feat: introduce trigger functionality (#27644)

Signed-off-by: lyzno1 <yuanyouhuilyz@gmail.com>
Co-authored-by: Stream <Stream_2@qq.com>
Co-authored-by: lyzno1 <92089059+lyzno1@users.noreply.github.com>
Co-authored-by: zhsama <torvalds@linux.do>
Co-authored-by: Harry <xh001x@hotmail.com>
Co-authored-by: lyzno1 <yuanyouhuilyz@gmail.com>
Co-authored-by: yessenia <yessenia.contact@gmail.com>
Co-authored-by: hjlarry <hjlarry@163.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: WTW0313 <twwu@dify.ai>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

api/services/tools/api_tools_manage_service.py

@@ -300,13 +300,13 @@ class ApiToolManageService:
         )
 
         original_credentials = encrypter.decrypt(provider.credentials)
-        masked_credentials = encrypter.mask_tool_credentials(original_credentials)
+        masked_credentials = encrypter.mask_plugin_credentials(original_credentials)
         # check if the credential has changed, save the original credential
         for name, value in credentials.items():
             if name in masked_credentials and value == masked_credentials[name]:
                 credentials[name] = original_credentials[name]
 
-        credentials = encrypter.encrypt(credentials)
+        credentials = dict(encrypter.encrypt(credentials))
         provider.credentials_str = json.dumps(credentials)
 
         db.session.add(provider)
@@ -417,7 +417,7 @@ class ApiToolManageService:
             )
             decrypted_credentials = encrypter.decrypt(credentials)
             # check if the credential has changed, save the original credential
-            masked_credentials = encrypter.mask_tool_credentials(decrypted_credentials)
+            masked_credentials = encrypter.mask_plugin_credentials(decrypted_credentials)
             for name, value in credentials.items():
                 if name in masked_credentials and value == masked_credentials[name]:
                     credentials[name] = decrypted_credentials[name]

api/services/tools/builtin_tools_manage_service.py

@@ -12,6 +12,7 @@ from constants import HIDDEN_VALUE, UNKNOWN_VALUE
 from core.helper.name_generator import generate_incremental_name
 from core.helper.position_helper import is_filtered
 from core.helper.provider_cache import NoOpProviderCredentialCache, ToolProviderCredentialsCache
+from core.plugin.entities.plugin_daemon import CredentialType
 from core.tools.builtin_tool.provider import BuiltinToolProviderController
 from core.tools.builtin_tool.providers._positions import BuiltinToolProviderSort
 from core.tools.entities.api_entities import (
@@ -20,7 +21,6 @@ from core.tools.entities.api_entities import (
     ToolProviderCredentialApiEntity,
     ToolProviderCredentialInfoApiEntity,
 )
-from core.tools.entities.tool_entities import CredentialType
 from core.tools.errors import ToolProviderNotFoundError
 from core.tools.plugin_tool.provider import PluginToolProviderController
 from core.tools.tool_label_manager import ToolLabelManager
@@ -39,7 +39,6 @@ logger = logging.getLogger(__name__)
 
 class BuiltinToolManageService:
     __MAX_BUILTIN_TOOL_PROVIDER_COUNT__ = 100
-    __DEFAULT_EXPIRES_AT__ = 2147483647
 
     @staticmethod
     def delete_custom_oauth_client_params(tenant_id: str, provider: str):
@@ -278,9 +277,7 @@ class BuiltinToolManageService:
                         encrypted_credentials=json.dumps(encrypter.encrypt(credentials)),
                         credential_type=api_type.value,
                         name=name,
-                        expires_at=expires_at
-                        if expires_at is not None
-                        else BuiltinToolManageService.__DEFAULT_EXPIRES_AT__,
+                        expires_at=expires_at if expires_at is not None else -1,
                     )
 
                     session.add(db_provider)
@@ -353,10 +350,10 @@ class BuiltinToolManageService:
                 encrypter, _ = BuiltinToolManageService.create_tool_encrypter(
                     tenant_id, provider, provider.provider, provider_controller
                 )
-                decrypt_credential = encrypter.mask_tool_credentials(encrypter.decrypt(provider.credentials))
+                decrypt_credential = encrypter.mask_plugin_credentials(encrypter.decrypt(provider.credentials))
                 credential_entity = ToolTransformService.convert_builtin_provider_to_credential_entity(
                     provider=provider,
-                    credentials=decrypt_credential,
+                    credentials=dict(decrypt_credential),
                 )
                 credentials.append(credential_entity)
             return credentials
@@ -727,4 +724,4 @@ class BuiltinToolManageService:
                 cache=NoOpProviderCredentialCache(),
             )
 
