datafusion-flight-sql-server 0.4.16

Datafusion flight sql server.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238

//! # DataFusion Flight SQL Server with Bearer Token Authentication Example
//!
//! This example demonstrates how to integrate Bearer Token authentication into a
//! DataFusion Flight SQL server.
//!
//! Key components:
//! - `bearer_auth_interceptor`: A tonic interceptor that validates "Authorization: Bearer <token>"
//!   headers. For simplicity, it uses a hardcoded list of valid tokens ("token1", "token2").
//! - `UserData`: A simple struct holding user information (e.g., user_id) extracted from
//!   a valid token and inserted into request extensions.
//! - `MySessionStateProvider`: A custom `SessionStateProvider` that retrieves `UserData`
//!   from request extensions. This allows tailoring the `SessionState` for the request,
//!   although in this example, it primarily clones a base context after successful authentication.
//!   It also registers a "test" CSV table for querying.
//!
//! ## Running the Example
//!
//! The server will start on `0.0.0.0:50051`. The `main` function includes client code
//! that attempts to connect and perform a `GetTables` Flight SQL action using:
//! 1. A valid token ("token1") - Expected to succeed.
//! 2. An invalid token ("invalidtoken") - Expected to fail authentication.
//! 3. No token - Expected to fail authentication.
//!
//! Observe the server console output for messages from the interceptor and session provider,
//! and the client output for the success/failure of each attempt.

use std::time::Duration;

use arrow_flight::flight_service_server::FlightServiceServer;
use arrow_flight::sql::client::FlightSqlServiceClient;
use arrow_flight::sql::CommandGetTables;
use async_trait::async_trait;
use datafusion::error::{DataFusionError, Result};
use datafusion::execution::context::SessionState; // SessionState is not in prelude
use datafusion::prelude::*; // Covers SessionContext, CsvReadOptions, etc.
use datafusion_flight_sql_server::service::FlightSqlService;
use datafusion_flight_sql_server::session::SessionStateProvider;
use tokio::time::sleep;
use tonic::transport::{Channel, Endpoint, Server};
use tonic::{Request, Status};

// UserData struct remains the same
#[derive(Clone, Debug)]
pub struct UserData {
    pub user_id: u32,
}

// bearer_auth_interceptor remains the same
async fn bearer_auth_interceptor(mut req: Request<()>) -> Result<Request<()>, Status> {
    let auth_header = req
        .metadata()
        .get("authorization")
        .ok_or_else(|| Status::unauthenticated("no authorization provided"))?;

    let auth_str = auth_header
        .to_str()
        .map_err(|_| Status::unauthenticated("invalid authorization header encoding"))?;

    if !auth_str.starts_with("Bearer ") {
        return Err(Status::unauthenticated(
            "invalid authorization header format",
        ));
    }

    let token = &auth_str["Bearer ".len()..];

    let user_data = match token {
        "token1" => UserData { user_id: 1 },
        "token2" => UserData { user_id: 2 },
        _ => return Err(Status::unauthenticated("invalid token")),
    };

    req.extensions_mut().insert(user_data);
    Ok(req)
}

// Updated MySessionStateProvider
// #[derive(Debug, Clone)] // Removed Default
pub struct MySessionStateProvider {
    base_context: SessionContext,
}

impl MySessionStateProvider {
    async fn try_new() -> Result<Self> {
        // datafusion::error::Result
        let ctx = SessionContext::new();
        // Construct path to test.csv relative to CARGO_MANIFEST_DIR of the datafusion-flight-sql-server crate
        let csv_path = concat!(env!("CARGO_MANIFEST_DIR"), "/examples/test.csv");
        ctx.register_csv("test", csv_path, CsvReadOptions::new())
            .await?;
        Ok(Self { base_context: ctx })
    }
}

#[async_trait]
impl SessionStateProvider for MySessionStateProvider {
    async fn new_context(&self, request: &Request<()>) -> Result<SessionState, Status> {
        // tonic::Result for Status
        if let Some(user_data) = request.extensions().get::<UserData>() {
            println!(
                "Session context for user_id: {}. Cloning base context.",
                user_data.user_id
            );
            let state = self.base_context.state().clone();
            // Optional: Customize state based on user_data
            // state.set_config_option("datafusion.user_id", &user_data.user_id.to_string()).map_err(|e| Status::internal(format!("Failed to set config: {}",e)))?;
            Ok(state)
        } else {
            Err(Status::unauthenticated(
                "User data not found in request extensions (MySessionStateProvider)",
            ))
        }
    }
}

