[Performance]Add Token Management (#55)
* 0.5.1 Version * fix 0.5.1 schema async bug * fix security bug * fix security bug * Add complete Token, JWT, OAuth authentication system * Add complete Token, JWT, OAuth authentication system * Add complete Token, JWT, OAuth authentication system * Add complete Token, JWT, OAuth authentication system * Add a controllable MCP Server DB Pool permission authentication system, connect it with the Doris permission system, and provide it to enterprise-level applications concurrently with the multi-Worker mode. * Add Tokens Management
This commit is contained in:
Yijia Su
149
.env.example
149
.env.example
@@ -1,3 +1,19 @@
|
||||
# Licensed to the Apache Software Foundation (ASF) under one
|
||||
# or more contributor license agreements. See the NOTICE file
|
||||
# distributed with this work for additional information
|
||||
# regarding copyright ownership. The ASF licenses this file
|
||||
# to you under the Apache License, Version 2.0 (the
|
||||
# "License"); you may not use this file except in compliance
|
||||
# with the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing,
|
||||
# software distributed under the License is distributed on an
|
||||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
# KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
# ===================================================================
|
||||
# Doris MCP Server Environment Configuration Example
|
||||
# ===================================================================
|
||||
@@ -64,6 +80,35 @@ ENABLE_TOKEN_EXPIRY=true
|
||||
DEFAULT_TOKEN_EXPIRY_HOURS=720
|
||||
TOKEN_HASH_ALGORITHM=sha256
|
||||
|
||||
# ===================================================================
|
||||
# Token Management Security Configuration (NEW in v0.6.0) - CRITICAL SECURITY SETTINGS
|
||||
# ===================================================================
|
||||
|
||||
# HTTP Token Management Endpoints (DISABLED BY DEFAULT FOR SECURITY)
|
||||
# WARNING: These endpoints allow creation, deletion, and management of authentication tokens
|
||||
# Only enable if you need HTTP-based token management and understand the security implications
|
||||
ENABLE_HTTP_TOKEN_MANAGEMENT=true
|
||||
|
||||
# Admin Authentication Token (REQUIRED if HTTP token management is enabled)
|
||||
# This token is required to access HTTP token management endpoints
|
||||
# SECURITY: Generate a secure random token in production - NEVER use default values
|
||||
TOKEN_MANAGEMENT_ADMIN_TOKEN=
|
||||
|
||||
# IP Address Restrictions for Token Management (CRITICAL SECURITY CONTROL)
|
||||
# Only these IP addresses/networks can access token management endpoints
|
||||
# DEFAULT: localhost only (most secure) - add other IPs/networks only if necessary
|
||||
# Format: comma-separated list of IPs and CIDR networks
|
||||
# Examples:
|
||||
# - Localhost only: 127.0.0.1,::1
|
||||
# - Private network: 127.0.0.1,192.168.1.0/24,10.0.0.0/8
|
||||
# - Specific IPs: 127.0.0.1,192.168.1.10,192.168.1.11
|
||||
TOKEN_MANAGEMENT_ALLOWED_IPS=127.0.0.1,::1
|
||||
|
||||
# Require Admin Authentication (ENABLED BY DEFAULT FOR SECURITY)
|
||||
# When true, all token management operations require valid admin token
|
||||
# When false, only IP restrictions apply (NOT RECOMMENDED for production)
|
||||
REQUIRE_ADMIN_AUTH=true
|
||||
|
||||
# ===================================================================
|
||||
# JWT Authentication Configuration (Enable with ENABLE_JWT_AUTH=true)
|
||||
# ===================================================================
|
||||
@@ -318,6 +363,13 @@ TEMP_FILES_DIR=tmp
|
||||
# - Must change TOKEN_SECRET in production environment (legacy compatibility)
|
||||
# - Adjust BLOCKED_KEYWORDS according to business needs
|
||||
# - Enable ENABLE_SECURITY_CHECK and ENABLE_MASKING
|
||||
# - NEW v0.6.0: Token Management Security (CRITICAL):
|
||||
# * ENABLE_HTTP_TOKEN_MANAGEMENT=false by default (SECURE BY DEFAULT)
|
||||
# * Only enable if you need HTTP token management endpoints
|
||||
# * TOKEN_MANAGEMENT_ADMIN_TOKEN: Use secure random token in production
|
||||
# * TOKEN_MANAGEMENT_ALLOWED_IPS: Restrict to localhost (127.0.0.1,::1) only
|
||||
# * REQUIRE_ADMIN_AUTH=true: Always require admin authentication
|
||||
# * Never expose token management endpoints to external networks
|
||||
|
||||
# 3. Performance Tuning:
|
||||
# - Adjust MAX_CONCURRENT_QUERIES based on hardware resources
|
||||
@@ -375,4 +427,99 @@ TEMP_FILES_DIR=tmp
|
||||
# - Token Auth only: Small teams, simple deployment, direct API access
|
||||
# - JWT Auth only: Stateless apps, microservices, mobile clients
|
||||
