gmakstutis/LightRAG
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
LightRAG/docs/archives/action_plan/005-secure-tenant-api.md
Raphael MANSUY 2b292d4924
docs: Enterprise Edition & Multi-tenancy attribution (#5) 
* Remove outdated documentation files: Quick Start Guide, Apache AGE Analysis, and Scratchpad.

* Add multi-tenant testing strategy and ADR index documentation

- Introduced ADR 008 detailing the multi-tenant testing strategy for the ./starter environment, covering compatibility and multi-tenant modes, testing scenarios, and implementation details.
- Created a comprehensive ADR index (README.md) summarizing all architecture decision records related to the multi-tenant implementation, including purpose, key sections, and reading paths for different roles.

* feat(docs): Add comprehensive multi-tenancy guide and README for LightRAG Enterprise

- Introduced `0008-multi-tenancy.md` detailing multi-tenancy architecture, key concepts, roles, permissions, configuration, and API endpoints.
- Created `README.md` as the main documentation index, outlining features, quick start, system overview, and deployment options.
- Documented the LightRAG architecture, storage backends, LLM integrations, and query modes.
- Established a task log (`2025-01-21-lightrag-documentation-log.md`) summarizing documentation creation actions, decisions, and insights.
2025-12-04 18:09:15 +08:00

1.4 KiB
Raw Blame History

Action Plan: Secure Tenant API

Problem

The endpoint GET /api/v1/tenants exposes a list of all tenants, which violates multi-tenant isolation principles. This endpoint allows any user (or unauthenticated attacker) to enumerate all customers, posing a significant security risk (Information Disclosure).

Goal

Remove public access to tenant listing. Ensure tenant management (listing) is restricted to administrators via a secure endpoint.

Steps

1. Audit & Verification

  • Verify the current implementation of GET /api/v1/tenants.
  • Confirm that lightrag/api/routers/tenant_routes.py does NOT contain the list endpoint.
  • Confirm that lightrag/api/routers/admin_routes.py contains the list endpoint under /api/v1/admin/tenants.
  • Investigate why GET /api/v1/tenants is currently accessible (if it is).

2. Remediation

  • Ensure GET /api/v1/tenants is removed or returns 404/403.
  • Ensure GET /api/v1/admin/tenants is accessible only to admins.
  • Verify lightrag/api/lightrag_server.py router mounting.

3. Testing

  • Update test_multitenant.sh to:
    • Verify GET /api/v1/tenants returns 404 or 403.
    • Verify GET /api/v1/admin/tenants works (with admin auth).
    • Verify GET /api/v1/tenants/me works for tenant users.

Success Criteria

  • GET /api/v1/tenants is no longer accessible.
  • Tenant enumeration is only possible via the admin API.
  • Multi-tenant isolation is preserved.