action

如果 Buffer.concat() 被频繁调用，尤其是在处理大量数据时，可能会导致内存分配压力增大，从而影响性能。
测试大于100M的PDF文件上传解析会导致/api/core/dataset/collection/create/fileId接口长时间无响应，其他接口也处于hang住的状态，导致整个服务不可用。
使用一次性拼接后问题解决

.github/workflows/docs-deploy-kubeconfig.yml

@@ -6,8 +6,6 @@ on:
       - 'docSite/**'
     branches:
       - 'main'
-    tags:
-      - 'v*.*.*'
 
 jobs:
   build-fastgpt-docs-images:

.github/workflows/docs-deploy-vercel.yml

@@ -7,8 +7,6 @@ on:
       - 'docSite/**'
     branches:
       - 'main'
-    tags:
-      - 'v*.*.*'
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:

.github/workflows/docs-preview.yml

@@ -4,8 +4,6 @@ on:
   pull_request_target:
     paths:
       - 'docSite/**'
-    branches:
-      - 'main'
   workflow_dispatch:
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel

.github/workflows/fastgpt-build-image.yml

@@ -26,7 +26,7 @@ jobs:
         with:
           driver-opts: network=host
       - name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -108,7 +108,7 @@ jobs:
         with:
           driver-opts: network=host
       - name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
@@ -191,7 +191,7 @@ jobs:
         with:
           driver-opts: network=host
       - name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}

.github/workflows/sandbox-build-image.yml

@@ -25,7 +25,7 @@ jobs:
         with:
           driver-opts: network=host
       - name: Cache Docker layers
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}

SECURITY.md

@@ -0,0 +1,26 @@
+# 安全策略
+
+## 漏洞报告
+
+如果您发现了 FastGPT 的安全漏洞，请按照以下步骤进行报告：
+
+1. **报告方式**
+   发送邮件至：yujinlong@sealos.io
+   请备注版本以及您的 GitHub 账号
+
+3. **响应时间**
+   - 我们会在 48 小时内确认收到您的报告
+   - 一般在 3 个工作日内给出初步评估结果
+
+4. **漏洞处理流程**
+   - 确认漏洞：我们会验证漏洞的存在性和影响范围
+   - 修复开发：针对已确认的漏洞进行修复
+   - 版本发布：在下一个版本更新中发布安全补丁
+   - 公开披露：在修复完成后，我们会在更新日志中公布相关信息
+
+5. **注意事项**
+   - 在漏洞未修复前，请勿公开披露漏洞详情
+   - 我们欢迎负责任的漏洞披露
+   - 对于重大贡献者，我们会在项目致谢名单中提及
+
+感谢您为 FastGPT 的安全性做出贡献！

packages/global/support/user/team/controller.d.ts

@@ -10,7 +10,6 @@ export type AuthTeamRoleProps = {
 export type CreateTeamProps = {
   name: string;
   avatar?: string;
-  defaultTeam?: boolean;
   memberName?: string;
   memberAvatar?: string;
   notificationAccount?: string;

packages/global/support/user/team/type.d.ts

@@ -47,7 +47,6 @@ export type TeamMemberSchema = {
   role: `${TeamMemberRoleEnum}`;
   status: `${TeamMemberStatusEnum}`;
   avatar: string;
-  defaultTeam: boolean;
 };
 
 export type TeamMemberWithTeamAndUserSchema = TeamMemberSchema & {
@@ -65,7 +64,6 @@ export type TeamTmbItemType = {
   balance?: number;
   tmbId: string;
   teamDomain: string;
-  defaultTeam: boolean;
   role: `${TeamMemberRoleEnum}`;
   status: `${TeamMemberStatusEnum}`;
   notificationAccount?: string;

