diff --git a/apps/emqx/src/emqx_authentication.erl b/apps/emqx/src/emqx_authentication.erl index 35f4139c4..778d2d4cb 100644 --- a/apps/emqx/src/emqx_authentication.erl +++ b/apps/emqx/src/emqx_authentication.erl @@ -385,7 +385,8 @@ list_authenticators(ChainName) -> move_authenticator(ChainName, AuthenticatorID, Position) -> call({move_authenticator, ChainName, AuthenticatorID, Position}). --spec import_users(chain_name(), authenticator_id(), binary()) -> ok | {error, term()}. +-spec import_users(chain_name(), authenticator_id(), binary() | {binary(), binary()}) -> + ok | {error, term()}. import_users(ChainName, AuthenticatorID, Filename) -> call({import_users, ChainName, AuthenticatorID, Filename}). diff --git a/apps/emqx_authn/i18n/emqx_authn_user_upload_api_i18n.conf b/apps/emqx_authn/i18n/emqx_authn_user_upload_api_i18n.conf new file mode 100644 index 000000000..877b951fc --- /dev/null +++ b/apps/emqx_authn/i18n/emqx_authn_user_upload_api_i18n.conf @@ -0,0 +1,18 @@ +emqx_authn_user_upload_api { + + authentication_id_upload_users_post { + desc { + en: """Upload file with users into authenticator in global authentication chain.""" + zh: """将带有用户的文件上传到全局身份验证链中的身份验证器。""" + } + } + + listeners_listener_id_authentication_id_upload_users_post { + desc { + en: """Upload file with users into authenticator in listener-specific authentication chain.""" + zh: """将带有用户的文件上传到特定于侦听器的身份验证链中的身份验证器。""" + } + } + + +} diff --git a/apps/emqx_authn/src/emqx_authn_api.erl b/apps/emqx_authn/src/emqx_authn_api.erl index 1f08cf1f2..0369ab541 100644 --- a/apps/emqx_authn/src/emqx_authn_api.erl +++ b/apps/emqx_authn/src/emqx_authn_api.erl @@ -90,7 +90,11 @@ find_user/3, update_user/4, serialize_error/1, - aggregate_metrics/1 + aggregate_metrics/1, + + with_chain/2, + param_auth_id/0, + param_listener_id/0 ]). -elvis([{elvis_style, god_modules, disable}]). diff --git a/apps/emqx_authn/src/emqx_authn_user_upload_api.erl b/apps/emqx_authn/src/emqx_authn_user_upload_api.erl new file mode 100644 index 000000000..19930a77d --- /dev/null +++ b/apps/emqx_authn/src/emqx_authn_user_upload_api.erl @@ -0,0 +1,144 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2022 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- + +-module(emqx_authn_user_upload_api). + +-behaviour(minirest_api). + +-include("emqx_authn.hrl"). +-include_lib("emqx/include/logger.hrl"). +-include_lib("emqx/include/emqx_authentication.hrl"). +-include_lib("hocon/include/hoconsc.hrl"). + +-import(emqx_dashboard_swagger, [error_codes/2]). + +-define(BAD_REQUEST, 'BAD_REQUEST'). +-define(NOT_FOUND, 'NOT_FOUND'). + +% Swagger + +-define(API_TAGS_GLOBAL, [ + ?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME_BINARY, + <<"authentication config(global)">> +]). +-define(API_TAGS_SINGLE, [ + ?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME_BINARY, + <<"authentication config(single listener)">> +]). + +-export([ + api_spec/0, + paths/0, + schema/1 +]). + +-export([ + authenticator_upload_users/2, + listener_authenticator_upload_users/2 +]). + +api_spec() -> + emqx_dashboard_swagger:spec(?MODULE, #{check_schema => false}). + +paths() -> + [ + "/authentication/:id/upload_users", + "/listeners/:listener_id/authentication/:id/upload_users" + ]. + +schema("/authentication/:id/upload_users") -> + #{ + 'operationId' => authenticator_upload_users, + post => #{ + tags => ?API_TAGS_GLOBAL, + description => ?DESC(authentication_id_upload_users_post), + parameters => [emqx_authn_api:param_auth_id()], + 'requestBody' => #{ + content => #{ + 'multipart/form-data' => #{ + schema => #{ + filename => file + } + } + } + }, + responses => #{ + 204 => <<"Users imported">>, + 