stackoom
  简体   繁体   中英

CubeJS Multitenant: How to use COMPILE_CONTEXT as users access the server with different Tokens?

 原文  2021-05-19 14:25:16       cube.js

Question

We've been getting started with CubeJS. We are using BiqQuery, with the following heirarchy:

  • Project (All client)
    • Dataset (Corresponding to a single client)
      • Tables (Different data-types for a single client)

We'd like to use COMPILE_CONTEXT to allow different clients to access different Datasets based on the JWT that we issue them after authentication. The JWT includes the user info that'd cause our schema to select a different dataset: 

const {
    securityContext: { dataset_id },
} = COMPILE_CONTEXT;


cube(`Sessions`, {
    sql: `SELECT * FROM ${ dataset_id }.sessions_export`,

    measures: {
        // Count of all session objects
        count: {
            sql: `Status`,
            type: `count`,
        },

In testing, we've found that the COMPILE_CONTEXT global variable is set when the server is launched, meaning that even if a different client submits a request to Cube with a different dataset_id , the old one is used by the server, sending info from the old dataset. The Cube docs on Multi-tenancy state that COMPILE_CONTEXT should be used in our scenario (at least, this is my understanding):

Multitenant COMPILE_CONTEXT should be used when users in fact access different databases. For example, if you provide SaaS ecommerce hosting and each of your customers have a separate database, then each ecommerce store should be modelled as a separate tenant.

SECURITY_CONTEXT, on the other hand, is set at Query time, so we tried to also access the appropriate data from SECURITY_CONTEXT like so:

cube(`Sessions`, {
    sql: `SELECT * FROM ${SECURITY_CONTEXT.dataset_id}.sessions_export`,

But the query being sent to the database (found in the error log in the Cube dev server) is SELECT * FROM [object Object].sessions_export) AS sessions.

I'd love to inspect the SECURITY_CONTEXT variable but I'm having trouble finding how to do this, as it's only accessible within our cube Sql to my knowledge.

Any help would be appreciated. We are open to other routes besides those described above, In a nutshell? how can we deliver a specific dataset to a client using a unique JWT?

1 answers

solution1
 1  2021-05-24 01:07:06

Given that all your datasets are in the same BigQuery database, I think your use-case reflects the Multiple DB Instances with Same Schema part of the documentation (that title could definitely be improved):

// cube.js
const PostgresDriver = require('@cubejs-backend/postgres-driver');

module.exports = {
  contextToAppId: ({ securityContext }) =>
    `CUBEJS_APP_${securityContext.dataset_id}`,
  driverFactory: ({ securityContext }) =>
    new PostgresDriver({
      database: `${securityContext.dataset_id}`,
    }),
};

// schema/Sessions.js
cube(`Sessions`, {
    sql: `SELECT * FROM sessions_export`,
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question CubeJs Preaggregation index fail to compile Security Context with several elements on CubeJS LEFT OUTER JOIN with CubeJs How can I apply limit filter to the timeDimension property of cubeJs? how to address error cubejs 'From members are not found ... Please make sure join fields are referencing dimensions instead of columns.' How to improve cubejs preagregations creation process? (its taking too long to build preaggs even with partitionGranularity) How to aggregate data from another cube in cubejs? How to access current security context within a driver in cube.js How to get COUNT of records return by measures in JSON query of CubeJS How to format time-type data with mongodb and cubejs?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM