• cubestore driver 添加auth认证


    昨天有说明关于mysql协议支持auth的,今天说明下driver支持auth 的方法(已经支持了,只是代码处理需要调整下)

    cubestore 源码修改

    • 添加auth支持
      基于环境变量进行是否进行auth支持的判断 CUBESTORE_AUTH_ENABLE=1 使用,默认没有配置的就不使用
     
    #[async_trait]
    impl SqlAuthService for SqlAuthDefaultImpl {
        async fn authenticate(&self, _user: Option<String>) -> Result<Option<String>, CubeError> {
            let enable_auth = env_bool("CUBESTORE_AUTH_ENABLE", false);
            if enable_auth==true {
                info!("cubestore enable auth check");
                let user = match _user {
                    None => {
                        info!("{}", "user is null");
                        Err(CubeError {
                            message: "error".to_string(),
                            cause: CubeErrorCauseType::User,
                        })
                    },
                    Some(user) => {
                        info!("auth user {}", user);
                        if user == env::var("CUBESTORE_USERNAME").ok().unwrap() {
                            Ok(None)
                        } else {
                            Err(CubeError {
                                message: "error".to_string(),
                                cause: CubeErrorCauseType::User,
                            })
                        }
                    }
                };
                user
            }else{
                Ok(None)
            }
        }
    }

    cubestore driver 支持

    实际上还是依赖了ws 客户端(支持基于header 的数据传递),同时默认cubestore 支持基于basic auth 的websocket 连接处理
    所以我们就可以直接使用

    • 需要修改的代码
      src/WebSocketConnection.ts src/CubeStoreDriver.ts
     
      // 支持header
      private options: any;
     
      public constructor(url: string,options:{}) {
        this.url = url;
        this.messageCounter = 1;
        this.options = options;
      }
     
      protected async initWebSocket() {
        if (!this.webSocket) {
          const webSocket: any = new WebSocket(this.url,this.options);
     
    // 支持websocket带header的连接
      public constructor(config?: Partial<ConnectionConfig>) {
        super();
     
        this.config = {
          ...config,
          host: config?.host || getEnv('cubeStoreHost'),
          port: config?.port || getEnv('cubeStorePort'),
          user: config?.user || getEnv('cubeStoreUser'),
          password: config?.password || getEnv('cubeStorePass'),
        };
        this.baseUrl = (this.config.url || `ws://${this.config.host || 'localhost'}:${this.config.port || '3030'}/`).replace(//ws$/, '/').replace(//$/, '');
        var authHeader: any = {}
        if (this.config.user && this.config.password) {
          var base64Str = Buffer.from(`${this.config.user}:${this.config.password}`).toString('base64');
          authHeader = {
            headers: {
              'Authorization': `Basic ${base64Str}`
            }
          };
        }
        this.connection = new WebSocketConnection(`${this.baseUrl}/ws`, authHeader);
      }