400 => error_codes([?BAD_REQUEST], <<"Bad Request">>), + 404 => error_codes([?NOT_FOUND], <<"Not Found">>) + } + } + }; +schema("/listeners/:listener_id/authentication/:id/upload_users") -> + #{ + 'operationId' => listener_authenticator_upload_users, + post => #{ + tags => ?API_TAGS_SINGLE, + description => ?DESC(listeners_listener_id_authentication_id_upload_users_post), + parameters => [emqx_authn_api:param_listener_id(), emqx_authn_api:param_auth_id()], + 'requestBody' => #{ + content => #{ + 'multipart/form-data' => #{ + schema => #{ + filename => file + } + } + } + }, + responses => #{ + 204 => <<"Users imported">>, + 400 => error_codes([?BAD_REQUEST], <<"Bad Request">>), + 404 => error_codes([?NOT_FOUND], <<"Not Found">>) + } + } + }. + +authenticator_upload_users( + post, + #{ + bindings := #{id := AuthenticatorID}, + body := #{<<"filename">> := #{type := _} = File} + } +) -> + [{FileName, FileData}] = maps:to_list(maps:without([type], File)), + case emqx_authentication:import_users(?GLOBAL, AuthenticatorID, {FileName, FileData}) of + ok -> {204}; + {error, Reason} -> emqx_authn_api:serialize_error(Reason) + end; +authenticator_upload_users(post, #{bindings := #{id := _}, body := _}) -> + emqx_authn_api:serialize_error({missing_parameter, filename}). + +listener_authenticator_upload_users( + post, + #{ + bindings := #{listener_id := ListenerID, id := AuthenticatorID}, + body := #{<<"filename">> := #{type := _} = File} + } +) -> + [{FileName, FileData}] = maps:to_list(maps:without([type], File)), + emqx_authn_api:with_chain( + ListenerID, + fun(ChainName) -> + case + emqx_authentication:import_users(ChainName, AuthenticatorID, {FileName, FileData}) + of + ok -> {204}; + {error, Reason} -> emqx_authn_api:serialize_error(Reason) + end + end + ); +listener_authenticator_upload_users(post, #{bindings := #{listener_id := _, id := _}, body := _}) -> + emqx_authn_api:serialize_error({missing_parameter, filename}). diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl index bdcca33f8..d7585eb40 100644 --- a/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl +++ b/apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl @@ -182,13 +182,34 @@ destroy(#{user_group := UserGroup}) -> end ). +import_users({Filename0, FileData}, State) -> + Filename = to_binary(Filename0), + case filename:extension(Filename) of + <<".json">> -> + import_users_from_json(FileData, State); + <<".csv">> -> + {ok, CSV} = csv_data_reader(FileData), + import_users_from_csv(CSV, State); + <<>> -> + {error, unknown_file_format}; + Extension -> + {error, {unsupported_file_format, Extension}} + end; import_users(Filename0, State) -> Filename = to_binary(Filename0), case filename:extension(Filename) of <<".json">> -> - import_users_from_json(Filename, State); + case file:read_file(Filename) of + {ok, Data} -> import_users_from_json(Data, State); + {error, _} = Error -> Error + end; <<".csv">> -> - import_users_from_csv(Filename, State); + case csv_file_reader(Filename) of + {ok, CSV} -> + import_users_from_csv(CSV, State); + {error, _} = Error -> + Error + end; <<>> -> {error, unknown_file_format}; Extension -> @@ -327,31 +348,21 @@ run_fuzzy_filter( %%------------------------------------------------------------------------------ %% Example: data/user-credentials.json -import_users_from_json(Filename, #{user_group := UserGroup}) -> - case file:read_file(Filename) of - {ok, Bin} -> - case emqx_json:safe_decode(Bin, [return_maps]) of - {ok, List} -> - trans(fun import/2, [UserGroup, List]); - {error, Reason} -> - {error, Reason} - end; +import_users_from_json(Bin, #{user_group := UserGroup}) -> + case