Add request filter for early user and query parsing

Author: vishalya

gateway-ha/src/main/java/io/trino/gateway/baseapp/BaseApp.java

@@ -39,6 +39,8 @@
 import io.trino.gateway.ha.router.RoutingRulesManager;
 import io.trino.gateway.ha.router.StochasticRoutingManager;
 import io.trino.gateway.ha.security.AuthorizedExceptionMapper;
+import io.trino.gateway.ha.security.QueryMetadataParser;
+import io.trino.gateway.ha.security.QueryUserInfoParser;
 import io.trino.gateway.proxyserver.ForProxy;
 import io.trino.gateway.proxyserver.ProxyRequestHandler;
 import io.trino.gateway.proxyserver.RouteToBackendResource;
@@ -187,6 +189,8 @@ private static void registerProxyResources(Binder binder)
     {
         jaxrsBinder(binder).bind(RouteToBackendResource.class);
         jaxrsBinder(binder).bind(RouterPreMatchContainerRequestFilter.class);
+        jaxrsBinder(binder).bind(QueryUserInfoParser.class);
+        jaxrsBinder(binder).bind(QueryMetadataParser.class);
         jaxrsBinder(binder).bind(ProxyRequestHandler.class);
         httpClientBinder(binder).bindHttpClient("proxy", ForProxy.class);
         httpClientBinder(binder).bindHttpClient("monitor", ForMonitor.class);

gateway-ha/src/main/java/io/trino/gateway/ha/config/HaGatewayConfiguration.java

@@ -20,8 +20,17 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-
+import java.util.regex.Pattern;
+
+import static com.google.common.collect.ImmutableList.toImmutableList;
+import static io.trino.gateway.ha.handler.HttpUtils.OAUTH_PATH;
+import static io.trino.gateway.ha.handler.HttpUtils.TRINO_UI_PATH;
+import static io.trino.gateway.ha.handler.HttpUtils.UI_API_STATS_PATH;
+import static io.trino.gateway.ha.handler.HttpUtils.V1_INFO_PATH;
+import static io.trino.gateway.ha.handler.HttpUtils.V1_NODE_PATH;
+import static io.trino.gateway.ha.handler.HttpUtils.V1_QUERY_PATH;
 import static io.trino.gateway.ha.handler.HttpUtils.V1_STATEMENT_PATH;
+import static java.util.Objects.requireNonNull;
 
 public class HaGatewayConfiguration
 {
@@ -289,6 +298,19 @@ private void validateStatementPath(String statementPath, List<String> statementP
         }
     }
 
+    public boolean isPathWhiteListed(String path)
+    {
+        List<Pattern> extraWhitelistPaths = requireNonNull(this.getExtraWhitelistPaths()).stream().map(Pattern::compile).collect(toImmutableList());
+        return statementPaths.stream().anyMatch(path::startsWith)
+                || path.startsWith(V1_QUERY_PATH)
+                || path.startsWith(TRINO_UI_PATH)
+                || path.startsWith(V1_INFO_PATH)
+                || path.startsWith(V1_NODE_PATH)
+                || path.startsWith(UI_API_STATS_PATH)
+                || path.startsWith(OAUTH_PATH)
+                || extraWhitelistPaths.stream().anyMatch(pattern -> pattern.matcher(path).matches());
+    }
+
     public static class HaGatewayConfigurationException
             extends RuntimeException
     {

gateway-ha/src/main/java/io/trino/gateway/ha/handler/HttpUtils.java

@@ -25,6 +25,8 @@ public class HttpUtils
     public static final String TRINO_UI_PATH = "/ui";
     public static final String OAUTH_PATH = "/oauth2";
     public static final String USER_HEADER = "X-Trino-User";
+    public static final String TRINO_REQUEST_USER = "trinoRequestUser";
+    public static final String TRINO_QUERY_PROPERTIES = "trinoQueryProperties";
 