packages/plugins/src/fetchUrl/template.json

@@ -16,7 +16,7 @@
         "nodeId": "lmpb9v2lo2lk",
         "name": "插件开始",
         "intro": "自定义配置外部输入，使用插件时，仅暴露自定义配置的输入",
-        "avatar": "/imgs/workflow/input.png",
+        "avatar": "core/workflow/template/workflowStart",
         "flowNodeType": "pluginInput",
         "showStatus": false,
         "position": {
@@ -26,14 +26,16 @@
         "version": "481",
         "inputs": [
           {
-            "renderTypeList": ["reference"],
+            "renderTypeList": ["input", "reference"],
             "selectedTypeIndex": 0,
             "valueType": "string",
             "key": "url",
             "label": "url",
             "description": "需要读取的网页链接",
             "required": true,
-            "toolDescription": "需要读取的网页链接"
+            "toolDescription": "需要读取的网页链接",
+            "list": [],
+            "defaultValue": ""
           }
         ],
         "outputs": [
@@ -50,12 +52,12 @@
         "nodeId": "i7uow4wj2wdp",
         "name": "插件输出",
         "intro": "自定义配置外部输出，使用插件时，仅暴露自定义配置的输出",
-        "avatar": "/imgs/workflow/output.png",
+        "avatar": "core/workflow/template/pluginOutput",
         "flowNodeType": "pluginOutput",
         "showStatus": false,
         "position": {
-          "x": 1607.7142331269129,
-          "y": -150.8808596935447
+          "x": 1853.935047606551,
+          "y": -154.13661665265613
         },
         "version": "481",
         "inputs": [
@@ -81,12 +83,12 @@
         "nodeId": "ebLCxU43hHuZ",
         "name": "HTTP 请求",
         "intro": "可以发出一个 HTTP 请求，实现更为复杂的操作（联网搜索、数据库查询等）",
-        "avatar": "/imgs/workflow/http.png",
+        "avatar": "core/workflow/template/httpRequest",
         "flowNodeType": "httpRequest468",
         "showStatus": true,
         "position": {
-          "x": 1050.9890727421412,
-          "y": -415.2085119990912
+          "x": 1054.2940501177068,
+          "y": -503.13661665265613
         },
         "version": "481",
         "inputs": [
@@ -96,7 +98,7 @@
             "valueType": "dynamic",
             "label": "",
             "required": false,
-            "description": "core.module.input.description.HTTP Dynamic Input",
+            "description": "common:core.module.input.description.HTTP Dynamic Input",
             "customInputConfig": {
               "selectValueTypeList": [
                 "string",
@@ -107,16 +109,19 @@
                 "arrayNumber",
                 "arrayBoolean",
                 "arrayObject",
+                "arrayAny",
                 "any",
                 "chatHistory",
                 "datasetQuote",
                 "dynamic",
-                "selectApp",
-                "selectDataset"
+                "selectDataset",
+                "selectApp"
               ],
               "showDescription": false,
               "showDefaultValue": true
-            }
+            },
+            "debugLabel": "",
+            "toolDescription": ""
           },
           {
             "key": "system_httpMethod",
@@ -124,17 +129,33 @@
             "valueType": "string",
             "label": "",
             "value": "POST",
-            "required": true
+            "required": true,
+            "debugLabel": "",
+            "toolDescription": ""
+          },
+          {
+            "key": "system_httpTimeout",
+            "renderTypeList": ["custom"],
+            "valueType": "number",
+            "label": "",
+            "value": 30,
+            "min": 5,
+            "max": 600,
+            "required": true,
+            "debugLabel": "",
+            "toolDescription": ""
           },
           {
             "key": "system_httpReqUrl",
             "renderTypeList": ["hidden"],
             "valueType": "string",
             "label": "",
-            "description": "core.module.input.description.Http Request Url",
+            "description": "common:core.module.input.description.Http Request Url",
             "placeholder": "https://api.ai.com/getInventory",
             "required": false,
-            "value": "fetchUrl"
+            "value": "fetchUrl",
+            "debugLabel": "",
+            "toolDescription": ""
           },
           {
             "key": "system_httpHeader",
@@ -142,9 +163,11 @@
             "valueType": "any",
             "value": [],
             "label": "",
-            "description": "core.module.input.description.Http Request Header",
-            "placeholder": "core.module.input.description.Http Request Header",
-            "required": false
+            "description": "common:core.module.input.description.Http Request Header",
+            "placeholder": "common:core.module.input.description.Http Request Header",
+            "required": false,
+            "debugLabel": "",
+            "toolDescription": ""
           },
           {
             "key": "system_httpParams",
