This is an automated email from the ASF dual-hosted git repository. yiguolei pushed a commit to branch branch-2.1 in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-2.1 by this push: new 0c3bc1bcd07 [fix](auth)fix be enable http auth, some request link never return. (#44959) (#45063) 0c3bc1bcd07 is described below commit 0c3bc1bcd07a2877ab581d9e981e6f9b2cf3c551 Author: daidai <changyu...@selectdb.com> AuthorDate: Fri Dec 6 09:39:13 2024 +0800 [fix](auth)fix be enable http auth, some request link never return. (#44959) (#45063) bp #44959 if you `enable_all_http_auth = true` in be.conf, then restart be, and keep using `curl -u "xxxx:xxxx" http://127.0.0.1:8040/api/health` while be is starting. You may encounter a situation where the link does not return. Reason: When be is still starting, there is no information about fe master. When you make an api request to be http port, be needs to request authentication information from fe, which will cause it to request a machine with empty ip and port 0. This rpc call will definitely fail (this is not equivalent to a password error). After receiving this failure, be does not `send_reply` to the api requester, so this api request cannot be returned. --- be/src/http/http_handler_with_auth.cpp | 10 ++++++++++ be/test/http/http_client_test.cpp | 1 - 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/be/src/http/http_handler_with_auth.cpp b/be/src/http/http_handler_with_auth.cpp index 6a4b28beb27..0fd9a6b4b05 100644 --- a/be/src/http/http_handler_with_auth.cpp +++ b/be/src/http/http_handler_with_auth.cpp @@ -35,6 +35,7 @@ HttpHandlerWithAuth::HttpHandlerWithAuth(ExecEnv* exec_env, TPrivilegeHier::type : _exec_env(exec_env), _hier(hier), _type(type) {} int HttpHandlerWithAuth::on_header(HttpRequest* req) { + //if u return value isn't 0,u should `send_reply`,Avoid requesting links that never return. TCheckAuthRequest auth_request; TCheckAuthResult auth_result; AuthInfo auth_info; @@ -64,6 +65,11 @@ int HttpHandlerWithAuth::on_header(HttpRequest* req) { #ifndef BE_TEST TNetworkAddress master_addr = _exec_env->master_info()->network_address; + if (master_addr.hostname.empty() || master_addr.port == 0) { + LOG(WARNING) << "Not found master fe, Can't auth API request: " << req->debug_string(); + HttpChannel::send_error(req, HttpStatus::SERVICE_UNAVAILABLE); + return -1; + } { auto status = ThriftRpcHelper::rpc<FrontendServiceClient>( master_addr.hostname, master_addr.port, @@ -71,6 +77,10 @@ int HttpHandlerWithAuth::on_header(HttpRequest* req) { client->checkAuth(auth_result, auth_request); }); if (!status) { + LOG(WARNING) << "CheckAuth Rpc Fail.Fe Ip:" << master_addr.hostname + << ", Fe port:" << master_addr.port << ".Status:" << status.to_string() + << ".Request: " << req->debug_string(); + HttpChannel::send_error(req, HttpStatus::SERVICE_UNAVAILABLE); return -1; } } diff --git a/be/test/http/http_client_test.cpp b/be/test/http/http_client_test.cpp index 00b3288d2e9..9e04a7e725d 100644 --- a/be/test/http/http_client_test.cpp +++ b/be/test/http/http_client_test.cpp @@ -340,5 +340,4 @@ TEST_F(HttpClientTest, escape_url) { std::string output_G = hostname + "/download_file?key=0x2E&key=%252E#section"; ASSERT_TRUE(check_result(input_G, output_G)); } - } // namespace doris --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org For additional commands, e-mail: commits-h...@doris.apache.org