     private HttpUtils() {}
 }

gateway-ha/src/main/java/io/trino/gateway/ha/handler/ProxyUtils.java

@@ -28,6 +28,7 @@
 import java.util.regex.Pattern;
 
 import static com.google.common.base.Strings.isNullOrEmpty;
+import static io.trino.gateway.ha.handler.HttpUtils.TRINO_QUERY_PROPERTIES;
 import static io.trino.gateway.ha.handler.HttpUtils.TRINO_UI_PATH;
 import static io.trino.gateway.ha.handler.HttpUtils.V1_QUERY_PATH;
 import static java.nio.charset.StandardCharsets.UTF_8;
@@ -74,7 +75,7 @@ public static Optional<String> extractQueryIdIfPresent(
             throw new RuntimeException("Error reading request body", e);
         }
         if (!isNullOrEmpty(queryText) && queryText.toLowerCase(ENGLISH).contains("kill_query")) {
-            TrinoQueryProperties trinoQueryProperties = new TrinoQueryProperties(request, requestAnalyserClientsUseV2Format, requestAnalyserMaxBodySize);
+            TrinoQueryProperties trinoQueryProperties = (TrinoQueryProperties) request.getAttribute(TRINO_QUERY_PROPERTIES);
             return trinoQueryProperties.getQueryId();
         }
         return Optional.empty();

gateway-ha/src/main/java/io/trino/gateway/ha/handler/RoutingTargetHandler.java

@@ -33,18 +33,10 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
-import java.util.regex.Pattern;
 import java.util.stream.Stream;
 
 import static com.google.common.base.Strings.isNullOrEmpty;
-import static com.google.common.collect.ImmutableList.toImmutableList;
-import static io.trino.gateway.ha.handler.HttpUtils.OAUTH_PATH;
-import static io.trino.gateway.ha.handler.HttpUtils.TRINO_UI_PATH;
-import static io.trino.gateway.ha.handler.HttpUtils.UI_API_STATS_PATH;
 import static io.trino.gateway.ha.handler.HttpUtils.USER_HEADER;
-import static io.trino.gateway.ha.handler.HttpUtils.V1_INFO_PATH;
-import static io.trino.gateway.ha.handler.HttpUtils.V1_NODE_PATH;
-import static io.trino.gateway.ha.handler.HttpUtils.V1_QUERY_PATH;
 import static io.trino.gateway.ha.handler.ProxyUtils.buildUriWithNewCluster;
 import static io.trino.gateway.ha.handler.ProxyUtils.extractQueryIdIfPresent;
 import static java.util.Objects.requireNonNull;
@@ -56,7 +48,6 @@ public class RoutingTargetHandler
     private final RoutingGroupSelector routingGroupSelector;
     private final String defaultRoutingGroup;
     private final List<String> statementPaths;
-    private final List<Pattern> extraWhitelistPaths;
     private final boolean requestAnalyserClientsUseV2Format;
     private final int requestAnalyserMaxBodySize;
     private final boolean cookiesEnabled;
@@ -71,7 +62,6 @@ public RoutingTargetHandler(
         this.routingGroupSelector = requireNonNull(routingGroupSelector);
         this.defaultRoutingGroup = haGatewayConfiguration.getRouting().getDefaultRoutingGroup();
         statementPaths = requireNonNull(haGatewayConfiguration.getStatementPaths());
-        extraWhitelistPaths = requireNonNull(haGatewayConfiguration.getExtraWhitelistPaths()).stream().map(Pattern::compile).collect(toImmutableList());
         requestAnalyserClientsUseV2Format = haGatewayConfiguration.getRequestAnalyzerConfig().isClientsUseV2Format();
         requestAnalyserMaxBodySize = haGatewayConfiguration.getRequestAnalyzerConfig().getMaxBodySize();
         cookiesEnabled = GatewayCookieConfigurationPropertiesProvider.getInstance().isEnabled();
@@ -118,18 +108,6 @@ private RoutingTargetResponse getRoutingTargetResponse(HttpServletRequest reques
                 modifiedRequest);
     }
 