// Updated new_client_with_auth function
async fn new_client_with_auth(
    dsn: String,
    token: Option<String>,
) -> Result<FlightSqlServiceClient<Channel>> {
    // datafusion::error::Result
    let endpoint = Endpoint::from_shared(dsn.clone())
        .map_err(|e| DataFusionError::External(format!("Invalid DSN {}: {}", dsn, e).into()))?
        .connect_timeout(std::time::Duration::from_secs(10));

    let channel = endpoint.connect().await.map_err(|e| {
        DataFusionError::External(format!("Failed to connect to {}: {}", dsn, e).into())
    })?;

    let mut service_client = FlightSqlServiceClient::new(channel);
    if let Some(token_str) = token.clone() {
        service_client.set_header("authorization", format!("Bearer {}", token_str));
    }
    Ok(service_client)
}

#[tokio::main]
async fn main() -> Result<()> {
    // datafusion::error::Result<()>
    // Server Setup
    let dsn: String = "0.0.0.0:50051".to_string();
    let state_provider = Box::new(MySessionStateProvider::try_new().await?);
    let base_service = FlightSqlService::new_with_provider(state_provider);
    let svc: FlightServiceServer<FlightSqlService> = FlightServiceServer::new(base_service);
    let addr: std::net::SocketAddr = dsn.parse().map_err(|e| {
        DataFusionError::External(format!("Invalid address format {}: {}", dsn, e).into())
    })?;

    tokio::spawn(async move {
        println!(
            "Bearer Authentication Flight SQL server listening on {}",
            addr
        );
        if let Err(e) = Server::builder()
            .layer(tonic_async_interceptor::async_interceptor(
                bearer_auth_interceptor,
            ))
            .add_service(svc)
            .serve(addr)
            .await
        {
            eprintln!("Server error: {}", e);
        }
    });

    // Wait for server to run
    sleep(Duration::from_secs(3)).await;

    // Client Setup and Testing
    let client_dsn = "http://localhost:50051".to_string();

    // Test Case 1: Valid Token
    println!("\nAttempting GetTables with valid token (token1)...");
    match new_client_with_auth(client_dsn.clone(), Some("token1".to_string())).await {
        Ok(mut client) => {
            let request = CommandGetTables {
                catalog: None,
                db_schema_filter_pattern: None,
                table_name_filter_pattern: None,
                table_types: vec![],
                include_schema: false,
            };
            match client.get_tables(request).await {
                Ok(response) => {
                    println!("GetTables with token1 SUCCEEDED. Response: {:?}", response)
                }
                Err(e) => eprintln!("GetTables with token1 FAILED: {}", e),
            }
        }
        Err(e) => eprintln!("Failed to create client with token1: {}", e),
    }

    // Test Case 2: Invalid Token
    println!("\nAttempting GetTables with invalid token (invalidtoken)...");
    match new_client_with_auth(client_dsn.clone(), Some("invalidtoken".to_string())).await {
        Ok(mut client) => {
            let request = CommandGetTables {
                catalog: None,
                db_schema_filter_pattern: None,
                table_name_filter_pattern: None,
                table_types: vec![],
                include_schema: false,
            };
            match client.get_tables(request).await {
                Ok(response) => println!(
                    "GetTables with invalidtoken SUCCEEDED (unexpected). Response: {:?}",
                    response
                ),
                Err(e) => eprintln!("GetTables with invalidtoken FAILED (as expected): {:?}", e),
            }
        }
        Err(e) => eprintln!("Failed to create client with invalidtoken: {}", e),
    }

    // Test Case 3: No Token
    println!("\nAttempting GetTables with no token...");
    match new_client_with_auth(client_dsn.clone(), None).await {
        Ok(mut client) => {
            let request = CommandGetTables {
                catalog: None,
                db_schema_filter_pattern: None,
                table_name_filter_pattern: None,
                table_types: vec![],
                include_schema: false,
            };
            match client.get_tables(request).await {
                Ok(response) => println!(
                    "GetTables with no token SUCCEEDED (unexpected). Response: {:?}",
                    response
                ),
                Err(e) => eprintln!("GetTables with no token FAILED (as expected): {:?}", e),
            }
        }
        Err(e) => eprintln!("Failed to create client with no token: {}", e),
    }

    Ok(())
}