yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(authn api): add method for user file upload

This commit is contained in:
Ilya Averyanov 2022-05-31 00:20:22 +03:00
parent b80f038fcc
commit 3be617cf40
11 changed files with 696 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/emqx/src/emqx_authentication.erl
View File

@ -385,7 +385,8 @@ list_authenticators(ChainName) ->
move_authenticator(ChainName, AuthenticatorID, Position) -> move_authenticator(ChainName, AuthenticatorID, Position) ->
call({move_authenticator, ChainName, AuthenticatorID, Position}). call({move_authenticator, ChainName, AuthenticatorID, Position}).
-spec import_users(chain_name(), authenticator_id(), binary()) -> ok | {error, term()}. -spec import_users(chain_name(), authenticator_id(), binary() | {binary(), binary()}) ->
ok | {error, term()}.
import_users(ChainName, AuthenticatorID, Filename) -> import_users(ChainName, AuthenticatorID, Filename) ->
call({import_users, ChainName, AuthenticatorID, Filename}). call({import_users, ChainName, AuthenticatorID, Filename}).

18
apps/emqx_authn/i18n/emqx_authn_user_upload_api_i18n.conf Normal file
View File

@ -0,0 +1,18 @@
emqx_authn_user_upload_api {
authentication_id_upload_users_post {
desc {
en: """Upload file with users into authenticator in global authentication chain."""
zh: """将带有用户的文件上传到全局身份验证链中的身份验证器。"""
}
}
listeners_listener_id_authentication_id_upload_users_post {
desc {
en: """Upload file with users into authenticator in listener-specific authentication chain."""
zh: """将带有用户的文件上传到特定于侦听器的身份验证链中的身份验证器。"""
}
}
}

6
apps/emqx_authn/src/emqx_authn_api.erl
View File

@ -90,7 +90,11 @@
find_user/3, find_user/3,
update_user/4, update_user/4,
serialize_error/1, serialize_error/1,
aggregate_metrics/1 aggregate_metrics/1,
with_chain/2,
param_auth_id/0,
param_listener_id/0
]). ]).
-elvis([{elvis_style, god_modules, disable}]). -elvis([{elvis_style, god_modules, disable}]).

144
apps/emqx_authn/src/emqx_authn_user_upload_api.erl Normal file
View File

@ -0,0 +1,144 @@
%%--------------------------------------------------------------------
%% Copyright (c) 2022 EMQ Technologies Co., Ltd. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%% http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%--------------------------------------------------------------------
-module(emqx_authn_user_upload_api).
-behaviour(minirest_api).
-include("emqx_authn.hrl").
-include_lib("emqx/include/logger.hrl").
-include_lib("emqx/include/emqx_authentication.hrl").
-include_lib("hocon/include/hoconsc.hrl").
-import(emqx_dashboard_swagger, [error_codes/2]).
-define(BAD_REQUEST, 'BAD_REQUEST').
-define(NOT_FOUND, 'NOT_FOUND').
% Swagger
-define(API_TAGS_GLOBAL, [
?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME_BINARY,
<<"authentication config(global)">>
]).
-define(API_TAGS_SINGLE, [
?EMQX_AUTHENTICATION_CONFIG_ROOT_NAME_BINARY,
<<"authentication config(single listener)">>
]).
-export([
api_spec/0,
paths/0,
schema/1
]).
-export([
authenticator_upload_users/2,
listener_authenticator_upload_users/2
]).
api_spec() ->
emqx_dashboard_swagger:spec(?MODULE, #{check_schema => false}).
paths() ->
[
"/authentication/:id/upload_users",
"/listeners/:listener_id/authentication/:id/upload_users"
].
schema("/authentication/:id/upload_users") ->
#{
'operationId' => authenticator_upload_users,
post => #{
tags => ?API_TAGS_GLOBAL,
description => ?DESC(authentication_id_upload_users_post),
parameters => [emqx_authn_api:param_auth_id()],
'requestBody' => #{
content => #{
'multipart/form-data' => #{
schema => #{
filename => file
}
}
}
},
responses => #{
204 => <<"Users imported">>,
400 => error_codes([?BAD_REQUEST], <<"Bad Request">>),
404 => error_codes([?NOT_FOUND], <<"Not Found">>)
}
}
};
schema("/listeners/:listener_id/authentication/:id/upload_users") ->
#{
'operationId' => listener_authenticator_upload_users,
post => #{
tags => ?API_TAGS_SINGLE,
description => ?DESC(listeners_listener_id_authentication_id_upload_users_post),
parameters => [emqx_authn_api:param_listener_id(), emqx_authn_api:param_auth_id()],
'requestBody' => #{
content => #{
'multipart/form-data' => #{
schema => #{
filename => file
}
}
}
},
responses => #{
204 => <<"Users imported">>,
400 => error_codes([?BAD_REQUEST], <<"Bad Request">>),
404 => error_codes([?NOT_FOUND], <<"Not Found">>)
}
}
}.
authenticator_upload_users(
post,
#{
bindings := #{id := AuthenticatorID},
body := #{<<"filename">> := #{type := _} = File}
}
) ->
[{FileName, FileData}] = maps:to_list(maps:without([type], File)),
case emqx_authentication:import_users(?GLOBAL, AuthenticatorID, {FileName, FileData}) of
ok -> {204};
{error, Reason} -> emqx_authn_api:serialize_error(Reason)
end;
authenticator_upload_users(post, #{bindings := #{id := _}, body := _}) ->
emqx_authn_api:serialize_error({missing_parameter, filename}).
listener_authenticator_upload_users(
post,
#{
bindings := #{listener_id := ListenerID, id := AuthenticatorID},
body := #{<<"filename">> := #{type := _} = File}
}
) ->
[{FileName, FileData}] = maps:to_list(maps:without([type], File)),
emqx_authn_api:with_chain(
ListenerID,
fun(ChainName) ->
case
emqx_authentication:import_users(ChainName, AuthenticatorID, {FileName, FileData})
of
ok -> {204};
{error, Reason} -> emqx_authn_api:serialize_error(Reason)
end
end
);
listener_authenticator_upload_users(post, #{bindings := #{listener_id := _, id := _}, body := _}) ->
emqx_authn_api:serialize_error({missing_parameter, filename}).