-    public boolean isPathWhiteListed(String path)
-    {
-        return statementPaths.stream().anyMatch(path::startsWith)
-                || path.startsWith(V1_QUERY_PATH)
-                || path.startsWith(TRINO_UI_PATH)
-                || path.startsWith(V1_INFO_PATH)
-                || path.startsWith(V1_NODE_PATH)
-                || path.startsWith(UI_API_STATS_PATH)
-                || path.startsWith(OAUTH_PATH)
-                || extraWhitelistPaths.stream().anyMatch(pattern -> pattern.matcher(path).matches());
-    }
-
     /**
      * A wrapper for HttpServletRequest that allows modifying multiple headers.
      */

gateway-ha/src/main/java/io/trino/gateway/ha/router/ExternalRoutingGroupSelector.java

@@ -46,6 +46,8 @@
 import static io.airlift.http.client.JsonResponseHandler.createJsonResponseHandler;
 import static io.airlift.http.client.Request.Builder.preparePost;
 import static io.airlift.json.JsonCodec.jsonCodec;
+import static io.trino.gateway.ha.handler.HttpUtils.TRINO_QUERY_PROPERTIES;
+import static io.trino.gateway.ha.handler.HttpUtils.TRINO_REQUEST_USER;
 import static java.util.Collections.list;
 import static java.util.Objects.requireNonNull;
 
@@ -58,7 +60,6 @@ public class ExternalRoutingGroupSelector
     private final boolean propagateErrors;
     private final HttpClient httpClient;
     private final RequestAnalyzerConfig requestAnalyzerConfig;
-    private final TrinoRequestUser.TrinoRequestUserProvider trinoRequestUserProvider;
     private static final JsonCodec<RoutingGroupExternalBody> ROUTING_GROUP_EXTERNAL_BODY_JSON_CODEC = jsonCodec(RoutingGroupExternalBody.class);
     private static final JsonResponseHandler<ExternalRouterResponse> ROUTING_GROUP_EXTERNAL_RESPONSE_JSON_RESPONSE_HANDLER =
             createJsonResponseHandler(jsonCodec(ExternalRouterResponse.class));
@@ -74,7 +75,6 @@ public class ExternalRoutingGroupSelector
         propagateErrors = rulesExternalConfiguration.isPropagateErrors();
 
         this.requestAnalyzerConfig = requestAnalyzerConfig;
-        trinoRequestUserProvider = new TrinoRequestUser.TrinoRequestUserProvider(requestAnalyzerConfig);
         try {
             this.uri = new URI(requireNonNull(rulesExternalConfiguration.getUrlPath(),
                     "Invalid URL provided, using routing group header as default."));
@@ -143,8 +143,8 @@ private RoutingGroupExternalBody createRequestBody(HttpServletRequest request)
         TrinoQueryProperties trinoQueryProperties = null;
         TrinoRequestUser trinoRequestUser = null;
         if (requestAnalyzerConfig.isAnalyzeRequest()) {
-            trinoQueryProperties = new TrinoQueryProperties(request, requestAnalyzerConfig.isClientsUseV2Format(), requestAnalyzerConfig.getMaxBodySize());
-            trinoRequestUser = trinoRequestUserProvider.getInstance(request);
+            trinoQueryProperties = (TrinoQueryProperties) request.getAttribute(TRINO_QUERY_PROPERTIES);
+            trinoRequestUser = (TrinoRequestUser) request.getAttribute(TRINO_REQUEST_USER);
         }
 
         return new RoutingGroupExternalBody(

gateway-ha/src/main/java/io/trino/gateway/ha/router/FileBasedRoutingGroupSelector.java

@@ -33,6 +33,8 @@
 import java.util.Map;
 
 import static com.google.common.base.Suppliers.memoizeWithExpiration;
+import static io.trino.gateway.ha.handler.HttpUtils.TRINO_QUERY_PROPERTIES;
+import static io.trino.gateway.ha.handler.HttpUtils.TRINO_REQUEST_USER;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static java.util.Collections.sort;
 
