cubestore driver 添加auth认证

昨天有说明关于mysql协议支持auth的,今天说明下driver支持auth 的方法(已经支持了,只是代码处理需要调整下)

cubestore 源码修改

  • 添加auth支持
    基于环境变量进行是否进行auth支持的判断 CUBESTORE_AUTH_ENABLE=1 使用,默认没有配置的就不使用
 
#[async_trait]
impl SqlAuthService for SqlAuthDefaultImpl {
    async fn authenticate(&self, _user: Option<String>) -> Result<Option<String>, CubeError> {
        let enable_auth = env_bool("CUBESTORE_AUTH_ENABLE", false);
        if enable_auth==true {
            info!("cubestore enable auth check");
            let user = match _user {
                None => {
                    info!("{}", "user is null");
                    Err(CubeError {
                        message: "error".to_string(),
                        cause: CubeErrorCauseType::User,
                    })
                },
                Some(user) => {
                    info!("auth user {}", user);
                    if user == env::var("CUBESTORE_USERNAME").ok().unwrap() {
                        Ok(None)
                    } else {
                        Err(CubeError {
                            message: "error".to_string(),
                            cause: CubeErrorCauseType::User,
                        })
                    }
                }
            };
            user
        }else{
            Ok(None)
        }
    }
}

cubestore driver 支持

实际上还是依赖了ws 客户端(支持基于header 的数据传递),同时默认cubestore 支持基于basic auth 的websocket 连接处理
所以我们就可以直接使用

  • 需要修改的代码
    src/WebSocketConnection.ts src/CubeStoreDriver.ts
 
  // 支持header
  private options: any;
 
  public constructor(url: string,options:{}) {
    this.url = url;
    this.messageCounter = 1;
    this.options = options;
  }
 
  protected async initWebSocket() {
    if (!this.webSocket) {
      const webSocket: any = new WebSocket(this.url,this.options);
 
// 支持websocket带header的连接
  public constructor(config?: Partial<ConnectionConfig>) {
    super();
 
    this.config = {
      ...config,
      host: config?.host || getEnv('cubeStoreHost'),
      port: config?.port || getEnv('cubeStorePort'),
      user: config?.user || getEnv('cubeStoreUser'),
      password: config?.password || getEnv('cubeStorePass'),
    };
    this.baseUrl = (this.config.url || `ws://${this.config.host || 'localhost'}:${this.config.port || '3030'}/`).replace(/\/ws$/, '/').replace(/\/$/, '');
    var authHeader: any = {}
    if (this.config.user && this.config.password) {
      var base64Str = Buffer.from(`${this.config.user}:${this.config.password}`).toString('base64');
      authHeader = {
        headers: {
          'Authorization': `Basic ${base64Str}`
        }
      };
    }
    this.connection = new WebSocketConnection(`${this.baseUrl}/ws`, authHeader);
  }

参考使用

  • docker-compose
version: "3"
services:
  postgres:
    image: postgres:12.2
    environment:
      - POSTGRES_PASSWORD=dalong
    ports:
      - 5432:5432
  minio:
    image: minio/minio
    command: server /data
    environment:
      - MINIO_ACCESS_KEY=dalongrong
      - MINIO_SECRET_KEY=dalongrong
    ports:
      - 9000:9000
  cubestore_router:
    restart: always
    image: dalongrong/cubestore:v2
    environment:
      - CUBESTORE_LOG_LEVEL=trace
      - CUBESTORE_SERVER_NAME=cubestore_router:9999
      - CUBESTORE_META_PORT=9999
      - CUBESTORE_S3_BUCKET=test
      - CUBESTORE_S3_ENDPOINT=http://minio:9000
      - CUBESTORE_S3_REGION=us-east-1
      - CUBESTORE_S3_PATH_STYLE=1
      - CUBESTORE_AUTH_ENABLE=1
      - CUBESTORE_USERNAME=dalong
      - CUBESTORE_AWS_ACCESS_KEY_ID=dalongrong
      - CUBESTORE_AWS_SECRET_ACCESS_KEY=dalongrong
      - CUBESTORE_WORKERS=cubestore_worker_1:9001,cubestore_worker_2:9001
      - CUBESTORE_REMOTE_DIR=/cube/data
    ports: 
    - "9999:9999"
    - "3030:3030"
    - "3306:3306"
    expose:
      - 9999 # This exposes the Metastore endpoint
      - 3030 # This exposes the HTTP endpoint for CubeJS
      - 3306
  cubestore_worker_1:
    restart: always
    image: dalongrong/cubestore:v2
    environment:
      - CUBESTORE_SERVER_NAME=cubestore_worker_1:9001
      - CUBESTORE_WORKER_PORT=9001
      - CUBESTORE_S3_BUCKET=test
      - CUBESTORE_S3_ENDPOINT=http://minio:9000
      - CUBESTORE_S3_REGION=us-east-1
      - CUBESTORE_S3_PATH_STYLE=1
      - CUBESTORE_AUTH_ENABLE=1
      - CUBESTORE_USERNAME=dalong
      - CUBESTORE_AWS_ACCESS_KEY_ID=dalongrong
      - CUBESTORE_AWS_SECRET_ACCESS_KEY=dalongrong
      - CUBESTORE_META_ADDR=cubestore_router:9999
      - CUBESTORE_REMOTE_DIR=/cube/data
    depends_on:
      - cubestore_router
    expose:
      - 9001
  cubestore_worker_2:
    restart: always
    image: dalongrong/cubestore:v2
    environment:
      - CUBESTORE_SERVER_NAME=cubestore_worker_2:9001
      - CUBESTORE_WORKER_PORT=9001
      - CUBESTORE_S3_BUCKET=test
      - CUBESTORE_S3_ENDPOINT=http://minio:9000
      - CUBESTORE_S3_REGION=us-east-1
      - CUBESTORE_S3_PATH_STYLE=1
      - CUBESTORE_AUTH_ENABLE=1
      - CUBESTORE_USERNAME=dalong
      - CUBESTORE_AWS_ACCESS_KEY_ID=dalongrong
      - CUBESTORE_AWS_SECRET_ACCESS_KEY=dalongrong
      - CUBESTORE_META_ADDR=cubestore_router:9999
      - CUBESTORE_REMOTE_DIR=/cube/data
    depends_on:
      - cubestore_router
    expose:
      - 9001 
  • cube.js app
    cube.js 文件
 
// Cube.js configuration options: https://cube.dev/docs/config
const {CubeStoreDriver,CubeStoreQuery } = require("@dalongrong/cubestore-driver")
 
module.exports = {
    externalDialectFactory: (dataSource) => {
        console.log("externalDialectFactory",dataSource)
        return CubeStoreQuery
    },
    telemetry: false,
    externalDbType:({ dataSource } = {}) => {
        return "cubestore"
    },
    externalDriverFactory: () => {
        return new CubeStoreDriver({
            host:"localhost",
            port:3030,
            user:"dalong",
            password:"dalong"
        })
    }
};
  • 效果

说明:输错账户会提示403如下:
cubestore driver 添加auth认证

 

 


正常的
cubestore driver 添加auth认证

 

 

cubestore driver 添加auth认证

 

 

参考资料

https://github.com/rongfengliang/cubestore-driver

上一篇:ubuntu 16.04自带两个Python版本该怎么办?


下一篇:NAS支持IPv6访问的使用指南