split out auth info from conn info, return the jwt as the auth keys

2026-01-16 01:42:55 +00:00 · 2024-09-17 14:32:59 +01:00
parent 08c7f933a3
commit 76515cdae3
4 changed files with 11 additions and 7 deletions
--- a/proxy/src/serverless/backend.rs
+++ b/proxy/src/serverless/backend.rs
@@ -1,7 +1,7 @@
 use std::{sync::Arc, time::Duration};

 use async_trait::async_trait;
-use tracing::{field::display, info};
+use tracing::{debug, field::display, info};

 use crate::{
    auth::{
@@ -105,7 +105,7 @@ impl PoolingBackend {
        ctx: &RequestMonitoring,
        config: &AuthenticationConfig,
        user_info: &ComputeUserInfo,
-        jwt: &str,
+        jwt: String,
    ) -> Result<ComputeCredentials, AuthError> {
        match &self.config.auth_backend {
            crate::auth::Backend::Console(console, ()) => {
@@ -116,13 +116,13 @@ impl PoolingBackend {
                        user_info.endpoint.clone(),
                        &user_info.user,
                        &**console,
-                        jwt,
+                        &jwt,
                    )
                    .await
                    .map_err(|e| AuthError::auth_failed(e.to_string()))?;
                Ok(ComputeCredentials {
                    info: user_info.clone(),
-                    keys: crate::auth::backend::ComputeCredentialKeys::None,
+                    keys: crate::auth::backend::ComputeCredentialKeys::Jwt(jwt),
                })
            }
            crate::auth::Backend::Web(_, ()) => Err(AuthError::auth_failed(
@@ -136,12 +136,13 @@ impl PoolingBackend {
                        user_info.endpoint.clone(),
                        &user_info.user,
                        &StaticAuthRules,
-                        jwt,
+                        &jwt,
                    )
                    .await
                    .map_err(|e| AuthError::auth_failed(e.to_string()))?;
                Ok(ComputeCredentials {
                    info: user_info.clone(),
+                    // todo: rewrite JWT signature with key shared somehow between local proxy and postgres
                    keys: crate::auth::backend::ComputeCredentialKeys::None,
                })
            }
--- a/proxy/src/serverless/sql_over_http.rs
+++ b/proxy/src/serverless/sql_over_http.rs
@@ -563,14 +563,14 @@ async fn handle_inner(

    let authenticate_and_connect = Box::pin(
        async {
-            let keys = match &conn_info.auth {
+            let keys = match conn_info.auth {
                AuthData::Password(pw) => {
                    backend
                        .authenticate_with_password(
                            ctx,
                            &config.authentication_config,
                            &conn_info.conn_info.user_info,
-                            pw,
+                            &pw,
                        )
                        .await?
                }