quickwit-oss · fulmicoton · Oct 30, 2024 · Oct 31, 2024 · Nov 4, 2024 · Nov 4, 2024
diff --git a/config/quickwit.yaml b/config/quickwit.yaml
@@ -150,3 +150,9 @@ indexer:
 
 jaeger:
   enable_endpoint: ${QW_ENABLE_JAEGER_ENDPOINT:-true}
+
+license: ${QW_LICENSE}
+
+# authorization:
+#     root_key: ${QW_ROOT_KEY}
+#     node_token: ${QW_NODE_TOKEN}
diff --git a/quickwit/Cargo.lock b/quickwit/Cargo.lock
diff --git a/quickwit/Cargo.toml b/quickwit/Cargo.toml
@@ -2,6 +2,7 @@
 resolver = "2"
 members = [
   "quickwit-actors",
+  "quickwit-authorize",
   "quickwit-aws",
   "quickwit-cli",
   "quickwit-cluster",
@@ -20,6 +21,7 @@ members = [
   "quickwit-jaeger",
   "quickwit-janitor",
   "quickwit-lambda",
+  "quickwit-license",
   "quickwit-macros",
   "quickwit-metastore",
 
@@ -34,13 +36,13 @@ members = [
   "quickwit-serve",
   "quickwit-storage",
   "quickwit-telemetry",
-  "quickwit-license",
 ]
 
 # The following list excludes `quickwit-metastore-utils` and `quickwit-lambda`
 # from the default member to ease build/deps.
 default-members = [
   "quickwit-actors",
+  "quickwit-authorize",
   "quickwit-aws",
   "quickwit-cli",
   "quickwit-cluster",
@@ -52,6 +54,7 @@ default-members = [
   "quickwit-datetime",
   "quickwit-directories",
   "quickwit-doc-mapper",
+  "quickwit-license",
   "quickwit-index-management",
   "quickwit-indexing",
   "quickwit-ingest",
@@ -89,7 +92,6 @@ async-trait = "0.1"
 base64 = "0.22"
 binggan = { version = "0.14" }
 biscuit-auth = "5.0.0"
-
 bytes = { version = "1", features = ["serde"] }
 bytesize = { version = "1.3.0", features = ["serde"] }
 bytestring = "1.3.0"
@@ -238,6 +240,7 @@ tikv-jemalloc-ctl = "0.5"
 tikv-jemallocator = "0.5"
 time = { version = "0.3", features = ["std", "formatting", "macros"] }
 tokio = { version = "1.40", features = ["full"] }
+tokio-inherit-task-local = "0.2"
 tokio-metrics = { version = "0.3.1", features = ["rt"] }
 tokio-stream = { version = "0.1", features = ["sync"] }
 tokio-util = { version = "0.7", features = ["full"] }
@@ -303,6 +306,7 @@ opendal = { version = "0.44", default-features = false }
 reqsign = { version = "0.14", default-features = false }
 
 quickwit-actors = { path = "quickwit-actors" }
+quickwit-authorize = { path = "quickwit-authorize" }
 quickwit-aws = { path = "quickwit-aws" }
 quickwit-cli = { path = "quickwit-cli" }
 quickwit-cluster = { path = "quickwit-cluster" }

diff --git a/quickwit/quickwit-authorize/Cargo.toml b/quickwit/quickwit-authorize/Cargo.toml
@@ -0,0 +1,29 @@
+[package]
+name = "quickwit-authorize"
+version.workspace = true
+edition.workspace = true
+homepage.workspace = true
+documentation.workspace = true
+repository.workspace = true
+authors.workspace = true
+license.workspace = true
+
+[dependencies]
+anyhow = { workspace = true, optional = true }
+tower = { workspace = true}
+biscuit-auth = { workspace = true, optional=true }
+futures = { workspace = true }
+http = { workspace = true }
+itertools = { workspace = true }
+tokio-inherit-task-local = { workspace = true }
+serde = { workspace = true }
+thiserror = { workspace = true }
+tonic = { workspace = true }
+tokio = { workspace = true }
+tracing = { workspace = true }
+pin-project = { workspace = true }
+
+quickwit-common = { workspace = true }
+
+[features]
+enterprise = ["dep:biscuit-auth", "dep:anyhow"]
diff --git a/quickwit/quickwit-authorize/src/community/mod.rs b/quickwit/quickwit-authorize/src/community/mod.rs
@@ -0,0 +1,85 @@
+// Copyright (C) 2024 Quickwit, Inc.
+//
+// Quickwit is offered under the AGPL v3.0 and as commercial software.
+// For commercial licensing, contact us at hello@quickwit.io.
+//
+// AGPL:
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+use std::future::Future;
+
+use crate::AuthorizationError;
+
+pub type AuthorizationToken = ();
+
+pub trait Authorization {
+    fn attenuate(
+        &self,
+        _auth_token: AuthorizationToken,
+    ) -> Result<AuthorizationToken, AuthorizationError> {
+        Ok(())
+    }
+}
+
+impl<T> Authorization for T {}
+
+pub trait StreamAuthorization {
+    fn attenuate(
+        _auth_token: AuthorizationToken,
+    ) -> std::result::Result<AuthorizationToken, AuthorizationError> {
+        Ok(())
+    }
+}
+
+impl<T> StreamAuthorization for T {}
+
+pub fn extract_auth_token(
+    _req_metadata: &tonic::metadata::MetadataMap,
+) -> Result<AuthorizationToken, AuthorizationError> {
+    Ok(())
+}
+
+pub fn set_auth_token(
+    _auth_token: &AuthorizationToken,
+    _req_metadata: &mut tonic::metadata::MetadataMap,
+) {
+}
+
+pub fn authorize<R: Authorization>(
+    _req: &R,
+    _auth_token: &AuthorizationToken,
+) -> Result<(), AuthorizationError> {
+    Ok(())
+}
+
+pub fn build_tonic_request_with_auth_token<R: Authorization>(
+    req: R,
+) -> Result<tonic::Request<R>, AuthorizationError> {
+    Ok(tonic::Request::new(req))
+}
+
+pub fn authorize_stream<R: StreamAuthorization>(
+    _auth_token: &AuthorizationToken,
+) -> Result<(), AuthorizationError> {
+    Ok(())
+}
+
+pub fn execute_with_authorization<F, O>(_: AuthorizationToken, f: F) -> impl Future<Output = O>
+where F: Future<Output = O> {
+    f
+}
+
+pub fn authorize_request<R: Authorization>(_req: &R) -> Result<(), AuthorizationError> {
+    Ok(())
+}