2024-05-16 20:14:53 +08:00
|
|
|
#
|
|
|
|
|
# Copyright 2024 The InfiniFlow Authors. All Rights Reserved.
|
|
|
|
|
#
|
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
|
#
|
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
#
|
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
|
# limitations under the License
|
|
|
|
|
#
|
2024-11-15 18:51:09 +08:00
|
|
|
import logging
|
2024-10-15 15:47:40 +08:00
|
|
|
from datetime import datetime
|
2024-11-18 12:03:28 +08:00
|
|
|
import json
|
2024-08-21 17:48:00 +08:00
|
|
|
|
2026-04-08 15:26:18 +08:00
|
|
|
from api.apps import login_required
|
2024-10-15 16:48:38 +08:00
|
|
|
|
2024-05-16 20:14:53 +08:00
|
|
|
from api.db.services.knowledgebase_service import KnowledgebaseService
|
2024-11-04 08:35:36 +01:00
|
|
|
from api.utils.api_utils import (
|
|
|
|
|
get_json_result,
|
|
|
|
|
)
|
2026-04-08 15:26:18 +08:00
|
|
|
|
2024-05-16 20:14:53 +08:00
|
|
|
from timeit import default_timer as timer
|
|
|
|
|
|
|
|
|
|
from rag.utils.redis_conn import REDIS_CONN
|
2026-04-08 15:26:18 +08:00
|
|
|
from api.utils.health_utils import get_oceanbase_status
|
2025-11-06 09:36:38 +08:00
|
|
|
from common import settings
|
2024-05-16 20:14:53 +08:00
|
|
|
|
2024-12-08 21:23:51 +08:00
|
|
|
@manager.route("/status", methods=["GET"]) # noqa: F821
|
2024-05-16 20:14:53 +08:00
|
|
|
@login_required
|
|
|
|
|
def status():
|
2024-11-04 08:35:36 +01:00
|
|
|
"""
|
|
|
|
|
Get the system status.
|
|
|
|
|
---
|
|
|
|
|
tags:
|
|
|
|
|
- System
|
|
|
|
|
security:
|
|
|
|
|
- ApiKeyAuth: []
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: System is operational.
|
|
|
|
|
schema:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
es:
|
|
|
|
|
type: object
|
|
|
|
|
description: Elasticsearch status.
|
|
|
|
|
storage:
|
|
|
|
|
type: object
|
|
|
|
|
description: Storage status.
|
|
|
|
|
database:
|
|
|
|
|
type: object
|
|
|
|
|
description: Database status.
|
|
|
|
|
503:
|
|
|
|
|
description: Service unavailable.
|
|
|
|
|
schema:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
error:
|
|
|
|
|
type: string
|
|
|
|
|
description: Error message.
|
|
|
|
|
"""
|
2024-05-16 20:14:53 +08:00
|
|
|
res = {}
|
|
|
|
|
st = timer()
|
|
|
|
|
try:
|
2025-11-06 09:36:38 +08:00
|
|
|
res["doc_engine"] = settings.docStoreConn.health()
|
2024-11-25 11:53:58 +08:00
|
|
|
res["doc_engine"]["elapsed"] = "{:.1f}".format((timer() - st) * 1000.0)
|
2024-05-16 20:14:53 +08:00
|
|
|
except Exception as e:
|
2024-11-25 11:53:58 +08:00
|
|
|
res["doc_engine"] = {
|
2024-11-12 14:59:41 +08:00
|
|
|
"type": "unknown",
|
2024-11-04 08:35:36 +01:00
|
|
|
"status": "red",
|
|
|
|
|
"elapsed": "{:.1f}".format((timer() - st) * 1000.0),
|
|
|
|
|
"error": str(e),
|
|
|
|
|
}
|
2024-05-16 20:14:53 +08:00
|
|
|
|
|
|
|
|
st = timer()
|
|
|
|
|
try:
|
2025-11-06 09:36:38 +08:00
|
|
|
settings.STORAGE_IMPL.health()
|
2024-11-04 08:35:36 +01:00
|
|
|
res["storage"] = {
|
2025-11-06 09:36:38 +08:00
|
|
|
