chore(native): Native gateway - expose API from node

Author: ovr

packages/cubejs-backend-native/Cargo.lock

@@ -29,6 +29,7 @@ findshlibs = "0.10.2"
 futures = "0.3.30"
 http-body-util = "0.1"
 axum = { version = "0.7.5", features = ["default", "ws"] }
+tower = "0.5.2"
 libc = "0.2"
 log = "0.4.21"
 log-reroute = "0.1"

packages/cubejs-backend-native/Cargo.toml

@@ -13,18 +13,29 @@ use std::sync::Arc;
 use uuid::Uuid;
 
 use crate::channel::call_js_with_channel_as_callback;
+use crate::gateway::{
+    GatewayAuthContext, GatewayAuthContextRef, GatewayAuthService, GatewayAuthenticateResponse,
+    GatewayCheckAuthRequest,
+};
 
 #[derive(Debug)]
 pub struct NodeBridgeAuthService {
     channel: Arc<Channel>,
+    check_auth: Arc<Root<JsFunction>>,
     check_sql_auth: Arc<Root<JsFunction>>,
 }
 
+pub struct NodeBridgeAuthServiceOptions {
+    pub check_auth: Root<JsFunction>,
+    pub check_sql_auth: Root<JsFunction>,
+}
+
 impl NodeBridgeAuthService {
-    pub fn new(channel: Channel, check_sql_auth: Root<JsFunction>) -> Self {
+    pub fn new(channel: Channel, options: NodeBridgeAuthServiceOptions) -> Self {
         Self {
             channel: Arc::new(channel),
-            check_sql_auth: Arc::new(check_sql_auth),
+            check_auth: Arc::new(options.check_auth),
+            check_sql_auth: Arc::new(options.check_sql_auth),
         }
     }
 }
@@ -36,14 +47,14 @@ pub struct TransportRequest {
 }
 
 #[derive(Debug, Serialize)]
-struct CheckSQLAuthRequest {
+struct CheckSQLAuthTransportRequest {
     request: TransportRequest,
     user: Option<String>,
     password: Option<String>,
 }
 
 #[derive(Debug, Deserialize)]
-struct CheckSQLAuthResponse {
+struct CheckSQLAuthTransportResponse {
     password: Option<String>,
     superuser: bool,
     #[serde(rename = "securityContext", skip_serializing_if = "Option::is_none")]
@@ -53,13 +64,13 @@ struct CheckSQLAuthResponse {
 }
 
 #[derive(Debug)]
-pub struct NativeAuthContext {
+pub struct NativeSQLAuthContext {
     pub user: Option<String>,
     pub superuser: bool,
     pub security_context: Option<serde_json::Value>,
 }
 
-impl AuthContext for NativeAuthContext {
+impl AuthContext for NativeSQLAuthContext {
     fn as_any(&self) -> &dyn Any {
         self
     }
@@ -72,28 +83,28 @@ impl SqlAuthService for NodeBridgeAuthService {
         user: Option<String>,
         password: Option<String>,
     ) -> Result<AuthenticateResponse, CubeError> {
-        trace!("[auth] Request ->");
+        trace!("[sql auth] Request ->");
 
         let request_id = Uuid::new_v4().to_string();
 
-        let extra = serde_json::to_string(&CheckSQLAuthRequest {
+        let extra = serde_json::to_string(&CheckSQLAuthTransportRequest {
             request: TransportRequest {
                 id: format!("{}-span-1", request_id),
                 meta: None,
             },
             user: user.clone(),
             password: password.clone(),
         })?;
-        let response: CheckSQLAuthResponse = call_js_with_channel_as_callback(
+        let response: CheckSQLAuthTransportResponse = call_js_with_channel_as_callback(
             self.channel.clone(),
             self.check_sql_auth.clone(),
             Some(extra),
         )
         .await?;
-        trace!("[auth] Request <- {:?}", response);
+        trace!("[sql auth] Request <- {:?}", response);
 
         Ok(AuthenticateResponse {
-            context: Arc::new(NativeAuthContext {
+            context: Arc::new(NativeSQLAuthContext {
                 user,
                 superuser: response.superuser,
                 security_context: response.security_context,
@@ -104,4 +115,70 @@ impl SqlAuthService for NodeBridgeAuthService {
     }
 }
 
