fix(authz_api): ssl pem check failed returns 400

2022-03-21 15:52:25 +08:00 · 2022-03-21 15:52:25 +08:00 · 3769044a57
parent 1ed8e783f4
commit 3769044a57
1 changed files with 20 additions and 5 deletions
--- a/apps/emqx_authz/src/emqx_authz_api_sources.erl
+++ b/apps/emqx_authz/src/emqx_authz_api_sources.erl
@ -173,7 +173,13 @@ sources(post, #{body := #{<<"type">> := <<"file">>, <<"rules">> := Rules}}) ->
    update_config(?CMD_PREPEND, [#{<<"type">> => <<"file">>,
                                   <<"enable">> => true, <<"path">> => Filename}]);
 sources(post, #{body := Body}) when is_map(Body) ->
-    update_config(?CMD_PREPEND, [maybe_write_certs(Body)]).
+    case maybe_write_certs(Body) of
+        Config when is_map(Config) ->
+            update_config(?CMD_PREPEND, [Config]);
+        {error, Reason} ->
+            {400, #{code => <<"BAD_REQUEST">>,
+                    message => bin(Reason)}}
+    end.

 source(Method, #{bindings := #{type := Type} = Bindings } = Req)
  when is_atom(Type) ->
@ -211,8 +217,13 @@ source(put, #{bindings := #{type := <<"file">>}, body := #{<<"type">> := <<"file
                    message => bin(Reason)}}
    end;
 source(put, #{bindings := #{type := Type}, body := Body}) when is_map(Body) ->
-    update_config({?CMD_REPLACE, Type},
-                   maybe_write_certs(Body#{<<"type">> => Type}));
+    case maybe_write_certs(Body#{<<"type">> => Type}) of
+        Config when is_map(Config) ->
+            update_config({?CMD_REPLACE, Type}, Config);
+        {error, Reason} ->
+            {400, #{code => <<"BAD_REQUEST">>,
+                    message => bin(Reason)}}
+    end;
 source(delete, #{bindings := #{type := Type}}) ->
    update_config({?CMD_DELETE, Type}, #{}).

@ -421,8 +432,12 @@ read_certs(Source) -> Source.

 maybe_write_certs(#{<<"ssl">> := #{<<"enable">> := True} = SSL} = Source) when ?IS_TRUE(True) ->
    Type = maps:get(<<"type">>, Source),
-    {ok, Return} = emqx_tls_lib:ensure_ssl_files(filename:join(["authz", Type]), SSL),
+    case emqx_tls_lib:ensure_ssl_files(filename:join(["authz", Type]), SSL) of
+        {ok, Return} ->
            maps:put(<<"ssl">>, Return, Source);
+        {error, _} ->
+            {error, ensuer_ssl_files_failed}
+    end;
 maybe_write_certs(Source) -> Source.

 write_file(Filename, Bytes0) ->