Fix token validation

registry/raft-registry/src/network/management.rs

@@ -159,11 +159,13 @@ pub async fn readiness(app: Data<&RaftRegistryApp>) -> poem::Result<impl IntoRes
     let m = app.raft.metrics().borrow().clone();
     Ok(
         if m.running_state.is_ok() && m.current_leader.is_some() && m.last_applied.is_some() {
-            PlainText("OK").with_status(StatusCode::OK)
+            PlainText("OK").with_status(StatusCode::OK).into_response()
         } else {
-            PlainText("Not Ok").with_status(StatusCode::BAD_REQUEST)
-        }
-        .into_response(),
+            PlainText("Not Ok")
+                .with_header("Retry-After", 5)
+                .with_status(StatusCode::SERVICE_UNAVAILABLE)
+                .into_response()
+        },
     )
 }
 

registry/raft-registry/src/rbac_middleware.rs

@@ -3,7 +3,10 @@ use std::str::FromStr;
 use auth::decode_token;
 use common_utils::StringError;
 use log::warn;
-use poem::{error::{BadRequest, Forbidden}, Endpoint, Middleware, Request, Result};
+use poem::{
+    error::{BadRequest, Forbidden},
+    Endpoint, Middleware, Request, Result,
+};
 use registry_provider::Credential;
 use serde::Deserialize;
 use uuid::Uuid;
@@ -29,24 +32,28 @@ const DEBUG_TOKEN_HEADER: &str = "x-feathr-debug-token";
 #[derive(Default, Deserialize)]
 #[serde(default)]
 struct Claims {
-    app_id: Option<String>,
+    appid: Option<String>,
     preferred_username: Option<String>,
     email: Option<String>,
+    upn: Option<String>,
+    unique_name: Option<String>,
 }
 
 impl Claims {
-    fn get_credential(&self) -> Result<Credential> {
-        match &self.app_id {
-            Some(s) => {
-                let id: Uuid = s.parse().map_err(|e| BadRequest(e))?;
-                Ok(Credential::App(id))
-            }
-            None => match &self.preferred_username {
-                Some(s) => Ok(Credential::User(s.to_owned())),
-                None => match &self.email {
-                    Some(s) => Ok(Credential::User(s.to_owned())),
-                    None => Err(BadRequest(StringError::new("Invalid token claims"))),
-                },
+    fn get_credential(self) -> Result<Credential> {
+        match self
+            .preferred_username
+            .or(self.email)
+            .or(self.upn)
+            .or(self.unique_name)
+        {
+            Some(s) => Ok(Credential::User(s.to_owned())),
+            None => match &self.appid {
+                Some(s) => {
+                    let id: Uuid = s.parse().map_err(|e| BadRequest(e))?;
+                    Ok(Credential::App(id))
+                }
+                None => Err(BadRequest(StringError::new("Invalid token claims"))),
             },
         }
     }

registry/scripts/mysql.sql

@@ -2,7 +2,7 @@ create table entities
 (
     entity_id      varchar(50) not null
         primary key,
-    entity_content mediumtext  not null
+    entity_content text  not null
 );
 
 create table edges

registry/scripts/postgres.sql

@@ -0,0 +1,53 @@
+create table entities
+(
+    entity_id      varchar(50) not null
+        primary key,
+    entity_content text  not null
+);
+
+create table edges
+(
+    from_id   varchar(50) not null,
+    to_id     varchar(50) not null,
+    edge_type varchar(20) not null
+);
+
+create index entity_dep_conn_type_index
+    on edges (edge_type);
+
+create index entity_dep_from_id_index
+    on edges (from_id);
+
+create index entity_dep_to_id_index
+    on edges (to_id);
+
+create table userroles
+(
+    record_id     SERIAL
+        primary key,
+    project_name  varchar(255) not null,
+    user_name     varchar(255) not null,
+    role_name     varchar(50)  not null,
+    create_by     varchar(255) not null,
+    create_reason text         not null,
+    create_time   TIMESTAMPTZ  not null,
+    delete_by     varchar(255) null,
+    delete_reason text         null,
+    delete_time   TIMESTAMPTZ  null
+);
+
+create index create_by
+    on userroles (create_by);
+
+create index delete_by
+    on userroles (delete_by);
+
+create index project_name
+    on userroles (project_name);
+
+create index role_name
+    on userroles (role_name);
+
+create index user_name
+    on userroles (user_name);
+

registry/scripts/sqlite.sql

@@ -9,3 +9,33 @@ CREATE TABLE edges(
     edge_type varchar(50),
     PRIMARY KEY (from_id, to_id, edge_type)
 );
+create table userroles
+(
+    record_id     int auto_increment
+        primary key,
+    project_name  varchar(255) not null,
+    user_name     varchar(255) not null,
+    role_name     varchar(50)  not null,
+    create_by     varchar(255) not null,
+    create_reason text         not null,
+    create_time   datetime     not null,
+    delete_by     varchar(255) null,
+    delete_reason text         null,
+    delete_time   datetime     null
+);
+
+create index create_by
+    on userroles (create_by);
+
+create index delete_by
+    on userroles (delete_by);
+
+create index project_name
+    on userroles (project_name);
+
+create index role_name
+    on userroles (role_name);
+
+create index user_name
+    on userroles (user_name);
+