102
apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
View File

@ -182,13 +182,34 @@ destroy(#{user_group := UserGroup}) ->
end end
). ).
import_users({Filename0, FileData}, State) ->
Filename = to_binary(Filename0),
case filename:extension(Filename) of
<<".json">> ->
import_users_from_json(FileData, State);
<<".csv">> ->
{ok, CSV} = csv_data_reader(FileData),
import_users_from_csv(CSV, State);
<<>> ->
{error, unknown_file_format};
Extension ->
{error, {unsupported_file_format, Extension}}
end;
import_users(Filename0, State) -> import_users(Filename0, State) ->
Filename = to_binary(Filename0), Filename = to_binary(Filename0),
case filename:extension(Filename) of case filename:extension(Filename) of
<<".json">> -> <<".json">> ->
import_users_from_json(Filename, State); case file:read_file(Filename) of
{ok, Data} -> import_users_from_json(Data, State);
{error, _} = Error -> Error
end;
<<".csv">> -> <<".csv">> ->
import_users_from_csv(Filename, State); case csv_file_reader(Filename) of
{ok, CSV} ->
import_users_from_csv(CSV, State);
{error, _} = Error ->
Error
end;
<<>> -> <<>> ->
{error, unknown_file_format}; {error, unknown_file_format};
Extension -> Extension ->
@ -327,31 +348,21 @@ run_fuzzy_filter(
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
%% Example: data/user-credentials.json %% Example: data/user-credentials.json
import_users_from_json(Filename, #{user_group := UserGroup}) -> import_users_from_json(Bin, #{user_group := UserGroup}) ->
case file:read_file(Filename) of case emqx_json:safe_decode(Bin, [return_maps]) of
{ok, Bin} -> {ok, List} ->
case emqx_json:safe_decode(Bin, [return_maps]) of trans(fun import/2, [UserGroup, List]);
{ok, List} ->
trans(fun import/2, [UserGroup, List]);
{error, Reason} ->
{error, Reason}
end;
{error, Reason} -> {error, Reason} ->
{error, Reason} {error, Reason}
end. end.
%% Example: data/user-credentials.csv %% Example: data/user-credentials.csv
import_users_from_csv(Filename, #{user_group := UserGroup}) -> import_users_from_csv(CSV, #{user_group := UserGroup}) ->
case file:open(Filename, [read, binary]) of case get_csv_header(CSV) of
{ok, File} -> {ok, Seq, NewCSV} ->
case get_csv_header(File) of Result = trans(fun import_csv/3, [UserGroup, NewCSV, Seq]),
{ok, Seq} -> _ = csv_close(CSV),
Result = trans(fun import/3, [UserGroup, File, Seq]), Result;
_ = file:close(File),
Result;
{error, Reason} ->
{error, Reason}
end;
{error, Reason} -> {error, Reason} ->
{error, Reason} {error, Reason}
end. end.
@ -375,9 +386,9 @@ import(_UserGroup, [_ | _More]) ->
{error, bad_format}. {error, bad_format}.
%% Importing 5w users needs 1.7 seconds %% Importing 5w users needs 1.7 seconds
import(UserGroup, File, Seq) -> import_csv(UserGroup, CSV, Seq) ->
case file:read_line(File) of case csv_read_line(CSV) of
{ok, Line} -> {ok, Line, NewCSV} ->
Fields = binary:split(Line, [<<",">>, <<" ">>, <<"\n">>], [global, trim_all]), Fields = binary:split(Line, [<<",">>, <<" ">>, <<"\n">>], [global, trim_all]),
case get_user_info_by_seq(Fields, Seq) of case get_user_info_by_seq(Fields, Seq) of
{ok, {ok,
@ -388,7 +399,7 @@ import(UserGroup, File, Seq) ->
Salt = maps:get(salt, UserInfo, <<>>), Salt = maps:get(salt, UserInfo, <<>>),
IsSuperuser = maps:get(is_superuser, UserInfo, false), IsSuperuser = maps:get(is_superuser, UserInfo, false),
insert_user(UserGroup, UserID, PasswordHash, Salt, IsSuperuser), insert_user(UserGroup, UserID, PasswordHash, Salt, IsSuperuser),
import(UserGroup, File, Seq); import_csv(UserGroup, NewCSV, Seq);
{error, Reason} -> {error, Reason} ->
{error, Reason} {error, Reason}
end; end;
@ -398,11 +409,11 @@ import(UserGroup, File, Seq) ->
{error, Reason} {error, Reason}
end. end.
get_csv_header(File) -> get_csv_header(CSV) ->
case file:read_line(File) of case csv_read_line(CSV) of
{ok, Line} -> {ok, Line, NewCSV} ->
Seq = binary:split(Line, [<<",">>, <<" ">>, <<"\n">>], [global, trim_all]), Seq = binary:split(Line, [<<",">>, <<" ">>, <<"\n">>], [global, trim_all]),
{ok, Seq}; {ok, Seq, NewCSV};
eof -> eof ->
{error, empty_file}; {error, empty_file};
{error, Reason} -> {error, Reason} ->
@ -487,3 +498,34 @@ group_match_spec(UserGroup, QString) ->
User User
end) end)
end. end.
csv_file_reader(Filename) ->
case file:open(Filename, [read, binary]) of
{ok, File} ->
{ok, {csv_file_reader, File}};
{error, Reason} ->
{error, Reason}
end.
csv_data_reader(Data) ->
Lines = binary:split(Data, [<<"\r">>, <<"\n">>], [global, trim_all]),
{ok, {csv_data_reader, Lines}}.
csv_read_line({csv_file_reader, File} = CSV) ->
case file:read_line(File) of
{ok, Line} ->
{ok, Line, CSV};
eof ->
eof;
{error, Reason} ->
{error, Reason}
end;
csv_read_line({csv_data_reader, [Line | Lines]}) ->
{ok, Line, {csv_data_reader, Lines}};
csv_read_line({csv_data_reader, []}) ->
eof.
csv_close({csv_file_reader, File}) ->
file:close(File);
csv_close({csv_data_reader, _}) ->
ok.

