azexcy commented on code in PR #23627:
URL: https://github.com/apache/shardingsphere/pull/23627#discussion_r1073278244
##########
proxy/frontend/core/src/main/java/org/apache/shardingsphere/proxy/frontend/netty/CDCChannelInboundHandler.java:
##########
@@ -79,27 +85,40 @@ public void channelInactive(final ChannelHandlerContext
ctx) {
ctx.channel().attr(CONNECTION_CONTEXT_KEY).set(null);
}
+ @Override
+ public void exceptionCaught(final ChannelHandlerContext ctx, final
Throwable cause) {
Review Comment:
Perhaps we need to clarify what kind of exception needs to be thrown to
close the channel, and only clean contexnt when the channl closed?
##########
proxy/frontend/core/src/main/java/org/apache/shardingsphere/proxy/frontend/netty/CDCChannelInboundHandler.java:
##########
@@ -109,33 +128,50 @@ public void channelRead(final ChannelHandlerContext ctx,
final Object msg) {
}
}
- private void processLogin(final ChannelHandlerContext ctx, final
CDCRequest request) {
+ private void processLogin(final ChannelHandlerContext ctx, final
CDCRequest request, final CDCConnectionContext connectionContext) {
if (!request.hasLogin() || !request.getLogin().hasBasicBody()) {
ctx.writeAndFlush(CDCResponseGenerator.failed(request.getRequestId(),
CDCResponseErrorCode.ILLEGAL_REQUEST_ERROR, "Miss login request
body")).addListener(ChannelFutureListener.CLOSE);
return;
}
BasicBody body = request.getLogin().getBasicBody();
- Collection<ShardingSphereRule> globalRules =
ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getGlobalRuleMetaData().getRules();
- Optional<AuthorityRule> authorityRule =
globalRules.stream().filter(rule -> rule instanceof AuthorityRule).map(rule ->
(AuthorityRule) rule).findFirst();
+ Optional<AuthorityRule> authorityRule = findAuthorityRule();
if (!authorityRule.isPresent()) {
ctx.writeAndFlush(CDCResponseGenerator.failed(request.getRequestId(),
CDCResponseErrorCode.SERVER_ERROR, "Not find authority
rule")).addListener(ChannelFutureListener.CLOSE);
return;
}
Optional<ShardingSphereUser> user = authorityRule.get().findUser(new
Grantee(body.getUsername(), getHostAddress(ctx)));
if (user.isPresent() &&
Objects.equals(Hashing.sha256().hashBytes(user.get().getPassword().getBytes()).toString().toUpperCase(),
body.getPassword())) {
-
ctx.channel().attr(CONNECTION_CONTEXT_KEY).get().setStatus(CDCConnectionStatus.LOGGED_IN);
+ connectionContext.setStatus(CDCConnectionStatus.LOGGED_IN);
+ connectionContext.setCurrentUser(user.get());
ctx.writeAndFlush(CDCResponseGenerator.succeedBuilder(request.getRequestId()).build());
+ } else {
+
ctx.writeAndFlush(CDCResponseGenerator.failed(request.getRequestId(),
CDCResponseErrorCode.SERVER_ERROR, "Incorrect username or
password")).addListener(ChannelFutureListener.CLOSE);
+ }
+ }
+
+ private Optional<AuthorityRule> findAuthorityRule() {
+ Collection<ShardingSphereRule> globalRules =
ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getGlobalRuleMetaData().getRules();
+ return globalRules.stream().filter(rule -> rule instanceof
AuthorityRule).map(rule -> (AuthorityRule) rule).findFirst();
+ }
+
+ private void checkPrivileges(final Grantee grantee, final String
currentDatabase) {
+ if (null == grantee) {
return;
}
- ctx.writeAndFlush(CDCResponseGenerator.failed(request.getRequestId(),
CDCResponseErrorCode.SERVER_ERROR, "Incorrect username or
password")).addListener(ChannelFutureListener.CLOSE);
+ Optional<AuthorityRule> authorityRule = findAuthorityRule();
+ ShardingSpherePreconditions.checkState(authorityRule.isPresent(), ()
-> new SQLCheckException("Not find authority rule"));
Review Comment:
Yes, I'm considering whether the CDC using its own exceptions instead of
using existing ones
##########
proxy/frontend/core/src/main/java/org/apache/shardingsphere/proxy/frontend/netty/CDCChannelInboundHandler.java:
##########
@@ -109,33 +128,50 @@ public void channelRead(final ChannelHandlerContext ctx,
final Object msg) {
}
}
- private void processLogin(final ChannelHandlerContext ctx, final
CDCRequest request) {
+ private void processLogin(final ChannelHandlerContext ctx, final
CDCRequest request, final CDCConnectionContext connectionContext) {
if (!request.hasLogin() || !request.getLogin().hasBasicBody()) {
ctx.writeAndFlush(CDCResponseGenerator.failed(request.getRequestId(),
