Merge branch 'release-0.47' of https://github.com/rilldata/rill into …

…release-0.47

netlify.toml

@@ -11,7 +11,7 @@
       frame-ancestors *; \
       object-src 'none'; \
       connect-src https: *.usepylon.com *.posthog.com wss://*.pusher.com; \
-      font-src 'self' https://fonts.gstatic.com;
+      font-src 'self' https://fonts.gstatic.com *.usepylon.com;
       """
     Permissions-Policy = "geolocation=(),midi=(),sync-xhr=(self),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"
     Referrer-Policy = "no-referrer"

proto/gen/rill/runtime/v1/runtime.swagger.yaml

@@ -135,7 +135,8 @@ paths:
       tags:
         - ConnectorService
   /v1/dev-jwt:
-    get:
+    post:
+      summary: IssueDevJWT issues a JWT for mimicking a user in local development.
       operationId: RuntimeService_IssueDevJWT
       responses:
         "200":
@@ -147,25 +148,11 @@ paths:
           schema:
             $ref: '#/definitions/rpcStatus'
       parameters:
-        - name: name
-          in: query
-          required: false
-          type: string
-        - name: email
-          in: query
-          required: false
-          type: string
-        - name: groups
-          in: query
-          required: false
-          type: array
-          items:
-            type: string
-          collectionFormat: multi
-        - name: admin
-          in: query
-          required: false
-          type: boolean
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: '#/definitions/v1IssueDevJWTRequest'
       tags:
         - RuntimeService
   /v1/examples:
@@ -295,6 +282,7 @@ paths:
         - ConnectorService
   /v1/health:
     get:
+      summary: Health runs a health check on the runtime.
       operationId: RuntimeService_Health
       responses:
         "200":
@@ -309,6 +297,7 @@ paths:
         - RuntimeService
   /v1/health/instances/{instanceId}:
     get:
+      summary: InstanceHealth runs a health check on a specific instance.
       operationId: RuntimeService_InstanceHealth
       responses:
         "200":
@@ -3958,6 +3947,20 @@ definitions:
     properties:
       instanceHealth:
         $ref: '#/definitions/v1InstanceHealth'
+  v1IssueDevJWTRequest:
+    type: object
+    properties:
+      name:
+        type: string
+      email:
+        type: string
+      groups:
+        type: array
+        items:
+          type: string
+      admin:
+        type: boolean
+    title: Request message for RuntimeService.IssueDevJWT
   v1IssueDevJWTResponse:
     type: object
     properties:

proto/rill/runtime/v1/api.proto

@@ -15,10 +15,12 @@ service RuntimeService {
     option (google.api.http) = {get: "/v1/ping"};
   }
 
+  // Health runs a health check on the runtime.
   rpc Health(HealthRequest) returns (HealthResponse) {
     option (google.api.http) = {get: "/v1/health"};
   }
 
+  // InstanceHealth runs a health check on a specific instance.
   rpc InstanceHealth(InstanceHealthRequest) returns (InstanceHealthResponse) {
     option (google.api.http) = {get: "/v1/health/instances/{instance_id}"};
   }
@@ -206,8 +208,14 @@ service RuntimeService {
     option (google.api.http) = {get: "/v1/instances/{instance_id}/connectors/notifiers"};
   }
 
+  // Access management
+
+  // IssueDevJWT issues a JWT for mimicking a user in local development.
   rpc IssueDevJWT(IssueDevJWTRequest) returns (IssueDevJWTResponse) {
-    option (google.api.http) = {get: "/v1/dev-jwt"};
+    option (google.api.http) = {
+      post: "/v1/dev-jwt",
+      body: "*"
+    };
   }
 }
 

runtime/drivers/druid/druidsqldriver/druid_api_sql_driver.go

@@ -74,6 +74,13 @@ func (c *sqlConnection) QueryContext(ctx context.Context, query string, args []d
 		return nil, err
 	}
 
+	// Druid sends well-formed response for 200, 400 and 500 status codes, for others use this
+	// ref - https://druid.apache.org/docs/latest/api-reference/sql-api/#responses
+	if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusBadRequest && resp.StatusCode != http.StatusInternalServerError {
+		resp.Body.Close()
+		return nil, fmt.Errorf("unexpected status code: %d, status: %s", resp.StatusCode, resp.Status)
+	}
+
 	dec := json.NewDecoder(resp.Body)
 
 	var obj any

web-admin/src/features/dashboards/share/ShareDashboardButton.svelte

@@ -14,6 +14,8 @@
     TabsTrigger,
   } from "@rilldata/web-common/components/tabs";
   import { copyToClipboard } from "@rilldata/web-common/lib/actions/copy-to-clipboard";
+
+  export let createMagicAuthTokens: boolean;
 </script>
 