@@ -152,7 +175,9 @@
             "valueType": "any",
             "value": [],
             "label": "",
-            "required": false
+            "required": false,
+            "debugLabel": "",
+            "toolDescription": ""
           },
           {
             "key": "system_httpJsonBody",
@@ -160,7 +185,29 @@
             "valueType": "any",
             "value": "{\n  \"url\": \"{{url}}\"\n}",
             "label": "",
-            "required": false
+            "required": false,
+            "debugLabel": "",
+            "toolDescription": ""
+          },
+          {
+            "key": "system_httpFormBody",
+            "renderTypeList": ["hidden"],
+            "valueType": "any",
+            "value": [],
+            "label": "",
+            "required": false,
+            "debugLabel": "",
+            "toolDescription": ""
+          },
+          {
+            "key": "system_httpContentType",
+            "renderTypeList": ["hidden"],
+            "valueType": "string",
+            "value": "json",
+            "label": "",
+            "required": false,
+            "debugLabel": "",
+            "toolDescription": ""
           },
           {
             "renderTypeList": ["reference"],
@@ -178,12 +225,13 @@
                 "arrayNumber",
                 "arrayBoolean",
                 "arrayObject",
+                "arrayAny",
                 "any",
                 "chatHistory",
                 "datasetQuote",
                 "dynamic",
-                "selectApp",
-                "selectDataset"
+                "selectDataset",
+                "selectApp"
               ],
               "showDescription": false,
               "showDefaultValue": true
@@ -193,6 +241,23 @@
           }
         ],
         "outputs": [
+          {
+            "id": "error",
+            "key": "error",
+            "label": "workflow:request_error",
+            "description": "HTTP请求错误信息，成功时返回空",
+            "valueType": "object",
+            "type": "static"
+          },
+          {
+            "id": "httpRawResponse",
+            "key": "httpRawResponse",
+            "required": true,
+            "label": "workflow:raw_response",
+            "description": "HTTP请求的原始响应。只能接受字符串或JSON类型响应数据。",
+            "valueType": "any",
+            "type": "static"
+          },
           {
             "id": "system_addOutputParam",
             "key": "system_addOutputParam",
@@ -220,23 +285,6 @@
               "showDefaultValue": true
             }
           },
-          {
-            "id": "error",
-            "key": "error",
-            "label": "请求错误",
-            "description": "HTTP请求错误信息，成功时返回空",
-            "valueType": "object",
-            "type": "static"
-          },
-          {
-            "id": "httpRawResponse",
-            "key": "httpRawResponse",
-            "label": "原始响应",
-            "required": true,
-            "description": "HTTP请求的原始响应。只能接受字符串或JSON类型响应数据。",
-            "valueType": "any",
-            "type": "static"
-          },
           {
             "id": "rH4tMV02robs",
             "valueType": "string",
@@ -260,6 +308,34 @@
         "sourceHandle": "ebLCxU43hHuZ-source-right",
         "targetHandle": "i7uow4wj2wdp-target-left"
       }
-    ]
+    ],
+    "chatConfig": {
+      "welcomeText": "",
+      "variables": [],
+      "questionGuide": {
+        "open": false,
+        "model": "gpt-4o-mini",
+        "customPrompt": "You are an AI assistant tasked with predicting the user's next question based on the conversation history. Your goal is to generate 3 potential questions that will guide the user to continue the conversation. When generating these questions, adhere to the following rules:\n\n1. Use the same language as the user's last question in the conversation history.\n2. Keep each question under 20 characters in length.\n\nAnalyze the conversation history provided to you and use it as context to generate relevant and engaging follow-up questions. Your predictions should be logical extensions of the current topic or related areas that the user might be interested in exploring further.\n\nRemember to maintain consistency in tone and style with the existing conversation while providing diverse options for the user to choose from. Your goal is to keep the conversation flowing naturally and help the user delve deeper into the subject matter or explore related topics."
+      },
+      "ttsConfig": {
+        "type": "web"
+      },
+      "whisperConfig": {
+        "open": false,
+        "autoSend": false,
+        "autoTTSResponse": false
+      },
+      "chatInputGuide": {
+        "open": false,
+        "textList": [],
+        "customUrl": ""
+      },
+      "instruction": "",
+      "autoExecute": {
+        "open": false,
+        "defaultPrompt": ""
+      },
+      "_id": "677b59849d672185a5671b45"
+    }
   }
 }

