Copilot commented on code in PR #64935:
URL: https://github.com/apache/doris/pull/64935#discussion_r3489701711


##########
be/src/service/http/action/stream_load_forward_handler.cpp:
##########
@@ -31,6 +31,18 @@
 namespace doris {
 
 int StreamLoadForwardHandler::on_header(HttpRequest* req) {
+    const auto* params_for_auth = req->params();
+    auto token_it = params_for_auth->find("auth_token");
+    if (token_it != params_for_auth->end() && 
_exec_env->check_auth_token(token_it->second)) {
+        // fast path: FE passed internal auth token via query param
+    } else {
+        // fallback: validate via HttpHandlerWithAuth (Basic Auth -> FE RPC)
+        int auth_ret = HttpHandlerWithAuth::on_header(req);
+        if (auth_ret != 0) {
+            return auth_ret;
+        }
+    }
+

Review Comment:
   The Basic Auth fallback currently depends on 
`HttpHandlerWithAuth::on_header`, but that function returns success immediately 
when `config::enable_all_http_auth` is false (default). That means requests 
without a valid `auth_token` can still pass authentication and reach the 
forward logic, which contradicts the PR goal of rejecting unauthenticated 
access to `_stream_load_forward`.



##########
be/src/common/config.cpp:
##########
@@ -273,6 +273,7 @@ DEFINE_mInt32(download_low_speed_limit_kbps, "50");
 DEFINE_mInt32(download_low_speed_time, "300");
 // whether to download small files in batch
 DEFINE_mBool(enable_batch_download, "true");
+DEFINE_Bool(enable_group_commit_streamload_be_forward, "false");
 // whether to check md5sum when download
 DEFINE_mBool(enable_download_md5sum_check, "false");

Review Comment:
   This new config definition also lacks a descriptive comment (neighboring 
configs document intent). Adding a short comment helps operators understand 
what enabling it does.



##########
be/src/common/config.h:
##########
@@ -330,6 +330,7 @@ DECLARE_mInt32(download_low_speed_limit_kbps);
 DECLARE_mInt32(download_low_speed_time);
 // whether to download small files in batch.
 DECLARE_mBool(enable_batch_download);
+DECLARE_Bool(enable_group_commit_streamload_be_forward);
 // whether to check md5sum when download

Review Comment:
   This new BE config is missing the one-line comment that nearby config 
declarations consistently have, which makes `be.conf`/config docs harder to 
maintain.



##########
fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/LoadAction.java:
##########
@@ -800,11 +800,17 @@ private Backend selectBackendForGroupCommit(String 
clusterName, HttpServletReque
      * @return RedirectView configured for stream load forwarding
      */
     private RedirectView redirectToStreamLoadForward(HttpServletRequest 
request, TNetworkAddress addr,
-            String forwardTarget) {
+            String forwardTarget) throws LoadException {
         // Replace _stream_load with _stream_load_forward in the path.
         String modifiedPath = request.getRequestURI().replace("/_stream_load", 
"/_stream_load_forward");
         String queryString = request.getQueryString();
-        String redirectQuery = "forward_to=" + forwardTarget;
+        String authToken;
+        try {
+            authToken = Env.getCurrentEnv().getTokenManager().acquireToken();
+        } catch (Exception e) {
+            throw new LoadException("Failed to acquire auth token for stream 
load forward", e);
+        }
+        String redirectQuery = "forward_to=" + forwardTarget + "&auth_token=" 
+ authToken;
         if (!Strings.isNullOrEmpty(queryString)) {
             redirectQuery = queryString + "&" + redirectQuery;
         }

Review Comment:
   `redirectToStreamLoadForward()` appends `auth_token` to the existing raw 
query string without stripping any client-supplied `auth_token`. On BE, query 
parsing uses `map.emplace(...)`, so the **first** occurrence of a duplicated 
key wins; a client-provided `auth_token` can shadow the FE-generated token and 
force the BE into the fallback path. Also, `authToken` is concatenated without 
URL-encoding.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to