 <Popover>
@@ -24,7 +26,9 @@
     <Tabs>
       <TabsList>
         <TabsTrigger value="tab1">Copy link</TabsTrigger>
-        <TabsTrigger value="tab2">Create public link</TabsTrigger>
+        {#if createMagicAuthTokens}
+          <TabsTrigger value="tab2">Create public link</TabsTrigger>
+        {/if}
       </TabsList>
       <TabsContent value="tab1" class="mt-0 p-4">
         <div class="flex flex-col gap-y-2">

web-admin/src/features/navigation/TopNavigationBar.svelte

@@ -31,6 +31,8 @@
     isProjectPage,
   } from "./nav-utils";
 
+  export let createMagicAuthTokens: boolean;
+
   const user = createAdminServiceGetCurrentUser();
 
   $: instanceId = $runtime?.instanceId;
@@ -175,7 +177,7 @@
         {#if $user.isSuccess && $user.data.user && !onMagicLinkPage}
           <CreateAlert />
           <Bookmarks />
-          <ShareDashboardButton />
+          <ShareDashboardButton {createMagicAuthTokens} />
         {/if}
       </StateManagersProvider>
     {/if}

web-admin/src/routes/+layout.svelte

@@ -14,6 +14,10 @@
   import { initPylonWidget } from "../features/help/initPylonWidget";
   import TopNavigationBar from "../features/navigation/TopNavigationBar.svelte";
 
+  export let data;
+
+  $: ({ projectPermissions } = data);
+
   // Motivation:
   // - https://tkdodo.eu/blog/breaking-react-querys-api-on-purpose#a-bad-api
   // - https://tkdodo.eu/blog/react-query-error-handling#the-global-callbacks
@@ -49,7 +53,9 @@
     <main class="flex flex-col min-h-screen h-screen">
       <BannerCenter />
       {#if !isEmbed}
-        <TopNavigationBar />
+        <TopNavigationBar
+          createMagicAuthTokens={projectPermissions?.createMagicAuthTokens}
+        />
       {/if}
       <ErrorBoundary>
         <slot />

web-admin/src/routes/+layout.ts

@@ -4,3 +4,68 @@ app in production. Here, we are setting server-side rendering (SSR) to false to
 ensure the same single-page app behavior in development.
 */
 export const ssr = false;
+
+import type { V1ProjectPermissions } from "@rilldata/web-admin/client";
+import { adminServiceGetProject } from "@rilldata/web-admin/client/index.js";
+import { getAdminServiceGetProjectQueryKey } from "@rilldata/web-admin/client/index.js";
+import { queryClient } from "@rilldata/web-common/lib/svelte-query/globalQueryClient.js";
+import { error } from "@sveltejs/kit";
+import type { QueryFunction, QueryKey } from "@tanstack/svelte-query";
+import {
+  adminServiceGetProjectWithBearerToken,
+  getAdminServiceGetProjectWithBearerTokenQueryKey,
+} from "../features/shareable-urls/get-project-with-bearer-token.js";
+
+export const load = async ({ params }) => {
+  const { organization, project, token } = params;
+
+  if (!organization || !project) {
+    return {
+      projectPermissions: <V1ProjectPermissions>{},
+    };
+  }
+
+  let queryKey: QueryKey;
+  let queryFn: QueryFunction<
+    Awaited<ReturnType<typeof adminServiceGetProject>>
+  >;
+
+  if (token) {
+    queryKey = getAdminServiceGetProjectWithBearerTokenQueryKey(
+      organization,
+      project,
+      token,
+      {},
+    );
+
+    queryFn = ({ signal }) =>
+      adminServiceGetProjectWithBearerToken(
+        organization,
+        project,
+        token,
+        {},
+        signal,
+      );
+  } else {
+    queryKey = getAdminServiceGetProjectQueryKey(organization, project);
+
+    queryFn = ({ signal }) =>
+      adminServiceGetProject(organization, project, {}, signal);
+  }
+
+  try {
+    const response = await queryClient.fetchQuery({
+      queryFn,
+      queryKey,
+    });
+
+    const { projectPermissions } = response;
+
+    return {
+      projectPermissions,
+    };
+  } catch (e) {
+    console.error(e);
+    throw error(e.response.status, "Error fetching deployment");
+  }
+};