shell=True)
-            if "ffmpeg version" in output.decode("utf-8"):
-                return True
-            else:
-                raise InvokeBadRequestError("ffmpeg is not installed, "
-                                            "details: https://docs.dify.ai/getting-started/install-self-hosted"
-                                            "/install-faq#id-14.-what-to-do-if-this-error-occurs-in-text-to-speech")
-        except Exception:
-            raise InvokeBadRequestError("ffmpeg is not installed, "
-                                        "details: https://docs.dify.ai/getting-started/install-self-hosted"
-                                        "/install-faq#id-14.-what-to-do-if-this-error-occurs-in-text-to-speech")
-
-    # Todo: To improve the streaming function
-    @staticmethod
-    def _get_file_name(file_content: str) -> str:
-        hash_object = hashlib.sha256(file_content.encode())
-        hex_digest = hash_object.hexdigest()
-
-        namespace_uuid = uuid.UUID('a5da6ef9-b303-596f-8e88-bf8fa40f4b31')
-        unique_uuid = uuid.uuid5(namespace_uuid, hex_digest)
-        return str(unique_uuid)
diff --git a/api/poetry.lock b/api/poetry.lock
diff --git a/api/pyproject.toml b/api/pyproject.toml
@@ -152,7 +152,6 @@ pycryptodome = "3.19.1"
 pydantic = "~2.8.2"
 pydantic-settings = "~2.3.4"
 pydantic_extra_types = "~2.9.0"
-pydub = "~0.25.1"
 pyjwt = "~2.8.0"
 pypdfium2 = "~4.17.0"
 python = ">=3.10,<3.13"
@@ -179,6 +178,7 @@ yarl = "~1.9.4"
 zhipuai = "1.0.7"
 rank-bm25 = "~0.2.2"
 openpyxl = "^3.1.5"
+kaleido = "0.2.1"
 
 ############################################################
 # Tool dependencies required by tool implementations