emqx_json:safe_decode(Bin, [return_maps]) of + {ok, List} -> + trans(fun import/2, [UserGroup, List]); {error, Reason} -> {error, Reason} end. %% Example: data/user-credentials.csv -import_users_from_csv(Filename, #{user_group := UserGroup}) -> - case file:open(Filename, [read, binary]) of - {ok, File} -> - case get_csv_header(File) of - {ok, Seq} -> - Result = trans(fun import/3, [UserGroup, File, Seq]), - _ = file:close(File), - Result; - {error, Reason} -> - {error, Reason} - end; +import_users_from_csv(CSV, #{user_group := UserGroup}) -> + case get_csv_header(CSV) of + {ok, Seq, NewCSV} -> + Result = trans(fun import_csv/3, [UserGroup, NewCSV, Seq]), + _ = csv_close(CSV), + Result; {error, Reason} -> {error, Reason} end. @@ -375,9 +386,9 @@ import(_UserGroup, [_ | _More]) -> {error, bad_format}. %% Importing 5w users needs 1.7 seconds -import(UserGroup, File, Seq) -> - case file:read_line(File) of - {ok, Line} -> +import_csv(UserGroup, CSV, Seq) -> + case csv_read_line(CSV) of + {ok, Line, NewCSV} -> Fields = binary:split(Line, [<<",">>, <<" ">>, <<"\n">>], [global, trim_all]), case get_user_info_by_seq(Fields, Seq) of {ok, @@ -388,7 +399,7 @@ import(UserGroup, File, Seq) -> Salt = maps:get(salt, UserInfo, <<>>), IsSuperuser = maps:get(is_superuser, UserInfo, false), insert_user(UserGroup, UserID, PasswordHash, Salt, IsSuperuser), - import(UserGroup, File, Seq); + import_csv(UserGroup, NewCSV, Seq); {error, Reason} -> {error, Reason} end; @@ -398,11 +409,11 @@ import(UserGroup, File, Seq) -> {error, Reason} end. -get_csv_header(File) -> - case file:read_line(File) of - {ok, Line} -> +get_csv_header(CSV) -> + case csv_read_line(CSV) of + {ok, Line, NewCSV} -> Seq = binary:split(Line, [<<",">>, <<" ">>, <<"\n">>], [global, trim_all]), - {ok, Seq}; + {ok, Seq, NewCSV}; eof -> {error, empty_file}; {error, Reason} -> @@ -487,3 +498,34 @@ group_match_spec(UserGroup, QString) -> User end) end. + +csv_file_reader(Filename) -> + case file:open(Filename, [read, binary]) of + {ok, File} -> + {ok, {csv_file_reader, File}}; + {error, Reason} -> + {error, Reason} + end. + +csv_data_reader(Data) -> + Lines = binary:split(Data, [<<"\r">>, <<"\n">>], [global, trim_all]), + {ok, {csv_data_reader, Lines}}. + +csv_read_line({csv_file_reader, File} = CSV) -> + case file:read_line(File) of + {ok, Line} -> + {ok, Line, CSV}; + eof -> + eof; + {error, Reason} -> + {error, Reason} + end; +csv_read_line({csv_data_reader, [Line | Lines]}) -> + {ok, Line, {csv_data_reader, Lines}}; +csv_read_line({csv_data_reader, []}) -> + eof. + +csv_close({csv_file_reader, File}) -> + file:close(File); +csv_close({csv_data_reader, _}) -> + ok. diff --git a/apps/emqx_authn/test/emqx_authn_api_SUITE.erl b/apps/emqx_authn/test/emqx_authn_api_SUITE.erl index 86fc1f66c..d5f049836 100644 --- a/apps/emqx_authn/test/emqx_authn_api_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_api_SUITE.erl @@ -18,7 +18,7 @@ -compile(nowarn_export_all). -compile(export_all). --import(emqx_dashboard_api_test_helpers, [request/3, uri/1]). +-import(emqx_dashboard_api_test_helpers, [request/3, uri/1, multipart_formdata_request/3]). -include("emqx_authn.hrl"). -include_lib("eunit/include/eunit.hrl"). @@ -102,6 +102,9 @@ t_authenticator_move(_) -> t_authenticator_import_users(_) -> test_authenticator_import_users([]). +t_authenticator_upload_users(_) -> + test_authenticator_upload_users([]). + t_listener_authenticators(_) -> test_authenticators(["listeners", ?TCP_DEFAULT]). @@ -120,6 +123,9 @@ t_listener_authenticator_move(_) -> t_listener_authenticator_import_users(_) -> test_authenticator_import_users(["listeners", ?TCP_DEFAULT]). +t_listener_authenticator_upload_users(_) -> + test_authenticator_upload_users(["listeners", ?TCP_DEFAULT]). + t_aggregate_metrics(_) -> Metrics = #{ 'emqx@node1.emqx.io' => #{ @@ -657,6 +663,36 @@ test_authenticator_import_users(PathPrefix) -> {ok, 204, _} = request(post, ImportUri, #{filename => CSVFileName}). +test_authenticator_upload_users(PathPrefix) -> + UploadUri = uri( + PathPrefix ++ + [?CONF_NS, "password_based:built_in_database", "upload_users"] + ), + + {ok, 200, _} = request( + post, + uri(PathPrefix ++ [?CONF_NS]), + emqx_authn_test_lib:built_in_database_example() + ), + + {ok, 400, _} = multipart_formdata_request(UploadUri, [], [ + {filenam, "user-credentials.json", <<>>} + ]), + + Dir = code:lib_dir(emqx_authn, test), + JSONFileName = filename:join([Dir, <<"data/user-credentials.json">>]), + CSVFileName = filename:join([Dir, <<"data/user-credentials.csv">>]), + + {ok, JSONData} = file:read_file(JSONFileName), + {ok, 204, _} = multipart_formdata_request(UploadUri, [], [ + {filename, "user-credentials.json", JSONData} + ]), + + {ok, CSVData} = file:read_file(CSVFileName), + {ok, 204, _} = multipart_formdata_request(UploadUri, [], [ + {filename, "user-credentials.csv", CSVData} + ]). + %%------------------------------------------------------------------------------ %% Helpers %%------------------------------------------------------------------------------ diff --git a/apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl b/apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl index 693bb9eba..83929be80 100644 --- a/apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl @@ -228,54 +228,139 @@ t_import_users(_) -> Config = Config0#{password_hash_algorithm => #{name => sha256}}, {ok, State} = emqx_authn_mnesia:create(?AUTHN_ID, Config), - ok = emqx_authn_mnesia:import_users( - data_filename(<<"user-credentials.json">>), - State + ?assertEqual( + ok, + emqx_authn_mnesia:import_users( + sample_filename(<<"user-credentials.json">>), + State + ) ), - ok = emqx_authn_mnesia:import_users( - data_filename(<<"user-credentials.csv">>), - State + ?assertEqual( + ok, + emqx_authn_mnesia:import_users( + sample_filename_and_data(<<"user-credentials.json">>), + State + ) ), - {error, {unsupported_file_format, _}} = emqx_authn_mnesia:import_users( - <<"/file/with/unknown.extension">>, - State + ?assertEqual( + ok, + emqx_authn_mnesia:import_users( + sample_filename(<<"user-credentials.csv">>), + State + ) ), - {error, unknown_file_format} = emqx_authn_mnesia:import_users( - <<"/file/with/no/extension">>, - State + ?assertEqual( + ok, + emqx_authn_mnesia:import_users( + sample_filename_and_data(<<"user-credentials.csv">>), + State + ) ), - {error, enoent} = emqx_authn_mnesia:import_users( - <<"/file/that/not/exist.json">>, - State + ?assertMatch( + {error, {unsupported_file_format, _}}, + emqx_authn_mnesia:import_users( + <<"/file/with/unknown.extension">>, + State + ) ), - {error, bad_format} = emqx_authn_mnesia:import_users( - data_filename(<<"user-credentials-malformed-0.json">>), - State + ?assertMatch( + {error, {unsupported_file_format, _}}, + emqx_authn_mnesia:import_users( + {<<"/file/with/unknown.extension">>, <<>>}, + State + ) ), - {error, {_, invalid_json}} = emqx_authn_mnesia:import_users( - data_filename(<<"user-credentials-malformed-1.json">>), - State + ?assertEqual( + {error, unknown_file_format}, + emqx_authn_mnesia:import_users( + <<"/file/with/no/extension">>, + State + ) ), - {error, bad_format} = emqx_authn_mnesia:import_users( - data_filename(<<"user-credentials-malformed.csv">>), - State + ?assertEqual( + {error, unknown_file_format}, + emqx_authn_mnesia:import_users( + {<<"/file/with/no/extension">>, <<>>}, + State + ) + ), + + ?assertEqual( + {error, enoent}, + emqx_authn_mnesia:import_users( + <<"/file/that/not/exist.json">>, + State + ) + ), + + ?assertEqual( + {error, bad_format}, + emqx_authn_mnesia:import_users( + sample_filename(<<"user-credentials-malformed-0.json">>), + State + ) + ), + + ?assertEqual( + {error, bad_format}, + emqx_authn_mnesia:import_users( + sample_filename_and_data(<<"user-credentials-malformed-0.json">>), + State + ) + ), + + ?assertMatch( + {error, {_, invalid_json}}, + emqx_authn_mnesia:import_users( + sample_filename(<<"user-credentials-malformed-1.json">>), + State + ) + ), + + ?assertMatch( + {error, {_, invalid_json}}, + emqx_authn_mnesia:import_users( + sample_filename_and_data(<<"user-credentials-malformed-1.json">>), + State + ) + ), + + ?assertEqual( + {error, bad_format}, + emqx_authn_mnesia:import_users( + sample_filename(<<"user-credentials-malformed.csv">>), + State + ) + ), + + ?assertEqual( + {error, bad_format}, + emqx_authn_mnesia:import_users( + sample_filename_and_data(<<"user-credentials-malformed.csv">>), + State + ) ). %%------------------------------------------------------------------------------ %% Helpers %%------------------------------------------------------------------------------ -data_filename(Name) -> +sample_filename(Name) -> Dir = code:lib_dir(emqx_authn, test), filename:join([Dir, <<"data">>, Name]). +sample_filename_and_data(Name) -> + Filename = sample_filename(Name), + {ok, Data} = file:read_file(Filename), + {Filename, Data}. + config() -> #{ user_id_type => username, diff --git a/apps/emqx_dashboard/test/emqx_dashboard_api_test_helpers.erl b/apps/emqx_dashboard/test/emqx_dashboard_api_test_helpers.erl index 0f3405b57..eacca6aa2 100644 --- a/apps/emqx_dashboard/test/emqx_dashboard_api_test_helpers.erl +++ b/apps/emqx_dashboard/test/emqx_dashboard_api_test_helpers.erl @@ -22,6 +22,8 @@ request/2, request/3, request/4, + multipart_formdata_request/3, + multipart_formdata_request/4, uri/0, uri/1 ]). @@ -97,3 +99,67 @@ auth_header(Username) -> Password = <<"public">>, {ok, Token} = emqx_dashboard_admin:sign_token(Username, Password), {"Authorization", "Bearer " ++ binary_to_list(Token)}. + +multipart_formdata_request(Url, Fields, Files) -> + multipart_formdata_request(Url, <<"admin">>, Fields, Files). + +multipart_formdata_request(Url, Username, Fields, Files) -> + Boundary = + "------------" ++ integer_to_list(rand:uniform(99999999999999999)) ++ + integer_to_list(erlang:system_time(millisecond)), + Body = format_multipart_formdata(Boundary, Fields, Files), + ContentType = lists:concat(["multipart/form-data; boundary=", Boundary]), + Headers = + [ + auth_header(Username), + {"Content-Length", integer_to_list(length(Body))} + ], + case httpc:request(post, {Url, Headers, ContentType, Body}, [], []) of + {error, socket_closed_remotely} -> + {error, socket_closed_remotely}; + {ok, {{"HTTP/1.1", Code, _}, _Headers, Return}} -> + {ok, Code, Return}; + {ok, {Reason, _, _}} -> + {error, Reason} + end. + +format_multipart_formdata(Boundary, Fields, Files) -> + FieldParts = lists:map( + fun({FieldName, FieldContent}) -> + [ + lists:concat(["--", Boundary]), + lists:concat([ + "Content-Disposition: form-data; name=\"", atom_to_list(FieldName), "\"" + ]), + "", + to_list(FieldContent) + ] + end, + Fields + ), + FieldParts2 = lists:append(FieldParts), + FileParts = lists:map( + fun({FieldName, FileName, FileContent}) -> + [ + lists:concat(["--", Boundary]), + lists:concat([ + "Content-Disposition: form-data; name=\"", + atom_to_list(FieldName), + "\"; filename=\"", + FileName, + "\"" + ]), + lists:concat(["Content-Type: ", "application/octet-stream"]), + "", + to_list(FileContent) + ] + end, + Files + ), + FileParts2 = lists:append(FileParts), + EndingParts = [lists:concat(["--", Boundary, "--"]), ""], + Parts = lists:append([FieldParts2, FileParts2, EndingParts]), + string:join(Parts, "\r\n"). + +to_list(Bin) when is_binary(Bin) -> binary_to_list(Bin); +to_list(Str) when is_list(Str) -> Str. diff --git a/apps/emqx_gateway/i18n/emqx_gateway_api_authn_user_upload_i18n.conf b/apps/emqx_gateway/i18n/emqx_gateway_api_authn_user_upload_i18n.conf new file mode 100644 index 000000000..90a7cd378 --- /dev/null +++ b/apps/emqx_gateway/i18n/emqx_gateway_api_authn_user_upload_i18n.conf @@ -0,0 +1,17 @@ +emqx_gateway_api_authn_user_upload { + + upload_users { + desc { + en: """Upload file with users into the gateway authentication""" + zh: """将带有用户的文件上传到网关身份验证中。""" + } + } + + upload_listener_users { + desc { + en: """Upload file with users into listener-specific authentication""" + zh: """将带有用户的文件上传到特定于侦听器的身份验证中。""" + } + } + +} diff --git a/apps/emqx_gateway/src/emqx_gateway_api_authn_user_upload.erl b/apps/emqx_gateway/src/emqx_gateway_api_authn_user_upload.erl new file mode 100644 index 000000000..a3b5035f3 --- /dev/null +++ b/apps/emqx_gateway/src/emqx_gateway_api_authn_user_upload.erl @@ -0,0 +1,190 @@ +%%-------------------------------------------------------------------- +%% Copyright (c) 2021-2022 EMQ Technologies Co., Ltd. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%%-------------------------------------------------------------------- + +-module(emqx_gateway_api_authn_user_upload). + +-behaviour(minirest_api). + +-include("emqx_gateway_http.hrl"). +-include_lib("hocon/include/hoconsc.hrl"). +-include_lib("typerefl/include/types.hrl"). + +-import(emqx_dashboard_swagger, [error_codes/2]). +-import(hoconsc, [mk/2, ref/2]). +-import( + emqx_gateway_http, + [ + with_authn/2, + with_listener_authn/3 + ] +). + +%% minirest/dashbaord_swagger behaviour callbacks +-export([ + api_spec/0, + paths/0, + schema/1 +]). + +%% http handlers +-export([ + upload_users/2, + upload_listener_users/2 +]). + +%%-------------------------------------------------------------------- +%% minirest behaviour callbacks +%%-------------------------------------------------------------------- + +api_spec() -> + emqx_dashboard_swagger:spec(?MODULE, #{check_schema => false}). + +paths() -> + [ + "/gateway/:name/authentication/upload_users", + "/gateway/:name/listeners/:id/authentication/upload_users" + ]. + +%%-------------------------------------------------------------------- +%% http handlers + +upload_users(post, #{ + bindings := #{name := Name0}, + body := Body +}) -> + with_authn(Name0, fun( + _GwName, + #{ + id := AuthId, + chain_name := ChainName + } + ) -> + case maps:get(<<"filename">>, Body, undefined) of + undefined -> + emqx_authn_api:serialize_error({missing_parameter, filename}); + File -> + [{FileName, FileData}] = maps:to_list(maps:without([type], File)), + case + emqx_authentication:import_users( + ChainName, AuthId, {FileName, FileData} + ) + of + ok -> {204}; + {error, Reason} -> emqx_authn_api:serialize_error(Reason) + end + end + end). + +upload_listener_users(post, #{ + bindings := #{name := Name0, id := Id}, + body := Body +}) -> + with_listener_authn( + Name0, + Id, + fun(_GwName, #{id := AuthId, chain_name := ChainName}) -> + case maps:get(<<"filename">>, Body, undefined) of + undefined -> + emqx_authn_api:serialize_error({missing_parameter, filename}); + File -> + [{FileName, FileData}] = maps:to_list(maps:without([type], File)), + case + emqx_authentication:import_users( + ChainName, AuthId, {FileName, FileData} + ) + of + ok -> {204}; + {error, Reason} -> emqx_authn_api:serialize_error(Reason) + end + end + end + ). + +%%-------------------------------------------------------------------- +%% Swagger defines +%%-------------------------------------------------------------------- + +schema("/gateway/:name/authentication/upload_users") -> + #{ + 'operationId' => upload_users, + post => + #{ + desc => ?DESC(upload_users), + parameters => params_gateway_name_in_path(), + 'requestBody' => #{ + content => #{ + 'multipart/form-data' => #{ + schema => #{ + filename => file + } + } + } + }, + responses => + ?STANDARD_RESP(#{204 => <<"Imported">>}) + } + }; +schema("/gateway/:name/listeners/:id/authentication/upload_users") -> + #{ + 'operationId' => upload_listener_users, + post => + #{ + desc => ?DESC(upload_listener_users), + parameters => params_gateway_name_in_path() ++ + params_listener_id_in_path(), + 'requestBody' => #{ + content => #{ + 'multipart/form-data' => #{ + schema => #{ + filename => file + } + } + } + }, + responses => + ?STANDARD_RESP(#{204 => <<"Imported">>}) + } + }. + +%%-------------------------------------------------------------------- +%% params defines +%%-------------------------------------------------------------------- + +params_gateway_name_in_path() -> + [ + {name, + mk( + binary(), + #{ + in => path, + desc => ?DESC(emqx_gateway_api, gateway_name), + example => <<"stomp">> + } + )} + ]. + +params_listener_id_in_path() -> + [ + {id, + mk( + binary(), + #{ + in => path, + desc => ?DESC(emqx_gateway_api_listeners, listener_id), + example => <<"stomp:tcp:def">> + } + )} + ]. diff --git a/apps/emqx_gateway/test/emqx_gateway_api_SUITE.erl b/apps/emqx_gateway/test/emqx_gateway_api_SUITE.erl index d2f967c68..fff8e64e9 100644 --- a/apps/emqx_gateway/test/emqx_gateway_api_SUITE.erl +++ b/apps/emqx_gateway/test/emqx_gateway_api_SUITE.erl @@ -312,6 +312,23 @@ t_authn_data_mgmt(_) -> "/gateway/stomp/authentication/users" ), + UploadUri = emqx_dashboard_api_test_helpers:uri( + ["gateway", "stomp", "authentication", "upload_users"] + ), + + Dir = code:lib_dir(emqx_authn, test), + JSONFileName = filename:join([Dir, <<"data/user-credentials.json">>]), + {ok, JSONData} = file:read_file(JSONFileName), + {ok, 204, _} = emqx_dashboard_api_test_helpers:multipart_formdata_request(UploadUri, [], [ + {filename, "user-credentials.json", JSONData} + ]), + + CSVFileName = filename:join([Dir, <<"data/user-credentials.csv">>]), + {ok, CSVData} = file:read_file(CSVFileName), + {ok, 204, _} = emqx_dashboard_api_test_helpers:multipart_formdata_request(UploadUri, [], [ + {filename, "user-credentials.csv", CSVData} + ]), + {204, _} = request(delete, "/gateway/stomp/authentication"), {204, _} = request(get, "/gateway/stomp/authentication"), {204, _} = request(delete, "/gateway/stomp"). @@ -451,6 +468,24 @@ t_listeners_authn_data_mgmt(_) -> get, Path ++ "/users" ), + + UploadUri = emqx_dashboard_api_test_helpers:uri( + ["gateway", "stomp", "listeners", "stomp:tcp:def", "authentication", "upload_users"] + ), + + Dir = code:lib_dir(emqx_authn, test), + JSONFileName = filename:join([Dir, <<"data/user-credentials.json">>]), + {ok, JSONData} = file:read_file(JSONFileName), + {ok, 204, _} = emqx_dashboard_api_test_helpers:multipart_formdata_request(UploadUri, [], [ + {filename, "user-credentials.json", JSONData} + ]), + + CSVFileName = filename:join([Dir, <<"data/user-credentials.csv">>]), + {ok, CSVData} = file:read_file(CSVFileName), + {ok, 204, _} = emqx_dashboard_api_test_helpers:multipart_formdata_request(UploadUri, [], [ + {filename, "user-credentials.csv", CSVData} + ]), + {204, _} = request(delete, "/gateway/stomp"). t_authn_fuzzy_search(_) ->