@@ -46,16 +48,10 @@ public class FileBasedRoutingGroupSelector
 
     private final Supplier<List<RoutingRule>> rules;
     private final boolean analyzeRequest;
-    private final boolean clientsUseV2Format;
-    private final int maxBodySize;
-    private final TrinoRequestUser.TrinoRequestUserProvider trinoRequestUserProvider;
 
     public FileBasedRoutingGroupSelector(String rulesPath, Duration rulesRefreshPeriod, RequestAnalyzerConfig requestAnalyzerConfig)
     {
         analyzeRequest = requestAnalyzerConfig.isAnalyzeRequest();
-        clientsUseV2Format = requestAnalyzerConfig.isClientsUseV2Format();
-        maxBodySize = requestAnalyzerConfig.getMaxBodySize();
-        trinoRequestUserProvider = new TrinoRequestUser.TrinoRequestUserProvider(requestAnalyzerConfig);
 
         rules = memoizeWithExpiration(() -> readRulesFromPath(Path.of(rulesPath)), rulesRefreshPeriod.toJavaTime());
     }
@@ -68,12 +64,9 @@ public RoutingSelectorResponse findRoutingDestination(HttpServletRequest request
 
         Map<String, Object> data;
         if (analyzeRequest) {
-            TrinoQueryProperties trinoQueryProperties = new TrinoQueryProperties(
-                    request,
-                    clientsUseV2Format,
-                    maxBodySize);
-            TrinoRequestUser trinoRequestUser = trinoRequestUserProvider.getInstance(request);
-            data = ImmutableMap.of("request", request, "trinoQueryProperties", trinoQueryProperties, "trinoRequestUser", trinoRequestUser);
+            TrinoQueryProperties trinoQueryProperties = (TrinoQueryProperties) request.getAttribute(TRINO_QUERY_PROPERTIES);
+            TrinoRequestUser trinoRequestUser = (TrinoRequestUser) request.getAttribute(TRINO_REQUEST_USER);
+            data = ImmutableMap.of("request", request, TRINO_QUERY_PROPERTIES, trinoQueryProperties, TRINO_REQUEST_USER, trinoRequestUser);
         }
         else {
             data = ImmutableMap.of("request", request);

gateway-ha/src/main/java/io/trino/gateway/ha/router/TrinoQueryProperties.java

@@ -65,13 +65,18 @@
 import io.trino.sql.tree.Table;
 import io.trino.sql.tree.TableFunctionInvocation;
 import io.trino.sql.tree.WithQuery;
-import jakarta.servlet.http.HttpServletRequest;
 import jakarta.ws.rs.HttpMethod;
+import jakarta.ws.rs.container.ContainerRequestContext;
+import jakarta.ws.rs.core.MediaType;
 
 import java.io.BufferedReader;
 import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
 import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashSet;
 import java.util.List;
@@ -142,35 +147,38 @@ public TrinoQueryProperties(
         maxBodySize = -1;
     }
 
-    public TrinoQueryProperties(HttpServletRequest request, boolean isClientsUseV2Format, int maxBodySize)
+    public TrinoQueryProperties(ContainerRequestContext requestContext, boolean isClientsUseV2Format, int maxBodySize)
     {
-        requireNonNull(request, "request is null");
+        requireNonNull(requestContext, "requestContext is null");
         this.isClientsUseV2Format = isClientsUseV2Format;
         this.maxBodySize = maxBodySize;
 
-        defaultCatalog = Optional.ofNullable(request.getHeader(TRINO_CATALOG_HEADER_NAME));
-        defaultSchema = Optional.ofNullable(request.getHeader(TRINO_SCHEMA_HEADER_NAME));
-        if (request.getMethod().equals(HttpMethod.POST)) {
+        defaultCatalog = Optional.ofNullable(requestContext.getHeaderString(TRINO_CATALOG_HEADER_NAME));
+        defaultSchema = Optional.ofNullable(requestContext.getHeaderString(TRINO_SCHEMA_HEADER_NAME));
+        if (requestContext.getMethod().equals(HttpMethod.POST)) {
             isNewQuerySubmission = true;
-            processRequestBody(request);
+            processRequestBody(requestContext);
         }
     }
 