# - OAuth Auth only: Enterprise SSO, large teams, external identity providers
|
||||
# - Multiple methods: Flexible access, different client types, migration scenarios
|
||||
# - Multiple methods: Flexible access, different client types, migration scenarios
|
||||
|
||||
# 7. Token Management Security Configuration Guide (NEW in v0.6.0) - CRITICAL!
|
||||
#
|
||||
# ⚠️ SECURITY WARNING: Token management endpoints are POWERFUL and DANGEROUS
|
||||
# They allow creation, revocation, and management of authentication tokens.
|
||||
# Improper configuration can lead to complete system compromise.
|
||||
#
|
||||
# 🔒 SECURE BY DEFAULT:
|
||||
# - ENABLE_HTTP_TOKEN_MANAGEMENT=false (disabled by default)
|
||||
# - REQUIRE_ADMIN_AUTH=true (admin auth required by default)
|
||||
# - TOKEN_MANAGEMENT_ALLOWED_IPS=127.0.0.1,::1 (localhost only by default)
|
||||
#
|
||||
# 🛡️ SECURITY LAYERS (Applied in order):
|
||||
# 1. Configuration Check: HTTP token management must be explicitly enabled
|
||||
# 2. IP Restrictions: Only allowed IP addresses/networks can access endpoints
|
||||
# 3. Admin Authentication: Valid admin token required for all operations
|
||||
#
|
||||
# 📋 CONFIGURATION OPTIONS:
|
||||
#
|
||||
# Disable Token Management (RECOMMENDED for most deployments):
|
||||
# ENABLE_HTTP_TOKEN_MANAGEMENT=false
|
||||
# # All token management endpoints will return 403 Forbidden
|
||||
#
|
||||
# Enable with Maximum Security (Production):
|
||||
# ENABLE_HTTP_TOKEN_MANAGEMENT=true
|
||||
# TOKEN_MANAGEMENT_ADMIN_TOKEN=<secure-random-token-256-bit>
|
||||
# TOKEN_MANAGEMENT_ALLOWED_IPS=127.0.0.1,::1
|
||||
# REQUIRE_ADMIN_AUTH=true
|
||||
#
|
||||
# Enable for Private Network (Advanced):
|
||||
# ENABLE_HTTP_TOKEN_MANAGEMENT=true
|
||||
# TOKEN_MANAGEMENT_ADMIN_TOKEN=<secure-random-token-256-bit>
|
||||
# TOKEN_MANAGEMENT_ALLOWED_IPS=127.0.0.1,192.168.1.0/24,10.0.0.0/8
|
||||
# REQUIRE_ADMIN_AUTH=true
|
||||
#
|
||||
# 🔑 ADMIN TOKEN GENERATION:
|
||||
# # Generate secure admin token (Linux/macOS):
|
||||
# openssl rand -hex 32
|
||||
#
|
||||
# # Generate secure admin token (Python):
|
||||
# python -c "import secrets; print(secrets.token_urlsafe(32))"
|
||||
#
|
||||
# 🌐 IP CONFIGURATION EXAMPLES:
|
||||
# # Localhost only (most secure):
|
||||
# TOKEN_MANAGEMENT_ALLOWED_IPS=127.0.0.1,::1
|
||||
#
|
||||
# # Private network + localhost:
|
||||
# TOKEN_MANAGEMENT_ALLOWED_IPS=127.0.0.1,::1,192.168.1.0/24,10.0.0.0/8
|
||||
#
|
||||
# # Specific servers only:
|
||||
# TOKEN_MANAGEMENT_ALLOWED_IPS=127.0.0.1,192.168.1.10,192.168.1.11
|
||||
#
|
||||
# # Corporate network (be careful):
|
||||
# TOKEN_MANAGEMENT_ALLOWED_IPS=127.0.0.1,172.16.0.0/12,192.168.0.0/16
|
||||
#
|
||||
# 🚫 NEVER DO THIS (Security Anti-Patterns):
|
||||
# # NEVER allow all IPs:
|
||||
# # TOKEN_MANAGEMENT_ALLOWED_IPS=0.0.0.0/0 # DANGEROUS!
|
||||
#
|
||||
# # NEVER disable admin auth in production:
|
||||
# # REQUIRE_ADMIN_AUTH=false # DANGEROUS!
|
||||
#
|
||||
# # NEVER use weak admin tokens:
|
||||
# # TOKEN_MANAGEMENT_ADMIN_TOKEN=admin # DANGEROUS!
|
||||
# # TOKEN_MANAGEMENT_ADMIN_TOKEN=123456 # DANGEROUS!
|
||||
#
|
||||
# 📊 ENDPOINT SECURITY TESTING:
|
||||
# # Test security (should fail):
|
||||
# curl -X POST http://external-ip:3000/token/create
|
||||
# # Expected: 403 Forbidden (IP not allowed)
|
||||
#
|
||||
# # Test without auth (should fail):
|
||||
# curl -X POST http://127.0.0.1:3000/token/create
|
||||
# # Expected: 401 Unauthorized (missing admin token)
|
||||
#
|
||||
# # Test with valid auth (should succeed if enabled):
|
||||
# curl -H "Authorization: Bearer your-admin-token" http://127.0.0.1:3000/token/stats
|
||||
# # Expected: 200 OK with token statistics
|
||||
#
|
||||
# 🔍 MONITORING & AUDITING:
|
||||
# # All token management access attempts are logged:
|
||||
# tail -f logs/doris_mcp_server_audit.log | grep "token management"
|
||||
#
|
||||
# # Monitor security events:
|
||||
# tail -f logs/doris_mcp_server_info.log | grep -E "(access denied|token management)"
|
||||
#
|
||||
# ✅ SECURITY BEST PRACTICES:
|
||||
# - Keep ENABLE_HTTP_TOKEN_MANAGEMENT=false unless absolutely necessary
|
||||
# - Use file-based token management (tokens.json) instead of HTTP endpoints
|
||||
# - Generate strong admin tokens using cryptographically secure methods
|
||||
# - Restrict access to localhost (127.0.0.1,::1) whenever possible
|
||||
# - Never expose token management endpoints to public internet
|
||||
# - Regularly audit token management access logs
|
||||
# - Use firewall rules as additional protection layer
|
||||
# - Consider VPN access for remote token management needs
|
||||
Reference in New Issue
Block a user