-            return encrypter.mask_tool_credentials(encrypter.decrypt(custom_oauth_client_params.oauth_params))
+            return encrypter.mask_plugin_credentials(encrypter.decrypt(custom_oauth_client_params.oauth_params))

api/services/tools/mcp_tools_manage_service.py

@@ -1,6 +1,7 @@
 import hashlib
 import json
 import logging
+from collections.abc import Mapping
 from datetime import datetime
 from enum import StrEnum
 from typing import Any
@@ -420,7 +421,7 @@ class MCPToolManageService:
             return json.dumps({"content": icon, "background": icon_background})
         return icon
 
-    def _encrypt_dict_fields(self, data: dict[str, Any], secret_fields: list[str], tenant_id: str) -> dict[str, str]:
+    def _encrypt_dict_fields(self, data: dict[str, Any], secret_fields: list[str], tenant_id: str) -> Mapping[str, str]:
         """Encrypt specified fields in a dictionary.
 
         Args:

api/services/tools/tools_transform_service.py

@@ -9,7 +9,7 @@ from yarl import URL
 from configs import dify_config
 from core.helper.provider_cache import ToolProviderCredentialsCache
 from core.mcp.types import Tool as MCPTool
-from core.plugin.entities.plugin_daemon import PluginDatasourceProviderEntity
+from core.plugin.entities.plugin_daemon import CredentialType, PluginDatasourceProviderEntity
 from core.tools.__base.tool import Tool
 from core.tools.__base.tool_runtime import ToolRuntime
 from core.tools.builtin_tool.provider import BuiltinToolProviderController
@@ -19,7 +19,6 @@ from core.tools.entities.common_entities import I18nObject
 from core.tools.entities.tool_bundle import ApiToolBundle
 from core.tools.entities.tool_entities import (
     ApiProviderAuthType,
-    CredentialType,
     ToolParameter,
     ToolProviderType,
 )
@@ -28,18 +27,12 @@ from core.tools.utils.encryption import create_provider_encrypter, create_tool_p
 from core.tools.workflow_as_tool.provider import WorkflowToolProviderController
 from core.tools.workflow_as_tool.tool import WorkflowTool
 from models.tools import ApiToolProvider, BuiltinToolProvider, MCPToolProvider, WorkflowToolProvider
+from services.plugin.plugin_service import PluginService
 
 logger = logging.getLogger(__name__)
 
 
 class ToolTransformService:
-    @classmethod
-    def get_plugin_icon_url(cls, tenant_id: str, filename: str) -> str:
-        url_prefix = (
-            URL(dify_config.CONSOLE_API_URL or "/") / "console" / "api" / "workspaces" / "current" / "plugin" / "icon"
-        )
-        return str(url_prefix % {"tenant_id": tenant_id, "filename": filename})
-
     @classmethod
     def get_tool_provider_icon_url(
         cls, provider_type: str, provider_name: str, icon: str | Mapping[str, str]
@@ -79,11 +72,9 @@ class ToolTransformService:
         elif isinstance(provider, ToolProviderApiEntity):
             if provider.plugin_id:
                 if isinstance(provider.icon, str):
-                    provider.icon = ToolTransformService.get_plugin_icon_url(
-                        tenant_id=tenant_id, filename=provider.icon
-                    )
+                    provider.icon = PluginService.get_plugin_icon_url(tenant_id=tenant_id, filename=provider.icon)
                 if isinstance(provider.icon_dark, str) and provider.icon_dark:
-                    provider.icon_dark = ToolTransformService.get_plugin_icon_url(
+                    provider.icon_dark = PluginService.get_plugin_icon_url(
                         tenant_id=tenant_id, filename=provider.icon_dark
                     )
             else:
@@ -97,7 +88,7 @@ class ToolTransformService:
         elif isinstance(provider, PluginDatasourceProviderEntity):
             if provider.plugin_id:
                 if isinstance(provider.declaration.identity.icon, str):
-                    provider.declaration.identity.icon = ToolTransformService.get_plugin_icon_url(
+                    provider.declaration.identity.icon = PluginService.get_plugin_icon_url(
                         tenant_id=tenant_id, filename=provider.declaration.identity.icon
                     )
 
@@ -172,7 +163,7 @@ class ToolTransformService:
                 )
                 # decrypt the credentials and mask the credentials
                 decrypted_credentials = encrypter.decrypt(data=credentials)
-                masked_credentials = encrypter.mask_tool_credentials(data=decrypted_credentials)
+                masked_credentials = encrypter.mask_plugin_credentials(data=decrypted_credentials)
 
                 result.masked_credentials = masked_credentials
                 result.original_credentials = decrypted_credentials
@@ -345,7 +336,7 @@ class ToolTransformService:
 
             # decrypt the credentials and mask the credentials
             decrypted_credentials = encrypter.decrypt(data=credentials)
-            masked_credentials = encrypter.mask_tool_credentials(data=decrypted_credentials)
+            masked_credentials = encrypter.mask_plugin_credentials(data=decrypted_credentials)
 
             result.masked_credentials = masked_credentials