Back to Home
ScholarChen20 icon

travel_agent

by ScholarChen20

View Source

Overview

An AI-driven smart travel planning assistant that leverages a multi-agent system, integrates with map services (Amap), provides social features, and includes administrative/monitoring tools.

Installation

Run Command
uvicorn app.api.main:app --host 0.0.0.0 --port 8000 --reload --log-level info

Environment Variables

  • APP_NAME
  • APP_VERSION
  • DEBUG
  • HOST
  • PORT
  • CORS_ORIGINS
  • AMAP_API_KEY
  • UNSPLASH_ACCESS_KEY
  • UNSPLASH_SECRET_KEY
  • OPENAI_API_KEY
  • OPENAI_BASE_URL
  • OPENAI_MODEL
  • LLM_API_KEY
  • LLM_BASE_URL
  • LLM_MODEL_ID
  • MYSQL_HOST
  • MYSQL_PORT
  • MYSQL_USER
  • MYSQL_PASSWORD
  • MYSQL_DATABASE
  • MONGODB_HOST
  • MONGODB_PORT
  • MONGODB_USER
  • MONGODB_PASSWORD
  • MONGODB_DATABASE
  • REDIS_HOST
  • REDIS_PORT
  • REDIS_PASSWORD
  • REDIS_DB
  • JWT_SECRET_KEY
  • JWT_ALGORITHM
  • JWT_ACCESS_TOKEN_EXPIRE_DAYS
  • PASSWORD_MIN_LENGTH
  • CAPTCHA_EXPIRY_SECONDS
  • MAX_LOGIN_ATTEMPTS
  • RATE_LIMIT_PER_MINUTE
  • LOG_LEVEL
  • AZURE_SPEECH_KEY
  • AZURE_SPEECH_REGION

Security Notes

Critical security vulnerabilities found. The `AMAP_MAPS_API_KEY` is hardcoded in `backend/app/agents/trip_planner_agent.py` and `backend/app/services/amap_service.py`, which is a severe information leak. The CORS configuration in `backend/app/api/main.py` is overly permissive with `allow_origins=... + ['*']`, making it vulnerable to various cross-origin attacks in a production environment. Default sensitive values like `jwt_secret_key`, `mysql_password`, and `redis_password` are present in `config.py`, posing a risk if not explicitly overridden by environment variables. File upload handling includes basic type and size validation but a thorough review for more complex bypasses (e.g., polyglot files) would be prudent. The application uses ORM for database interactions, which generally protects against SQL/NoSQL injection, but overall security is significantly compromised by hardcoded keys and permissive CORS.

Similar Servers

proteus-ai

10

A workflow execution engine that orchestrates multi-agent systems, integrates various tools, and provides a sandboxed environment for code execution to solve complex tasks.

Other
4
$High

tiny-robot

9

A Vue 3 component library and AI interaction kit for building AI-powered frontend applications, providing UI components and a unified API interface to interact with various large AI models.

Other
9
$Medium

MCP---Agent-Starter-Kit

3

Serves local documents via a REST API for manual retrieval or as a tool for Multi-Agent Collaboration Protocol (MCP) agents.

Other
3
$Low

cozyreq

2

Facilitates interaction between AI agents and a custom API.

7
$Low

Stats

Interest Score0
Security Score3
Cost ClassHigh
Avg Tokens8000
Stars0
Forks0
Last Update2026-01-19

Tags

AITravel PlanningMulti-Agent SystemMap ServiceWeb ApplicationAuthenticationSocial Features