packages/service/common/file/gridfs/utils.ts

@@ -3,13 +3,16 @@ import { PassThrough } from 'stream';
 
 export const gridFsStream2Buffer = (stream: NodeJS.ReadableStream) => {
   return new Promise<Buffer>((resolve, reject) => {
-    let tmpBuffer: Buffer = Buffer.from([]);
+    const chunks: Buffer[] = [];
+    let totalLength = 0;
 
     stream.on('data', (chunk) => {
-      tmpBuffer = Buffer.concat([tmpBuffer, chunk]);
+      chunks.push(chunk);
+      totalLength += chunk.length;
     });
     stream.on('end', () => {
-      resolve(tmpBuffer);
+      const resultBuffer = Buffer.concat(chunks, totalLength); // 一次性拼接
+      resolve(resultBuffer);
     });
     stream.on('error', (err) => {
       reject(err);

packages/service/common/string/cheerio.ts

@@ -2,6 +2,7 @@ import { UrlFetchParams, UrlFetchResponse } from '@fastgpt/global/common/file/ap
 import * as cheerio from 'cheerio';
 import axios from 'axios';
 import { htmlToMarkdown } from './utils';
+import { isInternalAddress } from '../system/utils';
 
 export const cheerioToHtml = ({
   fetchUrl,
@@ -75,6 +76,16 @@ export const urlsFetch = async ({
 
   const response = await Promise.all(
     urlList.map(async (url) => {
+      const isInternal = isInternalAddress(url);
+      if (isInternal) {
+        return {
+          url,
+          title: '',
+          content: 'Cannot fetch internal url',
+          selector: ''
+        };
+      }
+
       try {
         const fetchRes = await axios.get(url, {
           timeout: 30000

packages/service/common/system/utils.ts

@@ -0,0 +1,63 @@
+import { SERVICE_LOCAL_HOST } from './tools';
+
+export const isInternalAddress = (url: string): boolean => {
+  try {
+    const parsedUrl = new URL(url);
+    const hostname = parsedUrl.hostname;
+    const fullUrl = parsedUrl.toString();
+
+    // Check for localhost and common internal domains
+    if (hostname === SERVICE_LOCAL_HOST) {
+      return true;
+    }
+
+    // Metadata endpoints whitelist
+    const metadataEndpoints = [
+      // AWS
+      'http://169.254.169.254/latest/meta-data/',
+      // Azure
+      'http://169.254.169.254/metadata/instance?api-version=2021-02-01',
+      // GCP
+      'http://metadata.google.internal/computeMetadata/v1/',
+      // Alibaba Cloud
+      'http://100.100.100.200/latest/meta-data/',
+      // Tencent Cloud
+      'http://metadata.tencentyun.com/latest/meta-data/',
+      // Huawei Cloud
+      'http://169.254.169.254/latest/meta-data/'
+    ];
+    if (metadataEndpoints.some((endpoint) => fullUrl.startsWith(endpoint))) {
+      return true;
+    }
+
+    // For non-metadata URLs, check if it's a domain name
+    const ipv4Pattern = /^(\d{1,3}\.){3}\d{1,3}$/;
+    if (!ipv4Pattern.test(hostname)) {
+      return true;
+    }
+
+    // ... existing IP validation code ...
+    const parts = hostname.split('.').map(Number);
+
+    if (parts.length !== 4 || parts.some((part) => part < 0 || part > 255)) {
+      return false;
+    }
+
+    // Only allow public IP ranges
+    return (
+      parts[0] !== 0 &&
+      parts[0] !== 10 &&
+      parts[0] !== 127 &&
+      !(parts[0] === 169 && parts[1] === 254) &&
+      !(parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31) &&
+      !(parts[0] === 192 && parts[1] === 168) &&
+      !(parts[0] >= 224 && parts[0] <= 239) &&
+      !(parts[0] >= 240 && parts[0] <= 255) &&
+      !(parts[0] === 100 && parts[1] >= 64 && parts[1] <= 127) &&
+      !(parts[0] === 9 && parts[1] === 0) &&
+      !(parts[0] === 11 && parts[1] === 0)
+    );
+  } catch {
+    return false; // If URL parsing fails, reject it as potentially unsafe
+  }
+};

packages/service/core/app/plugin/type.d.ts

@@ -25,6 +25,7 @@ export type SystemPluginConfigSchemaType = {
     templateType: string;
     associatedPluginId: string;
     userGuide: string;
+    author?: string;
   };
 };
 

packages/service/core/app/templates/templateSchema.ts

@@ -18,6 +18,9 @@ const AppTemplateSchema = new Schema({
   avatar: {
     type: String
   },
+  author: {
+    type: String
+  },
   tags: {
     type: [String],
     default: undefined

