From bd380eeeea17f3dddbc882894ce1110e91fd1a0d Mon Sep 17 00:00:00 2001
From: everpcpc <everpcpc@users.noreply.github.com>
Date: Mon, 28 Oct 2024 23:40:26 +0800
Subject: [PATCH] feat(query): add api /v1/verify (#16665)

* feat(query): add api /v1/verify

* z

* z

* z

---------

Co-authored-by: Bohu <overred.shuttler@gmail.com>
---
 .../servers/http/v1/http_query_handlers.rs    |  3 +-
 src/query/service/src/servers/http/v1/mod.rs  |  2 +
 .../service/src/servers/http/v1/verify.rs     | 43 +++++++++++++++++++
 .../09_http_handler/09_0007_token.py          |  2 +-
 4 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 src/query/service/src/servers/http/v1/verify.rs

diff --git a/src/query/service/src/servers/http/v1/http_query_handlers.rs b/src/query/service/src/servers/http/v1/http_query_handlers.rs
index 98b9034609f5..f6dbc433518f 100644
--- a/src/query/service/src/servers/http/v1/http_query_handlers.rs
+++ b/src/query/service/src/servers/http/v1/http_query_handlers.rs
@@ -57,6 +57,7 @@ use crate::servers::http::v1::query::string_block::StringBlock;
 use crate::servers::http::v1::query::Progresses;
 use crate::servers::http::v1::refresh_handler;
 use crate::servers::http::v1::upload_to_stage;
+use crate::servers::http::v1::verify_handler;
 use crate::servers::http::v1::HttpQueryContext;
 use crate::servers::http::v1::HttpQueryManager;
 use crate::servers::http::v1::HttpSessionConf;
@@ -446,7 +447,7 @@ pub fn query_route() -> Route {
             post(refresh_handler),
             EndpointKind::Refresh,
         ),
-        ("/auth/verify", post(refresh_handler), EndpointKind::Verify),
+        ("/verify", post(verify_handler), EndpointKind::Verify),
         (
             "/upload_to_stage",
             put(upload_to_stage),
diff --git a/src/query/service/src/servers/http/v1/mod.rs b/src/query/service/src/servers/http/v1/mod.rs
index f98ce7b367eb..de88be1990c4 100644
--- a/src/query/service/src/servers/http/v1/mod.rs
+++ b/src/query/service/src/servers/http/v1/mod.rs
@@ -18,6 +18,7 @@ mod query;
 mod session;
 mod stage;
 mod suggestions;
+mod verify;
 
 pub use discovery::discovery_nodes;
 pub use http_query_handlers::make_final_uri;
@@ -44,6 +45,7 @@ pub use stage::upload_to_stage;
 pub use stage::UploadToStageResponse;
 pub use suggestions::list_suggestions;
 pub use suggestions::SuggestionsResponse;
+pub use verify::verify_handler;
 
 pub use crate::servers::http::clickhouse_handler::clickhouse_router;
 pub use crate::servers::http::error::QueryError;
diff --git a/src/query/service/src/servers/http/v1/verify.rs b/src/query/service/src/servers/http/v1/verify.rs
new file mode 100644
index 000000000000..f964f3fd68b9
--- /dev/null
+++ b/src/query/service/src/servers/http/v1/verify.rs
@@ -0,0 +1,43 @@
+// Copyright 2021 Datafuse Labs
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use jwt_simple::prelude::Serialize;
+use poem::error::Result as PoemResult;
+use poem::web::Json;
+use poem::IntoResponse;
+
+use crate::servers::http::error::HttpErrorCode;
+use crate::servers::http::v1::HttpQueryContext;
+
+#[derive(Serialize, Debug, Clone)]
+pub struct VerifyResponse {
+    tenant: String,
+    user: String,
+    roles: Vec<String>,
+}
+
+#[poem::handler]
+#[async_backtrace::framed]
+pub async fn verify_handler(ctx: &HttpQueryContext) -> PoemResult<impl IntoResponse> {
+    let tenant = ctx.session.get_current_tenant();
+    let user = ctx
+        .session
+        .get_current_user()
+        .map_err(HttpErrorCode::server_error)?;
+    Ok(Json(VerifyResponse {
+        tenant: tenant.tenant_name().to_string(),
+        user: user.name.to_string(),
+        roles: user.grants.roles(),
+    }))
+}
diff --git a/tests/suites/1_stateful/09_http_handler/09_0007_token.py b/tests/suites/1_stateful/09_http_handler/09_0007_token.py
index 0b6969901fed..31721402feaf 100755
--- a/tests/suites/1_stateful/09_http_handler/09_0007_token.py
+++ b/tests/suites/1_stateful/09_http_handler/09_0007_token.py
@@ -13,7 +13,7 @@
 login_url = "http://localhost:8000/v1/session/login"
 logout_url = "http://localhost:8000/v1/session/logout"
 renew_url = "http://localhost:8000/v1/session/refresh"
-verify_url = "http://localhost:8000/v1/auth/verify"
+verify_url = "http://localhost:8000/v1/verify"
 auth = ("root", "")