diff --git a/apps/emqx_gateway/src/emqx_gateway_api_listeners.erl b/apps/emqx_gateway/src/emqx_gateway_api_listeners.erl index e73dd707e..142469313 100644 --- a/apps/emqx_gateway/src/emqx_gateway_api_listeners.erl +++ b/apps/emqx_gateway/src/emqx_gateway_api_listeners.erl @@ -233,6 +233,8 @@ schema("/gateway/:name/listeners") -> post => #{ description => <<"Create the gateway listener">> , parameters => params_gateway_name_in_path() + %% XXX: How to distinguish the different listener supported by + %% different types of gateways? , 'requestBody' => emqx_dashboard_swagger:schema_with_examples( ref(listener), examples_listener()) @@ -288,7 +290,7 @@ schema("/gateway/:name/listeners/:id/authentication") -> , responses => ?STANDARD_RESP( #{ 200 => schema_authn() - , 204 => <<"Authentication does not initiated">> + , 204 => <<"Authentication or listener does not existed">> }) }, post => @@ -487,7 +489,6 @@ fields(ssl_listener_opts) -> , {keyfile, binary()} , {verify, binary()} , {fail_if_no_peer_cert, boolean()} - , {server_name_indication, boolean()} , {depth, integer()} , {password, binary()} , {handshake_timeout, binary()} @@ -586,7 +587,9 @@ examples_listener() -> #{ tcp_listener=> #{ summary => <<"A simple tcp listener example">> , value => - #{ bind => <<"61613">> + #{ name => <<"tcp-def">> + , type => <<"tcp">> + , bind => <<"22210">> , acceptors => 16 , max_connections => 1024000 , max_conn_rate => 1000 @@ -607,7 +610,9 @@ examples_listener() -> , ssl_listener => #{ summary => <<"A simple ssl listener example">> , value => - #{ bind => <<"61614">> + #{ name => <<"ssl-def">> + , type => <<"ssl">> + , bind => <<"22211">> , acceptors => 16 , max_connections => 1024000 , max_conn_rate => 1000 @@ -620,7 +625,6 @@ examples_listener() -> , keyfile => <<"etc/certs/key.pem">> , verify => <<"verify_none">> , fail_if_no_peer_cert => false - , server_name_indication => disable } , tcp => #{ active_n => 100 @@ -631,7 +635,9 @@ examples_listener() -> , udp_listener => #{ summary => <<"A simple udp listener example">> , value => - #{ bind => <<"0.0.0.0:1884">> + #{ name => <<"udp-def">> + , type => udp + , bind => <<"22212">> , udp => #{ active_n => 100 , recbuf => <<"10KB">> @@ -644,32 +650,67 @@ examples_listener() -> , dtls_listener => #{ summary => <<"A simple dtls listener example">> , value => - #{ bind => <<"5684">> + #{ name => <<"dtls-def">> + , type => <<"dtls">> + , bind => <<"22213">> , acceptors => 16 , max_connections => 1024000 , max_conn_rate => 1000 , access_rules => [<<"allow all">>] - , ssl => + , dtls => #{ versions => [<<"dtlsv1.2">>, <<"dtlsv1">>] , cacertfile => <<"etc/certs/cacert.pem">> , certfile => <<"etc/certs/cert.pem">> , keyfile => <<"etc/certs/key.pem">> , verify => <<"verify_none">> , fail_if_no_peer_cert => false - , server_name_indication => disable } - , tcp => + , udp => #{ active_n => 100 , backlog => 1024 } } } , dtls_listener_with_psk_ciphers => - #{ summary => <<"todo">> + #{ summary => <<"A dtls listener with PSK example">> , value => - #{} + #{ name => <<"dtls-psk">> + , type => <<"dtls">> + , bind => <<"22214">> + , acceptors => 16 + , max_connections => 1024000 + , max_conn_rate => 1000 + , dtls => + #{ versions => [<<"dtlsv1.2">>, <<"dtlsv1">>] + , cacertfile => <<"etc/certs/cacert.pem">> + , certfile => <<"etc/certs/cert.pem">> + , keyfile => <<"etc/certs/key.pem">> + , verify => <<"verify_none">> + , user_lookup_fun => <<"emqx_tls_psk:lookup">> + , ciphers => +<<"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256," + "RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA">> + , fail_if_no_peer_cert => false + } + } } , lisetner_with_authn => - #{ summary => <<"todo">> - , value => #{}} + #{ summary => <<"A tcp listener with authentication example">> + , value => + #{ name => <<"tcp-with-authn">> + , type => <<"tcp">> + , bind => <<"22215">> + , acceptors => 16 + , max_connections => 1024000 + , max_conn_rate => 1000 + , authentication => + #{ backend => <<"built-in-database">> + , mechanism => <<"password-based">> + , password_hash_algorithm => + #{ name => <<"sha256">> + } + , user_id_type => <<"username">> + } + } + } }. diff --git a/apps/emqx_gateway/src/emqx_gateway_http.erl b/apps/emqx_gateway/src/emqx_gateway_http.erl index 2a9840a9c..434a0bc49 100644 --- a/apps/emqx_gateway/src/emqx_gateway_http.erl +++ b/apps/emqx_gateway/src/emqx_gateway_http.erl @@ -223,6 +223,8 @@ remove_authn(GwName, ListenerId) -> confexp(ok) -> ok; confexp({ok, Res}) -> {ok, Res}; +confexp({error, badarg}) -> + error({update_conf_error, badarg}); confexp({error, not_found}) -> error({update_conf_error, not_found}); confexp({error, already_exist}) -> @@ -372,6 +374,8 @@ with_gateway(GwName0, Fun) -> lists:join(".", lists:map(fun to_list/1, Path0))), return_http_error(404, "Resource not found. path: " ++ Path); %% Exceptions from: confexp/1 + error : {update_conf_error, badarg} -> + return_http_error(400, "Bad arguments"); error : {update_conf_error, not_found} -> return_http_error(404, "Resource not found"); error : {update_conf_error, already_exist} ->