feat(plugin): implement unauthorized Langgenius plugin blocking (#458)

* feat(plugin): implement unauthorized Langgenius plugin blocking

- Added configuration option to disable installation of plugins falsely claiming Langgenius authorship.
- Introduced new error handling for unauthorized Langgenius claims during plugin installation.
- Implemented tests to validate unauthorized Langgenius detection logic.
- Updated environment configuration and service files to support the new feature.

* fix: typo

* refactor(plugin): update Langgenius plugin signature enforcement

- Renamed configuration option from DISABLE_UNAUTHORIZED_LANGGENIUS_PACKAGE to ENFORCE_LANGGENIUS_PLUGIN_SIGNATURES for clarity.
- Updated error messages and logic in the plugin installation process to reflect the new configuration.
- Enhanced tests to validate the behavior of unauthorized Langgenius plugin detection with the new enforcement setting.

Author: Yeuoly

.env.example

@@ -140,6 +140,11 @@ THIRD_PARTY_SIGNATURE_VERIFICATION_ENABLED=false
 # A comma-separated list of file paths to public keys in addition to the official public key for signature verification
 THIRD_PARTY_SIGNATURE_VERIFICATION_PUBLIC_KEYS=
 
+# Enforce signature verification for plugins claiming Langgenius authorship
+# Set to "false" to allow installation of unsigned plugins claiming to be from Langgenius (security risk)
+# Community and partner plugins that don't claim Langgenius authorship are not affected
+ENFORCE_LANGGENIUS_PLUGIN_SIGNATURES=true
+
 # proxy settings, example: HTTP_PROXY=http://host.docker.internal:7890
 HTTP_PROXY=
 HTTPS_PROXY=

internal/service/exec.go

@@ -0,0 +1,10 @@
+package service
+
+import "errors"
+
+var (
+	ErrUnauthorizedLanggenius = errors.New(`
+		plugin installation blocked: this plugin claims to be from Langgenius but lacks official signature verification. 
+		Set ENFORCE_LANGGENIUS_PLUGIN_SIGNATURES=false to allow installation (not recommended)`,
+	)
+)

internal/service/install_plugin.go

@@ -131,7 +131,13 @@ func doInstallPluginRuntime(
 			return
 		}
 
-		zipDecoder, err = decoder.NewZipPluginDecoder(pkgFile)
+		zipDecoder, err = decoder.NewZipPluginDecoderWithThirdPartySignatureVerificationConfig(
+			pkgFile,
+			&decoder.ThirdPartySignatureVerificationConfig{
+				Enabled:        config.ThirdPartySignatureVerificationEnabled,
+				PublicKeyPaths: config.ThirdPartySignatureVerificationPublicKeys,
+			},
+		)
 		if err != nil {
 			updateTaskStatus(func(task *models.InstallTask, plugin *models.InstallTaskPluginStatus) {
 				task.Status = models.InstallTaskStatusFailed

internal/service/plugin_decoder.go

@@ -66,6 +66,12 @@ func UploadPluginPkg(
 		verification = decoder.DefaultVerification()
 	}
 
+	if config.EnforceLanggeniusSignatures {
+		if isUnauthorizedLanggenius(declaration, verification) {
+			return exception.BadRequestError(ErrUnauthorizedLanggenius).ToResponse()
+		}
+	}
+
 	return entities.NewSuccessResponse(map[string]any{
 		"unique_identifier": pluginUniqueIdentifier,
 		"manifest":          declaration,
@@ -158,6 +164,17 @@ func UploadPluginBundle(
 						}
 					}
 
+					verification, _ := decoderInstance.Verification()
+					if verification == nil && decoderInstance.Verified() {
+						verification = decoder.DefaultVerification()
+					}
+
+					if config.EnforceLanggeniusSignatures {
+						if isUnauthorizedLanggenius(declaration, verification) {
+							return exception.BadRequestError(ErrUnauthorizedLanggenius).ToResponse()
+						}
+					}
+
 					result = append(result, map[string]any{
 						"type": "package",
 						"value": map[string]any{

internal/service/unauthorized_langgenius.go

@@ -0,0 +1,23 @@
+package service
+
+import (
+	"strings"
+
+	"github.com/langgenius/dify-plugin-daemon/pkg/entities/plugin_entities"
+	"github.com/langgenius/dify-plugin-daemon/pkg/plugin_packager/decoder"
+)
+
+// isUnauthorizedLanggenius checks if a plugin falsely claims to be from Langgenius
+func isUnauthorizedLanggenius(declaration *plugin_entities.PluginDeclaration, verification *decoder.Verification) bool {
+	// Check if plugin claims to be from Langgenius (case-insensitive)
+	claimsLanggenius := strings.ToLower(declaration.Author) == string(decoder.AUTHORIZED_CATEGORY_LANGGENIUS)
+
+	// If claims Langgenius but not properly authorized
+	if claimsLanggenius {
+		return verification == nil || // if no verification, it's unauthorized
+			verification.AuthorizedCategory != decoder.AUTHORIZED_CATEGORY_LANGGENIUS
+	}
+
+	// Non-Langgenius plugins are allowed
+	return false
+}

