databendlabs · BohuTANG · Aug 22, 2024 · Aug 16, 2024 · Aug 17, 2024 · Aug 17, 2024
diff --git a/src/common/cache/src/mem_sized.rs b/src/common/cache/src/mem_sized.rs
@@ -27,3 +27,14 @@ impl MemSized for String {
         self.len()
     }
 }
+
+impl<T> MemSized for Option<T>
+where T: MemSized
+{
+    fn mem_bytes(&self) -> usize {
+        match self {
+            None => 0,
+            Some(s) => s.mem_bytes(),
+        }
+    }
+}
diff --git a/src/common/exception/src/exception_code.rs b/src/common/exception/src/exception_code.rs
@@ -105,7 +105,6 @@ build_exceptions! {
     BadBytes(1046),
     InitPrometheusFailure(1047),
     Overflow(1049),
-    AuthenticateFailure(1051),
     TLSConfigurationFailure(1052),
     UnknownSession(1053),
     SHA1CheckFailed(1057),
@@ -123,7 +122,6 @@ build_exceptions! {
     UnknownFormat(1074),
     UnknownCompressionType(1075),
     InvalidCompressionData(1076),
-    InvalidAuthInfo(1077),
     InvalidTimezone(1078),
     InvalidDate(1079),
     InvalidTimestamp(1080),
@@ -420,11 +418,14 @@ build_exceptions! {
 
 // Service errors [5001,6000].
 build_exceptions! {
-    // A task that already stopped and can not stopped twice.
+    // A task that already stopped and can not stop twice.
     AlreadyStopped(5002),
 
-    SessionTokenExpired(5100),
-    RefreshTokenExpired(5101),
-    SessionTokenNotFound(5102),
-    RefreshTokenNotFound(5103)
+    // auth related
+    AuthenticateFailure(5100),
+    // the flowing 4 code is used by clients
+    SessionTokenExpired(5101),
+    RefreshTokenExpired(5102),
+    SessionTokenNotFound(5103),
+    RefreshTokenNotFound(5104)
 }
diff --git a/src/meta/app/src/principal/client_session.rs b/src/meta/app/src/principal/client_session.rs
@@ -0,0 +1,21 @@
+// Copyright 2021 Datafuse Labs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use serde::Deserialize;
+use serde::Serialize;
+
+#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq)]
+pub struct ClientSession {
+    pub user_name: String,
+}
diff --git a/src/meta/app/src/principal/client_session_ident.rs b/src/meta/app/src/principal/client_session_ident.rs
@@ -0,0 +1,60 @@
+// Copyright 2021 Datafuse Labs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use crate::tenant_key::ident::TIdent;
+
+/// Define the meta-service key for a user setting.
+pub type ClientSessionIdent = TIdent<Resource>;
+
+pub use kvapi_impl::Resource;
+
+mod kvapi_impl {
+
+    use databend_common_meta_kvapi::kvapi;
+
+    use crate::principal::client_session::ClientSession;
+    use crate::tenant_key::resource::TenantResource;
+
+    pub struct Resource;
+    impl TenantResource for Resource {
+        const PREFIX: &'static str = "__fd_session";
+        const TYPE: &'static str = "ClientSession";
+        const HAS_TENANT: bool = true;
+        type ValueType = ClientSession;
+    }
+
+    impl kvapi::Value for ClientSession {
+        fn dependency_keys(&self) -> impl IntoIterator<Item = String> {
+            []
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use databend_common_meta_kvapi::kvapi::Key;
+
+    use crate::principal::client_session_ident::ClientSessionIdent;
+    use crate::tenant::Tenant;
+
+    #[test]
+    fn test_setting_ident() {
+        let tenant = Tenant::new_literal("tenant1");
+        let ident = ClientSessionIdent::new(tenant.clone(), "test");
+        assert_eq!("__fd_session/tenant1/test", ident.to_string_key());
+
+        let got = ClientSessionIdent::from_str_key(&ident.to_string_key()).unwrap();
+        assert_eq!(ident, got);
+    }
+}
diff --git a/src/meta/app/src/principal/mod.rs b/src/meta/app/src/principal/mod.rs
@@ -37,6 +37,8 @@ mod user_stage;
 
 mod ownership_object;
 
+pub mod client_session;
+pub mod client_session_ident;
 pub mod connection_ident;
 pub mod network_policy_ident;
 pub mod password_policy_ident;

diff --git a/src/meta/app/src/principal/user_auth.rs b/src/meta/app/src/principal/user_auth.rs
@@ -41,7 +41,7 @@ impl FromStr for AuthType {
             DOUBLE_SHA1_PASSWORD_STR => Ok(AuthType::DoubleSha1Password),
             NO_PASSWORD_STR => Ok(AuthType::NoPassword),
             JWT_AUTH_STR => Ok(AuthType::JWT),
-            _ => Err(ErrorCode::InvalidAuthInfo(AuthType::bad_auth_types(s))),
+            _ => Err(ErrorCode::AuthenticateFailure(AuthType::bad_auth_types(s))),
         }
     }
 }
@@ -133,7 +133,7 @@ impl AuthInfo {
                         need_change,
                     })
                 }
-                None => Err(ErrorCode::InvalidAuthInfo("need password".to_string())),
+                None => Err(ErrorCode::AuthenticateFailure("need password".to_string())),
             },
         }
     }

