add fearture:multi-user; only "root" user can run "admin" command

flike · Apr 28, 2018 · 55cd278 · 55cd278
1 parent 3a842d6
commit 55cd278
Show file tree

Hide file tree

Showing 10 changed files with 179 additions and 97 deletions.
diff --git a/config/config.go b/config/config.go
@@ -26,8 +26,8 @@ var configFileName string
 //整个config文件对应的结构
 type Config struct {
 	Addr     string `yaml:"addr"`
-	User     string `yaml:"user"`
-	Password string `yaml:"password"`
+
+	UserList	[]UserConfig `yaml:"user_list"`
 
 	WebAddr     string `yaml:"web_addr"`
 	WebUser     string `yaml:"web_user"`
@@ -42,7 +42,13 @@ type Config struct {
 	Charset     string       `yaml:"proxy_charset"`
 	Nodes       []NodeConfig `yaml:"nodes"`
 
-	Schema SchemaConfig `yaml:"schema"`
+	SchemaList	[]SchemaConfig	`yaml:"schema_list"`
+}
+
+//user_list对应的配置
+type UserConfig struct {
+	User		string `yaml:"user"`
+	Password	string `yaml:"password"`
 }
 
 //node节点对应的配置
@@ -60,6 +66,7 @@ type NodeConfig struct {
 
 //schema对应的结构体
 type SchemaConfig struct {
+	User	  string		`yaml:"user"`
 	Nodes     []string      `yaml:"nodes"`
 	Default   string        `yaml:"default"` //default node
 	ShardRule []ShardConfig `yaml:"shard"`   //route rule

diff --git a/core/errors/errors.go b/core/errors/errors.go
@@ -71,4 +71,6 @@ var (
 	ErrBlackSqlNotExist = errors.New("black sql has not exist")
 	ErrInsertTooComplex = errors.New("insert is too complex")
 	ErrSQLNULL          = errors.New("sql is null")
+
+	ErrInternalServer   = errors.New("internal server error")
 )
diff --git a/etc/ks.yaml b/etc/ks.yaml
@@ -2,8 +2,13 @@
 addr : 0.0.0.0:9696
 
 # server user and password
-user :  kingshard
-password : kingshard
+user_list:
+-
+    user :  root
+    password : root
+-
+    user :  kingshard
+    password : kingshard
 
 # the web api server
 web_addr : 0.0.0.0:9797
@@ -75,7 +80,16 @@ nodes :
     down_after_noalive: 32
 
 # schema defines sharding rules, the db is the sharding table database.
-schema :
+schema_list :
+-
+    user: root
+    nodes: [node1,node2]
+    default: node1
+    shard:
+    -
+
+-
+    user: kingshard
     nodes: [node1,node2]
     default: node1      
     shard:
@@ -122,4 +136,4 @@ schema :
         key: mtime
         type: date_day
         nodes: [node1,node2]
-        date_range: [20160306-20160307,20160308-20160309]
+        date_range: [20160306-20160307,20160308-20160309]
diff --git a/etc/unshard.yaml b/etc/unshard.yaml
@@ -2,8 +2,13 @@
 addr : 0.0.0.0:9696
 
 # server user and password
-user :  kingshard
-password : kingshard
+user_list:
+-
+    user :  root
+    password : root
+-
+    user :  kingshard
+    password : kingshard
 
 # the web api server
 web_addr : 0.0.0.0:9797
@@ -57,7 +62,16 @@ nodes :
 
 # schema defines which db can be used by client and this db's sql will be executed in which nodes, 
 # the db is also the default database
-schema :
+schema_list :
+-
+    user: root
+    nodes: [node1]
+    default: node1
+    shard:
+    -
+
+-
+    user: kingshard
     nodes: [node1]
     default: node1
     shard:

diff --git a/proxy/server/conn.go b/proxy/server/conn.go
@@ -51,6 +51,7 @@ type ClientConn struct {
 
 	salt []byte
 
+	nodes	map[string]*backend.Node
 	schema *Schema
 
 	txConns map[*backend.Node]*backend.BackendConn
@@ -222,14 +223,25 @@ func (c *ClientConn) readHandshakeResponse() error {
 	pos++
 	auth := data[pos : pos+authLen]
 
