CubeJS Multitenant:当用户使用不同的令牌访问服务器时,如何使用 COMPILE_CONTEXT?
[英]CubeJS Multitenant: How to use COMPILE_CONTEXT as users access the server with different Tokens?
问题描述
We've been getting started with CubeJS.
我们已经开始使用 CubeJS。 We are using BiqQuery, with the following heirarchy:我们正在使用 BiqQuery,具有以下层次结构:
- Project (All client)项目(所有客户)
- Dataset (Corresponding to a single client)数据集(对应单个客户端)
- Tables (Different data-types for a single client)表(单个客户端的不同数据类型)
- Tables (Different data-types for a single client)
- Dataset (Corresponding to a single client)
We'd like to use COMPILE_CONTEXT to allow different clients to access different Datasets based on the JWT that we issue them after authentication.我们想使用COMPILE_CONTEXT来允许不同的客户端访问基于我们在身份验证后发布的 JWT 的不同数据集。 The JWT includes the user info that'd cause our schema to select a different dataset: JWT 包含的用户信息会导致我们的架构 select 成为不同的数据集:
const {
securityContext: { dataset_id },
} = COMPILE_CONTEXT;
cube(`Sessions`, {
sql: `SELECT * FROM ${ dataset_id }.sessions_export`,
measures: {
// Count of all session objects
count: {
sql: `Status`,
type: `count`,
},
In testing, we've found that the COMPILE_CONTEXT global variable is set when the server is launched, meaning that even if a different client submits a request to Cube with a different dataset_id , the old one is used by the server, sending info from the old dataset.在测试中,我们发现 COMPILE_CONTEXT 全局变量是在服务器启动时设置的,这意味着即使不同的客户端使用不同的dataset_id向 Cube 提交请求,服务器也会使用旧的,从服务器发送信息旧数据集。 The Cube docs on Multi-tenancy state that COMPILE_CONTEXT should be used in our scenario (at least, this is my understanding): Multi-tenancy state 上的 Cube 文档 COMPILE_CONTEXT 应该在我们的场景中使用(至少,这是我的理解):
Multitenant COMPILE_CONTEXT should be used when users in fact access different databases.
SECURITY_CONTEXT, on the other hand, is set at Query time, so we tried to also access the appropriate data from SECURITY_CONTEXT like so:另一方面,SECURITY_CONTEXT 是在查询时设置的,因此我们也尝试从 SECURITY_CONTEXT 访问适当的数据,如下所示:
cube(`Sessions`, {
sql: `SELECT * FROM ${SECURITY_CONTEXT.dataset_id}.sessions_export`,
But the query being sent to the database (found in the error log in the Cube dev server) is SELECT * FROM [object Object].sessions_export) AS sessions.但是发送到数据库的查询(在 Cube 开发服务器的错误日志中找到)是SELECT * FROM [object Object].sessions_export) AS sessions.
I'd love to inspect the SECURITY_CONTEXT variable but I'm having trouble finding how to do this, as it's only accessible within our cube Sql to my knowledge.我很想检查 SECURITY_CONTEXT 变量,但我很难找到如何做到这一点,因为据我所知,它只能在我们的立方体 Sql 中访问。
Any help would be appreciated.任何帮助,将不胜感激。 We are open to other routes besides those described above, In a nutshell?除上述路线外,我们还开放其他路线,简而言之? how can we deliver a specific dataset to a client using a unique JWT?我们如何使用唯一的 JWT 向客户端提供特定的数据集?
1 个解决方案
解决方案1
1 2021-05-24 01:07:06
Given that all your datasets are in the same BigQuery database, I think your use-case reflects the Multiple DB Instances with Same Schema part of the documentation (that title could definitely be improved):鉴于您的所有数据集都在同一个 BigQuery 数据库中,我认为您的用例反映了文档中具有相同架构的多个数据库实例部分(该标题肯定可以改进):
// cube.js
const PostgresDriver = require('@cubejs-backend/postgres-driver');
module.exports = {
contextToAppId: ({ securityContext }) =>
`CUBEJS_APP_${securityContext.dataset_id}`,
driverFactory: ({ securityContext }) =>
new PostgresDriver({
database: `${securityContext.dataset_id}`,
}),
};
// schema/Sessions.js
cube(`Sessions`, {
sql: `SELECT * FROM sessions_export`,
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.