CalvinKirs opened a new pull request, #65551:
URL: https://github.com/apache/doris/pull/65551

   ### What problem does this PR solve?
   
   The FE meta-service endpoints (`image`/`role`/`check`/`put`/`journal_id`, 
etc.) authenticate callers only by the `CLIENT_NODE_HOST`/`CLIENT_NODE_PORT` 
headers — i.e. whether the claimed host:port is a registered FE. That is a 
plaintext claim with no secret, so any host that knows a valid FE address can 
impersonate it.
   
   ### What this PR does
   
   Add an optional cluster token `fe_meta_auth_token`:
   
   - **Empty (default)** — behavior is unchanged: node-host check only. 
Existing clusters and rolling upgrades are unaffected.
   - **Set** — `checkFromValidFe` additionally requires the request to carry a 
matching token header, **on top of** the existing node-host check (additive, 
does not replace the host check).
   
   The token is a static `fe.conf` item, so a scaling-out FE already holds it 
before the bootstrap handshake — no chicken-and-egg with the token that 
`/check` itself hands out. It must be identical on all FEs.
   
   Additional hardening of the meta-service:
   - `/put` rejects a port other than the FE HTTP port.
   - `/dump` always checks the admin password.
   - meta-helper logs header **names** only, never the token value.
   
   ### Tests
   
   - `MetaServiceTest`: matching / missing / wrong token, 
no-token-when-unconfigured, unknown-host-rejected-even-with-token, `/put` port 
check, `/dump` auth.
   - `HttpURLUtilTest`: token header emission (present/absent) and internal URL 
building.
   
   This supersedes #63782 (rebased onto latest master with a cleaner, 
switch-free design).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to