wangbo/ComfyUI-Manager
1
0
Fork 0
mirror of https://github.com/Comfy-Org/ComfyUI-Manager.git synced 2026-05-09 16:42:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
01799f8cac
ComfyUI-Manager/comfyui_manager/data_models
History
Dr.Lt.Data 4410ebc6a6
Some checks are pending
Publish to PyPI / build-and-publish (push) Waiting to run
Details
Python Linting / Run Ruff (push) Waiting to run
Details
fix(security): harden CSRF with Content-Type gate and expand E2E coverage (#2818) 
Defense-in-depth over GET→POST alone: reject the three CORS-safelisted
simple-form Content-Types (x-www-form-urlencoded, multipart/form-data,
text/plain) on 16 no-body POST handlers (glob + legacy) to block
<form method=POST> CSRF that bypasses method-only gating. Move
comfyui_switch_version to a JSON body so the preflight requirement applies.
Split db_mode/policy/update/channel_url_list into GET(read) + POST(write).
Tighten do_fix (high → high+) and gate three previously-ungated config
setters at middle. Resynchronize openapi.yaml (27 paths, 30 operations,
ComfyUISwitchVersionParams as a shared $ref component). Add E2E harness
variants, Playwright config, CSRF/secgate suites, 39-endpoint coverage,
and a CHANGELOG.

Breaking: legacy per-op POST routes (install/uninstall/fix/disable/update/
reinstall/abort_current) are removed; callers already use queue/batch.
Legacy /manager/notice (v1) is removed; /v2/manager/notice is retained.

Reported-by: XlabAI Team of Tencent Xuanwu Lab
CVSS: 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H)
2026-04-22 05:04:30 +09:00
..
__init__.py fix(security): harden CSRF with Content-Type gate and expand E2E coverage (#2818) 2026-04-22 05:04:30 +09:00
generated_models.py fix(security): harden CSRF with Content-Type gate and expand E2E coverage (#2818) 2026-04-22 05:04:30 +09:00
README.md modified: Do not modify generated_models.py directly; use openapi.yaml instead. 2025-06-28 07:54:17 +09:00

README.md

Data Models

This directory contains Pydantic models for ComfyUI Manager, providing type safety, validation, and serialization for the API and internal data structures.

Overview

  • generated_models.py - All models auto-generated from OpenAPI spec
  • __init__.py - Package exports for all models

Note: All models are now auto-generated from the OpenAPI specification. Manual model files (task_queue.py, state_management.py) have been deprecated in favor of a single source of truth.

Generating Types from OpenAPI

The state management models are automatically generated from the OpenAPI specification using datamodel-codegen. This ensures type safety and consistency between the API specification and the Python code.

Prerequisites

Install the code generator:

pipx install datamodel-code-generator

Generation Command

To regenerate all models after updating the OpenAPI spec:

datamodel-codegen \
  --use-subclass-enum \
  --field-constraints \
  --strict-types bytes \
  --use-double-quotes \
  --input openapi.yaml \
  --output comfyui_manager/data_models/generated_models.py \
  --output-model-type pydantic_v2.BaseModel

When to Regenerate

You should regenerate the models when:

  1. Adding new API endpoints that return new data structures
  2. Modifying existing schemas in the OpenAPI specification
  3. Adding new state management features that require new models

Important Notes

  • Single source of truth: All models are now generated from openapi.yaml
  • No manual models: All previously manual models have been migrated to the OpenAPI spec
  • OpenAPI requirements: New schemas must be referenced in API paths to be generated by datamodel-codegen
  • Validation: Always validate the OpenAPI spec before generation: 
    python3 -c "import yaml; yaml.safe_load(open('openapi.yaml'))"

Example: Adding New State Models

  1. Add your schema to openapi.yaml under components/schemas/
  2. Reference the schema in an API endpoint response
  3. Run the generation command above
  4. Update __init__.py to export the new models
  5. Import and use the models in your code

Troubleshooting

  • Models not generated: Ensure schemas are under components/schemas/ (not parameters/)
  • Missing models: Verify schemas are referenced in at least one API path
  • Import errors: Check that new models are added to __init__.py exports