cubestore driver 添加auth认证
昨天有说明关于mysql协议支持auth的,今天说明下driver支持auth 的方法(已经支持了,只是代码处理需要调整下)
cubestore 源码修改
- 添加auth支持
基于环境变量进行是否进行auth支持的判断 CUBESTORE_AUTH_ENABLE=1 使用,默认没有配置的就不使用
#[async_trait]
impl SqlAuthService for SqlAuthDefaultImpl {
async fn authenticate(&self, _user: Option<String>) -> Result<Option<String>, CubeError> {
let enable_auth = env_bool("CUBESTORE_AUTH_ENABLE", false);
if enable_auth==true {
info!("cubestore enable auth check");
let user = match _user {
None => {
info!("{}", "user is null");
Err(CubeError {
message: "error".to_string(),
cause: CubeErrorCauseType::User,
})
},
Some(user) => {
info!("auth user {}", user);
if user == env::var("CUBESTORE_USERNAME").ok().unwrap() {
Ok(None)
} else {
Err(CubeError {
message: "error".to_string(),
cause: CubeErrorCauseType::User,
})
}
}
};
user
}else{
Ok(None)
}
}
}
cubestore driver 支持
实际上还是依赖了ws 客户端(支持基于header 的数据传递),同时默认cubestore 支持基于basic auth 的websocket 连接处理
所以我们就可以直接使用
- 需要修改的代码
src/WebSocketConnection.ts src/CubeStoreDriver.ts
// 支持header
private options: any;
public constructor(url: string,options:{}) {
this.url = url;
this.messageCounter = 1;
this.options = options;
}
protected async initWebSocket() {
if (!this.webSocket) {
const webSocket: any = new WebSocket(this.url,this.options);
// 支持websocket带header的连接
public constructor(config?: Partial<ConnectionConfig>) {
super();
this.config = {
host: config?.host || getEnv('cubeStoreHost'),
port: config?.port || getEnv('cubeStorePort'),
user: config?.user || getEnv('cubeStoreUser'),
password: config?.password || getEnv('cubeStorePass'),
};
this.baseUrl = (this.config.url || `ws://${this.config.host || 'localhost'}:${this.config.port || '3030'}/`).replace(/\/ws$/, '/').replace(/\/$/, '');
var authHeader: any = {}
if (this.config.user && this.config.password) {
var base64Str = Buffer.from(`${this.config.user}:${this.config.password}`).toString('base64');
authHeader = {
headers: {
'Authorization': `Basic ${base64Str}`
}
};
}
this.connection = new WebSocketConnection(`${this.baseUrl}/ws`, authHeader);
}
参考使用
- docker-compose
version: "3"
services:
postgres:
image: postgres:12.2
environment:
- POSTGRES_PASSWORD=dalong
ports:
- 5432:5432
minio:
image: minio/minio
command: server /data
environment:
- MINIO_ACCESS_KEY=dalongrong
- MINIO_SECRET_KEY=dalongrong
ports:
- 9000:9000
cubestore_router:
restart: always
image: dalongrong/cubestore:v2
environment:
- CUBESTORE_LOG_LEVEL=trace
- CUBESTORE_SERVER_NAME=cubestore_router:9999
- CUBESTORE_META_PORT=9999
- CUBESTORE_S3_BUCKET=test
- CUBESTORE_S3_ENDPOINT=http://minio:9000
- CUBESTORE_S3_REGION=us-east-1
- CUBESTORE_S3_PATH_STYLE=1
- CUBESTORE_AUTH_ENABLE=1
- CUBESTORE_USERNAME=dalong
- CUBESTORE_AWS_ACCESS_KEY_ID=dalongrong
- CUBESTORE_AWS_SECRET_ACCESS_KEY=dalongrong
- CUBESTORE_WORKERS=cubestore_worker_1:9001,cubestore_worker_2:9001
- CUBESTORE_REMOTE_DIR=/cube/data
ports:
- "9999:9999"
- "3030:3030"
- "3306:3306"
expose:
- 9999 # This exposes the Metastore endpoint
- 3030 # This exposes the HTTP endpoint for CubeJS
- 3306
cubestore_worker_1:
restart: always
image: dalongrong/cubestore:v2
environment:
- CUBESTORE_SERVER_NAME=cubestore_worker_1:9001
- CUBESTORE_WORKER_PORT=9001
- CUBESTORE_S3_BUCKET=test
- CUBESTORE_S3_ENDPOINT=http://minio:9000
- CUBESTORE_S3_REGION=us-east-1
- CUBESTORE_S3_PATH_STYLE=1
- CUBESTORE_AUTH_ENABLE=1
- CUBESTORE_USERNAME=dalong
- CUBESTORE_AWS_ACCESS_KEY_ID=dalongrong
- CUBESTORE_AWS_SECRET_ACCESS_KEY=dalongrong
- CUBESTORE_META_ADDR=cubestore_router:9999
- CUBESTORE_REMOTE_DIR=/cube/data
depends_on:
- cubestore_router
expose:
- 9001
cubestore_worker_2:
restart: always
image: dalongrong/cubestore:v2
environment:
- CUBESTORE_SERVER_NAME=cubestore_worker_2:9001
- CUBESTORE_WORKER_PORT=9001
- CUBESTORE_S3_BUCKET=test
- CUBESTORE_S3_ENDPOINT=http://minio:9000
- CUBESTORE_S3_REGION=us-east-1
- CUBESTORE_S3_PATH_STYLE=1
- CUBESTORE_AUTH_ENABLE=1
- CUBESTORE_USERNAME=dalong
- CUBESTORE_AWS_ACCESS_KEY_ID=dalongrong
- CUBESTORE_AWS_SECRET_ACCESS_KEY=dalongrong
- CUBESTORE_META_ADDR=cubestore_router:9999
- CUBESTORE_REMOTE_DIR=/cube/data
depends_on:
- cubestore_router
expose:
- 9001
- cube.js app
cube.js 文件
// Cube.js configuration options: https://cube.dev/docs/config
const {CubeStoreDriver,CubeStoreQuery } = require("@dalongrong/cubestore-driver")
module.exports = {
externalDialectFactory: (dataSource) => {
console.log("externalDialectFactory",dataSource)
return CubeStoreQuery
},
telemetry: false,
externalDbType:({ dataSource } = {}) => {
return "cubestore"
},
externalDriverFactory: () => {
return new CubeStoreDriver({
host:"localhost",
port:3030,
user:"dalong",
password:"dalong"
})
}
};
- 效果
说明:输错账户会提示403如下:
正常的