Go: fix auth issue in hybrid mode (#14611)

### What problem does this PR solve?

Since secret key get and set logic is updated, the go server also need
to update.

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)

---------

Signed-off-by: Jin Hai <haijin.chn@gmail.com>
This commit is contained in:
Jin Hai
2026-05-07 17:14:22 +08:00
committed by GitHub
parent 5c9124c3ef
commit 94324afee9
15 changed files with 287 additions and 171 deletions

View File

@@ -36,6 +36,7 @@ const DefaultConnectTimeout = 5 * time.Second
// Config application configuration
type Config struct {
Server ServerConfig `mapstructure:"server"`
Authentication AuthenticationConfig `mapstructure:"authentication"`
Database DatabaseConfig `mapstructure:"database"`
Redis RedisConfig `mapstructure:"redis"`
Log LogConfig `mapstructure:"log"`
@@ -55,6 +56,11 @@ type AdminConfig struct {
Port int `mapstructure:"http_port"`
}
type AuthenticationConfig struct {
DisablePasswordLogin bool `mapstructure:"disable_password_login"`
RegisterEnabled bool `mapstructure:"register_enabled"`
}
type DefaultSuperUser struct {
Email string `mapstructure:"email"`
Password string `mapstructure:"password"`
@@ -91,8 +97,9 @@ type OAuthConfig struct {
// ServerConfig server configuration
type ServerConfig struct {
Mode string `mapstructure:"mode"` // debug, release
Port int `mapstructure:"port"`
Mode string `mapstructure:"mode"` // debug, release
Port int `mapstructure:"port"`
SecretKey *string `mapstructure:"secret_key"`
}
// DatabaseConfig database configuration
@@ -372,6 +379,31 @@ func Init(configPath string) error {
}
func FromEnvironments() error {
// Secret key
if envVal := os.Getenv("RAGFLOW_SECRET_KEY"); envVal != "" {
globalConfig.Server.SecretKey = &envVal
}
// Load REGISTER_ENABLED from environment variable (default: true)
if envVal := os.Getenv("REGISTER_ENABLED"); envVal != "" {
str := strings.ToLower(envVal)
if str == "true" || str == "1" || str == "yes" {
globalConfig.Authentication.RegisterEnabled = true
} else {
globalConfig.Authentication.RegisterEnabled = false
}
}
// Load DISABLE_PASSWORD_LOGIN from environment variable (default: false)
if envVal := os.Getenv("DISABLE_PASSWORD_LOGIN"); envVal != "" {
str := strings.ToLower(envVal)
if str == "true" || str == "1" || str == "yes" {
globalConfig.Authentication.DisablePasswordLogin = true
} else {
globalConfig.Authentication.DisablePasswordLogin = false
}
}
// Doc engine
docEngine := strings.ToLower(os.Getenv("DOC_ENGINE"))
switch docEngine {
@@ -535,14 +567,23 @@ func FromConfigFile(configPath string) error {
globalConfig.Admin.Port += 2
}
// Load REGISTER_ENABLED from environment variable (default: 1)
registerEnabled := 1
if envVal := os.Getenv("REGISTER_ENABLED"); envVal != "" {
if parsed, err := strconv.Atoi(envVal); err == nil {
registerEnabled = parsed
// authentication section
if globalConfig != nil {
// Try to map from mysql section
globalConfig.Authentication.DisablePasswordLogin = false
globalConfig.Authentication.RegisterEnabled = true
if v.IsSet("authentication") {
authenticationConfig := v.Sub("authentication")
if authenticationConfig != nil {
if authenticationConfig.IsSet("disable_password_login") {
globalConfig.Authentication.DisablePasswordLogin = authenticationConfig.GetBool("disable_password_login")
}
if authenticationConfig.IsSet("enable_register") {
globalConfig.Authentication.RegisterEnabled = authenticationConfig.GetBool("enable_register")
}
}
}
}
globalConfig.RegisterEnabled = registerEnabled
// If we loaded service_conf.yaml, map mysql fields to DatabaseConfig
if globalConfig != nil && globalConfig.Database.Host == "" {
@@ -573,6 +614,10 @@ func FromConfigFile(configPath string) error {
if globalConfig.Server.Mode == "" {
globalConfig.Server.Mode = "release"
}
secretKey := ragflowConfig.GetString("secret_key")
if secretKey != "" {
globalConfig.Server.SecretKey = &secretKey
}
}
}
}

View File

@@ -30,7 +30,7 @@ import (
// Variables holds all runtime variables that can be changed during system operation
// Unlike Config, these can be modified at runtime
type Variables struct {
SecretKey string `json:"secret_key"`
//SecretKey string `json:"secret_key"`
}
// VariableStore interface for persistent storage (e.g., Redis)
@@ -62,19 +62,20 @@ func InitVariables(store VariableStore) error {
variablesOnce.Do(func() {
globalVariables = &Variables{}
generatedKey, err := utility.GenerateSecretKey()
if err != nil {
initErr = fmt.Errorf("failed to generate secret key: %w", err)
}
// Initialize SecretKey
secretKey, err := GetOrCreateKey(store, SecretKeyRedisKey, generatedKey)
if err != nil {
initErr = fmt.Errorf("failed to initialize secret key: %w", err)
} else {
globalVariables.SecretKey = secretKey
common.Info("Secret key initialized from store")
}
//// secret key
//generatedKey, err := utility.GenerateSecretKey()
//if err != nil {
// initErr = fmt.Errorf("failed to generate secret key: %w", err)
//}
//
//// Initialize SecretKey
//secretKey, err := GetOrCreateKey(store, SecretKeyRedisKey, generatedKey)
//if err != nil {
// initErr = fmt.Errorf("failed to initialize secret key: %w", err)
//} else {
// globalVariables.SecretKey = secretKey
// common.Info("Secret key initialized from store")
//}
common.Info("Server variables initialized successfully")
})
@@ -82,31 +83,39 @@ func InitVariables(store VariableStore) error {
}
// GetVariables returns the global variables instance
func GetVariables() *Variables {
variablesMu.RLock()
defer variablesMu.RUnlock()
return globalVariables
}
//func GetVariables() *Variables {
// variablesMu.RLock()
// defer variablesMu.RUnlock()
// return globalVariables
//}
// GetSecretKey returns the current secret key
func GetSecretKey() string {
variablesMu.RLock()
defer variablesMu.RUnlock()
if globalVariables == nil {
return DefaultSecretKey
func GetSecretKey(store VariableStore) (string, error) {
if globalConfig.Server.SecretKey != nil {
return *globalConfig.Server.SecretKey, nil
}
return globalVariables.SecretKey
generatedKey, err := utility.GenerateSecretKey()
if err != nil {
return "", fmt.Errorf("failed to generate secret key: %w", err)
}
secretKey, err := GetOrCreateKey(store, SecretKeyRedisKey, generatedKey)
if err != nil {
return "", fmt.Errorf("failed to get secret key: %w", err)
}
return secretKey, nil
}
// SetSecretKey updates the secret key at runtime
func SetSecretKey(key string) {
variablesMu.Lock()
defer variablesMu.Unlock()
if globalVariables != nil {
globalVariables.SecretKey = key
common.Info("Secret key updated at runtime")
}
}
//func SetSecretKey(key string) {
// variablesMu.Lock()
// defer variablesMu.Unlock()
// if globalVariables != nil {
// globalVariables.SecretKey = key
// common.Info("Secret key updated at runtime")
// }
//}
// GetOrCreateKey gets a key from store, or creates it if not exists
// - If key exists in store, returns the stored value
@@ -178,7 +187,7 @@ func RefreshVariables(store VariableStore) error {
return err
}
if secretKey != "" {
globalVariables.SecretKey = secretKey
//globalVariables.SecretKey = secretKey
common.Info("Secret key refreshed from store")
}
@@ -244,9 +253,9 @@ func SaveToStorage(store VariableStore) error {
}
// Save SecretKey
if !store.Set(SecretKeyRedisKey, globalVariables.SecretKey, SecretKeyTTL) {
return fmt.Errorf("failed to save secret key to store")
}
//if !store.Set(SecretKeyRedisKey, globalVariables.SecretKey, SecretKeyTTL) {
// return fmt.Errorf("failed to save secret key to store")
//}
common.Info("Variables saved to storage")
return nil