-	checkAuth := mysql.CalcPassword(c.salt, []byte(c.proxy.cfg.Password))
-	if c.user != c.proxy.cfg.User || !bytes.Equal(auth, checkAuth) {
+	//check user
+	if _, ok := c.proxy.users[c.user]; !ok {
+		golog.Error("ClientConn", "readHandshakeResponse", "error", 0,
+			"auth", auth,
+			"client_user", c.user,
+			"config_set_user", c.user,
+			"passworld", c.proxy.users[c.user])
+		return mysql.NewDefaultError(mysql.ER_ACCESS_DENIED_ERROR, c.user, c.c.RemoteAddr().String(), "Yes")
+	}
+
+	//check password
+	checkAuth := mysql.CalcPassword(c.salt, []byte(c.proxy.users[c.user]))
+	if !bytes.Equal(auth, checkAuth) {
 		golog.Error("ClientConn", "readHandshakeResponse", "error", 0,
 			"auth", auth,
 			"checkAuth", checkAuth,
 			"client_user", c.user,
-			"config_set_user", c.proxy.cfg.User,
-			"passworld", c.proxy.cfg.Password)
+			"config_set_user", c.user,
+			"passworld", c.proxy.users[c.user])
 		return mysql.NewDefaultError(mysql.ER_ACCESS_DENIED_ERROR, c.user, c.c.RemoteAddr().String(), "Yes")
 	}
 

diff --git a/proxy/server/conn_admin.go b/proxy/server/conn_admin.go
@@ -406,16 +406,20 @@ func (c *ClientConn) handleShowProxyConfig() (*mysql.Resultset, error) {
 	var names []string = []string{"Key", "Value"}
 	var rows [][]string
 	var nodeNames []string
+	var users []string
 
 	const (
 		Column = 2
 	)
 	for name := range c.schema.nodes {
 		nodeNames = append(nodeNames, name)
 	}
+	for user,_ := range c.proxy.users {
+		users = append(users, user)
+	}
 
 	rows = append(rows, []string{"Addr", c.proxy.cfg.Addr})
-	rows = append(rows, []string{"User", c.proxy.cfg.User})
+	rows = append(rows, []string{"User_List", strings.Join(users, ",")})
 	rows = append(rows, []string{"LogPath", c.proxy.cfg.LogPath})
 	rows = append(rows, []string{"LogLevel", c.proxy.cfg.LogLevel})
 	rows = append(rows, []string{"LogSql", c.proxy.logSql[c.proxy.logSqlIndex]})
@@ -500,6 +504,7 @@ func (c *ClientConn) handleShowSchemaConfig() (*mysql.Resultset, error) {
 	var Column = 7
 	var rows [][]string
 	var names []string = []string{
+		"User",
 		"DB",
 		"Table",
 		"Type",
@@ -509,37 +514,41 @@ func (c *ClientConn) handleShowSchemaConfig() (*mysql.Resultset, error) {
 		"TableRowLimit",
 	}
 
-	//default Rule
-	var defaultRule = c.schema.rule.DefaultRule
-	rows = append(
-		rows,
-		[]string{
-			defaultRule.DB,
-			defaultRule.Table,
-			defaultRule.Type,
-			defaultRule.Key,
-			strings.Join(defaultRule.Nodes, ", "),
-			"",
-			"0",
-		},
-	)
-
-	schemaConfig := c.proxy.cfg.Schema
-	shardRule := schemaConfig.ShardRule
+	for _, schemaConfig := range c.proxy.cfg.SchemaList {
+		//default Rule
+		var defaultRule = c.schema.rule.DefaultRule
+		if defaultRule != nil {
+			rows = append(
+				rows,
+				[]string{
+					schemaConfig.User,
+					defaultRule.DB,
+					defaultRule.Table,
+					defaultRule.Type,
+					defaultRule.Key,
+					strings.Join(defaultRule.Nodes, ", "),
+					"",
+					"0",
+				},
+			)
+		}
 
-	for _, r := range shardRule {
-		rows = append(
-			rows,
-			[]string{
-				r.DB,
-				r.Table,
-				r.Type,
-				r.Key,
-				strings.Join(r.Nodes, ", "),
-				hack.ArrayToString(r.Locations),
-				strconv.Itoa(r.TableRowLimit),
-			},
-		)
+		shardRule := schemaConfig.ShardRule
+		for _, r := range shardRule {
+			rows = append(
+				rows,
+				[]string{
+					schemaConfig.User,
+					r.DB,
+					r.Table,
+					r.Type,
+					r.Key,
+					strings.Join(r.Nodes, ", "),
+					hack.ArrayToString(r.Locations),
+					strconv.Itoa(r.TableRowLimit),
+				},
+			)
+		}
 	}
 
 	var values [][]interface{} = make([][]interface{}, len(rows))

diff --git a/proxy/server/conn_preshard.go b/proxy/server/conn_preshard.go
@@ -227,7 +227,7 @@ func (c *ClientConn) getSelectExecDB(sql string, tokens []string, tokensLen int)
 	executeDB.sql = sql
 	executeDB.IsSlave = true
 
-	schema := c.proxy.schema
+	schema := c.schema
 	router := schema.rule
 	rules := router.Rules
 
@@ -276,7 +276,7 @@ func (c *ClientConn) getDeleteExecDB(sql string, tokens []string, tokensLen int)
 	var ruleDB string
 	executeDB := new(ExecuteDB)
 	executeDB.sql = sql
-	schema := c.proxy.schema
+	schema := c.schema
 	router := schema.rule
 	rules := router.Rules
 
@@ -314,7 +314,7 @@ func (c *ClientConn) getInsertOrReplaceExecDB(sql string, tokens []string, token
 	var ruleDB string
 	executeDB := new(ExecuteDB)
 	executeDB.sql = sql
-	schema := c.proxy.schema
+	schema := c.schema
 	router := schema.rule
 	rules := router.Rules
 
@@ -352,7 +352,7 @@ func (c *ClientConn) getUpdateExecDB(sql string, tokens []string, tokensLen int)
 	var ruleDB string
 	executeDB := new(ExecuteDB)
 	executeDB.sql = sql
-	schema := c.proxy.schema
+	schema := c.schema
 	router := schema.rule
 	rules := router.Rules
 
@@ -486,7 +486,7 @@ func (c *ClientConn) getTruncateExecDB(sql string, tokens []string, tokensLen in
 	var ruleDB string
 	executeDB := new(ExecuteDB)
 	executeDB.sql = sql
-	schema := c.proxy.schema
+	schema := c.schema
 	router := schema.rule
 	rules := router.Rules
 	if len(rules) != 0 && tokensLen >= 2 {

diff --git a/proxy/server/conn_query.go b/proxy/server/conn_query.go
@@ -45,6 +45,8 @@ func (c *ClientConn) handleQuery(sql string) (err error) {
 					err.Error(), 0,
 					"stack", string(buf), "sql", sql)
 			}
+
+			err = errors.ErrInternalServer
 			return
 		}
 	}()
@@ -89,9 +91,15 @@ func (c *ClientConn) handleQuery(sql string) (err error) {
 	case *sqlparser.Rollback:
 		return c.handleRollback()
 	case *sqlparser.Admin:
-		return c.handleAdmin(v)
+		if c.user == "root" {
+			return c.handleAdmin(v)
+		}
+		return fmt.Errorf("statement %T not support now", stmt)
 	case *sqlparser.AdminHelp:
-		return c.handleAdminHelp(v)
+		if c.user == "root" {
+			return c.handleAdminHelp(v)
+		}
+		return fmt.Errorf("statement %T not support now", stmt)
 	case *sqlparser.UseDB:
 		return c.handleUseDB(v.DB)
 	case *sqlparser.SimpleSelect: