Go: Add admin server status checking (#13571)

### What problem does this PR solve?

RAGFlow server isn't available when admin server isn't connected.

### Type of change

- [x] New Feature (non-breaking change which adds functionality)

---------

Signed-off-by: Jin Hai <haijin.chn@gmail.com>

internal/handler/auth.go

@@ -17,8 +17,11 @@
 package handler
 
 import (
+	"fmt"
 	"net/http"
 	"ragflow/internal/common"
+	"ragflow/internal/logger"
+	"ragflow/internal/server/local"
 	"ragflow/internal/service"
 
 	"github.com/gin-gonic/gin"
@@ -69,13 +72,21 @@ func (h *AuthHandler) AuthMiddleware() gin.HandlerFunc {
 			return
 		}
 
+		if !local.IsAdminAvailable() {
+			license := local.GetAdminStatus()
+			errMsg := fmt.Sprintf("server license %s, check admin server status", license.Reason)
+			logger.Warn(errMsg)
+			c.JSON(http.StatusServiceUnavailable, gin.H{
+				"code":    common.CodeUnauthorized,
+				"message": errMsg,
+				"data":    "No",
+			})
+			return
+		}
+
 		c.Set("user", user)
 		c.Set("user_id", user.ID)
 		c.Set("email", user.Email)
 		c.Next()
 	}
 }
-
-func (h *AuthHandler) LoginByEmail1(c *gin.Context) {
-	println("hello")
-}

internal/handler/user.go

@@ -21,6 +21,7 @@ import (
 	"net/http"
 	"ragflow/internal/common"
 	"ragflow/internal/server"
+	"ragflow/internal/server/local"
 	"ragflow/internal/utility"
 	"strconv"
 
@@ -164,6 +165,16 @@ func (h *UserHandler) LoginByEmail(c *gin.Context) {
 		return
 	}
 
+	if !local.IsAdminAvailable() {
+		license := local.GetAdminStatus()
+		c.JSON(http.StatusOK, gin.H{
+			"code":    common.CodeAuthenticationError,
+			"message": license.Reason,
+			"data":    "No",
+		})
+		return
+	}
+
 	user, code, err := h.userService.LoginByEmail(&req, false)
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
@@ -291,14 +302,38 @@ func (h *UserHandler) ListUsers(c *gin.Context) {
 // @Success 200 {object} map[string]interface{}
 // @Router /v1/user/logout [post]
 func (h *UserHandler) Logout(c *gin.Context) {
-	user, errorCode, errorMessage := GetUser(c)
-	if errorCode != common.CodeSuccess {
-		jsonError(c, errorCode, errorMessage)
+	// Same as AuthMiddleware@auth.go
+	token := c.GetHeader("Authorization")
+	if token == "" {
+		c.JSON(http.StatusUnauthorized, gin.H{
+			"code":    401,
+			"message": "Missing Authorization header",
+		})
+		c.Abort()
+		return
+	}
+
+	// Get user by access token
+	user, code, err := h.userService.GetUserByToken(token)
+	if err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{
+			"code":    code,
+			"message": "Invalid access token",
+		})
+		c.Abort()
+		return
+	}
+
+	if *user.IsSuperuser {
+		c.JSON(http.StatusForbidden, gin.H{
+			"code":    common.CodeForbidden,
+			"message": "Super user should access the URL",
+		})
 		return
 	}
 
 	// Logout user
-	code, err := h.userService.Logout(user)
+	code, err = h.userService.Logout(user)
 	if err != nil {
 		c.JSON(http.StatusOK, gin.H{
 			"code":    code,

internal/router/router.go

@@ -93,12 +93,13 @@ func (r *Router) Setup(engine *gin.Engine) {
 	// User login by email endpoint
 	engine.POST("/v1/user/login", r.userHandler.LoginByEmail)
 
+	// User logout endpoint
+	engine.GET("/v1/user/logout", r.userHandler.Logout)
+
 	// Protected routes
 	authorized := engine.Group("")
 	authorized.Use(r.authHandler.AuthMiddleware())
 	{
-		// User logout endpoint
-		authorized.GET("/v1/user/logout", r.userHandler.Logout)
 		// User info endpoint
 		authorized.GET("/v1/user/info", r.userHandler.Info)
 		// User tenant info endpoint
@@ -116,13 +117,13 @@ func (r *Router) Setup(engine *gin.Engine) {
 		v1 := authorized.Group("/api/v1")
 		{
 			// User routes
-			users := v1.Group("/users")
-			{
-				users.POST("/register", r.userHandler.Register)
-				users.POST("/login", r.userHandler.Login)
-				users.GET("", r.userHandler.ListUsers)
-				users.GET("/:id", r.userHandler.GetUserByID)
-			}
+			//users := v1.Group("/users")
+			//{
+			//	users.POST("/register", r.userHandler.Register)
+			//	users.POST("/login", r.userHandler.Login)
+			//	users.GET("", r.userHandler.ListUsers)
+			//	users.GET("/:id", r.userHandler.GetUserByID)
+			//}
 
