access_control

2015-04-16 23:24:07 +08:00 · 2015-04-16 23:24:07 +08:00 · 2ed2426a33
parent ec48b186c6
commit 2ed2426a33
6 changed files with 25 additions and 21 deletions
--- a/apps/emqttd/src/emqttd_auth_anonymous.erl
+++ b/apps/emqttd/src/emqttd_auth_anonymous.erl
@ -28,7 +28,7 @@

 -author('feng@emqtt.io').

-behaviour(emqttd_auth).
+-behaviour(emqttd_auth_mod).

 -export([init/1, check/3, description/0]).

--- a/apps/emqttd/src/emqttd_auth_clientid.erl
+++ b/apps/emqttd/src/emqttd_auth_clientid.erl
@ -34,7 +34,7 @@
         lookup_clientid/1, remove_clientid/1,
         all_clientids/0]).

-behaviour(emqttd_auth).
+-behaviour(emqttd_auth_mod).

 %% emqttd_auth callbacks
 -export([init/1, check/3, description/0]).
--- a/apps/emqttd/src/emqttd_auth_username.erl
+++ b/apps/emqttd/src/emqttd_auth_username.erl
@ -30,6 +30,8 @@

 -include("emqttd.hrl").

+-behaviour(emqttd_auth_mod).
+
 -export([add_user/2, remove_user/1,
         lookup_user/1, all_users/0]).

--- a/apps/emqttd/src/emqttd_http.erl
+++ b/apps/emqttd/src/emqttd_http.erl
@ -78,7 +78,7 @@ authorized(Req) ->
 		false;
 	"Basic " ++ BasicAuth ->
        {Username, Password} = user_passwd(BasicAuth),
-        case emqttd_auth:login(#mqtt_client{username = Username}, Password) of
+        case emqttd_access_control:auth(#mqtt_client{username = Username}, Password) of
            ok ->
                true;
            {error, Reason} ->
--- a/apps/emqttd/src/emqttd_protocol.erl
+++ b/apps/emqttd/src/emqttd_protocol.erl
@ -123,7 +123,7 @@ handle(Packet = ?CONNECT_PACKET(Var), State = #proto_state{peername = Peername =
    case validate_connect(Var, State) of
        ?CONNACK_ACCEPT ->
            Client = #mqtt_client{clientid = ClientId, username = Username, ipaddr = Addr},
-            case emqttd_auth:login(Client, Password) of
+            case emqttd_access_control:auth(Client, Password) of
                ok ->
                    ClientId1 = clientid(ClientId, State),
                    start_keepalive(KeepAlive),
@ -146,7 +146,7 @@ handle(Packet = ?CONNECT_PACKET(Var), State = #proto_state{peername = Peername =

 handle(Packet = ?PUBLISH_PACKET(?QOS_0, Topic, _PacketId, _Payload),
       State = #proto_state{clientid = ClientId, session = Session}) ->
-    case emqttd_acl:check({client(State), publish, Topic}) of
+    case emqttd_access_control:check_acl(client(State), publish, Topic) of
        allow -> 
            emqttd_session:publish(Session, ClientId, {?QOS_0, emqtt_message:from_packet(Packet)});
        deny -> 
@ -156,7 +156,7 @@ handle(Packet = ?PUBLISH_PACKET(?QOS_0, Topic, _PacketId, _Payload),

 handle(Packet = ?PUBLISH_PACKET(?QOS_1, Topic, PacketId, _Payload),
         State = #proto_state{clientid = ClientId, session = Session}) ->
-    case emqttd_acl:check({client(State), publish, Topic}) of
+    case emqttd_access_control:check_acl(client(State), publish, Topic) of
        allow -> 
            emqttd_session:publish(Session, ClientId, {?QOS_1, emqtt_message:from_packet(Packet)}),
            send(?PUBACK_PACKET(?PUBACK, PacketId), State);
@ -167,7 +167,7 @@ handle(Packet = ?PUBLISH_PACKET(?QOS_1, Topic, PacketId, _Payload),

 handle(Packet = ?PUBLISH_PACKET(?QOS_2, Topic, PacketId, _Payload),
         State = #proto_state{clientid = ClientId, session = Session}) ->
-    case emqttd_acl:check({client(State), publish, Topic}) of
+    case emqttd_access_control:check_acl({client(State), publish, Topic}) of
        allow -> 
            NewSession = emqttd_session:publish(Session, ClientId, {?QOS_2, emqtt_message:from_packet(Packet)}),
            send(?PUBACK_PACKET(?PUBREC, PacketId), State#proto_state{session = NewSession});
@ -191,7 +191,7 @@ handle(?PUBACK_PACKET(Type, PacketId), State = #proto_state{session = Session})
 	{ok, NewState};

 handle(?SUBSCRIBE_PACKET(PacketId, TopicTable), State = #proto_state{clientid = ClientId, session = Session}) ->
-    AllowDenies = [emqttd_acl:check({client(State), subscribe, Topic}) || {Topic, _Qos} <- TopicTable],
+    AllowDenies = [emqttd_access_control:check_acl(client(State), subscribe, Topic) || {Topic, _Qos} <- TopicTable],
    case lists:member(deny, AllowDenies) of
        true ->
            %%TODO: return 128 QoS when deny...
--- a/rel/files/app.config
+++ b/rel/files/app.config
@ -40,19 +40,21 @@
    {logger, {lager, info}}
 ]},
 {emqttd, [
-    %% Authetication. , Anonymous Default
-    {auth, [
-        %% authentication with username, password
-        %{username, []},
-        %% authentication with clientid
-        %{clientid, [{password, no}, {file, "etc/clients.config"}]},
-        %% allow all
-        {anonymous, []}
-    ]},
-    %% ACL config
-    {acl, [
-        %% User internal ACL module
-        {internal,  [{file, "etc/acl.config"}, {nomatch, allow}]}
+    {access_control, [
+        %% Authetication. , Anonymous Default
+        {auth, [
+            %% authentication with username, password
+            %{username, []},
+            %% authentication with clientid
+            %{clientid, [{password, no}, {file, "etc/clients.config"}]},
+            %% allow all
+            {anonymous, []}
+        ]},
+        %% ACL config
+        {acl, [
+            %% User internal ACL module
+            {internal,  [{file, "etc/acl.config"}, {nomatch, allow}]}
+        ]}
    ]},
    %% Packet
    {packet, [