Skip to content

fix: inject bound CloudBeaver session for GET data-download requests#650

Merged
LordofAvernus merged 1 commit into
release-4.2508.xfrom
dms/fix-cb-download-session
Jul 9, 2026
Merged

fix: inject bound CloudBeaver session for GET data-download requests#650
LordofAvernus merged 1 commit into
release-4.2508.xfrom
dms/fix-cb-download-session

Conversation

@LordofAvernus

@LordofAvernus LordofAvernus commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

Summary

Fix the "request error" shown on the web page when downloading exported data, while curl with a fresh token works fine.

Problem

Data file download uses a GET request (/sql_query/api/data/{session}_xxx.csv). The CloudBeaver Login middleware skipped session injection for all GET requests, so the download reused the browser's cb-session-id, which could be stale or inconsistent with the server-side session bound to the export task. On mismatch, CloudBeaver returned Session task not found; the browser (axios/blob) surfaced it as a request error, whereas curl (which carried a fresh consistent session) succeeded.

Fix

For GET requests, inject the DMS-bound CloudBeaver session into the request cookie without triggering the full login flow, so the download reuses the same session that registered the export task.

Test plan

  • Export data in SQL workbench, then download the result file from the web page; download succeeds.
  • Confirm the cb-session-id used by the download matches the session bound to the export task.
  • Static asset / other GET requests are unaffected (no-op when no bound session).

Fixes actiontech/dms-ee#930

Data file download uses GET (/sql_query/api/data/{session}_xxx.csv). The
Login middleware previously skipped session injection for all GET requests,
so the request reused the browser's cb-session-id, which could be stale or
inconsistent with the server-side session bound to the export task. When it
mismatched, CloudBeaver returned "Session task not found" and the web page
showed a request error, while curl with a fresh token still worked.

Inject the DMS-bound CloudBeaver session into the request cookie for GET
requests without triggering the full login flow, so the download reuses the
same session that registered the export task.
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

错误处理

在解析 DMS token 时调用 jwt.ParseUidFromJwtTokenStr 出错后直接返回,没有记录错误信息,这可能会导致在实际生产环境中调试失败时难以发现原因。建议在出错时添加适当的日志记录以便排查问题。

dmsUserId, err := jwt.ParseUidFromJwtTokenStr(dmsToken)
if err != nil {
	return
}

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

PR Code Suggestions ✨

No code suggestions found for the PR.

@LordofAvernus LordofAvernus merged commit 7bf0cc9 into release-4.2508.x Jul 9, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant