search

cube-js / cube

📊 Cube — The Semantic Layer for Building Data Applications
https://cube.dev
Other
17.94k stars 1.78k forks source link

cubestore support username & password auth ? #2647

Open rongfengliang opened 3 years ago

rongfengliang commented 3 years ago

Problem

current from code && docs dons't seen any security conf for running cubestore in production envirenment .

cubestore support config auth token or with username & password running?

paveltiunov commented 3 years ago

@rongfengliang Yep. As of now, there are no security controls in Cube Store so it should be deployed only in secured environments. We have it only in Cube Cloud right now and we need to have something in open source as well.

github-actions[bot] commented 3 years ago

If you are interested in working on this issue, please leave a comment below and we will be happy to assign the issue to you. If this is the first time you are contributing a Pull Request to Cube.js, please check our contribution guidelines. You can also post any questions while contributing in the #contributors channel in the Cube.js Slack.

rongfengliang commented 3 years ago

@paveltiunov from cubestore source code && cubestore-driver i think this change maybe support basic auth

add mysql user auth

https://github.com/cube-js/cube.js/blob/master/rust/cubestore/src/mysql/mod.rs#L228

#[async_trait]
impl SqlAuthService for SqlAuthDefaultImpl {
    async fn authenticate(&self, _user: Option<String>) -> Result<Option<String>, CubeError> {
     let user = match _user {
            None => {
                info!("{}", "user is null");
                Err(CubeError {
                    message: "error".to_string(),
                    cause: CubeErrorCauseType::User,
                })
            },
            Some(user) => {
                info!("auth user {}", user);
                if user==env::var("CUBESTORE_USERNAME").ok().unwrap() {
                    Ok(None)
                }else{
                    Err(CubeError {
                        message: "error".to_string(),
                        cause: CubeErrorCauseType::User,
                    })
                }
            }
        };
        user
    }
}

add websocket with basic auth header. need change client add header options (ws client support )

WebSocketConnection.js

class WebSocketConnection {
    constructor(url,options) {
        this.url = url;
        this.options=options;
        this.messageCounter = 1;
    }
    async initWebSocket() {
        if (!this.webSocket) {
            const webSocket = new ws_1.default(this.url,this.options);

driver: CubeStoreDriver.js

 this.connection = new WebSocketConnection_1.WebSocketConnection(`${this.baseUrl}/ws`,{
            // add  basic auth  
            headers:{
                "Authorization":"Basic xxxxx"
            }
        });

alse maybe add env for enable auth (CUBESTORE_AUTH_ENABLE)

if ok . i will try to do some pr