    参考使用

    • docker-compose
    version: "3"
    services:
      postgres:
        image: postgres:12.2
        environment:
          - POSTGRES_PASSWORD=dalong
        ports:
          - 5432:5432
      minio:
        image: minio/minio
        command: server /data
        environment:
          - MINIO_ACCESS_KEY=dalongrong
          - MINIO_SECRET_KEY=dalongrong
        ports:
          - 9000:9000
      cubestore_router:
        restart: always
        image: dalongrong/cubestore:v2
        environment:
          - CUBESTORE_LOG_LEVEL=trace
          - CUBESTORE_SERVER_NAME=cubestore_router:9999
          - CUBESTORE_META_PORT=9999
          - CUBESTORE_S3_BUCKET=test
          - CUBESTORE_S3_ENDPOINT=http://minio:9000
          - CUBESTORE_S3_REGION=us-east-1
          - CUBESTORE_S3_PATH_STYLE=1
          - CUBESTORE_AUTH_ENABLE=1
          - CUBESTORE_USERNAME=dalong
          - CUBESTORE_AWS_ACCESS_KEY_ID=dalongrong
          - CUBESTORE_AWS_SECRET_ACCESS_KEY=dalongrong
          - CUBESTORE_WORKERS=cubestore_worker_1:9001,cubestore_worker_2:9001
          - CUBESTORE_REMOTE_DIR=/cube/data
        ports: 
        - "9999:9999"
        - "3030:3030"
        - "3306:3306"
        expose:
          - 9999 # This exposes the Metastore endpoint
          - 3030 # This exposes the HTTP endpoint for CubeJS
          - 3306
      cubestore_worker_1:
        restart: always
        image: dalongrong/cubestore:v2
        environment:
          - CUBESTORE_SERVER_NAME=cubestore_worker_1:9001
          - CUBESTORE_WORKER_PORT=9001
          - CUBESTORE_S3_BUCKET=test
          - CUBESTORE_S3_ENDPOINT=http://minio:9000
          - CUBESTORE_S3_REGION=us-east-1
          - CUBESTORE_S3_PATH_STYLE=1
          - CUBESTORE_AUTH_ENABLE=1
          - CUBESTORE_USERNAME=dalong
          - CUBESTORE_AWS_ACCESS_KEY_ID=dalongrong
          - CUBESTORE_AWS_SECRET_ACCESS_KEY=dalongrong
          - CUBESTORE_META_ADDR=cubestore_router:9999
          - CUBESTORE_REMOTE_DIR=/cube/data
        depends_on:
          - cubestore_router
        expose:
          - 9001
      cubestore_worker_2:
        restart: always
        image: dalongrong/cubestore:v2
        environment:
          - CUBESTORE_SERVER_NAME=cubestore_worker_2:9001
          - CUBESTORE_WORKER_PORT=9001
          - CUBESTORE_S3_BUCKET=test
          - CUBESTORE_S3_ENDPOINT=http://minio:9000
          - CUBESTORE_S3_REGION=us-east-1
          - CUBESTORE_S3_PATH_STYLE=1
          - CUBESTORE_AUTH_ENABLE=1
          - CUBESTORE_USERNAME=dalong
          - CUBESTORE_AWS_ACCESS_KEY_ID=dalongrong
          - CUBESTORE_AWS_SECRET_ACCESS_KEY=dalongrong
          - CUBESTORE_META_ADDR=cubestore_router:9999
          - CUBESTORE_REMOTE_DIR=/cube/data
        depends_on:
          - cubestore_router
        expose:
          - 9001 
    • cube.js app
      cube.js 文件
     
    // Cube.js configuration options: https://cube.dev/docs/config
    const {CubeStoreDriver,CubeStoreQuery } = require("@dalongrong/cubestore-driver")
     
    module.exports = {
        externalDialectFactory: (dataSource) => {
            console.log("externalDialectFactory",dataSource)
            return CubeStoreQuery
        },
        telemetry: false,
        externalDbType:({ dataSource } = {}) => {
            return "cubestore"
        },
        externalDriverFactory: () => {
            return new CubeStoreDriver({
                host:"localhost",
                port:3030,
                user:"dalong",
                password:"dalong"
            })
        }
    };
    • 效果

    说明:输错账户会提示403如下:


    正常的

    参考资料

    https://github.com/rongfengliang/cubestore-driver

  • 相关阅读:
    什么?Spring Boot CommandLineRunner 有坑!?
    关于 websocket 跨域的一个奇怪问题…
    电商金额计算的 4 个坑,千万注意了!
    微服务模块划分原则和接口定义原则
    tcp的三次握手(连接)与四次挥手(断开)
    二叉树遍历及算法实现
    elasticsearch搜索 倒排索引
    kubernetes落地-传统web服务迁移
    Docker核心技术-容器管理
    Docker核心技术-镜像管理
  • 原文地址:https://www.cnblogs.com/rongfengliang/p/14743128.html
Copyright © 2020-2023  润新知