mirror of
https://github.com/simstudioai/sim.git
synced 2026-01-11 07:58:06 -05:00
Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9751c9f5c4 | ||
|
|
e6ba323de4 | ||
|
|
859711991f | ||
|
|
c178a90f02 | ||
|
|
eb8995ee7c | ||
|
|
b269447539 |
@@ -97,7 +97,7 @@ export function SidebarFolder({
|
||||
<div
|
||||
className={cn(
|
||||
'overflow-hidden transition-all duration-200 ease-in-out',
|
||||
open ? 'max-h-[2000px] opacity-100' : 'max-h-0 opacity-0'
|
||||
open ? 'max-h-[10000px] opacity-100' : 'max-h-0 opacity-0'
|
||||
)}
|
||||
>
|
||||
<ul className='mt-0.5 ml-2 space-y-[0.0625rem] border-gray-200/60 border-l pl-2.5 dark:border-gray-700/60'>
|
||||
|
||||
@@ -39,7 +39,7 @@ export function Navbar() {
|
||||
</div>
|
||||
|
||||
{/* Center cluster: search */}
|
||||
<div className='flex flex-1 items-center justify-center'>
|
||||
<div className='flex flex-1 items-center justify-center pl-32'>
|
||||
<SearchTrigger />
|
||||
</div>
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ export function SearchTrigger() {
|
||||
return (
|
||||
<button
|
||||
type='button'
|
||||
className='flex h-10 w-[500px] items-center gap-2 rounded-xl border border-border/50 px-3 py-2 text-sm backdrop-blur-xl transition-colors hover:border-border'
|
||||
className='flex h-10 w-[460px] items-center gap-2 rounded-xl border border-border/50 px-3 py-2 text-sm backdrop-blur-xl transition-colors hover:border-border'
|
||||
style={{
|
||||
backgroundColor: 'hsla(0, 0%, 5%, 0.85)',
|
||||
backdropFilter: 'blur(33px) saturate(180%)',
|
||||
|
||||
@@ -407,11 +407,16 @@ async function parseWithMistralOCR(fileUrl: string, filename: string, mimeType:
|
||||
try {
|
||||
const response = await retryWithExponentialBackoff(
|
||||
async () => {
|
||||
const url =
|
||||
let url =
|
||||
typeof mistralParserTool.request!.url === 'function'
|
||||
? mistralParserTool.request!.url(params)
|
||||
: mistralParserTool.request!.url
|
||||
|
||||
if (url.startsWith('/')) {
|
||||
const { getBaseUrl } = await import('@/lib/urls/utils')
|
||||
url = `${getBaseUrl()}${url}`
|
||||
}
|
||||
|
||||
const headers =
|
||||
typeof mistralParserTool.request!.headers === 'function'
|
||||
? mistralParserTool.request!.headers(params)
|
||||
|
||||
@@ -227,7 +227,7 @@ export async function executeTool(
|
||||
const isInternalRoute = endpointUrl.startsWith('/api/')
|
||||
|
||||
if (isInternalRoute || skipProxy) {
|
||||
const result = await handleInternalRequest(toolId, tool, contextParams)
|
||||
const result = await handleInternalRequest(toolId, tool, contextParams, executionContext)
|
||||
|
||||
// Apply post-processing if available and not skipped
|
||||
let finalResult = result
|
||||
@@ -414,7 +414,8 @@ function isErrorResponse(
|
||||
async function handleInternalRequest(
|
||||
toolId: string,
|
||||
tool: ToolConfig,
|
||||
params: Record<string, any>
|
||||
params: Record<string, any>,
|
||||
executionContext?: ExecutionContext
|
||||
): Promise<ToolResponse> {
|
||||
const requestId = generateRequestId()
|
||||
|
||||
@@ -427,7 +428,11 @@ async function handleInternalRequest(
|
||||
const endpointUrl =
|
||||
typeof tool.request.url === 'function' ? tool.request.url(params) : tool.request.url
|
||||
|
||||
const fullUrl = new URL(endpointUrl, baseUrl).toString()
|
||||
const fullUrlObj = new URL(endpointUrl, baseUrl)
|
||||
if (executionContext?.workflowId && typeof window === 'undefined') {
|
||||