diff --git a/src/meta/proto-conv/src/client_session_from_to_protobuf_impl.rs b/src/meta/proto-conv/src/client_session_from_to_protobuf_impl.rs
@@ -0,0 +1,52 @@
+// Copyright 2021 Datafuse Labs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! This mod is the key point about compatibility.
+//! Everytime update anything in this file, update the `VER` and let the tests pass.
+
+use databend_common_meta_app::principal::client_session as mt;
+use databend_common_protos::pb;
+
+use crate::reader_check_msg;
+use crate::FromToProto;
+use crate::Incompatible;
+use crate::MIN_READER_VER;
+use crate::VER;
+
+impl FromToProto for mt::ClientSession {
+    type PB = pb::ClientSession;
+
+    fn get_pb_ver(p: &Self::PB) -> u64 {
+        p.ver
+    }
+
+    fn from_pb(p: Self::PB) -> Result<Self, Incompatible>
+    where Self: Sized {
+        reader_check_msg(p.ver, p.min_reader_ver)?;
+
+        let v = Self {
+            user_name: p.user_name,
+        };
+        Ok(v)
+    }
+
+    fn to_pb(&self) -> Result<Self::PB, Incompatible> {
+        let p = pb::ClientSession {
+            ver: VER,
+            min_reader_ver: MIN_READER_VER,
+            user_name: self.user_name.clone(),
+        };
+        Ok(p)
+    }
+}
diff --git a/src/meta/proto-conv/src/lib.rs b/src/meta/proto-conv/src/lib.rs
@@ -63,6 +63,7 @@
 mod background_job_from_to_protobuf_impl;
 mod background_task_from_to_protobuf_impl;
 mod catalog_from_to_protobuf_impl;
+mod client_session_from_to_protobuf_impl;
 mod config_from_to_protobuf_impl;
 mod connection_from_to_protobuf_impl;
 mod data_mask_from_to_protobuf_impl;

@@ -0,0 +1,27 @@
+// Copyright 2021 Datafuse Labs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// The identifier of a database by name. Names can be changed.
+// There is no guarantee that two get-database request by name will return the
+// same instance.
+
+syntax = "proto3";
+
+package databend_proto;
+
+message ClientSession {
+  uint64 ver = 100;
+  uint64 min_reader_ver = 101;
+  string user_name = 2;
+}
diff --git a/src/query/management/src/token.rs → src/query/management/src/client_session.rs b/src/query/management/src/token.rs → src/query/management/src/client_session.rs
@@ -18,6 +18,8 @@ use std::time::Duration;
 use databend_common_exception::Result;
 use databend_common_meta_api::kv_pb_api::KVPbApi;
 use databend_common_meta_api::kv_pb_api::UpsertPB;
+use databend_common_meta_app::principal::client_session::ClientSession;
+use databend_common_meta_app::principal::client_session_ident::ClientSessionIdent;
 use databend_common_meta_app::principal::user_token::QueryTokenInfo;
 use databend_common_meta_app::principal::user_token_ident::TokenIdent;
 use databend_common_meta_app::tenant::Tenant;
@@ -29,14 +31,14 @@ use databend_common_meta_types::MetaError;
 use databend_common_meta_types::Operation;
 use databend_common_meta_types::With;
 
-pub struct TokenMgr {
+pub struct ClientSessionMgr {
     kv_api: Arc<dyn kvapi::KVApi<Error = MetaError>>,
     tenant: Tenant,
 }
 
-impl TokenMgr {
+impl ClientSessionMgr {
     pub fn create(kv_api: Arc<dyn kvapi::KVApi<Error = MetaError>>, tenant: &Tenant) -> Self {
-        TokenMgr {
+        ClientSessionMgr {
             kv_api,
             tenant: tenant.clone(),
         }
@@ -45,9 +47,12 @@ impl TokenMgr {
     fn token_ident(&self, token_hash: &str) -> TokenIdent {
         TokenIdent::new(self.tenant.clone(), token_hash)
     }
+    fn session_ident(&self, client_session_id: &str) -> ClientSessionIdent {
+        ClientSessionIdent::new(self.tenant.clone(), client_session_id)
+    }
 }
 
-impl TokenMgr {
+impl ClientSessionMgr {
     #[async_backtrace::framed]
     #[fastrace::trace]
     pub async fn upsert_token(
@@ -94,4 +99,39 @@ impl TokenMgr {
 
         Ok(())
     }
+
+    #[async_backtrace::framed]
+    #[fastrace::trace]
+    pub async fn upsert_client_session_id(
+        &self,
+        client_session_id: &str,
+        value: ClientSession,
+        ttl: Duration,
+    ) -> Result<bool> {
+        let ident = self.session_ident(client_session_id);
+        let seq = MatchSeq::GE(0);
+        let upsert = UpsertPB::update(ident, value).with(seq).with_ttl(ttl);
+
+        let res = self.kv_api.upsert_pb(&upsert).await?;
+
+        Ok(res.prev.is_none())
+    }
+
+    #[async_backtrace::framed]
+    #[fastrace::trace]
+    pub async fn drop_client_session_id(&self, client_session_id: &str) -> Result<()> {
+        let key = self.session_ident(client_session_id).to_string_key();
+
+        // simply ignore the result
+        self.kv_api
+            .upsert_kv(UpsertKVReq::new(
+                &key,
+                MatchSeq::GE(0),
+                Operation::Delete,
+                None,
+            ))
+            .await?;
+
+        Ok(())
+    }
 }
diff --git a/src/query/management/src/lib.rs b/src/query/management/src/lib.rs
@@ -27,9 +27,10 @@ mod stage;
 pub mod udf;
 mod user;
 
+mod client_session;
 pub mod errors;
-mod token;
 
+pub use client_session::ClientSessionMgr;
 pub use cluster::ClusterApi;
 pub use cluster::ClusterMgr;
 pub use connection::ConnectionMgr;
@@ -47,6 +48,5 @@ pub use setting::SettingApi;
 pub use setting::SettingMgr;
 pub use stage::StageApi;
 pub use stage::StageMgr;
-pub use token::TokenMgr;
 pub use user::UserApi;
 pub use user::UserMgr;