chore(log): add more detail log for authz/authn query error
This commit is contained in:
zhongwencool
parent
a886fb1948
commit
1cfab9fed5
|
|
@ -101,7 +101,7 @@ handle_info({http, {RequestID, Result}},
|
||||||
endpoint => Endpoint,
|
endpoint => Endpoint,
|
||||||
reason => Reason}),
|
reason => Reason}),
|
||||||
State1;
|
State1;
|
||||||
{_StatusLine, _Headers, Body} ->
|
{StatusLine, Headers, Body} ->
|
||||||
try
|
try
|
||||||
JWKS = jose_jwk:from(emqx_json:decode(Body, [return_maps])),
|
JWKS = jose_jwk:from(emqx_json:decode(Body, [return_maps])),
|
||||||
{_, JWKs} = JWKS#jose_jwk.keys,
|
{_, JWKs} = JWKS#jose_jwk.keys,
|
||||||
|
|
@ -109,6 +109,8 @@ handle_info({http, {RequestID, Result}},
|
||||||
catch _:_ ->
|
catch _:_ ->
|
||||||
?SLOG(warning, #{msg => "invalid_jwks_returned",
|
?SLOG(warning, #{msg => "invalid_jwks_returned",
|
||||||
endpoint => Endpoint,
|
endpoint => Endpoint,
|
||||||
|
status => StatusLine,
|
||||||
|
headers => Headers,
|
||||||
body => Body}),
|
body => Body}),
|
||||||
State1
|
State1
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,7 @@
|
||||||
|
|
||||||
-include("emqx_authn.hrl").
|
-include("emqx_authn.hrl").
|
||||||
-include_lib("typerefl/include/types.hrl").
|
-include_lib("typerefl/include/types.hrl").
|
||||||
|
-include_lib("emqx/include/logger.hrl").
|
||||||
|
|
||||||
-behaviour(hocon_schema).
|
-behaviour(hocon_schema).
|
||||||
-behaviour(emqx_authentication).
|
-behaviour(emqx_authentication).
|
||||||
|
|
@ -272,7 +273,7 @@ verify(JWS, [JWK | More], VerifyClaims) ->
|
||||||
verify(JWS, More, VerifyClaims)
|
verify(JWS, More, VerifyClaims)
|
||||||
catch
|
catch
|
||||||
_:_Reason:_Stacktrace ->
|
_:_Reason:_Stacktrace ->
|
||||||
%% TODO: Add log
|
?TRACE("JWT", "authn_jwt_invalid_signature", #{jwk => JWK, jws => JWS}),
|
||||||
{error, invalid_signature}
|
{error, invalid_signature}
|
||||||
end.
|
end.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -143,6 +143,8 @@ authenticate(#{password := Password} = Credential,
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
?SLOG(error, #{msg => "mongodb_query_failed",
|
?SLOG(error, #{msg => "mongodb_query_failed",
|
||||||
resource => ResourceId,
|
resource => ResourceId,
|
||||||
|
collection => Collection,
|
||||||
|
selector => Selector2,
|
||||||
reason => Reason}),
|
reason => Reason}),
|
||||||
ignore;
|
ignore;
|
||||||
Doc ->
|
Doc ->
|
||||||
|
|
@ -152,6 +154,8 @@ authenticate(#{password := Password} = Credential,
|
||||||
{error, {cannot_find_password_hash_field, PasswordHashField}} ->
|
{error, {cannot_find_password_hash_field, PasswordHashField}} ->
|
||||||
?SLOG(error, #{msg => "cannot_find_password_hash_field",
|
?SLOG(error, #{msg => "cannot_find_password_hash_field",
|
||||||
resource => ResourceId,
|
resource => ResourceId,
|
||||||
|
collection => Collection,
|
||||||
|
selector => Selector2,
|
||||||
password_hash_field => PasswordHashField}),
|
password_hash_field => PasswordHashField}),
|
||||||
ignore;
|
ignore;
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
|
|
|
||||||
|
|
@ -123,6 +123,9 @@ authenticate(#{password := Password} = Credential,
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
?SLOG(error, #{msg => "mysql_query_failed",
|
?SLOG(error, #{msg => "mysql_query_failed",
|
||||||
resource => ResourceId,
|
resource => ResourceId,
|
||||||
|
query => Query,
|
||||||
|
params => Params,
|
||||||
|
timeout => Timeout,
|
||||||
reason => Reason}),
|
reason => Reason}),
|
||||||
ignore
|
ignore
|
||||||
end.