 			// Document routes
 			documents := v1.Group("/documents")

internal/server/local/admin_status.go

@@ -0,0 +1,79 @@
+//
+//  Copyright 2026 The InfiniFlow Authors. All Rights Reserved.
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+//
+
+package local
+
+import (
+	"sync"
+)
+
+// AdminStatus represents the admin status
+// 0 = valid, 1 = invalid
+type AdminStatus struct {
+	Status int    `json:"status"` // 0 = available, 1 = not available
+	Reason string `json:"reason"` // reason for invalid status
+}
+
+var (
+	adminStatus     *AdminStatus
+	adminStatusMu   sync.RWMutex
+	adminStatusOnce sync.Once
+)
+
+// InitAdminStatus initializes the global admin status
+// status: 0 = valid, 1 = invalid (default)
+func InitAdminStatus(status int, reason string) {
+	adminStatusOnce.Do(func() {
+		adminStatus = &AdminStatus{
+			Status: status,
+			Reason: reason,
+		}
+	})
+}
+
+// GetAdminStatus returns the current admin status
+func GetAdminStatus() AdminStatus {
+	adminStatusMu.RLock()
+	defer adminStatusMu.RUnlock()
+	if adminStatus == nil {
+		return AdminStatus{Status: 1, Reason: "not initialized"}
+	}
+	return AdminStatus{
+		Status: adminStatus.Status,
+		Reason: adminStatus.Reason,
+	}
+}
+
+// SetAdminStatus updates the admin status
+func SetAdminStatus(status int, reason string) {
+	adminStatusMu.Lock()
+	defer adminStatusMu.Unlock()
+	if adminStatus == nil {
+		adminStatus = &AdminStatus{}
+	}
+	adminStatus.Status = status
+	adminStatus.Reason = reason
+}
+
+// IsAdminAvailable returns true if admin is valid (Status == 0)
+func IsAdminAvailable() bool {
+	adminStatusMu.RLock()
+	defer adminStatusMu.RUnlock()
+	if adminStatus == nil {
+		return false
+	}
+	return adminStatus.Status == 0
+}

internal/service/heartbeat_sender.go

@@ -76,12 +76,12 @@ func (h *HeartbeatSender) InitHTTPClient() error {
 }
 
 // SendHeartbeat sends a heartbeat message to the admin server
-func (h *HeartbeatSender) SendHeartbeat() error {
+func (h *HeartbeatSender) SendHeartbeat() (error, string) {
 
 	if h.attemptCount < 10 {
 		if h.lastSuccess {
 			h.attemptCount++
-			return nil
+			return nil, ""
 		}
 	}
 	h.attemptCount = 0
@@ -90,7 +90,7 @@ func (h *HeartbeatSender) SendHeartbeat() error {
 	if h.client == nil {
 		if err := h.InitHTTPClient(); err != nil {
 			h.logger.Error("Failed to initialize HTTP client", zap.Error(err))
-			return err
+			return err, "internal error, fail to initialize HTTP client"
 		}
 	}
 
@@ -109,19 +109,19 @@ func (h *HeartbeatSender) SendHeartbeat() error {
 	jsonData, err := json.Marshal(message)
 	if err != nil {
 		h.logger.Error("Failed to marshal heartbeat message", zap.Error(err))
-		return err
+		return err, "fail to parse the message"
 	}
 
 	resp, err := h.client.PostJSON("/api/v1/admin/reports", jsonData)
 	if err != nil {
-		return err
+		return err, "can't connect with admin server"
 	}
 	defer resp.Body.Close()
 
 	if resp.StatusCode != 200 {
 		errMsg := fmt.Errorf("Heartbeat request failed with status code: %d", resp.StatusCode)
 		h.logger.Warn(errMsg.Error())
-		return errMsg
+		return errMsg, errMsg.Error()
 	}
 
 	h.logger.Debug("Heartbeat sent successfully",
@@ -131,5 +131,5 @@ func (h *HeartbeatSender) SendHeartbeat() error {
 
 	h.lastSuccess = true
 
-	return nil
+	return nil, ""
 }