diff --git a/src/facade/acl_commands_def.h b/src/facade/acl_commands_def.h new file mode 100644 index 000000000000..e4f2ec3a3cf3 --- /dev/null +++ b/src/facade/acl_commands_def.h @@ -0,0 +1,11 @@ +// Copyright 2023, DragonflyDB authors. All rights reserved. +// See LICENSE for licensing terms. +// + +#pragma once + +namespace dfly::acl { +// Special flag/mask for all +constexpr uint32_t NONE = 0; +constexpr uint32_t ALL = std::numeric_limits::max(); +} // namespace dfly::acl diff --git a/src/facade/conn_context.h b/src/facade/conn_context.h index eec145a674ec..6ba43775b801 100644 --- a/src/facade/conn_context.h +++ b/src/facade/conn_context.h @@ -8,6 +8,7 @@ #include +#include "facade/acl_commands_def.h" #include "facade/facade_types.h" #include "facade/reply_builder.h" @@ -80,6 +81,12 @@ class ConnectionContext { // How many async subscription sources are active: monitor and/or pubsub - at most 2. uint8_t subscriptions; + std::string authed_username{"default"}; + uint32_t acl_categories{dfly::acl::ALL}; + std::vector acl_commands; + // Skip ACL validation, used by internal commands and commands run on admin port + bool skip_acl_validation = false; + private: Connection* owner_; Protocol protocol_ = Protocol::REDIS; diff --git a/src/facade/dragonfly_connection.cc b/src/facade/dragonfly_connection.cc index 3861d66c5853..7d60efba6ea0 100644 --- a/src/facade/dragonfly_connection.cc +++ b/src/facade/dragonfly_connection.cc @@ -18,7 +18,6 @@ #include "facade/memcache_parser.h" #include "facade/redis_parser.h" #include "facade/service_interface.h" -#include "server/conn_context.h" #include "util/fibers/proactor_base.h" #ifdef DFLY_USE_SSL @@ -239,12 +238,11 @@ void Connection::DispatchOperations::operator()(const MonitorMessage& msg) { } void Connection::DispatchOperations::operator()(const AclUpdateMessage& msg) { - auto* ctx = static_cast(self->cntx()); - if (ctx) { + if (self->cntx()) { for (size_t id = 0; id < msg.username.size(); ++id) { - if (msg.username[id] == ctx->authed_username) { - ctx->acl_categories = msg.categories[id]; - ctx->acl_commands = msg.commands[id]; + if (msg.username[id] == self->cntx()->authed_username) { + self->cntx()->acl_categories = msg.categories[id]; + self->cntx()->acl_commands = msg.commands[id]; } } } diff --git a/src/server/acl/acl_commands_def.h b/src/server/acl/acl_commands_def.h index d1042f35f96d..76d8c7a9028d 100644 --- a/src/server/acl/acl_commands_def.h +++ b/src/server/acl/acl_commands_def.h @@ -5,7 +5,7 @@ #pragma once #include "absl/container/flat_hash_map.h" -#include "base/logging.h" +#include "facade/acl_commands_def.h" namespace dfly::acl { /* There are 21 ACL categories as of redis 7 @@ -65,9 +65,7 @@ enum AclCat { JSON = 1ULL << 31 }; -// Special flag/mask for all -constexpr uint32_t NONE = 0; -constexpr uint32_t ALL = std::numeric_limits::max(); +// See definitions for NONE and ALL in facade/acl_commands_def.h inline const absl::flat_hash_map CATEGORY_INDEX_TABLE{ {"KEYSPACE", KEYSPACE}, diff --git a/src/server/conn_context.h b/src/server/conn_context.h index f0bde27b0653..5f4a1275842a 100644 --- a/src/server/conn_context.h +++ b/src/server/conn_context.h @@ -201,12 +201,6 @@ class ConnectionContext : public facade::ConnectionContext { // Reference to a FlowInfo for this connection if from a master to a replica. FlowInfo* replication_flow; - std::string authed_username{"default"}; - uint32_t acl_categories{acl::ALL}; - std::vector acl_commands; - // Skip ACL validation, used by internal commands and commands run on admin port - bool skip_acl_validation = false; - private: void EnableMonitoring(bool enable) { subscriptions++; // required to support the monitoring