-di_service!(NodeBridgeAuthService, [SqlAuthService]);
+#[derive(Debug, Serialize)]
+struct CheckAuthTransportRequest {
+    request: TransportRequest,
+    req: GatewayCheckAuthRequest,
+    token: String,
+}
+
+#[derive(Debug, Deserialize)]
+struct CheckAuthTransportResponse {
+    #[serde(rename = "securityContext", skip_serializing_if = "Option::is_none")]
+    security_context: Option<serde_json::Value>,
+}
+
+#[derive(Debug)]
+pub struct NativeAuthContext {
+    pub security_context: Option<serde_json::Value>,
+}
+
+impl GatewayAuthContext for NativeAuthContext {
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+}
+
+#[async_trait]
+impl GatewayAuthService for NodeBridgeAuthService {
+    async fn authenticate(
+        &self,
+        req: GatewayCheckAuthRequest,
+        token: String,
+    ) -> Result<GatewayAuthenticateResponse, CubeError> {
+        trace!("[auth] Request ->");
+
+        let request_id = Uuid::new_v4().to_string();
+
+        let extra = serde_json::to_string(&CheckAuthTransportRequest {
+            request: TransportRequest {
+                id: format!("{}-span-1", request_id),
+                meta: None,
+            },
+            req,
+            token: token.clone(),
+        })?;
+        let response: CheckAuthTransportResponse = call_js_with_channel_as_callback(
+            self.channel.clone(),
+            self.check_auth.clone(),
+            Some(extra),
+        )
+        .await?;
+        trace!("[auth] Request <- {:?}", response);
+
+        Ok(GatewayAuthenticateResponse {
+            context: Arc::new(NativeAuthContext {
+                security_context: response.security_context,
+            }),
+        })
+    }
+
+    async fn context_to_api_scopes(
+        &self,
+        auth_context: GatewayAuthContextRef,
+    ) -> Result<GatewayAuthenticateResponse, CubeError> {
+        unimplemented!();
+    }
+}
+
+di_service!(NodeBridgeAuthService, [SqlAuthService, GatewayAuthService]);

packages/cubejs-backend-native/src/auth.rs

@@ -1,5 +1,5 @@
 use crate::gateway::server::ApiGatewayServerImpl;
-use crate::gateway::{ApiGatewayRouterBuilder, ApiGatewayServer};
+use crate::gateway::{ApiGatewayRouterBuilder, ApiGatewayServer, ApiGatewayState};
 use crate::{auth::NodeBridgeAuthService, transport::NodeBridgeTransport};
 use async_trait::async_trait;
 use cubesql::config::injection::Injector;
@@ -163,10 +163,12 @@ impl NodeConfiguration for NodeConfigurationImpl {
 
             injector
                 .register_typed::<dyn ApiGatewayServer, _, _, _>(|i| async move {
+                    let state = Arc::new(ApiGatewayState::new(i));
+
                     ApiGatewayServerImpl::new(
                         ApiGatewayRouterBuilder::new(),
                         api_gateway_address,
-                        i.clone(),
+                        state,
                     )
                 })
                 .await;

packages/cubejs-backend-native/src/config.rs

@@ -8,12 +8,12 @@ use cubesql::config::ConfigObj;
 use cubesql::sql::{Session, SessionManager};
 use cubesql::CubeError;
 
-use crate::auth::NativeAuthContext;
+use crate::auth::NativeSQLAuthContext;
 use crate::config::NodeCubeServices;
 
 pub async fn create_session(
     services: &NodeCubeServices,
-    native_auth_ctx: Arc<NativeAuthContext>,
+    native_auth_ctx: Arc<NativeSQLAuthContext>,
 ) -> Result<Arc<Session>, CubeError> {
     let config = services
         .injector()
@@ -53,7 +53,7 @@ pub async fn create_session(
 
 pub async fn with_session<T, F, Fut>(
     services: &NodeCubeServices,
-    native_auth_ctx: Arc<NativeAuthContext>,
+    native_auth_ctx: Arc<NativeSQLAuthContext>,
     f: F,
 ) -> Result<T, CubeError>
 where