furyhawk/deer-flow
1
0
Fork 0
mirror of https://github.com/bytedance/deer-flow.git synced 2026-06-12 02:15:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Address channel connection review comments

Browse Source
This commit is contained in:
hetaoBackend
2026-06-12 09:42:38 +08:00
parent e0cb0df5da
commit 274cae62d8
6 changed files with 66 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/docs/IM_CHANNEL_CONNECTIONS.md
+3 -2
View File
@@ -100,7 +100,7 @@ Feishu/Lark, DingTalk, WeChat, and WeCom:
- The UI shows `Send /connect <code> to the DeerFlow <Provider> bot.`
- The already-running long-connection or polling worker receives the message and binds the platform user/workspace identity to the current DeerFlow user.
Codes expire after 10 minutes and are single-use.
Codes use 128 bits of randomness, expire after 10 minutes, and are single-use.
## Runtime Model
@@ -116,6 +116,7 @@ Incoming messages that resolve to a connection carry `connection_id`, `owner_use
## Security Notes
- Browser APIs remain authenticated and CSRF-protected.
- Connect codes are random, short-lived, and single-use.
- Connect codes are 128-bit random, short-lived, and single-use.
- Provider bot tokens remain in `channels.*` and are never returned to the browser.
- Stored per-connection credentials are encrypted. If stored credential material cannot be decrypted, DeerFlow treats it as unavailable instead of using corrupt secrets.
- This implementation does not add public provider callback or webhook routes.