|
end.
|
||||||
|
|
|
||||||
|
|
@ -119,6 +119,8 @@ authenticate(#{password := Password} = Credential,
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
?SLOG(error, #{msg => "postgresql_query_failed",
|
?SLOG(error, #{msg => "postgresql_query_failed",
|
||||||
resource => ResourceId,
|
resource => ResourceId,
|
||||||
|
query => Query,
|
||||||
|
params => Params,
|
||||||
reason => Reason}),
|
reason => Reason}),
|
||||||
ignore
|
ignore
|
||||||
end.
|
end.
|
||||||
|
|
|
||||||
|
|
@ -125,6 +125,7 @@ authenticate(#{password := Password} = Credential,
|
||||||
password_hash_algorithm := Algorithm}) ->
|
password_hash_algorithm := Algorithm}) ->
|
||||||
NKey = binary_to_list(iolist_to_binary(replace_placeholders(Key, Credential))),
|
NKey = binary_to_list(iolist_to_binary(replace_placeholders(Key, Credential))),
|
||||||
case emqx_resource:query(ResourceId, {cmd, [Command, NKey | Fields]}) of
|
case emqx_resource:query(ResourceId, {cmd, [Command, NKey | Fields]}) of
|
||||||
|
{ok, []} -> ignore;
|
||||||
{ok, Values} ->
|
{ok, Values} ->
|
||||||
case merge(Fields, Values) of
|
case merge(Fields, Values) of
|
||||||
#{<<"password_hash">> := _} = Selected ->
|
#{<<"password_hash">> := _} = Selected ->
|
||||||
|
|
@ -137,12 +138,18 @@ authenticate(#{password := Password} = Credential,
|
||||||
end;
|
end;
|
||||||
_ ->
|
_ ->
|
||||||
?SLOG(error, #{msg => "cannot_find_password_hash_field",
|
?SLOG(error, #{msg => "cannot_find_password_hash_field",
|
||||||
|
cmd => Command,
|
||||||
|
keys => NKey,
|
||||||
|
fields => Fields,
|
||||||
resource => ResourceId}),
|
resource => ResourceId}),
|
||||||
ignore
|
ignore
|
||||||
end;
|
end;
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
?SLOG(error, #{msg => "redis_query_failed",
|
?SLOG(error, #{msg => "redis_query_failed",
|
||||||
resource => ResourceId,
|
resource => ResourceId,
|
||||||
|
cmd => Command,
|
||||||
|
keys => NKey,
|
||||||
|
fields => Fields,
|
||||||
reason => Reason}),
|
reason => Reason}),
|
||||||
ignore
|
ignore
|
||||||
end.
|
end.
|
||||||
|
|
|
||||||
|
|
@ -67,6 +67,8 @@ authorize(Client, PubSub, Topic,
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
?SLOG(error, #{msg => "query_mongo_error",
|
?SLOG(error, #{msg => "query_mongo_error",
|
||||||
reason => Reason,
|
reason => Reason,
|
||||||
|
collection => Collection,
|
||||||
|
selector => RenderedSelector,
|
||||||
resource_id => ResourceID}),
|
resource_id => ResourceID}),
|
||||||
nomatch;
|
nomatch;
|
||||||
[] -> nomatch;
|
[] -> nomatch;
|
||||||
|
|
|
||||||
|
|
@ -58,13 +58,16 @@ authorize(Client, PubSub, Topic,
|
||||||
query := {Query, Params}
|
query := {Query, Params}
|
||||||
}
|
}
|
||||||
}) ->
|
}) ->
|
||||||
case emqx_resource:query(ResourceID, {sql, Query, replvar(Params, Client)}) of
|
RenderParams = replvar(Params, Client),
|
||||||
|
case emqx_resource:query(ResourceID, {sql, Query, RenderParams}) of
|
||||||
{ok, _Columns, []} -> nomatch;
|
{ok, _Columns, []} -> nomatch;
|
||||||
{ok, Columns, Rows} ->
|
{ok, Columns, Rows} ->
|
||||||
do_authorize(Client, PubSub, Topic, Columns, Rows);
|
do_authorize(Client, PubSub, Topic, Columns, Rows);
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
?SLOG(error, #{ msg => "query_mysql_error"
|
?SLOG(error, #{ msg => "query_mysql_error"
|
||||||
, reason => Reason
|
, reason => Reason
|
||||||
|
, query => Query
|
||||||
|
, params => RenderParams
|
||||||
, resource_id => ResourceID}),
|
, resource_id => ResourceID}),
|
||||||
nomatch
|
nomatch
|
||||||
end.