"storage": settings.STORAGE_IMPL_TYPE.lower(),
|
2024-11-04 08:35:36 +01:00
|
|
|
"status": "green",
|
|
|
|
|
"elapsed": "{:.1f}".format((timer() - st) * 1000.0),
|
|
|
|
|
}
|
2024-05-16 20:14:53 +08:00
|
|
|
except Exception as e:
|
2024-11-04 08:35:36 +01:00
|
|
|
res["storage"] = {
|
2025-11-06 09:36:38 +08:00
|
|
|
"storage": settings.STORAGE_IMPL_TYPE.lower(),
|
2024-11-04 08:35:36 +01:00
|
|
|
"status": "red",
|
|
|
|
|
"elapsed": "{:.1f}".format((timer() - st) * 1000.0),
|
|
|
|
|
"error": str(e),
|
|
|
|
|
}
|
2024-05-16 20:14:53 +08:00
|
|
|
|
|
|
|
|
st = timer()
|
|
|
|
|
try:
|
|
|
|
|
KnowledgebaseService.get_by_id("x")
|
2024-11-04 08:35:36 +01:00
|
|
|
res["database"] = {
|
2024-11-15 17:30:56 +08:00
|
|
|
"database": settings.DATABASE_TYPE.lower(),
|
2024-11-04 08:35:36 +01:00
|
|
|
"status": "green",
|
|
|
|
|
"elapsed": "{:.1f}".format((timer() - st) * 1000.0),
|
|
|
|
|
}
|
2024-05-16 20:14:53 +08:00
|
|
|
except Exception as e:
|
2024-11-04 08:35:36 +01:00
|
|
|
res["database"] = {
|
2024-11-15 17:30:56 +08:00
|
|
|
"database": settings.DATABASE_TYPE.lower(),
|
2024-11-04 08:35:36 +01:00
|
|
|
"status": "red",
|
|
|
|
|
"elapsed": "{:.1f}".format((timer() - st) * 1000.0),
|
|
|
|
|
"error": str(e),
|
|
|
|
|
}
|
2024-05-16 20:14:53 +08:00
|
|
|
|
|
|
|
|
st = timer()
|
|
|
|
|
try:
|
2024-07-23 14:00:31 +08:00
|
|
|
if not REDIS_CONN.health():
|
|
|
|
|
raise Exception("Lost connection!")
|
2024-11-04 08:35:36 +01:00
|
|
|
res["redis"] = {
|
|
|
|
|
"status": "green",
|
|
|
|
|
"elapsed": "{:.1f}".format((timer() - st) * 1000.0),
|
|
|
|
|
}
|
2024-05-16 20:14:53 +08:00
|
|
|
except Exception as e:
|
2024-11-04 08:35:36 +01:00
|
|
|
res["redis"] = {
|
|
|
|
|
"status": "red",
|
|
|
|
|
"elapsed": "{:.1f}".format((timer() - st) * 1000.0),
|
|
|
|
|
"error": str(e),
|
|
|
|
|
}
|
2024-05-16 20:14:53 +08:00
|
|
|
|
2024-11-15 18:51:09 +08:00
|
|
|
task_executor_heartbeats = {}
|
2024-08-21 17:48:00 +08:00
|
|
|
try:
|
2024-11-15 18:51:09 +08:00
|
|
|
task_executors = REDIS_CONN.smembers("TASKEXE")
|
|
|
|
|
now = datetime.now().timestamp()
|
|
|
|
|
for task_executor_id in task_executors:
|
2025-10-10 09:17:36 +08:00
|
|
|
heartbeats = REDIS_CONN.zrangebyscore(task_executor_id, now - 60 * 30, now)
|
2024-11-18 12:03:28 +08:00
|
|
|
heartbeats = [json.loads(heartbeat) for heartbeat in heartbeats]
|
2024-11-15 18:51:09 +08:00
|
|
|
task_executor_heartbeats[task_executor_id] = heartbeats
|
|
|
|
|
except Exception:
|
|
|
|
|
logging.exception("get task executor heartbeats failed!")
|
|
|
|
|
res["task_executor_heartbeats"] = task_executor_heartbeats
|
2024-08-21 17:48:00 +08:00
|
|
|
|
2024-05-16 20:14:53 +08:00
|
|
|
return get_json_result(data=res)
|
2024-10-15 15:47:40 +08:00
|
|
|
|
2026-01-30 09:44:42 +08:00
|
|
|
@manager.route("/oceanbase/status", methods=["GET"]) # noqa: F821
|
|
|
|
|
@login_required
|
|
|
|
|
def oceanbase_status():
|
|
|
|
|
"""
|
|
|
|
|
Get OceanBase health status and performance metrics.