packages/service/core/workflow/dispatch/loop/runLoop.ts

@@ -62,6 +62,7 @@ export const dispatchLoop = async (props: Props): Promise<Response> => {
 
     const response = await dispatchWorkFlow({
       ...props,
+      variables: newVariables,
       runtimeEdges: cloneDeep(runtimeEdges)
     });
 

packages/service/core/workflow/dispatch/tools/http468.ts

@@ -120,27 +120,144 @@ export const dispatchHttp468Request = async (props: HttpRequestProps): Promise<H
     2. Replace newline strings
   */
   const replaceJsonBodyString = (text: string) => {
-    const valToStr = (val: any) => {
+    // Check if the variable is in quotes
+    const isVariableInQuotes = (text: string, variable: string) => {
+      const index = text.indexOf(variable);
+      if (index === -1) return false;
+
+      // 计算变量前面的引号数量
+      const textBeforeVar = text.substring(0, index);
+      const matches = textBeforeVar.match(/"/g) || [];
+
+      // 如果引号数量为奇数，则变量在引号内
+      return matches.length % 2 === 1;
+    };
+    const valToStr = (val: any, isQuoted = false) => {
       if (val === undefined) return 'null';
       if (val === null) return 'null';
 
       if (typeof val === 'object') return JSON.stringify(val);
 
       if (typeof val === 'string') {
+        if (isQuoted) {
+          return val.replace(/(?<!\\)"/g, '\\"');
+        }
         try {
-          const parsed = JSON.parse(val);
-          if (typeof parsed === 'object') {
-            return JSON.stringify(parsed);
-          }
+          JSON.parse(val);
           return val;
         } catch (error) {
           const str = JSON.stringify(val);
+
           return str.startsWith('"') && str.endsWith('"') ? str.slice(1, -1) : str;
         }
       }
 
       return String(val);
     };
+    // Test cases for variable replacement in JSON body
+    // const bodyTest = () => {
+    //   const testData = [
+    //     // 基本字符串替换
+    //     {
+    //       body: `{"name":"{{name}}","age":"18"}`,
+    //       variables: [{ key: '{{name}}', value: '测试' }],
+    //       result: `{"name":"测试","age":"18"}`
+    //     },
+    //     // 特殊字符处理
+    //     {
+    //       body: `{"text":"{{text}}"}`,
+    //       variables: [{ key: '{{text}}', value: '包含"引号"和\\反斜杠' }],
+    //       result: `{"text":"包含\\"引号\\"和\\反斜杠"}`
+    //     },
+    //     // 数字类型处理
+    //     {
+    //       body: `{"count":{{count}},"price":{{price}}}`,
+    //       variables: [
+    //         { key: '{{count}}', value: '42' },
+    //         { key: '{{price}}', value: '99.99' }
+    //       ],
+    //       result: `{"count":42,"price":99.99}`
+    //     },
+    //     // 布尔值处理
+    //     {
+    //       body: `{"isActive":{{isActive}},"hasData":{{hasData}}}`,
+    //       variables: [
+    //         { key: '{{isActive}}', value: 'true' },
+    //         { key: '{{hasData}}', value: 'false' }
+    //       ],
+    //       result: `{"isActive":true,"hasData":false}`
+    //     },
+    //     // 对象类型处理
+    //     {
+    //       body: `{"user":{{user}},"user2":"{{user2}}"}`,
+    //       variables: [
+    //         { key: '{{user}}', value: `{"id":1,"name":"张三"}` },
+    //         { key: '{{user2}}', value: `{"id":1,"name":"张三"}` }
+    //       ],
+    //       result: `{"user":{"id":1,"name":"张三"},"user2":"{\\"id\\":1,\\"name\\":\\"张三\\"}"}`
+    //     },
+    //     // 数组类型处理
+    //     {
+    //       body: `{"items":{{items}}}`,
+    //       variables: [{ key: '{{items}}', value: '[1, 2, 3]' }],
+    //       result: `{"items":[1,2,3]}`
+    //     },
+    //     // null 和 undefined 处理
+    //     {
+    //       body: `{"nullValue":{{nullValue}},"undefinedValue":{{undefinedValue}}}`,
+    //       variables: [
+    //         { key: '{{nullValue}}', value: 'null' },
+    //         { key: '{{undefinedValue}}', value: 'undefined' }
+    //       ],
+    //       result: `{"nullValue":null,"undefinedValue":null}`
+    //     },
+    //     // 嵌套JSON结构
+    //     {
+    //       body: `{"data":{"nested":{"value":"{{nestedValue}}"}}}`,
+    //       variables: [{ key: '{{nestedValue}}', value: '嵌套值' }],
+    //       result: `{"data":{"nested":{"value":"嵌套值"}}}`
+    //     },
+    //     // 多变量替换
+    //     {
+    //       body: `{"first":"{{first}}","second":"{{second}}","third":{{third}}}`,
+    //       variables: [
+    //         { key: '{{first}}', value: '第一' },
+    //         { key: '{{second}}', value: '第二' },
+    //         { key: '{{third}}', value: '3' }
+    //       ],
+    //       result: `{"first":"第一","second":"第二","third":3}`
+    //     },
+    //     // JSON字符串作为变量值
+    //     {
+    //       body: `{"config":{{config}}}`,
+    //       variables: [{ key: '{{config}}', value: '{"setting":"enabled","mode":"advanced"}' }],
+    //       result: `{"config":{"setting":"enabled","mode":"advanced"}}`
+    //     }
+    //   ];
+
+    //   for (let i = 0; i < testData.length; i++) {
+    //     const item = testData[i];
+    //     let bodyStr = item.body;
+    //     for (const variable of item.variables) {
+    //       const isQuote = isVariableInQuotes(bodyStr, variable.key);
+    //       bodyStr = bodyStr.replace(variable.key, valToStr(variable.value, isQuote));
+    //     }
+    //     bodyStr = bodyStr.replace(/(".*?")\s*:\s*undefined\b/g, '$1:null');
+
+    //     console.log(bodyStr === item.result, i);
+    //     if (bodyStr !== item.result) {
+    //       console.log(bodyStr);
+    //       console.log(item.result);
+    //     } else {
+    //       try {
+    //         JSON.parse(item.result);
+    //       } catch (error) {
+    //         console.log('反序列化异常', i, item.result);
+    //       }
+    //     }
+    //   }
+    // };
+    // bodyTest();
 
