mirror of https://github.com/apache/superset.git
feat: Make async query JWT cookie domain configurable (#14007)
This commit is contained in:
parent
de49f0d2de
commit
1c6173c7ee
|
@ -1278,6 +1278,7 @@ The following configuration settings are available for async queries (see config
|
||||||
- `GLOBAL_ASYNC_QUERIES_REDIS_STREAM_LIMIT_FIREHOSE` - the maximum number of events for all users (FIFO eviction)
|
- `GLOBAL_ASYNC_QUERIES_REDIS_STREAM_LIMIT_FIREHOSE` - the maximum number of events for all users (FIFO eviction)
|
||||||
- `GLOBAL_ASYNC_QUERIES_JWT_COOKIE_NAME` - the async query feature uses a [JWT](https://tools.ietf.org/html/rfc7519) cookie for authentication, this setting is the cookie's name
|
- `GLOBAL_ASYNC_QUERIES_JWT_COOKIE_NAME` - the async query feature uses a [JWT](https://tools.ietf.org/html/rfc7519) cookie for authentication, this setting is the cookie's name
|
||||||
- `GLOBAL_ASYNC_QUERIES_JWT_COOKIE_SECURE` - JWT cookie secure option
|
- `GLOBAL_ASYNC_QUERIES_JWT_COOKIE_SECURE` - JWT cookie secure option
|
||||||
|
- `GLOBAL_ASYNC_QUERIES_JWT_COOKIE_DOMAIN` - JWT cookie domain option ([see docs for set_cookie](https://tedboy.github.io/flask/interface_api.response_object.html#flask.Response.set_cookie))
|
||||||
- `GLOBAL_ASYNC_QUERIES_JWT_SECRET` - JWT's use a secret key to sign and validate the contents. This value should be at least 32 bytes and have sufficient randomness for proper security
|
- `GLOBAL_ASYNC_QUERIES_JWT_SECRET` - JWT's use a secret key to sign and validate the contents. This value should be at least 32 bytes and have sufficient randomness for proper security
|
||||||
- `GLOBAL_ASYNC_QUERIES_TRANSPORT` - currently the only available option is (HTTP) `polling`, but support for a WebSocket will be added in future versions
|
- `GLOBAL_ASYNC_QUERIES_TRANSPORT` - currently the only available option is (HTTP) `polling`, but support for a WebSocket will be added in future versions
|
||||||
- `GLOBAL_ASYNC_QUERIES_POLLING_DELAY` - the time (in ms) between polling requests
|
- `GLOBAL_ASYNC_QUERIES_POLLING_DELAY` - the time (in ms) between polling requests
|
||||||
|
|
|
@ -1133,6 +1133,7 @@ The following configuration settings are available for async queries (see config
|
||||||
- ``GLOBAL_ASYNC_QUERIES_REDIS_STREAM_LIMIT_FIREHOSE`` - the maximum number of events for all users (FIFO eviction)
|
- ``GLOBAL_ASYNC_QUERIES_REDIS_STREAM_LIMIT_FIREHOSE`` - the maximum number of events for all users (FIFO eviction)
|
||||||
- ``GLOBAL_ASYNC_QUERIES_JWT_COOKIE_NAME`` - the async query feature uses a `JWT <https://tools.ietf.org/html/rfc7519>`_ cookie for authentication, this setting is the cookie's name
|
- ``GLOBAL_ASYNC_QUERIES_JWT_COOKIE_NAME`` - the async query feature uses a `JWT <https://tools.ietf.org/html/rfc7519>`_ cookie for authentication, this setting is the cookie's name
|
||||||
- ``GLOBAL_ASYNC_QUERIES_JWT_COOKIE_SECURE`` - JWT cookie secure option
|
- ``GLOBAL_ASYNC_QUERIES_JWT_COOKIE_SECURE`` - JWT cookie secure option
|
||||||
|
- ``GLOBAL_ASYNC_QUERIES_JWT_COOKIE_DOMAIN`` - JWT cookie domain option (`see docs for set_cookie <https://tedboy.github.io/flask/interface_api.response_object.html#flask.Response.set_cookie>`
|
||||||
- ``GLOBAL_ASYNC_QUERIES_JWT_SECRET`` - JWT's use a secret key to sign and validate the contents. This value should be at least 32 bytes and have sufficient randomness for proper security
|