CDCResponseErrorCode.ILLEGAL_REQUEST_ERROR, "Miss login request
body")).addListener(ChannelFutureListener.CLOSE);
return;
}
BasicBody body = request.getLogin().getBasicBody();
- Collection<ShardingSphereRule> globalRules =
ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getGlobalRuleMetaData().getRules();
- Optional<AuthorityRule> authorityRule =
globalRules.stream().filter(rule -> rule instanceof AuthorityRule).map(rule ->
(AuthorityRule) rule).findFirst();
+ Optional<AuthorityRule> authorityRule = findAuthorityRule();
if (!authorityRule.isPresent()) {
ctx.writeAndFlush(CDCResponseGenerator.failed(request.getRequestId(),
CDCResponseErrorCode.SERVER_ERROR, "Not find authority
rule")).addListener(ChannelFutureListener.CLOSE);
return;
}
Optional<ShardingSphereUser> user = authorityRule.get().findUser(new
Grantee(body.getUsername(), getHostAddress(ctx)));
if (user.isPresent() &&
Objects.equals(Hashing.sha256().hashBytes(user.get().getPassword().getBytes()).toString().toUpperCase(),
body.getPassword())) {
-
ctx.channel().attr(CONNECTION_CONTEXT_KEY).get().setStatus(CDCConnectionStatus.LOGGED_IN);
+ connectionContext.setStatus(CDCConnectionStatus.LOGGED_IN);
+ connectionContext.setCurrentUser(user.get());
ctx.writeAndFlush(CDCResponseGenerator.succeedBuilder(request.getRequestId()).build());
+ } else {
+
ctx.writeAndFlush(CDCResponseGenerator.failed(request.getRequestId(),
CDCResponseErrorCode.SERVER_ERROR, "Incorrect username or
password")).addListener(ChannelFutureListener.CLOSE);
+ }
+ }
+
+ private Optional<AuthorityRule> findAuthorityRule() {
+ Collection<ShardingSphereRule> globalRules =
ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getGlobalRuleMetaData().getRules();
+ return globalRules.stream().filter(rule -> rule instanceof
AuthorityRule).map(rule -> (AuthorityRule) rule).findFirst();
+ }
+
+ private void checkPrivileges(final Grantee grantee, final String
currentDatabase) {
+ if (null == grantee) {
return;
}
Review Comment:
`grantee` can't be null yet, remove check.
##########
proxy/frontend/core/src/main/java/org/apache/shardingsphere/proxy/frontend/netty/CDCChannelInboundHandler.java:
##########
@@ -164,22 +201,27 @@ private void processStartSubscription(final
ChannelHandlerContext ctx, final CDC
.addListener(ChannelFutureListener.CLOSE);
return;
}
+ checkPrivileges(connectionContext.getCurrentUser().getGrantee(),
startSubscriptionRequest.getDatabase());
CDCResponse response = backendHandler.startSubscription(request,
ctx.channel(), connectionContext);
ctx.writeAndFlush(response);
}
- private void stopStartSubscription(final ChannelHandlerContext ctx, final
CDCRequest request, final CDCConnectionContext connectionContext) {
+ private void processStopSubscription(final ChannelHandlerContext ctx,
final CDCRequest request, final CDCConnectionContext connectionContext) {
+ StopSubscriptionRequest stopSubscriptionRequest =
request.getStopSubscription();
+ checkPrivileges(connectionContext.getCurrentUser().getGrantee(),
stopSubscriptionRequest.getDatabase());
backendHandler.stopSubscription(connectionContext.getJobId());
connectionContext.setStatus(CDCConnectionStatus.LOGGED_IN);
ctx.writeAndFlush(CDCResponseGenerator.succeedBuilder(request.getRequestId()).build());
}
- private void dropStartSubscription(final ChannelHandlerContext ctx, final
CDCRequest request, final CDCConnectionContext connectionContext) {
+ private void processDropSubscription(final ChannelHandlerContext ctx,
final CDCRequest request, final CDCConnectionContext connectionContext) {
+ DropSubscriptionRequest dropSubscriptionRequest =
request.getDropSubscription();
+ checkPrivileges(connectionContext.getCurrentUser().getGrantee(),
dropSubscriptionRequest.getDatabase());
try {
backendHandler.dropSubscription(connectionContext.getJobId());
ctx.writeAndFlush(CDCResponseGenerator.succeedBuilder(request.getRequestId()).build());
} catch (final SQLException ex) {
-
ctx.writeAndFlush(CDCResponseGenerator.failed(request.getRequestId(),
CDCResponseErrorCode.SERVER_ERROR, ex.getMessage()));
+
ctx.writeAndFlush(CDCResponseGenerator.failed(request.getRequestId(),
CDCResponseErrorCode.SERVER_ERROR,
ex.getMessage())).addListener(ChannelFutureListener.CLOSE);
}
Review Comment:
Now it is not clear whether to close the channel when the exception occurs.