     // 1. Replace {{key.key}} variables
     const regex1 = /\{\{\$([^.]+)\.([^$]+)\$\}\}/g;
@@ -148,6 +265,10 @@ export const dispatchHttp468Request = async (props: HttpRequestProps): Promise<H
     matches1.forEach((match) => {
       const nodeId = match[1];
       const id = match[2];
+      const fullMatch = match[0];
+
+      // 检查变量是否在引号内
+      const isInQuotes = isVariableInQuotes(text, fullMatch);
 
       const variableVal = (() => {
         if (nodeId === VARIABLE_NODE_ID) {
@@ -165,9 +286,9 @@ export const dispatchHttp468Request = async (props: HttpRequestProps): Promise<H
           return getReferenceVariableValue({ value: input.value, nodes: runtimeNodes, variables });
       })();
 
-      const formatVal = valToStr(variableVal);
+      const formatVal = valToStr(variableVal, isInQuotes);
 
-      const regex = new RegExp(`\\{\\{\\$(${nodeId}\\.${id})\\$\\}\\}`, 'g');
+      const regex = new RegExp(`\\{\\{\\$(${nodeId}\\.${id})\\$\\}\\}`, '');
       text = text.replace(regex, () => formatVal);
     });
 
@@ -176,10 +297,16 @@ export const dispatchHttp468Request = async (props: HttpRequestProps): Promise<H
     const matches2 = text.match(regex2) || [];
     const uniqueKeys2 = [...new Set(matches2.map((match) => match.slice(2, -2)))];
     for (const key of uniqueKeys2) {
-      text = text.replace(new RegExp(`{{(${key})}}`, 'g'), () => valToStr(allVariables[key]));
+      const fullMatch = `{{${key}}}`;
+      // 检查变量是否在引号内
+      const isInQuotes = isVariableInQuotes(text, fullMatch);
+
+      text = text.replace(new RegExp(`{{(${key})}}`, ''), () =>
+        valToStr(allVariables[key], isInQuotes)
+      );
     }
 