internal/service/unauthorized_langgenius_test.go

@@ -0,0 +1,203 @@
+package service
+
+import (
+	"testing"
+
+	"github.com/langgenius/dify-plugin-daemon/pkg/entities/plugin_entities"
+	"github.com/langgenius/dify-plugin-daemon/pkg/plugin_packager/decoder"
+)
+
+func TestIsUnauthorizedLanggenius(t *testing.T) {
+	// Tests for isUnauthorizedLanggenius function
+	// This function is used when ENFORCE_LANGGENIUS_PLUGIN_SIGNATURES=true (default)
+	// to prevent unauthorized plugins from impersonating Langgenius
+	tests := []struct {
+		name         string
+		author       string
+		verification *decoder.Verification
+		want         bool
+	}{
+		{
+			name:   "langgenius author with proper verification",
+			author: "langgenius",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_LANGGENIUS,
+			},
+			want: false, // properly authorized
+		},
+		{
+			name:   "langgenius author with partner verification",
+			author: "langgenius",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_PARTNER,
+			},
+			want: true, // unauthorized - claims langgenius but verified as partner
+		},
+		{
+			name:   "langgenius author with community verification",
+			author: "langgenius",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_COMMUNITY,
+			},
+			want: true, // unauthorized - claims langgenius but verified as community
+		},
+		{
+			name:         "langgenius author without verification",
+			author:       "langgenius",
+			verification: nil,
+			want:         true, // unauthorized - claims langgenius but no verification
+		},
+		{
+			name:   "Langgenius author (capital L) with proper verification",
+			author: "Langgenius",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_LANGGENIUS,
+			},
+			want: false, // properly authorized (case-insensitive)
+		},
+		{
+			name:   "LANGGENIUS author (all caps) with proper verification",
+			author: "LANGGENIUS",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_LANGGENIUS,
+			},
+			want: false, // properly authorized (case-insensitive)
+		},
+		{
+			name:         "LANGGENIUS author (all caps) without verification",
+			author:       "LANGGENIUS",
+			verification: nil,
+			want:         true, // unauthorized - claims langgenius but no verification
+		},
+		{
+			name:   "community author with community verification",
+			author: "community_developer",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_COMMUNITY,
+			},
+			want: false, // authorized - doesn't claim langgenius
+		},
+		{
+			name:   "partner author with partner verification",
+			author: "partner_company",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_PARTNER,
+			},
+			want: false, // authorized - doesn't claim langgenius
+		},
+		{
+			name:         "community author without verification",
+			author:       "john_doe",
+			verification: nil,
+			want:         false, // allowed - doesn't claim langgenius
+		},
+		{
+			name:   "empty author with langgenius verification",
+			author: "",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_LANGGENIUS,
+			},
+			want: false, // allowed - doesn't claim langgenius
+		},
+		{
+			name:         "empty author without verification",
+			author:       "",
+			verification: nil,
+			want:         false, // allowed - doesn't claim langgenius
+		},
+		{
+			name:   "author contains langgenius but not exact match",
+			author: "not_langgenius",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_COMMUNITY,
+			},
+			want: false, // allowed - not exact match
+		},
+		{
+			name:   "author langgenius_team",
+			author: "langgenius_team",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_COMMUNITY,
+			},
+			want: false, // allowed - not exact match
+		},
+		{
+			name:   "author my_langgenius",
+			author: "my_langgenius",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_COMMUNITY,
+			},
+			want: false, // allowed - not exact match
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			declaration := &plugin_entities.PluginDeclaration{
+				PluginDeclarationWithoutAdvancedFields: plugin_entities.PluginDeclarationWithoutAdvancedFields{
+					Author: tt.author,
+				},
+			}
+			
+			got := isUnauthorizedLanggenius(declaration, tt.verification)
+			if got != tt.want {
+				t.Errorf("isUnauthorizedLanggenius() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestIsUnauthorizedLanggenius_EdgeCases(t *testing.T) {
+	tests := []struct {
+		name         string
+		author       string
+		verification *decoder.Verification
+		want         bool
+	}{
+		{
+			name:   "langgenius with spaces",
+			author: " langgenius ",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_LANGGENIUS,
+			},
+			want: false, // spaces don't affect the comparison after lowercase
+		},
+		{
+			name:   "langgenius with spaces but no verification",
+			author: " langgenius ",
+			verification: nil,
+			want: false, // with spaces, not exact match after lowercase
+		},
+		{
+			name:   "LaNgGeNiUs mixed case",
+			author: "LaNgGeNiUs",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_LANGGENIUS,
+			},
+			want: false, // properly authorized (case-insensitive)
+		},
+		{
+			name:   "langgenius. with punctuation",
+			author: "langgenius.",
+			verification: &decoder.Verification{
+				AuthorizedCategory: decoder.AUTHORIZED_CATEGORY_COMMUNITY,
+			},
+			want: false, // not exact match due to punctuation
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			declaration := &plugin_entities.PluginDeclaration{
+				PluginDeclarationWithoutAdvancedFields: plugin_entities.PluginDeclarationWithoutAdvancedFields{
+					Author: tt.author,
+				},
+			}
+			
+			got := isUnauthorizedLanggenius(declaration, tt.verification)
+			if got != tt.want {
+				t.Errorf("isUnauthorizedLanggenius() = %v, want %v for author=%q", got, tt.want, tt.author)
+			}
+		})
+	}
+}

internal/types/app/config.go

@@ -146,6 +146,9 @@ type Config struct {
 	// a comma-separated list of file paths to public keys in addition to the official public key for signature verification
 	ThirdPartySignatureVerificationPublicKeys []string `envconfig:"THIRD_PARTY_SIGNATURE_VERIFICATION_PUBLIC_KEYS"  default:""`
 
+	// Enforce signature verification for plugins claiming Langgenius authorship
+	EnforceLanggeniusSignatures bool `envconfig:"ENFORCE_LANGGENIUS_PLUGIN_SIGNATURES" default:"true"`
+
 	// lifetime state management
 	LifetimeCollectionHeartbeatInterval int `envconfig:"LIFETIME_COLLECTION_HEARTBEAT_INTERVAL"  validate:"required"`
 	LifetimeCollectionGCInterval        int `envconfig:"LIFETIME_COLLECTION_GC_INTERVAL" validate:"required"`