Perhaps we can assume that any exceptions before successful login will close
the channel, and any exceptions after successful login will not close the
channel
##########
proxy/frontend/core/src/main/java/org/apache/shardingsphere/proxy/frontend/netty/CDCChannelInboundHandler.java:
##########
@@ -109,33 +128,50 @@ public void channelRead(final ChannelHandlerContext ctx,
final Object msg) {
}
}
- private void processLogin(final ChannelHandlerContext ctx, final
CDCRequest request) {
+ private void processLogin(final ChannelHandlerContext ctx, final
CDCRequest request, final CDCConnectionContext connectionContext) {
if (!request.hasLogin() || !request.getLogin().hasBasicBody()) {
ctx.writeAndFlush(CDCResponseGenerator.failed(request.getRequestId(),
CDCResponseErrorCode.ILLEGAL_REQUEST_ERROR, "Miss login request
body")).addListener(ChannelFutureListener.CLOSE);
return;
}
BasicBody body = request.getLogin().getBasicBody();
- Collection<ShardingSphereRule> globalRules =
ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getGlobalRuleMetaData().getRules();
- Optional<AuthorityRule> authorityRule =
globalRules.stream().filter(rule -> rule instanceof AuthorityRule).map(rule ->
(AuthorityRule) rule).findFirst();
+ Optional<AuthorityRule> authorityRule = findAuthorityRule();
if (!authorityRule.isPresent()) {
ctx.writeAndFlush(CDCResponseGenerator.failed(request.getRequestId(),
CDCResponseErrorCode.SERVER_ERROR, "Not find authority
rule")).addListener(ChannelFutureListener.CLOSE);
return;
}
Optional<ShardingSphereUser> user = authorityRule.get().findUser(new
Grantee(body.getUsername(), getHostAddress(ctx)));
if (user.isPresent() &&
Objects.equals(Hashing.sha256().hashBytes(user.get().getPassword().getBytes()).toString().toUpperCase(),
body.getPassword())) {
-
ctx.channel().attr(CONNECTION_CONTEXT_KEY).get().setStatus(CDCConnectionStatus.LOGGED_IN);
+ connectionContext.setStatus(CDCConnectionStatus.LOGGED_IN);
+ connectionContext.setCurrentUser(user.get());
ctx.writeAndFlush(CDCResponseGenerator.succeedBuilder(request.getRequestId()).build());
+ } else {
+
ctx.writeAndFlush(CDCResponseGenerator.failed(request.getRequestId(),
CDCResponseErrorCode.SERVER_ERROR, "Incorrect username or
password")).addListener(ChannelFutureListener.CLOSE);
+ }
+ }
+
+ private Optional<AuthorityRule> findAuthorityRule() {
+ Collection<ShardingSphereRule> globalRules =
ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getGlobalRuleMetaData().getRules();
+ return globalRules.stream().filter(rule -> rule instanceof
AuthorityRule).map(rule -> (AuthorityRule) rule).findFirst();
+ }
+
+ private void checkPrivileges(final Grantee grantee, final String
currentDatabase) {
+ if (null == grantee) {
return;
}
- ctx.writeAndFlush(CDCResponseGenerator.failed(request.getRequestId(),
CDCResponseErrorCode.SERVER_ERROR, "Incorrect username or
password")).addListener(ChannelFutureListener.CLOSE);
+ Optional<AuthorityRule> authorityRule = findAuthorityRule();
+ ShardingSpherePreconditions.checkState(authorityRule.isPresent(), ()
-> new SQLCheckException("Not find authority rule"));
+ Optional<ShardingSpherePrivileges> privileges =
authorityRule.get().findPrivileges(grantee);
+ ShardingSpherePreconditions.checkState(privileges.isPresent(), () ->
new SQLCheckException(String.format("Access denied for user '%s'@'%s'",
grantee.getUsername(), grantee.getHostname())));
+ ShardingSpherePreconditions.checkState(null == currentDatabase ||
privileges.filter(optional ->
optional.hasPrivileges(currentDatabase)).isPresent(),
+ () -> new SQLCheckException(String.format("Unknown database
'%s'", currentDatabase)));
Review Comment:
currentDatabase will not be null yet, need to consider when supporting mysql
in the future, remove first
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
