risingwave_common/config/frontend.rs
1// Copyright 2025 RisingWave Labs
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15use super::hba::HbaConfig;
16use super::*;
17
18/// The section [`frontend`] in `risingwave.toml`.
19#[serde_with::apply(Option => #[serde(with = "none_as_empty_string")])]
20#[derive(Clone, Debug, Serialize, Deserialize, DefaultFromSerde, ConfigDoc)]
21pub struct FrontendConfig {
22 /// Total memory constraints for running queries.
23 #[serde(default = "default::frontend::max_total_query_size_bytes")]
24 pub max_total_query_size_bytes: u64,
25
26 /// A query of size under this threshold will never be rejected due to memory constraints.
27 #[serde(default = "default::frontend::min_single_query_size_bytes")]
28 pub min_single_query_size_bytes: u64,
29
30 /// A query of size exceeding this threshold will always be rejected due to memory constraints.
31 #[serde(default = "default::frontend::max_single_query_size_bytes")]
32 pub max_single_query_size_bytes: u64,
33
34 /// Host-based authentication configuration
35 #[serde(default = "HbaConfig::default")]
36 pub hba_config: HbaConfig,
37
38 /// Maximum allowed clock skew in milliseconds for `WebSocket` ingest init authentication.
39 #[serde(default = "default::frontend::webhook_auth_max_clock_skew_ms")]
40 pub webhook_auth_max_clock_skew_ms: u64,
41
42 /// Whether to allow local filesystem connectors such as `posix_fs` and `fs`.
43 /// Disabled by default in release builds because these connectors can access files on the
44 /// frontend host. Enabled by default in debug builds for local development.
45 #[serde(default = "default::frontend::unsafe_enable_local_fs_connector")]
46 pub unsafe_enable_local_fs_connector: bool,
47}
48
49pub mod default {
50
51 pub mod frontend {
52 pub fn max_total_query_size_bytes() -> u64 {
53 1024 * 1024 * 1024
54 }
55
56 pub fn min_single_query_size_bytes() -> u64 {
57 1024 * 1024
58 }
59
60 pub fn max_single_query_size_bytes() -> u64 {
61 1024 * 1024 * 1024
62 }
63
64 pub fn webhook_auth_max_clock_skew_ms() -> u64 {
65 300_000
66 }
67
68 pub fn unsafe_enable_local_fs_connector() -> bool {
69 cfg!(debug_assertions)
70 }
71 }
72}