fullUrlObj.searchParams.set('workflowId', executionContext.workflowId)
|
||||
}
|
||||
const fullUrl = fullUrlObj.toString()
|
||||
|
||||
// For custom tools, validate parameters on the client side before sending
|
||||
if (toolId.startsWith('custom_') && tool.request.body) {
|
||||
@@ -445,10 +450,21 @@ async function handleInternalRequest(
|
||||
}
|
||||
}
|
||||
|
||||
const headers = new Headers(requestParams.headers)
|
||||
if (typeof window === 'undefined') {
|
||||
try {
|
||||
const internalToken = await generateInternalToken()
|
||||
headers.set('Authorization', `Bearer ${internalToken}`)
|
||||
logger.info(`[${requestId}] Added internal auth token for ${toolId}`)
|
||||
} catch (error) {
|
||||
logger.error(`[${requestId}] Failed to generate internal token for ${toolId}:`, error)
|
||||
}
|
||||
}
|
||||
|
||||
// Prepare request options
|
||||
const requestOptions = {
|
||||
method: requestParams.method,
|
||||
headers: new Headers(requestParams.headers),
|
||||
headers: headers,
|
||||
body: requestParams.body,
|
||||
}
|
||||
|
||||
|
||||
@@ -629,11 +629,20 @@ helm uninstall sim
|
||||
|
||||
For production deployments, make sure to:
|
||||
|
||||
1. **Change default secrets**: Update `BETTER_AUTH_SECRET` and `ENCRYPTION_KEY` with secure, randomly generated values
|
||||
1. **Change default secrets**: Update `BETTER_AUTH_SECRET`, `ENCRYPTION_KEY`, and `INTERNAL_API_SECRET` with secure, randomly generated values using `openssl rand -hex 32`
|
||||
2. **Use strong database passwords**: Set `postgresql.auth.password` to a strong password
|
||||
3. **Enable TLS**: Configure `postgresql.tls.enabled=true` and provide proper certificates
|
||||
4. **Configure ingress TLS**: Enable HTTPS with proper SSL certificates
|
||||
|
||||
**Required Secrets:**
|
||||
- `BETTER_AUTH_SECRET`: Authentication JWT signing (minimum 32 characters)
|
||||
- `ENCRYPTION_KEY`: Encrypts sensitive data like environment variables (minimum 32 characters)
|
||||
- `INTERNAL_API_SECRET`: Internal service-to-service authentication (minimum 32 characters)
|
||||
|
||||
**Optional Security (Recommended for Production):**
|
||||
- `CRON_SECRET`: Authenticates scheduled job requests to API endpoints (required only if `cronjobs.enabled=true`)
|
||||
- `API_ENCRYPTION_KEY`: Encrypts API keys at rest in database (must be exactly 64 hex characters). If not set, API keys are stored in plain text. Generate using: `openssl rand -hex 32` (outputs 64 hex chars representing 32 bytes)
|
||||
|
||||
### Example secure values:
|
||||
|
||||
```yaml
|
||||
@@ -641,6 +650,9 @@ app:
|
||||
env:
|
||||
BETTER_AUTH_SECRET: "your-secure-random-string-here"
|
||||
ENCRYPTION_KEY: "your-secure-encryption-key-here"
|
||||
INTERNAL_API_SECRET: "your-secure-internal-api-secret-here"
|
||||
CRON_SECRET: "your-secure-cron-secret-here"
|
||||
API_ENCRYPTION_KEY: "your-64-char-hex-string-for-api-key-encryption" # Optional but recommended
|
||||
|
||||
postgresql:
|
||||
auth:
|
||||
|
||||
@@ -32,8 +32,15 @@ app:
|
||||
NEXT_PUBLIC_SOCKET_URL: "https://simstudio-ws.acme.com"
|
||||
|
||||
# Security settings (REQUIRED - replace with your own secure secrets)
|
||||
# Generate using: openssl rand -hex 32
|
||||
BETTER_AUTH_SECRET: "your-secure-production-auth-secret-here"
|
||||
ENCRYPTION_KEY: "your-secure-production-encryption-key-here"
|
||||
INTERNAL_API_SECRET: "your-secure-production-internal-api-secret-here"
|
||||
CRON_SECRET: "your-secure-production-cron-secret-here"
