gmakstutis/LightRAG
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
LightRAG/logs/2025-01-27-12-30-multitenant-filtering-api-fix.md

3.1 KiB
Raw Blame History

Task Log: Multi-Tenant Filtering & API Fixes

Date: 2025-01-27 12:45 Mode: beastmode

Todo List Status

  • Step 1: Pipeline/Document routes multi-tenant filtering (completed earlier)
  • Step 2: Graph routes multi-tenant filtering (10 endpoints updated)
  • Step 3: Query/Retrieval routes multi-tenant filtering (3 endpoints updated)
  • Step 4: Update lightrag_server.py to pass rag_manager to all routes
  • Step 5: Fix API tab visibility - Add /static proxy for Swagger UI assets
  • Step 6: Fix "Network connection error" - Allow unauthenticated access when auth disabled
  • Step 7: Restart backend server to apply changes

Actions

  • Updated graph_routes.py: Added get_tenant_rag dependency to all 10 graph endpoints
  • Updated query_routes.py: Added get_tenant_rag dependency to 3 query endpoints
  • Updated lightrag_server.py: Pass rag_manager to create_graph_routes() and create_query_routes()
  • Updated vite.config.ts: Added /static proxy to fix Swagger UI asset loading
  • Updated dependencies.py: Fixed get_tenant_context to allow unauthenticated access when auth_configured=False and api_key_configured=False
  • Restarted backend server to apply the authentication fix

Root Cause Analysis

Issue 1: API Tab White/Blank

  • Cause: Swagger UI loads from /docs but assets come from /static/swagger-ui/*
  • Problem: Vite proxy wasn't configured for /static path
  • Fix: Added /static proxy in vite.config.ts

Issue 2: Network Connection Error on Retrieval

  • Cause: get_tenant_context in dependencies.py required authentication even when auth was disabled
  • Problem: When frontend sends X-Tenant-ID header, get_tenant_context_optional calls get_tenant_context directly, which always requires auth
  • Fix: Added check for auth_configured and api_key_configured in get_tenant_context - if both are False, allow guest access

Decisions

  • Used same multi-tenant pattern across all routes: get_tenant_rag dependency returns tenant-specific LightRAG instance
  • For auth fix: Added guest user with "viewer" role when no auth is configured

Next Steps

  • Test all screens with tenant/KB switching to verify data isolation
  • Verify API tab displays Swagger UI correctly
  • Test retrieval queries work without authentication errors

Lessons/Insights

  • When X-Tenant-ID is provided in headers, get_tenant_context_optional propagates errors instead of falling back to None
  • The auth logic in dependencies.py was inconsistent with utils_api.py - both now respect "no auth required" mode
  • Swagger UI loads static assets from a separate path (/static/) that needs explicit proxy configuration

Files Modified

  1. lightrag/api/routers/graph_routes.py - Multi-tenant support for all graph endpoints
  2. lightrag/api/routers/query_routes.py - Multi-tenant support for all query endpoints
  3. lightrag/api/lightrag_server.py - Pass rag_manager to graph and query route creators
  4. lightrag/api/dependencies.py - Allow unauthenticated access when auth is disabled
  5. lightrag_webui/vite.config.ts - Added /static proxy for Swagger UI assets