Re: [PR] feat(access-control-service): add `access-control-service` to authorize the requests to `/wsapi` [texera]

Mon, 18 Aug 2025 09:43:52 -0700 


aicam commented on code in PR #3598:
URL: https://github.com/apache/texera/pull/3598#discussion_r2282902041


##########
core/access-control-service/src/main/scala/edu/uci/ics/texera/service/resource/AccessControlResource.scala:
##########
@@ -0,0 +1,93 @@
+package edu.uci.ics.texera.service.resource
+
+import com.typesafe.scalalogging.LazyLogging
+import edu.uci.ics.texera.auth.JwtParser.parseToken
+import edu.uci.ics.texera.auth.SessionUser
+import edu.uci.ics.texera.dao.SqlServer
+import edu.uci.ics.texera.dao.jooq.generated.enums.PrivilegeEnum
+import edu.uci.ics.texera.service.util.ComputingUnit
+import jakarta.ws.rs.{GET, POST, Path, PathParam, Produces}
+import jakarta.ws.rs.core.{Context, HttpHeaders, MediaType, Response, UriInfo}
+
+import java.util.Optional
+import scala.jdk.CollectionConverters.{CollectionHasAsScala, MapHasAsScala}
+
+@Produces(Array(MediaType.APPLICATION_JSON))
+@Path("/authorize")
+class AccessControlResource extends LazyLogging {
+
+  private val computingUnit: ComputingUnit = new ComputingUnit()
+
+  private def performAuth(
+      uriInfo: UriInfo,
+      headers: HttpHeaders
+  ): Response = {
+    val queryParams: Map[String, String] = uriInfo
+      .getQueryParameters()
+      .asScala
+      .view
+      .mapValues(values => values.asScala.headOption.getOrElse(""))
+      .toMap
+
+    logger.info(s"Request URI: ${uriInfo.getRequestUri} and headers: 
${headers.getRequestHeaders.asScala} and queryParams: $queryParams")
+
+    val token = queryParams.getOrElse(
+      "access-token",

Review Comment:
   This middleware does not work for `wsapi` endpoint since it pass token 
through URL parameter, I tried to move acces-token to `Authorization` header 
both in front end and CU master but I hit the limitation of websocket that 
headers are not allowed in initial request. Source: 
https://stackoverflow.com/questions/4361173/http-headers-in-websockets-client-api.
 Reference that shows headers does not exist in websocket: 
https://developer.mozilla.org/en-US/docs/Web/API/WebSocket/WebSocket



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to