Feature/cluster

.github/workflows/release.yml

@@ -966,6 +966,17 @@ jobs:
           name: dist-cli-linux-x86_64
           path: dist/
 
+      - name: Install system dependencies
+        shell: bash
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends \
+            clang \
+            libclang-dev \
+            llvm-dev \
+            pkg-config \
+            libssl-dev
+
       - name: Setup Rust (for running tests)
         uses: dtolnay/rust-toolchain@stable
         with:

.gitignore

@@ -86,3 +86,5 @@ link/sdks/typescript/package-lock.json
 ui/package-lock.json
 ui/package-lock.json
 /.cluster-local
+/docker/utils/minio-data
+ui/package-lock.json

Cargo.toml

@@ -90,7 +90,7 @@ jsonwebtoken = { version = "10.2.0", default-features = false, features = ["aws_
 toml = "0.9.8"
 
 # CLI tools
-clap = { version = "4.5.54", features = ["derive", "color"] }
+clap = { version = "4.5.55", features = ["derive", "color"] }
 rustyline = { version = "17.0.2" }
 
 # System
@@ -110,9 +110,9 @@ criterion = { version = "0.8.1", features = ["html_reports"] }
 openraft = { version = "0.9.21", features = ["serde"] }
 
 # gRPC for Raft network layer
-tonic = { version = "0.14.2" }
-tonic-prost = "0.14.2"
-tonic-build = "0.14.2"
+tonic = { version = "0.14.3" }
+tonic-prost = "0.14.3"
+tonic-build = "0.14.3"
 prost = "0.14.3"
 prost-types = "0.14.3"
 
@@ -197,3 +197,6 @@ incremental = true   # incremental builds
 lto = "off"          # no link-time optimization
 codegen-units = 256  # maximum parallelism for codegen
 split-debuginfo = "unpacked"  # faster on macOS
+
+[profile.dev.package."*"]
+opt-level = 0

Notes.md

@@ -1257,9 +1257,6 @@ in the cli we can add a new config which the user can choose not to return syste
 ✗ Server error (400): Statement 1 failed: Execution error: SQL error: ParserError("Expected: an SQL statement, found: table at Line: 1, Column: 9")
 and then make sure we have a test for it as well
 
-135) struct AuthenticatedUser
-    pub username: String, //TODO: Use UserName type?
-
 136) Check the downloading of file permissions:
 - User impersonation for file download
 - insert/update/delete as user for file operations with user impersonation
@@ -1270,7 +1267,17 @@ and then make sure we have a test for it as well
 
 139) For the cli if we click enter dont open the history menu again only execute enter
 
-140) Make system tables loading lazy loaded only when needed not all the time stays registered, this will reduce memory consumption, also the same for views this should be effective for all of system.* tables and views
+140) Make sure we have default namespace whenever we setup the system, and make sure its used by default unless the user changed it using user namespace for that session
+
+142) Search these files and make them type-safe and also remove duplicates and use one file for checking permissions:
+backend/crates/kalamdb-auth/src/authorization/roles.rs
+backend/crates/kalamdb-auth/src/authorization/rbac.rs
+backend/crates/kalamdb-session/src/rbac.rs
+backend/crates/kalamdb-session/src/permissions.rs
+Also scan all the code for auth/sessions and api and check if we have any other duplicates for permission checking and roles checking and combine them into one place, and clean the code rmeove any unused methods or dead code
+
+143) Support multiple statements running and in each statement run a separate command
+
 
 
 
@@ -1289,4 +1296,5 @@ Main Epics:
 6) Service consumer - Subscription to shards
 7) Change the code to use FlatBuffers for: Raft/RocksDb storage
 8) Add page for Server Initial Setup
+9) Check S3/WebDAV Storages
 

backend/Cargo.toml

@@ -9,6 +9,9 @@ default-run = "kalamdb-server"
 build = "build.rs"
 
 [dependencies]
+# Memory optimization
+tikv-jemallocator = { version = "0.5", optional = true }
+
 # Core library
 kalamdb-core = { path = "crates/kalamdb-core" }
 kalamdb-api = { path = "crates/kalamdb-api" }
@@ -64,6 +67,10 @@ anyhow = { workspace = true }
 # System
 num_cpus = { workspace = true }
 
+[features]
+default = []
+jemalloc = ["tikv-jemallocator"]
+
 [lib]
 name = "kalamdb_server"
 path = "src/lib.rs"

backend/crates/kalamdb-api/src/handlers/auth.rs

@@ -11,10 +11,11 @@ use kalamdb_auth::{
 };
 use kalamdb_auth::helpers::cookie::extract_auth_token;
 use kalamdb_auth::security::password::{hash_password, validate_password};
-use kalamdb_commons::{AuthType, Role, StorageMode};
+use kalamdb_commons::{AuthType, Role};
 use kalamdb_commons::models::{StorageId, UserId, UserName};
 use kalamdb_configs::AuthSettings;
 use kalamdb_system::User;
+use kalamdb_system::providers::storages::models::StorageMode;
 use serde::{Deserialize, Serialize};
 use std::sync::Arc;
 

backend/crates/kalamdb-api/src/handlers/file_handler.rs

@@ -7,7 +7,8 @@
 //! 4. Stream file from storage with proper Content-Type
 
 use actix_web::{get, web, HttpResponse, Responder};
-use kalamdb_auth::AuthSession;
+use kalamdb_auth::AuthSessionExtractor;
+use kalamdb_session::AuthSession;
 use kalamdb_commons::models::{TableId, UserId};
 use kalamdb_commons::schemas::TableType;
 use kalamdb_commons::TableAccess;
@@ -24,11 +25,14 @@ use crate::models::{ErrorCode, SqlResponse};
 /// For user tables, downloads from current user's table unless ?user_id is specified.
 #[get("/files/{namespace}/{table_name}/{subfolder}/{file_id}")]
 pub async fn download_file(
-    session: AuthSession,
+    extractor: AuthSessionExtractor,
     path: web::Path<(String, String, String, String)>,
     query: web::Query<DownloadQuery>,
     app_context: web::Data<Arc<AppContext>>,
 ) -> impl Responder {
+    // Convert extractor to AuthSession
+    let session: AuthSession = extractor.into();
+
     let (namespace, table_name, subfolder, file_id) = path.into_inner();
     let table_id = TableId::from_strings(&namespace, &table_name);
 
@@ -52,7 +56,7 @@ pub async fn download_file(
         .map(|user_id| UserId::new(user_id.as_str()));
 
     if let Some(user_id) = &requested_user_id {
-        if user_id != &session.user.user_id && !can_impersonate_user(session.user.role) {
+        if user_id != session.user_id() && !can_impersonate_user(session.role()) {
             return HttpResponse::Forbidden().json(SqlResponse::error(
                 ErrorCode::PermissionDenied,
                 "User impersonation requires Service, Dba, or System role",
@@ -61,13 +65,13 @@ pub async fn download_file(
         }
     }
 
-    let effective_user_id = requested_user_id.unwrap_or_else(|| session.user.user_id.clone());
+    let effective_user_id = requested_user_id.unwrap_or_else(|| session.user_id().clone());
 
     let user_id = match table_type {
         TableType::User => Some(effective_user_id),
         TableType::Shared => {
             let access_level = table_entry.access_level.unwrap_or(TableAccess::Private);
-            if !can_access_shared_table(access_level, session.user.role) {
+            if !can_access_shared_table(access_level, session.role()) {
                 return HttpResponse::Forbidden().json(SqlResponse::error(
                     ErrorCode::PermissionDenied,
                     &format!("Shared table access denied (access_level={:?})", access_level),