diff --git a/lightrag/api/README.md b/lightrag/api/README.md index e00fac48..f9a2a197 100644 --- a/lightrag/api/README.md +++ b/lightrag/api/README.md @@ -295,32 +295,26 @@ You can not change storage implementation selection after you add documents to L ### LightRag API Server Comand Line Options -| Parameter | Default | Description | -|-------------------------|----------------|-----------------------------------------------------------------------------------------------------------------------------| -| --host | 0.0.0.0 | Server host | -| --port | 9621 | Server port | -| --working-dir | ./rag_storage | Working directory for RAG storage | -| --input-dir | ./inputs | Directory containing input documents | -| --max-async | 4 | Maximum async operations | -| --max-tokens | 32768 | Maximum token size | -| --timeout | 150 | Timeout in seconds. None for infinite timeout(not recommended) | -| --log-level | INFO | Logging level (DEBUG, INFO, WARNING, ERROR, CRITICAL) | -| --verbose | - | Verbose debug output (True, Flase) | -| --key | None | API key for authentication. Protects lightrag server against unauthorized access | -| --ssl | False | Enable HTTPS | -| --ssl-certfile | None | Path to SSL certificate file (required if --ssl is enabled) | -| --ssl-keyfile | None | Path to SSL private key file (required if --ssl is enabled) | -| --top-k | 50 | Number of top-k items to retrieve; corresponds to entities in "local" mode and relationships in "global" mode. | -| --cosine-threshold | 0.4 | The cossine threshold for nodes and relations retrieval, works with top-k to control the retrieval of nodes and relations. | -| --llm-binding | ollama | LLM binding type (lollms, ollama, openai, openai-ollama, azure_openai) | -| --embedding-binding | ollama | Embedding binding type (lollms, ollama, openai, azure_openai) | -| --auto-scan-at-startup | - | Scan input directory for new files and start indexing | -| --auth-username | - | Enable jwt if not empty | -| --auth-password | - | Enable jwt if not empty | -| --token-secret | - | JWT key | -| --token-expire-hours | 4 | expire duration | -| --whitelist-paths | /login,/health | white list | - +| Parameter | Default | Description | +|-----------|---------|-------------| +| --host | 0.0.0.0 | Server host | +| --port | 9621 | Server port | +| --working-dir | ./rag_storage | Working directory for RAG storage | +| --input-dir | ./inputs | Directory containing input documents | +| --max-async | 4 | Maximum async operations | +| --max-tokens | 32768 | Maximum token size | +| --timeout | 150 | Timeout in seconds. None for infinite timeout(not recommended) | +| --log-level | INFO | Logging level (DEBUG, INFO, WARNING, ERROR, CRITICAL) | +| --verbose | - | Verbose debug output (True, Flase) | +| --key | None | API key for authentication. Protects lightrag server against unauthorized access | +| --ssl | False | Enable HTTPS | +| --ssl-certfile | None | Path to SSL certificate file (required if --ssl is enabled) | +| --ssl-keyfile | None | Path to SSL private key file (required if --ssl is enabled) | +| --top-k | 50 | Number of top-k items to retrieve; corresponds to entities in "local" mode and relationships in "global" mode. | +| --cosine-threshold | 0.4 | The cossine threshold for nodes and relations retrieval, works with top-k to control the retrieval of nodes and relations. | +| --llm-binding | ollama | LLM binding type (lollms, ollama, openai, openai-ollama, azure_openai) | +| --embedding-binding | ollama | Embedding binding type (lollms, ollama, openai, azure_openai) | +| auto-scan-at-startup | - | Scan input directory for new files and start indexing | ### Example Usage @@ -399,11 +393,11 @@ pip install lightrag-hku LightRAG API Server implements JWT-based authentication using HS256 algorithm. To enable secure access control, the following environment