yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(log): add more detail log for authz/authn query error

This commit is contained in:
zhongwencool 2022-01-12 09:53:43 +08:00
parent a886fb1948
commit 1cfab9fed5
10 changed files with 33 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/emqx_authn/src/simple_authn/emqx_authn_jwks_connector.erl
View File

@ -101,7 +101,7 @@ handle_info({http, {RequestID, Result}},
endpoint => Endpoint,
reason => Reason}),
State1;
{_StatusLine, _Headers, Body} ->
{StatusLine, Headers, Body} ->
try
JWKS = jose_jwk:from(emqx_json:decode(Body, [return_maps])),
{_, JWKs} = JWKS#jose_jwk.keys,
@ -109,6 +109,8 @@ handle_info({http, {RequestID, Result}},
catch _:_ ->
?SLOG(warning, #{msg => "invalid_jwks_returned",
endpoint => Endpoint,
status => StatusLine,
headers => Headers,
body => Body}),
State1
end

3
apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
View File

@ -18,6 +18,7 @@
-include("emqx_authn.hrl").
-include_lib("typerefl/include/types.hrl").
-include_lib("emqx/include/logger.hrl").
-behaviour(hocon_schema).
-behaviour(emqx_authentication).
@ -272,7 +273,7 @@ verify(JWS, [JWK | More], VerifyClaims) ->
verify(JWS, More, VerifyClaims)
catch
_:_Reason:_Stacktrace ->
%% TODO: Add log
?TRACE("JWT", "authn_jwt_invalid_signature", #{jwk => JWK, jws => JWS}),
{error, invalid_signature}
end.

4
apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl
View File

@ -143,6 +143,8 @@ authenticate(#{password := Password} = Credential,
{error, Reason} ->
?SLOG(error, #{msg => "mongodb_query_failed",
resource => ResourceId,
collection => Collection,
selector => Selector2,
reason => Reason}),
ignore;
Doc ->
@ -152,6 +154,8 @@ authenticate(#{password := Password} = Credential,
{error, {cannot_find_password_hash_field, PasswordHashField}} ->
?SLOG(error, #{msg => "cannot_find_password_hash_field",
resource => ResourceId,
collection => Collection,
selector => Selector2,
password_hash_field => PasswordHashField}),
ignore;
{error, Reason} ->

3
apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
View File

@ -123,6 +123,9 @@ authenticate(#{password := Password} = Credential,
{error, Reason} ->
?SLOG(error, #{msg => "mysql_query_failed",
resource => ResourceId,
query => Query,
params => Params,
timeout => Timeout,
reason => Reason}),
ignore
end.

2
apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
View File

@ -119,6 +119,8 @@ authenticate(#{password := Password} = Credential,
{error, Reason} ->
?SLOG(error, #{msg => "postgresql_query_failed",
resource => ResourceId,
query => Query,
params => Params,
reason => Reason}),
ignore
end.

7
apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl
View File

@ -125,6 +125,7 @@ authenticate(#{password := Password} = Credential,
password_hash_algorithm := Algorithm}) ->
NKey = binary_to_list(iolist_to_binary(replace_placeholders(Key, Credential))),
case emqx_resource:query(ResourceId, {cmd, [Command, NKey | Fields]}) of
{ok, []} -> ignore;
{ok, Values} ->
case merge(Fields, Values) of
#{<<"password_hash">> := _} = Selected ->
@ -137,12 +138,18 @@ authenticate(#{password := Password} = Credential,
end;
_ ->
?SLOG(error, #{msg => "cannot_find_password_hash_field",
cmd => Command,
keys => NKey,
fields => Fields,
resource => ResourceId}),
ignore
end;
{error, Reason} ->
?SLOG(error, #{msg => "redis_query_failed",
resource => ResourceId,
cmd => Command,
keys => NKey,
fields => Fields,
reason => Reason}),
ignore
end.

2
apps/emqx_authz/src/emqx_authz_mongodb.erl
View File

@ -67,6 +67,8 @@ authorize(Client, PubSub, Topic,
{error, Reason} ->
?SLOG(error, #{msg => "query_mongo_error",
reason => Reason,
collection => Collection,
selector => RenderedSelector,
resource_id => ResourceID}),
nomatch;
[] -> nomatch;

5
apps/emqx_authz/src/emqx_authz_mysql.erl
View File

@ -58,13 +58,16 @@ authorize(Client, PubSub, Topic,
query := {Query, Params}
}
}) ->
case emqx_resource:query(ResourceID, {sql, Query, replvar(Params, Client)}) of
RenderParams = replvar(Params, Client),
case emqx_resource:query(ResourceID, {sql, Query, RenderParams}) of
{ok, _Columns, []} -> nomatch;
{ok, Columns, Rows} ->
do_authorize(Client, PubSub, Topic, Columns, Rows);
{error, Reason} ->
?SLOG(error, #{ msg => "query_mysql_error"
, reason => Reason
, query => Query
, params => RenderParams
, resource_id => ResourceID}),
nomatch
end.

8
apps/emqx_authz/src/emqx_authz_postgresql.erl
View File

@ -62,8 +62,8 @@ dry_run(Source) ->
parse_query(Sql) ->
case re:run(Sql, ?RE_PLACEHOLDER, [global, {capture, all, list}]) of
{match, Capured} ->
PlaceHolders = [PlaceHolder || [PlaceHolder] <- Capured],
{match, Captured} ->
PlaceHolders = [PlaceHolder || [PlaceHolder] <- Captured],
Replacements = ["$" ++ integer_to_list(I) || I <- lists:seq(1, length(PlaceHolders))],
NSql = lists:foldl(
fun({PlaceHolder, Replacement}, S) ->
@ -80,13 +80,15 @@ authorize(Client, PubSub, Topic,
placeholders := Placeholders
}
}) ->
case emqx_resource:query(ResourceID, {prepared_query, ResourceID, replvar(Placeholders, Client)}) of
RenderedParams = replvar(Placeholders, Client),
case emqx_resource:query(ResourceID, {prepared_query, ResourceID, RenderedParams}) of
{ok, _Columns, []} -> nomatch;
{ok, Columns, Rows} ->
do_authorize(Client, PubSub, Topic, Columns, Rows);
{error, Reason} ->
?SLOG(error, #{ msg => "query_postgresql_error"
, reason => Reason
, params => RenderedParams
, resource_id => ResourceID}),
nomatch
end.

1
apps/emqx_authz/src/emqx_authz_redis.erl
View File

@ -63,6 +63,7 @@ authorize(Client, PubSub, Topic,
{error, Reason} ->
?SLOG(error, #{ msg => "query_redis_error"
, reason => Reason
, cmd => NCMD
, resource_id => ResourceID}),
nomatch
end.