gardel/lightrag
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor authentication logic and update API version.

Browse Source
This commit is contained in:
yangdx
2025-03-25 11:47:52 +08:00
parent 15e060f854
commit 72b085e19e
2 changed files with 37 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lightrag/api/__init__.py
View File

@@ -1 +1 @@
__api_version__ = "1.2.3" __api_version__ = "1.2.5"

85
lightrag/api/utils_api.py
View File

@@ -100,34 +100,7 @@ def get_combined_auth_dependency(api_key: Optional[str] = None):
): ):
return # Whitelist path, allow access return # Whitelist path, allow access
# 2. Check for special endpoints (/health and Ollama API) # 2. Validate token first if provided in the request (Ensure 401 error if token is invalid)
is_special_endpoint = path == "/health" or path.startswith("/api/")
if is_special_endpoint and not api_key_configured:
return # Special endpoint and no API key configured, allow access
# 3. Validate API key if provided
if (
api_key_configured
and api_key_header_value
and api_key_header_value == api_key
):
return # API key validation successful
# 4. /health and Ollama API only accept API key validation
if api_key_configured and is_special_endpoint:
# Special endpoint but API key validation failed, return 403 error
if api_key_header_value:
raise HTTPException(
status_code=HTTP_403_FORBIDDEN,
detail="Invalid API Key",
)
else:
raise HTTPException(
status_code=HTTP_403_FORBIDDEN,
detail="API Key required",
)
# 5. Validate token if provided
if token: if token:
try: try:
token_info = auth_handler.validate_token(token) token_info = auth_handler.validate_token(token)
@@ -149,33 +122,47 @@ def get_combined_auth_dependency(api_key: Optional[str] = None):
raise raise
# For other exceptions, continue processing # For other exceptions, continue processing
# If token exists but validation failed (didn't return above), return 401 # 3. Acept all request if no API protection needed
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid token. Please login again.",
)
# 5. Acept all if no API protection needed
if not auth_configured and not api_key_configured: if not auth_configured and not api_key_configured:
return return
# 5. Otherwise: refuse access and return 403 error # 4. Validate API key if provided and API-Key authentication is configured
if api_key_configured: if (
if api_key_header_value is None: api_key_configured
raise HTTPException( and api_key_header_value
status_code=HTTP_403_FORBIDDEN, and api_key_header_value == api_key
detail="API Key required or login authentication required.", ):
) return # API key validation successful
else:
raise HTTPException( ### Authentication failed ####
status_code=HTTP_403_FORBIDDEN,
detail="Invalid API Key or login authentication required.", # if password authentication is configured but not provided, ensure 401 error if auth_configured
) if auth_configured and not token:
else:
raise HTTPException( raise HTTPException(
status_code=HTTP_403_FORBIDDEN, detail="Login authentication required." status_code=status.HTTP_401_UNAUTHORIZED,
detail="No credentials provided. Please login.",
) )
# if api key is provided but validation failed
if api_key_header_value:
raise HTTPException(
status_code=HTTP_403_FORBIDDEN,
detail="Invalid API Key",
)
# if api_key_configured but not provided
if api_key_configured and not api_key_header_value:
raise HTTPException(
status_code=HTTP_403_FORBIDDEN,
detail="API Key required",
)
# Otherwise: refuse access and return 403 error
raise HTTPException(
status_code=HTTP_403_FORBIDDEN,
detail="API Key required or login authentication required.",
)
return combined_dependency return combined_dependency