proxy: refactor how neon-options are handled (#6306)

## Problem HTTP connection pool was not respecting the PitR options. ## Summary of changes 1. refactor neon_options a bit to allow easier access to cache_key 2. make HTTP not go through `StartupMessageParams` 3. expose SNI processing to replace what was removed in step 2.
2026-05-26 09:30:37 +00:00 · 2024-01-11 14:58:31 +00:00
parent a84935d266
commit 551f0cc097
16 changed files with 315 additions and 316 deletions
--- a/proxy/src/serverless/sql_over_http.rs
+++ b/proxy/src/serverless/sql_over_http.rs
@@ -28,9 +28,13 @@ use url::Url;
 use utils::http::error::ApiError;
 use utils::http::json::json_response;

+use crate::auth::backend::ComputeUserInfo;
+use crate::auth::endpoint_sni;
 use crate::config::HttpConfig;
+use crate::config::TlsConfig;
 use crate::context::RequestMonitoring;
 use crate::metrics::NUM_CONNECTION_REQUESTS_GAUGE;
+use crate::proxy::NeonOptions;

 use super::conn_pool::ConnInfo;
 use super::conn_pool::GlobalConnPool;
@@ -125,6 +129,7 @@ fn get_conn_info(
    ctx: &mut RequestMonitoring,
    headers: &HeaderMap,
    sni_hostname: Option<String>,
+    tls: &TlsConfig,
 ) -> Result<ConnInfo, anyhow::Error> {
    let connection_string = headers
        .get("Neon-Connection-String")
@@ -179,8 +184,10 @@ fn get_conn_info(
        }
    }

-    let hostname: SmolStr = hostname.into();
-    ctx.set_endpoint_id(Some(hostname.clone()));
+    let endpoint = endpoint_sni(hostname, &tls.common_names)?;
+
+    let endpoint: SmolStr = endpoint.into();
+    ctx.set_endpoint_id(Some(endpoint.clone()));

    let pairs = connection_url.query_pairs();

@@ -188,22 +195,27 @@ fn get_conn_info(

    for (key, value) in pairs {
        if key == "options" {
-            options = Some(value.into());
+            options = Some(NeonOptions::parse_options_raw(&value));
            break;
        }
    }

+    let user_info = ComputeUserInfo {
+        endpoint,
+        user: username,
+        options: options.unwrap_or_default(),
+    };
+
    Ok(ConnInfo {
-        username,
+        user_info,
        dbname: dbname.into(),
-        hostname,
        password: password.into(),
-        options,
    })
 }

 // TODO: return different http error codes
 pub async fn handle(
+    tls: &'static TlsConfig,
    config: &'static HttpConfig,
    ctx: &mut RequestMonitoring,
    request: Request<Body>,
@@ -212,7 +224,7 @@ pub async fn handle(
 ) -> Result<Response<Body>, ApiError> {
    let result = tokio::time::timeout(
        config.request_timeout,
-        handle_inner(config, ctx, request, sni_hostname, conn_pool),
+        handle_inner(tls, config, ctx, request, sni_hostname, conn_pool),
    )
    .await;
    let mut response = match result {
@@ -294,6 +306,7 @@ pub async fn handle(

 #[instrument(name = "sql-over-http", fields(pid = tracing::field::Empty), skip_all)]
 async fn handle_inner(
+    tls: &'static TlsConfig,
    config: &'static HttpConfig,
    ctx: &mut RequestMonitoring,
    request: Request<Body>,
@@ -308,7 +321,7 @@ async fn handle_inner(
    // Determine the destination and connection params
    //
    let headers = request.headers();
-    let conn_info = get_conn_info(ctx, headers, sni_hostname)?;
+    let conn_info = get_conn_info(ctx, headers, sni_hostname, tls)?;

    // Determine the output options. Default behaviour is 'false'. Anything that is not
    // strictly 'true' assumed to be false.