-    private void processRequestBody(HttpServletRequest request)
+    private void processRequestBody(BufferedReader reader, Map<String, String> preparedStatements)
     {
-        try (BufferedReader reader = request.getReader()) {
+        try (reader) {
             if (reader == null) {
                 log.warn("HTTP request returned null reader");
                 body = "";
                 return;
             }
 
-            Map<String, String> preparedStatements = getPreparedStatements(request);
             SqlParser parser = new SqlParser();
             reader.mark(maxBodySize);
             char[] buffer = new char[maxBodySize];
             int nChars = reader.read(buffer, 0, maxBodySize);
             reader.reset();
+            if (nChars <= 0) {
+                log.warn("query text is empty");
+                return;
+            }
             if (nChars == maxBodySize) {
                 log.warn("Query length greater or equal to requestAnalyzerConfig.maxBodySize detected");
                 return;
@@ -238,11 +246,45 @@ else if (statement instanceof ExecuteImmediate executeImmediate) {
         }
     }
 
-    private Map<String, String> getPreparedStatements(HttpServletRequest request)
+    private void processRequestBody(ContainerRequestContext requestContext)
+    {
+        if (!requestContext.hasEntity()) {
+            return;
+        }
+
+        MediaType mediaType = requestContext.getMediaType();
+        if (mediaType == null) {
+            return;
+        }
+
+        String charset = mediaType.getParameters().get("charset");
+        if (!StandardCharsets.UTF_8.name().equalsIgnoreCase(charset)) {
+            return;
+        }
+
+        InputStream entityStream = requestContext.getEntityStream();
+        try (InputStreamReader entityReader = new InputStreamReader(entityStream, StandardCharsets.UTF_8);
+                BufferedReader reader = new BufferedReader(entityReader)) {
+            processRequestBody(reader, getPreparedStatements(requestContext));
+        }
+        catch (IOException e) {
+            log.warn("Error extracting request body for rules processing: %s", e.getMessage());
+            errorMessage = Optional.of(e.getMessage());
+        }
+        catch (ParsingException e) {
+            log.info("Could not parse request body as SQL: %s; Message: %s", body, e.getMessage());
+            errorMessage = Optional.of(e.getMessage());
+        }
+        catch (RequestParsingException e) {
+            log.warn(e, "Error parsing request for rules");
+            errorMessage = Optional.of(e.getMessage());
+        }
+    }
+
+    private Map<String, String> getPreparedStatements(Enumeration<String> headers)
             throws RequestParsingException
     {
         ImmutableMap.Builder<String, String> preparedStatementsMapBuilder = ImmutableMap.builder();
-        Enumeration<String> headers = request.getHeaders(TRINO_PREPARED_STATEMENT_HEADER_NAME);
         if (headers == null) {
             return preparedStatementsMapBuilder.build();
         }
@@ -259,6 +301,19 @@ private Map<String, String> getPreparedStatements(HttpServletRequest request)
         return preparedStatementsMapBuilder.build();
     }
 
+    private Map<String, String> getPreparedStatements(ContainerRequestContext requestContext)
+            throws RequestParsingException
+    {
+        if (requestContext.getHeaders() == null) {
+            return ImmutableMap.of();
+        }
+        List<String> headers = requestContext.getHeaders().get(TRINO_PREPARED_STATEMENT_HEADER_NAME);
+        if (headers == null || headers.isEmpty()) {
+            return ImmutableMap.of();
+        }
+        return getPreparedStatements(Collections.enumeration(headers));
+    }
+
     private String decodePreparedStatementFromHeader(String headerValue)
     {
         // From io.trino.server.protocol.PreparedStatementEncoder