-    return text.replace(/(".*?")\s*:\s*undefined\b/g, '$1: null');
+    return text.replace(/(".*?")\s*:\s*undefined\b/g, '$1:null');
   };
 
   httpReqUrl = replaceStringVariables(httpReqUrl);

packages/service/support/user/team/controller.ts

@@ -43,7 +43,6 @@ async function getTeamMember(match: Record<string, any>): Promise<TeamTmbItemTyp
     teamDomain: tmb.team?.teamDomain,
     role: tmb.role,
     status: tmb.status,
-    defaultTeam: tmb.defaultTeam,
     permission: new TeamPermission({
       per: Per ?? TeamDefaultPermissionVal,
       isOwner: tmb.role === TeamMemberRoleEnum.owner
@@ -71,8 +70,7 @@ export async function getUserDefaultTeam({ userId }: { userId: string }) {
     return Promise.reject('tmbId or userId is required');
   }
   return getTeamMember({
-    userId: new Types.ObjectId(userId),
-    defaultTeam: true
+    userId: new Types.ObjectId(userId)
   });
 }
 

packages/service/support/user/team/teamMemberSchema.ts

@@ -39,14 +39,14 @@ const TeamMemberSchema = new Schema({
   updateTime: {
     type: Date
   },
-  defaultTeam: {
-    type: Boolean,
-    default: false
-  },
 
   // Abandoned
   role: {
     type: String
+  },
+  // Abandoned
+  defaultTeam: {
+    type: Boolean
   }
 });
 

packages/web/hooks/useScrollPagination.tsx

@@ -214,6 +214,11 @@ export function useScrollPagination<
     async (init = false, ScrollContainerRef?: RefObject<HTMLDivElement>) => {
       if (noMore && !init) return;
 
+      if (init) {
+        setData([]);
+        setTotal(0);
+      }
+
       const offset = init ? 0 : data.length;
 
       setTrue();
@@ -288,7 +293,7 @@ export function useScrollPagination<
       // Watch scroll position
       useThrottleEffect(
         () => {
-          if (!ref?.current || noMore) return;
+          if (!ref?.current || noMore || isLoading || data.length === 0) return;
           const { scrollTop, scrollHeight, clientHeight } = ref.current;
 
           if (

projects/app/src/pageComponents/account/model/Log/index.tsx

@@ -255,8 +255,8 @@ const ChannelLog = ({ Tab }: { Tab: React.ReactNode }) => {
                 </Tr>
               </Thead>
               <Tbody>
-                {formatData.map((item) => (
-                  <Tr key={item.id}>
+                {formatData.map((item, index) => (
+                  <Tr key={index}>
                     <Td>{item.channelName}</Td>
                     <Td>{item.model}</Td>
                     <Td>

projects/app/src/pageComponents/account/team/MemberTable.tsx

@@ -93,7 +93,7 @@ function MemberTable({ Tabs }: { Tabs: React.ReactNode }) {
 
   const { runAsync: onLeaveTeam } = useRequest2(
     async () => {
-      const defaultTeam = myTeams.find((item) => item.defaultTeam) || myTeams[0];
+      const defaultTeam = myTeams[0];
       // change to personal team
       onSwitchTeam(defaultTeam.teamId);
       return delLeaveTeam();

projects/app/src/pages/api/core/app/httpPlugin/getApiSchemaByUrl.ts

@@ -1,18 +1,23 @@
 import type { NextApiRequest, NextApiResponse } from 'next';
-import { jsonRes } from '@fastgpt/service/common/response';
 import { loadOpenAPISchemaFromUrl } from '@fastgpt/global/common/string/swagger';
+import { NextAPI } from '@/service/middleware/entry';
+import { CommonErrEnum } from '@fastgpt/global/common/error/code/common';
+import { isInternalAddress } from '@fastgpt/service/common/system/utils';
 
-export default async function handler(req: NextApiRequest, res: NextApiResponse<any>) {
-  try {
-    const apiURL = req.body.url as string;
+async function handler(req: NextApiRequest, res: NextApiResponse<any>) {
+  const apiURL = req.body.url as string;
 
-    return jsonRes(res, {
-      data: await loadOpenAPISchemaFromUrl(apiURL)
-    });
-  } catch (err) {
-    jsonRes(res, {
-      code: 500,
-      error: err
-    });
+  if (!apiURL) {
+    return Promise.reject(CommonErrEnum.missingParams);
   }
+
+  const isInternal = isInternalAddress(apiURL);
+
+  if (isInternal) {
+    return Promise.reject('Invalid url');
+  }
+
+  return await loadOpenAPISchemaFromUrl(apiURL);
 }
+
+export default NextAPI(handler);