feat(auth): implement auto guest mode and enhance token system

- Add role-based token system with metadata support - Implement automatic guest mode for unconfigured authentication - Create new /auth-status endpoint for authentication status checking - Modify frontend to auto-detect auth status and bypass login when appropriate - Add guest mode indicator in site header for better UX This change allows users to automatically access the system without manual login when authentication is not configured, while maintaining secure authentication when credentials are properly set up.
2025-03-18 02:56:02 +08:00
parent 056b58af75
commit f8440c8f80
11 changed files with 460 additions and 45 deletions
--- a/lightrag/api/lightrag_server.py
+++ b/lightrag/api/lightrag_server.py
@@ -341,25 +341,66 @@ def create_app(args):
    ollama_api = OllamaAPI(rag, top_k=args.top_k)
    app.include_router(ollama_api.router, prefix="/api")

+    @app.get("/auth-status", dependencies=[Depends(optional_api_key)])
+    async def get_auth_status():
+        """Get authentication status and guest token if auth is not configured"""
+        username = os.getenv("AUTH_USERNAME")
+        password = os.getenv("AUTH_PASSWORD")
+
+        if not (username and password):
+            # Authentication not configured, return guest token
+            guest_token = auth_handler.create_token(
+                username="guest",
+                role="guest",
+                metadata={"auth_mode": "disabled"}
+            )
+            return {
+                "auth_configured": False,
+                "access_token": guest_token,
+                "token_type": "bearer",
+                "auth_mode": "disabled",
+                "message": "Authentication is disabled. Using guest access."
+            }
+        
+        return {
+            "auth_configured": True,
+            "auth_mode": "enabled"
+        }
+
    @app.post("/login", dependencies=[Depends(optional_api_key)])
    async def login(form_data: OAuth2PasswordRequestForm = Depends()):
        username = os.getenv("AUTH_USERNAME")
        password = os.getenv("AUTH_PASSWORD")

        if not (username and password):
-            raise HTTPException(
-                status_code=status.HTTP_501_NOT_IMPLEMENTED,
-                detail="Authentication not configured",
+            # Authentication not configured, return guest token
+            guest_token = auth_handler.create_token(
+                username="guest",
+                role="guest",
+                metadata={"auth_mode": "disabled"}
            )
+            return {
+                "access_token": guest_token,
+                "token_type": "bearer",
+                "auth_mode": "disabled",
+                "message": "Authentication is disabled. Using guest access."
+            }

        if form_data.username != username or form_data.password != password:
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect credentials"
            )

+        # Regular user login
+        user_token = auth_handler.create_token(
+            username=username,
+            role="user",
+            metadata={"auth_mode": "enabled"}
+        )
        return {
-            "access_token": auth_handler.create_token(username),
+            "access_token": user_token,
            "token_type": "bearer",
+            "auth_mode": "enabled"
        }

    @app.get("/health", dependencies=[Depends(optional_api_key)])