- ``GLOBAL_ASYNC_QUERIES_JWT_SECRET`` - JWT's use a secret key to sign and validate the contents. This value should be at least 32 bytes and have sufficient randomness for proper security
|
||||||
- ``GLOBAL_ASYNC_QUERIES_TRANSPORT`` - currently the only available option is (HTTP) `polling`, but support for a WebSocket will be added in future versions
|
- ``GLOBAL_ASYNC_QUERIES_TRANSPORT`` - currently the only available option is (HTTP) `polling`, but support for a WebSocket will be added in future versions
|
||||||
- ``GLOBAL_ASYNC_QUERIES_POLLING_DELAY`` - the time (in ms) between polling requests
|
- ``GLOBAL_ASYNC_QUERIES_POLLING_DELAY`` - the time (in ms) between polling requests
|
||||||
|
|
|
@ -1144,6 +1144,7 @@ GLOBAL_ASYNC_QUERIES_REDIS_STREAM_LIMIT = 1000
|
||||||
GLOBAL_ASYNC_QUERIES_REDIS_STREAM_LIMIT_FIREHOSE = 1000000
|
GLOBAL_ASYNC_QUERIES_REDIS_STREAM_LIMIT_FIREHOSE = 1000000
|
||||||
GLOBAL_ASYNC_QUERIES_JWT_COOKIE_NAME = "async-token"
|
GLOBAL_ASYNC_QUERIES_JWT_COOKIE_NAME = "async-token"
|
||||||
GLOBAL_ASYNC_QUERIES_JWT_COOKIE_SECURE = False
|
GLOBAL_ASYNC_QUERIES_JWT_COOKIE_SECURE = False
|
||||||
|
GLOBAL_ASYNC_QUERIES_JWT_COOKIE_DOMAIN = None
|
||||||
GLOBAL_ASYNC_QUERIES_JWT_SECRET = "test-secret-change-me"
|
GLOBAL_ASYNC_QUERIES_JWT_SECRET = "test-secret-change-me"
|
||||||
GLOBAL_ASYNC_QUERIES_TRANSPORT = "polling"
|
GLOBAL_ASYNC_QUERIES_TRANSPORT = "polling"
|
||||||
GLOBAL_ASYNC_QUERIES_POLLING_DELAY = 500
|
GLOBAL_ASYNC_QUERIES_POLLING_DELAY = 500
|
||||||
|
|
|
@ -61,6 +61,8 @@ def increment_id(redis_id: str) -> str:
|
||||||
|
|
||||||
|
|
||||||
class AsyncQueryManager:
|
class AsyncQueryManager:
|
||||||
|
# pylint: disable=too-many-instance-attributes
|
||||||
|
|
||||||
MAX_EVENT_COUNT = 100
|
MAX_EVENT_COUNT = 100
|
||||||
STATUS_PENDING = "pending"
|
STATUS_PENDING = "pending"
|
||||||
STATUS_RUNNING = "running"
|
STATUS_RUNNING = "running"
|
||||||
|
@ -75,6 +77,7 @@ class AsyncQueryManager:
|
||||||
self._stream_limit_firehose: Optional[int]
|
self._stream_limit_firehose: Optional[int]
|
||||||
self._jwt_cookie_name: str
|
self._jwt_cookie_name: str
|
||||||
self._jwt_cookie_secure: bool = False
|
self._jwt_cookie_secure: bool = False
|
||||||
|
self._jwt_cookie_domain: Optional[str]
|
||||||
self._jwt_secret: str
|
self._jwt_secret: str
|
||||||
|
|
||||||
def init_app(self, app: Flask) -> None:
|
def init_app(self, app: Flask) -> None:
|
||||||
|
@ -105,6 +108,7 @@ class AsyncQueryManager:
|
||||||
]
|
]
|
||||||
self._jwt_cookie_name = config["GLOBAL_ASYNC_QUERIES_JWT_COOKIE_NAME"]
|
self._jwt_cookie_name = config["GLOBAL_ASYNC_QUERIES_JWT_COOKIE_NAME"]
|
||||||
self._jwt_cookie_secure = config["GLOBAL_ASYNC_QUERIES_JWT_COOKIE_SECURE"]
|
self._jwt_cookie_secure = config["GLOBAL_ASYNC_QUERIES_JWT_COOKIE_SECURE"]
|
||||||
|
self._jwt_cookie_domain = config["GLOBAL_ASYNC_QUERIES_JWT_COOKIE_DOMAIN"]
|
||||||
self._jwt_secret = config["GLOBAL_ASYNC_QUERIES_JWT_SECRET"]
|
self._jwt_secret = config["GLOBAL_ASYNC_QUERIES_JWT_SECRET"]
|
||||||
|
|
||||||
@app.after_request
|
@app.after_request
|
||||||
|
@ -133,6 +137,7 @@ class AsyncQueryManager:
|
||||||
value=token,
|
value=token,
|
||||||
httponly=True,
|
httponly=True,
|
||||||
secure=self._jwt_cookie_secure,
|
secure=self._jwt_cookie_secure,
|
||||||
|
domain=self._jwt_cookie_domain,
|
||||||
)
|
)
|
||||||
|
|
||||||
return response
|
return response
|
||||||
|
|
Loading…
Reference in New Issue