[Performance]Add Token Management (#55)
* 0.5.1 Version * fix 0.5.1 schema async bug * fix security bug * fix security bug * Add complete Token, JWT, OAuth authentication system * Add complete Token, JWT, OAuth authentication system * Add complete Token, JWT, OAuth authentication system * Add complete Token, JWT, OAuth authentication system * Add a controllable MCP Server DB Pool permission authentication system, connect it with the Doris permission system, and provide it to enterprise-level applications concurrently with the multi-Worker mode. * Add Tokens Management
This commit is contained in:
Yijia Su
@@ -93,6 +93,12 @@ class SecurityConfig:
|
||||
default_token_expiry_hours: int = 24 * 30 # Default expiry: 30 days
|
||||
token_hash_algorithm: str = "sha256" # Token hashing algorithm: sha256, sha512
|
||||
|
||||
# Token Management Security (New in v0.6.0)
|
||||
enable_http_token_management: bool = False # Enable HTTP token management endpoints (default: disabled for security)
|
||||
token_management_admin_token: str = "" # Admin token for token management endpoints (required if HTTP management enabled)
|
||||
token_management_allowed_ips: list[str] = field(default_factory=lambda: ["127.0.0.1", "::1", "localhost"]) # Allowed IPs for token management
|
||||
require_admin_auth: bool = True # Require admin authentication for token management (default: true)
|
||||
|
||||
# JWT Configuration
|
||||
jwt_algorithm: str = "RS256" # RS256, ES256, HS256
|
||||
jwt_issuer: str = "doris-mcp-server"
|
||||
@@ -469,6 +475,21 @@ class DorisConfig:
|
||||
os.getenv("DEFAULT_TOKEN_EXPIRY_HOURS", str(config.security.default_token_expiry_hours))
|
||||
)
|
||||
config.security.token_hash_algorithm = os.getenv("TOKEN_HASH_ALGORITHM", config.security.token_hash_algorithm)
|
||||
|
||||
# Token Management Security Configuration (New in v0.6.0)
|
||||
config.security.enable_http_token_management = (
|
||||
os.getenv("ENABLE_HTTP_TOKEN_MANAGEMENT", str(config.security.enable_http_token_management).lower()).lower() == "true"
|
||||
)
|
||||
config.security.token_management_admin_token = os.getenv("TOKEN_MANAGEMENT_ADMIN_TOKEN", config.security.token_management_admin_token)
|
||||
|
||||
# Parse allowed IPs from comma-separated string
|
||||
allowed_ips_str = os.getenv("TOKEN_MANAGEMENT_ALLOWED_IPS", "")
|
||||
if allowed_ips_str:
|
||||
config.security.token_management_allowed_ips = [ip.strip() for ip in allowed_ips_str.split(",") if ip.strip()]
|
||||
|
||||
config.security.require_admin_auth = (
|
||||
os.getenv("REQUIRE_ADMIN_AUTH", str(config.security.require_admin_auth).lower()).lower() == "true"
|
||||
)
|
||||
|
||||
# Performance configuration
|
||||
config.performance.enable_query_cache = (
|
||||
|
||||
@@ -32,6 +32,7 @@ from sqlparse.sql import Statement
|
||||
from sqlparse.tokens import Keyword, Name
|
||||
|
||||
from .logger import get_logger
|
||||
from .config import DatabaseConfig
|
||||
|
||||
|
||||
class SecurityLevel(Enum):
|
||||
@@ -333,7 +334,8 @@ class DorisSecurityManager:
|
||||
token_id: str,
|
||||
expires_hours: Optional[int] = None,
|
||||
description: str = "",
|
||||
custom_token: Optional[str] = None
|
||||
custom_token: Optional[str] = None,
|
||||
database_config: Optional[DatabaseConfig] = None
|
||||
) -> str:
|
||||
"""Create a new API access token
|
||||
|
||||
@@ -342,6 +344,7 @@ class DorisSecurityManager:
|
||||
expires_hours: Token expiration in hours (None for no expiration)
|
||||
description: Token description for management purposes
|
||||
custom_token: Custom token string (if None, generates random token)
|
||||
database_config: Optional database configuration for this token
|
||||
|
||||
Returns:
|
||||
Generated token string
|
||||
@@ -353,7 +356,8 @@ class DorisSecurityManager:
|
||||
token_id=token_id,
|
||||
expires_hours=expires_hours,
|
||||
description=description,
|
||||
custom_token=custom_token
|
||||
custom_token=custom_token,
|
||||
database_config=database_config
|
||||
)
|
||||
|
||||
async def revoke_token(self, token_id: str) -> bool:
|
||||
|
||||
Reference in New Issue
Block a user