search

langflow-ai / langflow

Langflow is a low-code app builder for RAG and multi-agent AI applications. It’s Python-based and agnostic to any model, API, or database.
http://www.langflow.org
MIT License
35.58k stars 4.23k forks source link

[Feature Request] Collaborative/Access Control enhancement #1864

Open jaschahuisman opened 6 months ago

jaschahuisman commented 6 months ago

As discussed in issues #1735 and #1725, enhancing the collaborative capabilities of LangFlow can significantly improve user experience, particularly in team-based environments. This feature request outlines proposed improvements in authentication/role management, cross-account flow sharing, asynchronous updates, and flow version management.

Proposed Enhancements:

  1. Improved Authentication and Role Management:
    • Objective: Implement a more robust authentication system to support varying levels of user permissions.
    • Implementation:
    • Integrate OAuth2 with current authentication systems to enable more secure and flexible user management.
    • Develop roles such as Admin, Editor, and Viewer, each with different permissions regarding the creation, editing, and viewing of flows.
  2. Cross-Account Flow Sharing:
    • Objective: Enable users to share workflows across different accounts, enhancing collaborative efforts.
    • Implementation:
    • Create a sharing interface where users can invite others to access workflows by email or user ID.
    • Implement sharing permissions that allow users to set read-only or edit rights for each shared user.
  3. Asynchronous Updates and Notifications:
    • Objective: Allow users to receive updates on shared flows asynchronously, ensuring all collaborators are kept up-to-date.
    • Implementation:
    • Utilize WebSockets for real-time data transfer to enable live updates without requiring page refreshes.
    • Integrate a notification system that alerts users to changes or comments in shared flows.
  4. Flow Version Management:
    • Objective: Implement a version control system for flows to track changes over time and enable rollback to previous versions if needed.
    • Implementation:
    • Develop a version history feature that records each change made to a flow, along with the user who made the change and the time.
    • Provide an interface to view version history and revert to previous versions when necessary. Technical Considerations:

Ensure that all new features adhere to best practices in security and data privacy. Consider the scalability of the solution to accommodate a growing number of users and workflows.

Impact:

These enhancements will streamline collaborative efforts, improve security, and make LangFlow a more robust tool for both individual users and teams. They will also address current limitations noted by users, fostering a more efficient and user-friendly environment.

ogabrielluiz commented 6 months ago

Hey @jaschahuisman

These are awesome and some of them are in our (internal) roadmap.

We plan on using Casbin for the RBAC/ABAC.

Do you have the expertise for any of these? We can collaborate on them if you like.

jaschahuisman commented 6 months ago

No experience in Casbin here. Where can I find the roadmap? (curious 👀) @ogabrielluiz

disdonline commented 6 months ago

+1 on this.

"Utilize WebSockets for real-time data transfer to enable live updates without requiring page refreshes."

Would love this!

ncecere commented 4 months ago

was this part of the 1.0.0 release ?

goodosoft commented 4 months ago

How is the progress? I want to contribute to this feature.

codenprogressive commented 3 months ago

I was reading about how other frameworks deal with federated authentication. Here is an example of how Open Web UI integrates it: https://docs.openwebui.com/tutorial/sso/. I know the Langflow will leverage Casbin library to enable SSO. but if it is too complex can we implement something similar to what Open Web UI did?

I started replicating, I added in the create_app function in langflow/src/backend/base/langflow/main.py, two paths:

################################
### Integrate Google OAuth 2.0
################################

import os
import json
from starlette.config import Config
from authlib.integrations.starlette_client import OAuth
from starlette.middleware.sessions import SessionMiddleware
from starlette.responses import RedirectResponse

#######################
## Load OAuth variables
#######################
oauth_config_json = json.loads(os.environ["OAUTH_CFG"])
GOOGLE_CLIENT_ID=oauth_config_json['web']['client_id']
GOOGLE_CLIENT_SECRET=oauth_config_json['web']['client_secret']
SECRET_KEY = os.environ.get("SECRET_KEY") or "a_very_secret_key"

###################
## OAuth setup
###################
config_data = {'GOOGLE_CLIENT_ID': GOOGLE_CLIENT_ID, 'GOOGLE_CLIENT_SECRET': GOOGLE_CLIENT_SECRET}
starlette_config = Config(environ=config_data)
oauth = OAuth(starlette_config)
oauth.register(
    name='google',
    server_metadata_url='https://accounts.google.com/.well-known/openid-configuration',
    client_kwargs={'scope': 'openid email https://www.googleapis.com/auth/bigquery'},
)

app.add_middleware(
    SessionMiddleware,
    secret_key=get_settings_service().auth_settings.SECRET_KEY.get_secret_value()
    )

@app.get("/logingoogle")
async def google_login(request: Request):
    redirect_uri = request.url_for("login_to_get_access_token")
    print("Redirecting to", redirect_uri)
    return await oauth.google.authorize_redirect(request, redirect_uri)

@app.get("/logincallback")
async def login_to_get_access_token(
    request: Request,
):
    try:
        # 1. get token from google server
        access_token = await oauth.google.authorize_access_token(request)
        # ****rest of code here****
    except Exception as exc:
        if isinstance(exc, HTTPException):
            raise exc
        raise HTTPException(
            status_code=500,
            detail=str(exc),
        ) from exc

    return RedirectResponse(url='/')

My challenge is how to modify the typescript logic to redirtect to /googlelogin rather than the default /login. Typescript is not my strength.

Any help is much appreciated!!

hakan-77 commented 3 months ago

Hi @ogabrielluiz, is Casbin still in the roadmap?

dosubot[bot] commented 2 weeks ago

Hi, @jaschahuisman. I'm helping the langflow team manage their backlog and am marking this issue as stale.

Your issue discusses potential enhancements to LangFlow's collaborative features, including improved authentication, role management, and real-time updates. While some of these enhancements are on the internal roadmap, you've mentioned your lack of experience with Casbin, the proposed library for role-based access control. Other contributors have shown interest in these features, with suggestions like federated authentication and Google OAuth integration.

Could you please let us know if this issue is still relevant to the latest version of the langflow repository? If it is, feel free to comment here to keep the discussion alive. Otherwise, you can close the issue yourself, or it will be automatically closed in 7 days. Thank you!

neill-k commented 2 weeks ago

This is an important feature

dosubot[bot] commented 2 weeks ago

@ogabrielluiz, the user has indicated that the enhancements to LangFlow's collaborative features are still important. Could you please assist them with this issue?