Langflow is a powerful tool for building and deploying AI-powered agents and workflows.
http://www.langflow.org
3a3e205f6f* feat(auth): update AUTO_LOGIN authentication to enforce API key or JWT requirement * Removed deprecated warning messages and implemented explicit HTTP exceptions for missing API key or JWT in both API and WebSocket authentication methods. * Enhanced error handling to ensure compliance with the new authentication requirements introduced in v1.5. * fix(auth): refine error message for AUTO_LOGIN API key requirement * Updated the error message in the API key security function to clarify that AUTO_LOGIN requires a valid API key, removing the mention of JWT for consistency with the latest authentication requirements. * feat(auth): introduce SKIP_AUTH_AUTO_LOGIN setting for enhanced authentication flexibility * Added a new configuration option `SKIP_AUTH_AUTO_LOGIN` to the AuthSettings class, allowing the application to bypass API key validation for auto login. * Updated the API and WebSocket security functions to utilize this setting, improving error handling and providing a fallback for superuser credentials when authentication is skipped. * refactor(auth): rename SKIP_AUTH_AUTO_LOGIN to skip_auth_auto_login for consistency * Updated the `SKIP_AUTH_AUTO_LOGIN` setting in the `AuthSettings` class to `skip_auth_auto_login` to follow Python naming conventions. * Adjusted references in the API and WebSocket security functions to use the new attribute name, ensuring consistent behavior across the authentication logic. * feat(auth): add deprecation warning for SKIP_AUTH_AUTO_LOGIN removal * Introduced a warning log in both API and WebSocket security functions to inform users that the `LANGFLOW_SKIP_AUTH_AUTO_LOGIN` feature will be removed in version 1.6, prompting necessary updates to authentication methods. * feat(auth): enhance deprecation warnings for AUTO_LOGIN features * Added constants for deprecation warning and error messages related to `LANGFLOW_SKIP_AUTH_AUTO_LOGIN` and `AUTO_LOGIN` requirements, improving code maintainability and clarity. * Updated API and WebSocket security functions to utilize these constants for logging and exception handling, ensuring consistent messaging across authentication methods. * fix(auth): update AUTO_LOGIN_ERROR message to include LANGFLOW_SKIP_AUTH_AUTO_LOGIN usage * fix(auth): correct logic for API key validation in WebSocket security function * Adjusted the conditional flow in the `ws_api_key_security` function to ensure that the API key is checked only when necessary, improving the clarity and correctness of the authentication logic. * [autofix.ci] apply automated fixes * feat(tests): add authentication token retrieval for starter projects integration tests * Implemented a helper function to obtain a JWT token for API requests, enhancing the security of the integration tests. * Updated the test for starter projects to include the token in API requests, ensuring proper authentication during testing. * feat(auth): add MCP-specific user authentication and active user dependency * Introduced `get_current_user_mcp` function for MCP-specific user authentication, allowing fallback to username lookup when no API key is provided. * Added `get_current_active_user_mcp` dependency to manage active user checks for MCP, ensuring proper integration with the authentication flow. * refactor(api): replace user dependency with CurrentActiveMCPUser in mcp project endpoints * Updated project-related API endpoints to use CurrentActiveMCPUser for user authentication, enhancing clarity and consistency in user management. * Removed unused imports and dependencies related to the previous user authentication method, streamlining the codebase. --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> |
||
|---|---|---|
| .cursor/rules | ||
| .devcontainer | ||
| .github | ||
| .vscode | ||
| deploy | ||
| docker | ||
| docker_example | ||
| docs | ||
| scripts | ||
| src | ||
| test-results | ||
| .coderabbit.yaml | ||
| .composio.lock | ||
| .env.example | ||
| .eslintrc.json | ||
| .gitattributes | ||
| .gitignore | ||
| .pre-commit-config.yaml | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| DEVELOPMENT.md | ||
| eslint.config.js | ||
| LICENSE | ||
| Makefile | ||
| pyproject.toml | ||
| README.md | ||
| render.yaml | ||
| SECURITY.md | ||
| uv.lock | ||
Caution
Users must update to Langflow >= 1.3 to protect against CVE-2025-3248.
Langflow is a powerful tool for building and deploying AI-powered agents and workflows. It provides developers with both a visual authoring experience and a built-in API server that turns every agent into an API endpoint that can be integrated into applications built on any framework or stack. Langflow comes with batteries included and supports all major LLMs, vector databases and a growing library of AI tools.
✨ Highlight features
- Visual builder interface to quickly get started and iterate .
- Source code access lets you customize any component using Python.
- Interactive playground to immediately test and refine your flows with step-by-step control.
- Multi-agent orchestration with conversation management and retrieval.
- Deploy as an API or export as JSON for Python apps.
- Observability with LangSmith, LangFuse and other integrations.
- Enterprise-ready security and scalability.
⚡️ Quickstart
Langflow requires Python 3.10 to 3.13 and uv.
- To install Langflow, run:
uv pip install langflow -U
- To run Langflow, run:
uv run langflow run
- Go to the default Langflow URL at
http://127.0.0.1:7860.
For more information about installing Langflow, including Docker and Desktop options, see Install Langflow.
📦 Deployment
Langflow is completely open source and you can deploy it to all major deployment clouds. To learn how to use Docker to deploy Langflow, see the Docker deployment guide.
⭐ Stay up-to-date
Star Langflow on GitHub to be instantly notified of new releases.
👋 Contribute
We welcome contributions from developers of all levels. If you'd like to contribute, please check our contributing guidelines and help make Langflow more accessible.