Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: impl basic auth #1531

Merged
merged 8 commits into from
May 15, 2024
Merged

feat: impl basic auth #1531

merged 8 commits into from
May 15, 2024

Conversation

baojinri
Copy link
Contributor

@baojinri baojinri commented May 13, 2024
edited by jiacai2050
Loading

Rationale

Close #929

Detailed Changes

  • Added file authentication
  • Modify the query and write paths, and add authentication

Test Plan

  • Existed tests
  • Manual tests

Add this to config, /tmp/auth.csv has this format username,password, one user one line.

[server.auth]
enable = true
auth_type = "file"
source = "/tmp/auth.csv"

@github-actions github-actions bot added the feature New feature or request label May 13, 2024
jiacai2050
jiacai2050 reviewed May 13, 2024
View reviewed changes
src/proxy/src/auth/mod.rs Outdated
pub struct AuthBase;

impl Auth for AuthBase {
fn load_credential(&mut self) -> Result<()> {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove default implementation.

src/proxy/src/auth/mod.rs Outdated
}

#[derive(Default)]
pub struct AuthBase;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Authorizator

src/proxy/src/grpc/prom_query.rs Outdated
@@ -81,6 +81,21 @@ impl Proxy {
msg: "Missing context",
code: StatusCode::BAD_REQUEST,
})?;

// Check if the tenant is authorized to access the database.
if !self
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use interceptor to do auth check for gRPC
https://github.com/hyperium/tonic/blob/master/examples/src/interceptor/server.rs

For HTTP, see https://stackoverflow.com/questions/54988438/how-to-check-the-authorization-header-using-warp

src/proxy/src/auth/mod.rs Outdated
#[derive(Debug, Clone, Deserialize, Serialize, Default)]
pub struct Config {
pub enable: bool,
pub auth_type: String,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Define this with an Enum.

src/proxy/src/auth/mod.rs Outdated
pub type AuthRef = Arc<Mutex<dyn Auth>>;

/// Header of tenant name
pub const TENANT_HEADER: &str = "x-horaedb-access-tenant";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basic authorization use authorization header, we should avoid those custom headers.

jiacai2050
jiacai2050 approved these changes May 15, 2024
View reviewed changes
Copy link
Contributor

@jiacai2050 jiacai2050 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jiacai2050 jiacai2050 merged commit 71d261d into apache:main May 15, 2024
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jiacai2050 jiacai2050 jiacai2050 approved these changes

Assignees
No one assigned
Labels
feature New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Tenant management and authentication
2 participants
@baojinri @jiacai2050