|
|
|
|
|
---
|
|
|
|
|
tags:
|
|
|
|
|
- System
|
|
|
|
|
security:
|
|
|
|
|
- ApiKeyAuth: []
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: OceanBase status retrieved successfully.
|
|
|
|
|
schema:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
status:
|
|
|
|
|
type: string
|
|
|
|
|
description: Status (alive/timeout).
|
|
|
|
|
message:
|
|
|
|
|
type: object
|
|
|
|
|
description: Detailed status information including health and performance metrics.
|
|
|
|
|
"""
|
|
|
|
|
try:
|
|
|
|
|
status_info = get_oceanbase_status()
|
|
|
|
|
return get_json_result(data=status_info)
|
|
|
|
|
except Exception as e:
|
|
|
|
|
return get_json_result(
|
|
|
|
|
data={
|
|
|
|
|
"status": "error",
|
|
|
|
|
"message": f"Failed to get OceanBase status: {str(e)}"
|
|
|
|
|
},
|
|
|
|
|
code=500
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2025-12-29 19:27:04 -08:00
|
|
|
@manager.route("/config", methods=["GET"]) # noqa: F821
|
2025-03-21 09:38:15 +08:00
|
|
|
def get_config():
|
|
|
|
|
"""
|
|
|
|
|
Get system configuration.
|
|
|
|
|
---
|
|
|
|
|
tags:
|
|
|
|
|
- System
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: Return system configuration
|
|
|
|
|
schema:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
registerEnable:
|
|
|
|
|
type: integer 0 means disabled, 1 means enabled
|
|
|
|
|
description: Whether user registration is enabled
|
|
|
|
|
"""
|
feat: Add `disable_password_login` configuration to support SSO-only authentication (#13151)
### What problem does this PR solve?
Enterprise deployments that use an external Identity Provider (e.g.,
Microsoft Entra ID, Okta, Keycloak) need the ability to enforce SSO-only
authentication by hiding the email/password login form. Currently, the
login page always shows the password form alongside OAuth buttons, with
no way to disable it.
This PR adds a `disable_password_login` configuration option under the
existing `authentication` section in `service_conf.yaml`. When set to
`true`, the login page only displays configured OAuth/SSO buttons and
hides the email/password form, "Remember me" checkbox, and "Sign up"
link.
The flag can be set via:
- `service_conf.yaml` (`authentication.disable_password_login: true`)
- Environment variable (`DISABLE_PASSWORD_LOGIN=true`)
Default behavior is unchanged (`false`).
### Behavior
| `disable_password_login` | OAuth configured | Result |
|---|---|---|
| `false` (default) | No | Standard email/password form |
| `false` | Yes | Email/password form + SSO buttons below |
| `true` | Yes | **SSO buttons only** (no form, no sign up link) |
| `true` | No | Empty card (admin should configure OAuth first) |
### Type of change
- [x] New Feature (non-breaking change which adds functionality)
### Files changed (5)
1. `docker/service_conf.yaml.template` — added `disable_password_login:
false` under authentication
2. `common/settings.py` — added `DISABLE_PASSWORD_LOGIN` global variable
and loader in `init_settings()`
3. `common/config_utils.py` — fixed `TypeError` in `show_configs()` when
authentication section contains non-dict values (e.g., booleans)
4. `api/apps/system_app.py` — exposed `disablePasswordLogin` flag in
`/config` endpoint
5. `web/src/pages/login/index.tsx` — conditionally render password form
based on config flag; OAuth buttons always render when channels exist
---------
Co-authored-by: Ahmad Intisar <ahmadintisar@Ahmads-MacBook-M4-Pro.local>
2026-03-02 11:06:03 +05:00
|
|
|
return get_json_result(data={
|
|
|
|
|
"registerEnabled": settings.REGISTER_ENABLED,
|
|
|
|
|
"disablePasswordLogin": settings.DISABLE_PASSWORD_LOGIN,
|
|
|
|
|
})
|