Skip to main content

risingwave_common/config/
frontend.rs

1// Copyright 2025 RisingWave Labs
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15use super::hba::HbaConfig;
16use super::*;
17
18/// The section [`frontend`] in `risingwave.toml`.
19#[serde_with::apply(Option => #[serde(with = "none_as_empty_string")])]
20#[derive(Clone, Debug, Serialize, Deserialize, DefaultFromSerde, ConfigDoc)]
21pub struct FrontendConfig {
22    /// Total memory constraints for running queries.
23    #[serde(default = "default::frontend::max_total_query_size_bytes")]
24    pub max_total_query_size_bytes: u64,
25
26    /// A query of size under this threshold will never be rejected due to memory constraints.
27    #[serde(default = "default::frontend::min_single_query_size_bytes")]
28    pub min_single_query_size_bytes: u64,
29
30    /// A query of size exceeding this threshold will always be rejected due to memory constraints.
31    #[serde(default = "default::frontend::max_single_query_size_bytes")]
32    pub max_single_query_size_bytes: u64,
33
34    /// Host-based authentication configuration
35    #[serde(default = "HbaConfig::default")]
36    pub hba_config: HbaConfig,
37
38    /// Maximum allowed clock skew in milliseconds for `WebSocket` ingest init authentication.
39    #[serde(default = "default::frontend::webhook_auth_max_clock_skew_ms")]
40    pub webhook_auth_max_clock_skew_ms: u64,
41
42    /// Whether to allow local filesystem connectors such as `posix_fs` and `fs`.
43    /// Disabled by default in release builds because these connectors can access files on the
44    /// frontend host. Enabled by default in debug builds for local development.
45    #[serde(default = "default::frontend::unsafe_enable_local_fs_connector")]
46    pub unsafe_enable_local_fs_connector: bool,
47}
48
49pub mod default {
50
51    pub mod frontend {
52        pub fn max_total_query_size_bytes() -> u64 {
53            1024 * 1024 * 1024
54        }
55
56        pub fn min_single_query_size_bytes() -> u64 {
57            1024 * 1024
58        }
59
60        pub fn max_single_query_size_bytes() -> u64 {
61            1024 * 1024 * 1024
62        }
63
64        pub fn webhook_auth_max_clock_skew_ms() -> u64 {
65            300_000
66        }
67
68        pub fn unsafe_enable_local_fs_connector() -> bool {
69            cfg!(debug_assertions)
70        }
71    }
72}