From f7a7e8e858b4c94ea9f7bfc1dc702a609287c493 Mon Sep 17 00:00:00 2001 From: Marek Vavrusa Date: Thu, 8 Dec 2016 20:20:29 -0800 Subject: [PATCH] HTTPHandler: added support for X-ClickHouse-* Support X-ClickHouse-* to allow running behind authenticating LBs, that pass through user information or enforce fixed user. The format of the new options follows X-Auth-* Supported headers are: * X-ClickHouse-User (identical to "user" URL parameter) * X-ClickHouse-Key (identical to "password" URL parameter) * X-ClickHouse-Quota (identical to "quota_key" URL parameter) --- dbms/src/Server/HTTPHandler.cpp | 7 ++++--- doc/reference_en.html | 6 +++++- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/dbms/src/Server/HTTPHandler.cpp b/dbms/src/Server/HTTPHandler.cpp index ca965f64e2e..3461b809f42 100644 --- a/dbms/src/Server/HTTPHandler.cpp +++ b/dbms/src/Server/HTTPHandler.cpp @@ -91,8 +91,9 @@ void HTTPHandler::processQuery( used_output.out_maybe_compressed = used_output.out; /// Имя пользователя и пароль могут быть заданы как в параметрах URL, так и с помощью HTTP Basic authentification (и то, и другое не секъюрно). - std::string user = params.get("user", "default"); - std::string password = params.get("password", ""); + /// The user and password can be passed by headers (similar to X-Auth-*), which is used by load balancers to pass authentication information + std::string user = request.get("X-ClickHouse-User", params.get("user", "default")); + std::string password = request.get("X-ClickHouse-Key", params.get("password", "")); if (request.hasCredentials()) { @@ -102,7 +103,7 @@ void HTTPHandler::processQuery( password = credentials.getPassword(); } - std::string quota_key = params.get("quota_key", ""); + std::string quota_key = request.get("X-ClickHouse-Quota", params.get("quota_key", "")); std::string query_id = params.get("query_id", ""); Context context = *server.global_context; diff --git a/doc/reference_en.html b/doc/reference_en.html index c4cc59afd3c..c906551bc4a 100644 --- a/doc/reference_en.html +++ b/doc/reference_en.html @@ -728,6 +728,10 @@ echo 'SELECT 1' | curl 'http://user:password@localhost:8123/' -d 
 echo 'SELECT 1' | curl 'http://localhost:8123/?user=user&password=password' -d @-
+3. Using 'X-ClickHouse-User' and 'X-ClickHouse-Key' headers. Example: +
+echo 'SELECT 1' | curl -H "X-ClickHouse-User: user" -H "X-ClickHouse-Key: password"  'http://localhost:8123/' -d @-
+
If the user name is not indicated, the username 'default' is used. If the password is not indicated, an empty password is used. @@ -757,7 +761,7 @@ In contrast to the native interface, the HTTP interface does not support the con The optional 'query_id' parameter can be passed as the query ID (any string). For more information, see the section "Settings, replace_running_query". -The optional 'quota_key' parameter can be passed as the quota key (any string). For more information, see the section "Quotas". +The optional 'quota_key' parameter can be passed as the quota key (any string). It can also be passed as 'X-ClickHouse-Quota' header. For more information, see the section "Quotas". The HTTP interface allows passing external data (external temporary tables) for querying. For more information, see the section "External data for query processing".