feat: auth_query support (#132)

supabase · Jul 19, 2023 · 360b5f5 · 360b5f5
1 parent 91490e5
commit 360b5f5
Show file tree

Hide file tree

Showing 29 changed files with 572 additions and 159 deletions.
diff --git a/Makefile b/Makefile
@@ -15,7 +15,7 @@ dev:
  iex --name [email protected] --cookie cookie -S mix run --no-halt
 
 dev.node2:
- PROXY_PORT=7655 \
+ PROXY_PORT_TRANSACTION=7655 \
  PORT=4001 \
  MIX_ENV=dev \
  VAULT_ENC_KEY="aHD8DZRdk2emnkdktFZRh3E9RNg4aOY7" \

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.2.13
+0.2.14
diff --git a/config/runtime.exs b/config/runtime.exs
@@ -148,7 +148,9 @@ if config_env() != :test do
  jwt_claim_validators: System.get_env("JWT_CLAIM_VALIDATORS", "{}") |> Jason.decode!(),
  api_jwt_secret: System.get_env("API_JWT_SECRET"),
  metrics_jwt_secret: System.get_env("METRICS_JWT_SECRET"),
- proxy_port: System.get_env("PROXY_PORT", "7654") |> String.to_integer(),
+ proxy_port_transaction:
+ System.get_env("PROXY_PORT_TRANSACTION", "6543") |> String.to_integer(),
+ proxy_port_session: System.get_env("PROXY_PORT_SESSION", "5432") |> String.to_integer(),
  prom_poll_rate: System.get_env("PROM_POLL_RATE", "15000") |> String.to_integer(),
  global_upstream_ca: upstream_ca,
  global_downstream_cert: downstream_cert,

diff --git a/config/test.exs b/config/test.exs
@@ -6,7 +6,7 @@ config :supavisor,
  api_jwt_secret: "dev",
  metrics_jwt_secret: "dev",
  jwt_claim_validators: %{},
- proxy_port: System.get_env("PROXY_PORT", "7654") |> String.to_integer(),
+ proxy_port_transaction: System.get_env("PROXY_PORT_TRANSACTION", "7654") |> String.to_integer(),
  secondary_proxy_port: 7655,
  secondary_http: 4003,
  prom_poll_rate: 500

diff --git a/deploy/service/service_vars.ini b/deploy/service/service_vars.ini
@@ -6,7 +6,8 @@ API_JWT_SECRET=""
 METRICS_JWT_SECRET=""
 ADDR_TYPE="" # inet/inet6
 PORT=""
-PROXY_PORT=""
+PROXY_PORT_TRANSACTION=""
+PROXY_PORT_SESSION=""
 LOGS_ENGINE=""
 LOGFLARE_API_KEY=""
 LOGFLARE_SOURCE_ID=""

diff --git a/lib/supavisor.ex b/lib/supavisor.ex
@@ -7,11 +7,11 @@ defmodule Supavisor do
  @registry Supavisor.Registry.Tenants
  @type workers :: %{manager: pid, pool: pid}
 
- @spec start(String.t(), String.t()) :: {:ok, pid} | {:error, any()}
- def start(tenant, user_alias) do
+ @spec start(String.t(), String.t(), fun(), atom() | nil) :: {:ok, pid} | {:error, any()}
+ def start(tenant, user_alias, client_key, def_mode_type \\ nil) do
  case get_global_sup(tenant, user_alias) do
  nil ->
- start_local_pool(tenant, user_alias)
+ start_local_pool(tenant, user_alias, client_key, def_mode_type)
 
  pid ->
  {:ok, pid}
@@ -97,8 +97,9 @@ defmodule Supavisor do
 
  ## Internal functions
 
- @spec start_local_pool(String.t(), String.t()) :: {:ok, pid} | {:error, any()}
- defp start_local_pool(tenant, user_alias) do
+ @spec start_local_pool(String.t(), String.t(), term(), atom() | nil) ::
+ {:ok, pid} | {:error, any()}
+ defp start_local_pool(tenant, user_alias, auth_secrets, def_mode_type) do
  Logger.debug("Starting pool for #{inspect({tenant, user_alias})}")
 
  case Tenants.get_pool_config(tenant, user_alias) do
@@ -129,15 +130,17 @@ defmodule Supavisor do
  ip_version: H.ip_version(ip_ver, db_host),
  upstream_ssl: tenant_record.upstream_ssl,
  upstream_verify: tenant_record.upstream_verify,
- upstream_tls_ca: H.upstream_cert(tenant_record.upstream_tls_ca)
+ upstream_tls_ca: H.upstream_cert(tenant_record.upstream_tls_ca),
+ require_user: tenant_record.require_user,
+ secrets: auth_secrets
  }
 
  args = %{
  tenant: tenant,
  user_alias: user_alias,
  auth: auth,
  pool_size: pool_size,
- mode: mode,
+ mode: def_mode_type || mode,
  default_parameter_status: ps
  }
 

diff --git a/lib/supavisor/application.ex b/lib/supavisor/application.ex
@@ -16,21 +16,26 @@ defmodule Supavisor.Application do
  {Supavisor.SignalHandler, []}
  )
 
- proxy_port = Application.get_env(:supavisor, :proxy_port)
+ proxy_ports = [
+ {Application.get_env(:supavisor, :proxy_port_transaction), :transaction},
+ {Application.get_env(:supavisor, :proxy_port_session), :session}
+ ]
 
- :ranch.start_listener(
- :pg_proxy,
- :ranch_tcp,
- %{
- max_connections: String.to_integer(System.get_env("MAX_CONNECTIONS") || "25000"),
- num_acceptors: String.to_integer(System.get_env("NUM_ACCEPTORS") || "100"),
- socket_opts: [port: proxy_port]
- },
- Supavisor.ClientHandler,
- []
- )
- |> then(&"Proxy started on port #{proxy_port}, result: #{inspect(&1)}")
- |> Logger.warning()
+ for {port, mode} <- proxy_ports do
+ :ranch.start_listener(
+ :pg_proxy,
+ :ranch_tcp,
+ %{
+ max_connections: String.to_integer(System.get_env("MAX_CONNECTIONS") || "25000"),
+ num_acceptors: String.to_integer(System.get_env("NUM_ACCEPTORS") || "100"),
+ socket_opts: [port: port]
+ },
+ Supavisor.ClientHandler,
+ %{def_mode_type: mode}
+ )
+ |> then(&"Proxy started #{mode} on port #{port}, result: #{inspect(&1)}")
+ |> Logger.warning()
+ end
 
  :syn.set_event_handler(Supavisor.SynHandler)
  :syn.add_node_to_scopes([:tenants])
@@ -57,13 +62,14 @@ defmodule Supavisor.Application do
  SupavisorWeb.Telemetry,
  # Start the PubSub system
  {Phoenix.PubSub, name: Supavisor.PubSub},
- # Start the Endpoint (http/https)
- SupavisorWeb.Endpoint,
  {
  PartitionSupervisor,
  child_spec: DynamicSupervisor, strategy: :one_for_one, name: Supavisor.DynamicSupervisor
  },
- Supavisor.Vault
+ Supavisor.Vault,
+ {Cachex, name: Supavisor.Cache},
+ # Start the Endpoint (http/https)
+ SupavisorWeb.Endpoint
  ]
 
  # See https://hexdocs.pm/elixir/Supervisor.html