From 3195561a7908e5472c24e680de3ed8ed012e7682 Mon Sep 17 00:00:00 2001 From: zhanghongtong Date: Fri, 9 Jul 2021 14:28:48 +0800 Subject: [PATCH] feat(authz connector): match directly using the results returned by sql Signed-off-by: zhanghongtong --- apps/emqx_authz/src/emqx_authz_mongo.erl | 3 +-- apps/emqx_authz/src/emqx_authz_mysql.erl | 19 +------------------ apps/emqx_authz/src/emqx_authz_pgsql.erl | 19 +------------------ 3 files changed, 3 insertions(+), 38 deletions(-) diff --git a/apps/emqx_authz/src/emqx_authz_mongo.erl b/apps/emqx_authz/src/emqx_authz_mongo.erl index 04af8f1ec..a32054997 100644 --- a/apps/emqx_authz/src/emqx_authz_mongo.erl +++ b/apps/emqx_authz/src/emqx_authz_mongo.erl @@ -60,8 +60,7 @@ match(Client, PubSub, Topic, <<"permission">> := Permission, <<"action">> := Action }) -> - Rule = #{<<"principal">> => all, - <<"permission">> => Permission, + Rule = #{<<"permission">> => Permission, <<"topics">> => Topics, <<"action">> => Action }, diff --git a/apps/emqx_authz/src/emqx_authz_mysql.erl b/apps/emqx_authz/src/emqx_authz_mysql.erl index 4c769085d..0ab1418f2 100644 --- a/apps/emqx_authz/src/emqx_authz_mysql.erl +++ b/apps/emqx_authz/src/emqx_authz_mysql.erl @@ -77,13 +77,9 @@ format_result(Columns, Row) -> match(Client, PubSub, Topic, #{<<"permission">> := Permission, <<"action">> := Action, - <<"clientid">> := ClientId, - <<"username">> := Username, - <<"ipaddress">> := IpAddress, <<"topic">> := TopicFilter }) -> - Rule = #{<<"principal">> => principal(IpAddress, Username, ClientId), - <<"topics">> => [TopicFilter], + Rule = #{<<"topics">> => [TopicFilter], <<"action">> => Action, <<"permission">> => Permission }, @@ -99,19 +95,6 @@ match(Client, PubSub, Topic, false -> nomatch end. -principal(CIDR, Username, ClientId) -> - Cols = [{<<"ipaddress">>, CIDR}, {<<"username">>, Username}, {<<"clientid">>, ClientId}], - case [#{C => V} || {C, V} <- Cols, not empty(V)] of - [] -> throw(undefined_who); - [Who] -> Who; - Conds -> #{<<"and">> => Conds} - end. - -empty(null) -> true; -empty("") -> true; -empty(<<>>) -> true; -empty(_) -> false. - replvar(Params, ClientInfo) -> replvar(Params, ClientInfo, []). diff --git a/apps/emqx_authz/src/emqx_authz_pgsql.erl b/apps/emqx_authz/src/emqx_authz_pgsql.erl index d74db36b2..c990a29d3 100644 --- a/apps/emqx_authz/src/emqx_authz_pgsql.erl +++ b/apps/emqx_authz/src/emqx_authz_pgsql.erl @@ -81,13 +81,9 @@ format_result(Columns, Row) -> match(Client, PubSub, Topic, #{<<"permission">> := Permission, <<"action">> := Action, - <<"clientid">> := ClientId, - <<"username">> := Username, - <<"ipaddress">> := IpAddress, <<"topic">> := TopicFilter }) -> - Rule = #{<<"principal">> => principal(IpAddress, Username, ClientId), - <<"topics">> => [TopicFilter], + Rule = #{<<"topics">> => [TopicFilter], <<"action">> => Action, <<"permission">> => Permission }, @@ -103,19 +99,6 @@ match(Client, PubSub, Topic, false -> nomatch end. -principal(CIDR, Username, ClientId) -> - Cols = [{<<"ipaddress">>, CIDR}, {<<"username">>, Username}, {<<"clientid">>, ClientId}], - case [#{C => V} || {C, V} <- Cols, not empty(V)] of - [] -> throw(undefined_who); - [Who] -> Who; - Conds -> #{<<"and">> => Conds} - end. - -empty(null) -> true; -empty("") -> true; -empty(<<>>) -> true; -empty(_) -> false. - replvar(Params, ClientInfo) -> replvar(Params, ClientInfo, []).