|
||||
|
||||
# Optional: API Key Encryption (RECOMMENDED for production)
|
||||
# Generate 64-character hex string using: openssl rand -hex 32
|
||||
API_ENCRYPTION_KEY: "your-64-char-hex-api-encryption-key-here" # Optional but recommended
|
||||
|
||||
NODE_ENV: "production"
|
||||
NEXT_TELEMETRY_DISABLED: "1"
|
||||
|
||||
@@ -30,8 +30,15 @@ app:
|
||||
NEXT_PUBLIC_SOCKET_URL: "https://simstudio-ws.acme.com"
|
||||
|
||||
# Security settings (REQUIRED - replace with your own secure secrets)
|
||||
# Generate using: openssl rand -hex 32
|
||||
BETTER_AUTH_SECRET: "your-secure-production-auth-secret-here"
|
||||
ENCRYPTION_KEY: "your-secure-production-encryption-key-here"
|
||||
INTERNAL_API_SECRET: "your-secure-production-internal-api-secret-here"
|
||||
CRON_SECRET: "your-secure-production-cron-secret-here"
|
||||
|
||||
# Optional: API Key Encryption (RECOMMENDED for production)
|
||||
# Generate 64-character hex string using: openssl rand -hex 32
|
||||
API_ENCRYPTION_KEY: "your-64-char-hex-api-encryption-key-here" # Optional but recommended
|
||||
|
||||
NODE_ENV: "production"
|
||||
NEXT_TELEMETRY_DISABLED: "1"
|
||||
|
||||
@@ -26,8 +26,15 @@ app:
|
||||
NEXT_PUBLIC_SOCKET_URL: "http://localhost:3002"
|
||||
|
||||
# Example secrets for development (replace with secure values for production)
|
||||
# For production, generate using: openssl rand -hex 32
|
||||
BETTER_AUTH_SECRET: "dev-32-char-auth-secret-not-secure-dev"
|
||||
ENCRYPTION_KEY: "dev-32-char-encryption-key-not-secure"
|
||||
INTERNAL_API_SECRET: "dev-32-char-internal-secret-not-secure"
|
||||
CRON_SECRET: "dev-32-char-cron-secret-not-for-prod"
|
||||
|
||||
# Optional: API Key Encryption (leave empty for dev, encrypts API keys at rest)
|
||||
# For production, generate 64-char hex using: openssl rand -hex 32
|
||||
API_ENCRYPTION_KEY: "" # Optional - if not set, API keys stored in plain text
|
||||
|
||||
# Realtime service
|
||||
realtime:
|
||||
|
||||
@@ -26,8 +26,15 @@ app:
|
||||
NEXT_PUBLIC_SOCKET_URL: "https://simstudio-ws.acme.com"
|
||||
|
||||
# Security settings (REQUIRED - replace with your own secure secrets)
|
||||
# Generate using: openssl rand -hex 32
|
||||
BETTER_AUTH_SECRET: "" # Set via --set flag or external secret manager
|
||||
ENCRYPTION_KEY: "" # Set via --set flag or external secret manager
|
||||
INTERNAL_API_SECRET: "" # Set via --set flag or external secret manager
|
||||
CRON_SECRET: "" # Set via --set flag or external secret manager
|
||||
|
||||
# Optional: API Key Encryption (RECOMMENDED for production)
|
||||
# Generate 64-character hex string using: openssl rand -hex 32
|
||||
API_ENCRYPTION_KEY: "" # Optional but recommended - encrypts API keys at rest
|
||||
|
||||
NODE_ENV: "production"
|
||||
NEXT_TELEMETRY_DISABLED: "1"
|
||||
@@ -150,4 +157,7 @@ networkPolicy:
|
||||
# --set externalDatabase.database="your-db-name" \
|
||||
# --set app.env.BETTER_AUTH_SECRET="$(openssl rand -hex 32)" \
|
||||
# --set app.env.ENCRYPTION_KEY="$(openssl rand -hex 32)" \
|
||||
# --set app.env.INTERNAL_API_SECRET="$(openssl rand -hex 32)" \
|
||||
# --set app.env.CRON_SECRET="$(openssl rand -hex 32)" \
|
||||
# --set app.env.API_ENCRYPTION_KEY="$(openssl rand -hex 32)" \
|
||||
# --set realtime.env.BETTER_AUTH_SECRET="$(openssl rand -hex 32)"
|
||||
@@ -32,8 +32,15 @@ app:
|
||||
NEXT_PUBLIC_SOCKET_URL: "https://simstudio-ws.acme.com"
|
||||
|
||||
# Security settings (REQUIRED - replace with your own secure secrets)
|
||||
# Generate using: openssl rand -hex 32
|
||||
BETTER_AUTH_SECRET: "your-secure-production-auth-secret-here"
|
||||
ENCRYPTION_KEY: "your-secure-production-encryption-key-here"
|
||||
INTERNAL_API_SECRET: "your-secure-production-internal-api-secret-here"
|
||||
CRON_SECRET: "your-secure-production-cron-secret-here"
|
||||
|
||||
# Optional: API Key Encryption (RECOMMENDED for production)
|
||||
# Generate 64-character hex string using: openssl rand -hex 32
|
||||
API_ENCRYPTION_KEY: "your-64-char-hex-api-encryption-key-here" # Optional but recommended
|
||||
|
||||
NODE_ENV: "production"
|
||||
NEXT_TELEMETRY_DISABLED: "1"
|
||||
|
||||
@@ -27,8 +27,15 @@ app:
|
||||
NEXT_PUBLIC_SOCKET_URL: "https://sim-ws.acme.ai"
|
||||
|
||||
# Security settings (REQUIRED - replace with your own secure secrets)
|
||||
# Generate using: openssl rand -hex 32
|
||||
BETTER_AUTH_SECRET: "your-production-auth-secret-here"
|
||||
ENCRYPTION_KEY: "your-production-encryption-key-here"
|
||||
INTERNAL_API_SECRET: "your-production-internal-api-secret-here"
|
||||
CRON_SECRET: "your-production-cron-secret-here"
|
||||
|
||||
# Optional: API Key Encryption (RECOMMENDED for production)
|
||||
# Generate 64-character hex string using: openssl rand -hex 32
|
||||
API_ENCRYPTION_KEY: "your-64-char-hex-api-encryption-key-here" # Optional but recommended
|
||||
|
||||
# Email verification (set to true if you want to require email verification)
|
||||
EMAIL_VERIFICATION_ENABLED: "false"
|
||||
|
||||
@@ -20,8 +20,15 @@ app:
|
||||
NEXT_PUBLIC_SOCKET_URL: "https://sim-ws.acme.ai"
|
||||
|
||||
# Security settings (REQUIRED)
|
||||
# Generate using: openssl rand -hex 32
|
||||
BETTER_AUTH_SECRET: "your-production-auth-secret-here"
|
||||
ENCRYPTION_KEY: "your-production-encryption-key-here"
|
||||
INTERNAL_API_SECRET: "your-production-internal-api-secret-here"
|
||||
CRON_SECRET: "your-production-cron-secret-here"
|
||||
|
||||
# Optional: API Key Encryption (RECOMMENDED for production)
|
||||
# Generate 64-character hex string using: openssl rand -hex 32
|
||||
API_ENCRYPTION_KEY: "your-64-char-hex-api-encryption-key-here" # Optional but recommended
|
||||
|
||||
# UI Branding & Whitelabeling Configuration
|
||||
NEXT_PUBLIC_BRAND_NAME: "Acme AI Studio"
|
||||
|
||||
@@ -63,6 +63,15 @@ app:
|
||||
# Generate secure 32-character secrets using: openssl rand -hex 32
|
||||
BETTER_AUTH_SECRET: "" # REQUIRED - set via --set flag or external secret manager
|
||||
ENCRYPTION_KEY: "" # REQUIRED - set via --set flag or external secret manager
|
||||
INTERNAL_API_SECRET: "" # REQUIRED - set via --set flag or external secret manager, used for internal service-to-service authentication
|
||||
|
||||
# Optional: Scheduled Jobs Authentication
|
||||
# Generate using: openssl rand -hex 32
|
||||
CRON_SECRET: "" # OPTIONAL - required only if cronjobs.enabled=true, authenticates scheduled job requests
|
||||
|
||||
# Optional: API Key Encryption (RECOMMENDED for production)
|
||||
# Generate 64-character hex string using: openssl rand -hex 32 (outputs 64 hex chars = 32 bytes)
|
||||
API_ENCRYPTION_KEY: "" # OPTIONAL - encrypts API keys at rest, must be exactly 64 hex characters, if not set keys stored in plain text
|
||||
|
||||
# Email & Communication
|
||||
EMAIL_VERIFICATION_ENABLED: "false" # Enable email verification for user registration and login (defaults to false)
|
||||
|
||||
Reference in New Issue
Block a user