|
end.
|
||||||
|
|
|
||||||
|
|
@ -62,8 +62,8 @@ dry_run(Source) ->
|
||||||
|
|
||||||
parse_query(Sql) ->
|
parse_query(Sql) ->
|
||||||
case re:run(Sql, ?RE_PLACEHOLDER, [global, {capture, all, list}]) of
|
case re:run(Sql, ?RE_PLACEHOLDER, [global, {capture, all, list}]) of
|
||||||
{match, Capured} ->
|
{match, Captured} ->
|
||||||
PlaceHolders = [PlaceHolder || [PlaceHolder] <- Capured],
|
PlaceHolders = [PlaceHolder || [PlaceHolder] <- Captured],
|
||||||
Replacements = ["$" ++ integer_to_list(I) || I <- lists:seq(1, length(PlaceHolders))],
|
Replacements = ["$" ++ integer_to_list(I) || I <- lists:seq(1, length(PlaceHolders))],
|
||||||
NSql = lists:foldl(
|
NSql = lists:foldl(
|
||||||
fun({PlaceHolder, Replacement}, S) ->
|
fun({PlaceHolder, Replacement}, S) ->
|
||||||
|
|
@ -80,13 +80,15 @@ authorize(Client, PubSub, Topic,
|
||||||
placeholders := Placeholders
|
placeholders := Placeholders
|
||||||
}
|
}
|
||||||
}) ->
|
}) ->
|
||||||
case emqx_resource:query(ResourceID, {prepared_query, ResourceID, replvar(Placeholders, Client)}) of
|
RenderedParams = replvar(Placeholders, Client),
|
||||||
|
case emqx_resource:query(ResourceID, {prepared_query, ResourceID, RenderedParams}) of
|
||||||
{ok, _Columns, []} -> nomatch;
|
{ok, _Columns, []} -> nomatch;
|
||||||
{ok, Columns, Rows} ->
|
{ok, Columns, Rows} ->
|
||||||
do_authorize(Client, PubSub, Topic, Columns, Rows);
|
do_authorize(Client, PubSub, Topic, Columns, Rows);
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
?SLOG(error, #{ msg => "query_postgresql_error"
|
?SLOG(error, #{ msg => "query_postgresql_error"
|
||||||
, reason => Reason
|
, reason => Reason
|
||||||
|
, params => RenderedParams
|
||||||
, resource_id => ResourceID}),
|
, resource_id => ResourceID}),
|
||||||
nomatch
|
nomatch
|
||||||
end.
|
end.
|
||||||
|
|
|
||||||
|
|
@ -63,6 +63,7 @@ authorize(Client, PubSub, Topic,
|
||||||
{error, Reason} ->
|
{error, Reason} ->
|
||||||
?SLOG(error, #{ msg => "query_redis_error"
|
?SLOG(error, #{ msg => "query_redis_error"
|
||||||
, reason => Reason
|
, reason => Reason
|
||||||
|
, cmd => NCMD
|
||||||
, resource_id => ResourceID}),
|
, resource_id => ResourceID}),
|
||||||
nomatch
|
nomatch
|
||||||
end.
|
end.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue