Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: enhancements of HTTP client session. #16452

Merged
merged 10 commits into from
Sep 14, 2024
Merged

refactor: enhancements of HTTP client session. #16452

merged 10 commits into from
Sep 14, 2024

Conversation

youngsofun
Copy link
Member

@youngsofun youngsofun commented Sep 13, 2024
edited
Loading

I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/

Summary

  1. session auth by JWT not use session token. use header to pass client session id.
    2. . add need_refresh in session state, client do refresh only when it is true, client session id is written to meta only when there are temp tables (1. on /session/refresh 2. num of temp table changed from 0 to 1).
  2. add endpoint /auth/verify for gateway, instead of using select 1
  3. add need_sticky in session state, set to true if in txn or there are temp tables, server return error if it is true but server changed/restarted.
  4. rename renew -> refresh, to be consistent with term refresh_token and for JWT session, no token is newed
  5. extract HttpErrorCode to make it easier to return the right status code.
  6. adjust, extract and rename TTLs, add TTL_GRACE_PERIOD_QUERY, to cover latencies and time skews.
  7. check user or client_session_id of HTTPQuery to protect the query result.
  8. page handler no longer to get user from meta.

Tests

  • Unit Test
  • Logic Test
  • Benchmark Test
  • No Test - Explain why

Type of change

  • Bug Fix (non-breaking change which fixes an issue)
  • New Feature (non-breaking change which adds functionality)
  • Breaking Change (fix or feature that could cause existing functionality not to work as expected)
  • Documentation Update
  • Refactoring
  • Performance Improvement
  • Other (please describe):

This change is Reviewable

@dosubot dosubot bot added the size:XXL This PR changes 1000+ lines, ignoring generated files. label Sep 13, 2024
@github-actions github-actions bot added the pr-refactor this PR changes the code base without new features or bugfix label Sep 13, 2024
@dosubot dosubot bot added the A-query Area: databend query label Sep 13, 2024
@what-the-diff What The Diff
Copy link

what-the-diff bot commented Sep 13, 2024

PR Summary

  • Introduction of new constants and revamped token handling

    • A new constant HEADER_SESSION_ID has been added which streamlines session identification in requests.
    • Token expiration durations are no longer hardcoded but come from a new constants file improving maintainability.
    • Token encoding and decoding now includes token type, providing better granularity in processing different token types.

  • Modified TokenType and Credential structures

    • The implementation of the TokenType class has been enhanced to support conversions from numeric values to token types and to support pretty-printing.
    • DatabendToken variant in the Credential structure has been revised to exclude token_type and set_user, and a new need_refresh method has been introduced benefitting session refresh handling.

  • Updates to Authentication and Session Management

    • Authentication logic has been overhauled to return a tuple containing the username and session ID, simplifying credential validation.
    • Better session management and tracking was done by adding new fields and methods to HttpQueryManager and HttpQueryContext.
    • A new method, refresh_in_memory_states, has been added for session state updates which boosts session usage tracking.

  • Improved Error and Response Handling

    • The introduction of HttpErrorCode allows for enhanced error handling across different modules.
    • Response handling has been improved with updated functions in HttpQueryManager, ensuring better session state management.

  • New Handlers for Verification and Refresh

    • Two new handlers have been introduced - a verify handler that responds to verification requests, and a refresh handler that replaces the old renew handler.
    • These handlers ensure efficient and accurate handling of verification and session refresh requests.

  • Changes in Test Suite

    • Test cases have been updated to reflect changes in the authentication process, token handling, and error handling.
    • A new function for token verification has been introduced and test results have been updated to reflect the new functionality and changes in response formats.

@youngsofun youngsofun marked this pull request as draft September 13, 2024 17:02
@youngsofun youngsofun marked this pull request as ready for review September 14, 2024 01:13
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Sep 14, 2024
@youngsofun youngsofun added this pull request to the merge queue Sep 14, 2024
@BohuTANG BohuTANG removed this pull request from the merge queue due to a manual request Sep 14, 2024
@BohuTANG BohuTANG merged commit affd91f into datafuselabs:main Sep 14, 2024
99 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@everpcpc everpcpc everpcpc approved these changes

@flaneur2020 flaneur2020 Awaiting requested review from flaneur2020

Assignees
No one assigned
Labels
A-query Area: databend query lgtm This PR has been approved by a maintainer pr-refactor this PR changes the code base without new features or bugfix size:XXL This PR changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@youngsofun @everpcpc @BohuTANG