variables are required: ```bash # For jwt auth -AUTH_USERNAME=admin # login name --auth-username -AUTH_PASSWORD=admin123 # password --auth-password -TOKEN_SECRET=your-key # JWT key --token-secret -TOKEN_EXPIRE_HOURS=4 # expire duration --token-expire-hours -WHITELIST_PATHS=/login,/health # white list --whitelist-paths +AUTH_USERNAME=admin # login name +AUTH_PASSWORD=admin123 # password +TOKEN_SECRET=your-key # JWT key +TOKEN_EXPIRE_HOURS=4 # expire duration +WHITELIST_PATHS=/api1,/api2 # white list. /login,/health,/docs,/redoc,/openapi.json are whitelisted by default. ``` ## API Endpoints diff --git a/lightrag/api/lightrag_server.py b/lightrag/api/lightrag_server.py index 49ca9b45..becf4b08 100644 --- a/lightrag/api/lightrag_server.py +++ b/lightrag/api/lightrag_server.py @@ -400,7 +400,7 @@ def create_app(args): "token_type": "bearer" } - @app.get("/health", dependencies=[Depends(optional_api_key), Depends(get_auth_dependency())]) + @app.get("/health", dependencies=[Depends(optional_api_key)]) async def get_status(): """Get current system status""" # Get update flags status for all namespaces diff --git a/lightrag/api/requirements.txt b/lightrag/api/requirements.txt index d44d4eb9..29878b6c 100644 --- a/lightrag/api/requirements.txt +++ b/lightrag/api/requirements.txt @@ -8,14 +8,12 @@ python-multipart tenacity tiktoken uvicorn -tqdm jiter httpcore distro httpx openai asyncpg -neo4j pytz python-jose[cryptography] passlib[bcrypt] diff --git a/lightrag/api/routers/ollama_api.py b/lightrag/api/routers/ollama_api.py index 05222908..9688d073 100644 --- a/lightrag/api/routers/ollama_api.py +++ b/lightrag/api/routers/ollama_api.py @@ -1,4 +1,4 @@ -from fastapi import APIRouter, HTTPException, Request, Depends +from fastapi import APIRouter, HTTPException, Request from pydantic import BaseModel from typing import List, Dict, Any, Optional import logging @@ -11,7 +11,7 @@ import asyncio from ascii_colors import trace_exception from lightrag import LightRAG, QueryParam from lightrag.utils import encode_string_by_tiktoken -from ..utils_api import ollama_server_infos, get_auth_dependency +from ..utils_api import ollama_server_infos # query mode according to query prefix (bypass is not LightRAG quer mode) @@ -126,7 +126,7 @@ class OllamaAPI: self.rag = rag self.ollama_server_infos = ollama_server_infos self.top_k = top_k - self.router = APIRouter(tags=["ollama"], dependencies=[Depends(get_auth_dependency())]) + self.router = APIRouter(tags=["ollama"]) self.setup_routes() def setup_routes(self): diff --git a/lightrag/api/utils_api.py b/lightrag/api/utils_api.py index d7622ac0..34411b88 100644 --- a/lightrag/api/utils_api.py +++ b/lightrag/api/utils_api.py @@ -312,38 +312,6 @@ def parse_args(is_uvicorn_mode: bool = False) -> argparse.Namespace: help="Embedding binding type (default: from env or ollama)", ) - # Authentication configuration - parser.add_argument( - "--auth-username", - type=str, - default=get_env_value("AUTH_USERNAME", ""), - help="Login username (default: from env or empty)" - ) - parser.add_argument( - "--auth-password", - type=str, - default=get_env_value("AUTH_PASSWORD", ""), - help="Login password (default: from env or empty)" - ) - parser.add_argument( - "--token-secret", - type=str, - default=get_env_value("TOKEN_SECRET", ""), - help="JWT signing secret (default: from env or empty)" - ) - parser.add_argument( - "--token-expire-hours", - type=int, - default=get_env_value("TOKEN_EXPIRE_HOURS", 4, int), - help="Token validity in hours (default: from env or 4)" - ) - parser.add_argument( - "--whitelist-paths", - type=str, - default=get_env_value("WHITELIST_PATHS", "/login,/health"), - help="Comma-separated auth-exempt paths (default: from env or /login,/health)" - ) - args = parser.parse_args() # If in uvicorn mode and workers > 1, force it to 1 and log warning