security: fix api image security issues (#6971)

api/Dockerfile

@@ -41,8 +41,12 @@ ENV TZ=UTC
 WORKDIR /app/api
 
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends curl wget vim nodejs ffmpeg libgmp-dev libmpfr-dev libmpc-dev \
+    && apt-get install -y --no-install-recommends curl nodejs libgmp-dev libmpfr-dev libmpc-dev \
-    && apt-get autoremove \
+    && echo "deb http://deb.debian.org/debian testing main" > /etc/apt/sources.list \
+    && apt-get update \
+    # For Security
+    && apt-get install -y --no-install-recommends zlib1g=1:1.3.dfsg+really1.3.1-1 expat=2.6.2-1 libldap-2.5-0=2.5.18+dfsg-2 perl=5.38.2-5 libsqlite3-0=3.46.0-1 \
+    && apt-get autoremove -y \
     && rm -rf /var/lib/apt/lists/*
 
 # Copy Python environment and packages

api/core/model_runtime/model_providers/__base/tts_model.py

@@ -1,18 +1,16 @@
-import hashlib
 import logging
 import re
-import subprocess
-import uuid
 from abc import abstractmethod
 from typing import Optional
 
 from pydantic import ConfigDict
 
 from core.model_runtime.entities.model_entities import ModelPropertyKey, ModelType
-from core.model_runtime.errors.invoke import InvokeBadRequestError
 from core.model_runtime.model_providers.__base.ai_model import AIModel
 
 logger = logging.getLogger(__name__)
+
+
 class TTSModel(AIModel):
     """
     Model class for ttstext model.
@@ -37,8 +35,6 @@ class TTSModel(AIModel):
         :return: translated audio file
         """
         try:
-            logger.info(f"Invoke TTS model: {model} , invoke content : {content_text}")
-            self._is_ffmpeg_installed()
             return self._invoke(model=model, credentials=credentials, user=user,
                                 content_text=content_text, voice=voice, tenant_id=tenant_id)
         except Exception as e:
@@ -75,7 +71,8 @@ class TTSModel(AIModel):
         if model_schema and ModelPropertyKey.VOICES in model_schema.model_properties:
             voices = model_schema.model_properties[ModelPropertyKey.VOICES]
             if language:
-                return [{'name': d['name'], 'value': d['mode']} for d in voices if language and language in d.get('language')]
+                return [{'name': d['name'], 'value': d['mode']} for d in voices if
+                        language and language in d.get('language')]
             else:
                 return [{'name': d['name'], 'value': d['mode']} for d in voices]
 
@@ -146,28 +143,3 @@ class TTSModel(AIModel):
         if one_sentence != '':
             result.append(one_sentence)
         return result
-
-    @staticmethod
-    def _is_ffmpeg_installed():
-        try:
-            output = subprocess.check_output("ffmpeg -version", shell=True)
-            if "ffmpeg version" in output.decode("utf-8"):
-                return True
-            else:
-                raise InvokeBadRequestError("ffmpeg is not installed, "
-                                            "details: https://docs.dify.ai/getting-started/install-self-hosted"
-                                            "/install-faq#id-14.-what-to-do-if-this-error-occurs-in-text-to-speech")
-        except Exception:
-            raise InvokeBadRequestError("ffmpeg is not installed, "
-                                        "details: https://docs.dify.ai/getting-started/install-self-hosted"
-                                        "/install-faq#id-14.-what-to-do-if-this-error-occurs-in-text-to-speech")
-
-    # Todo: To improve the streaming function
-    @staticmethod
-    def _get_file_name(file_content: str) -> str:
-        hash_object = hashlib.sha256(file_content.encode())
-        hex_digest = hash_object.hexdigest()
-
-        namespace_uuid = uuid.UUID('a5da6ef9-b303-596f-8e88-bf8fa40f4b31')
-        unique_uuid = uuid.uuid5(namespace_uuid, hex_digest)
-        return str(unique_uuid)

api/poetry.lock

@@ -6300,17 +6300,6 @@ python-dotenv = ">=0.21.0"
 toml = ["tomli (>=2.0.1)"]
 yaml = ["pyyaml (>=6.0.1)"]
 
-[[package]]
-name = "pydub"
-version = "0.25.1"
-description = "Manipulate audio with an simple and easy high level interface"
-optional = false
-python-versions = "*"
-files = [
-    {file = "pydub-0.25.1-py2.py3-none-any.whl", hash = "sha256:65617e33033874b59d87db603aa1ed450633288aefead953b30bded59cb599a6"},
-    {file = "pydub-0.25.1.tar.gz", hash = "sha256:980a33ce9949cab2a569606b65674d748ecbca4f0796887fd6f46173a7b0d30f"},
-]
-
 [[package]]
 name = "pygments"
 version = "2.18.0"
@@ -9521,4 +9510,4 @@ cffi = ["cffi (>=1.11)"]
 [metadata]
 lock-version = "2.0"
 python-versions = ">=3.10,<3.13"
-content-hash = "6eb1649ed473ab7916683beb3a9a09c1fc97f99845ee77adb811ea95b93b32e4"
+content-hash = "ca0efc924f1f20acdfba068aa571015a10f0e185427dc3b22333be252d706de2"

api/pyproject.toml

@@ -152,7 +152,6 @@ pycryptodome = "3.19.1"
 pydantic = "~2.8.2"
 pydantic-settings = "~2.3.4"
 pydantic_extra_types = "~2.9.0"
-pydub = "~0.25.1"
 pyjwt = "~2.8.0"
 pypdfium2 = "~4.17.0"
 python = ">=3.10,<3.13"
@@ -179,6 +178,7 @@ yarl = "~1.9.4"
 zhipuai = "1.0.7"
 rank-bm25 = "~0.2.2"
 openpyxl = "^3.1.5"
+kaleido = "0.2.1"
 
 ############################################################
 # Tool dependencies required by tool implementations