38
apps/emqx_authn/test/emqx_authn_api_SUITE.erl
View File

@ -18,7 +18,7 @@
-compile(nowarn_export_all). -compile(nowarn_export_all).
-compile(export_all). -compile(export_all).
-import(emqx_dashboard_api_test_helpers, [request/3, uri/1]). -import(emqx_dashboard_api_test_helpers, [request/3, uri/1, multipart_formdata_request/3]).
-include("emqx_authn.hrl"). -include("emqx_authn.hrl").
-include_lib("eunit/include/eunit.hrl"). -include_lib("eunit/include/eunit.hrl").
@ -102,6 +102,9 @@ t_authenticator_move(_) ->
t_authenticator_import_users(_) -> t_authenticator_import_users(_) ->
test_authenticator_import_users([]). test_authenticator_import_users([]).
t_authenticator_upload_users(_) ->
test_authenticator_upload_users([]).
t_listener_authenticators(_) -> t_listener_authenticators(_) ->
test_authenticators(["listeners", ?TCP_DEFAULT]). test_authenticators(["listeners", ?TCP_DEFAULT]).
@ -120,6 +123,9 @@ t_listener_authenticator_move(_) ->
t_listener_authenticator_import_users(_) -> t_listener_authenticator_import_users(_) ->
test_authenticator_import_users(["listeners", ?TCP_DEFAULT]). test_authenticator_import_users(["listeners", ?TCP_DEFAULT]).
t_listener_authenticator_upload_users(_) ->
test_authenticator_upload_users(["listeners", ?TCP_DEFAULT]).
t_aggregate_metrics(_) -> t_aggregate_metrics(_) ->
Metrics = #{ Metrics = #{
'emqx@node1.emqx.io' => #{ 'emqx@node1.emqx.io' => #{
@ -657,6 +663,36 @@ test_authenticator_import_users(PathPrefix) ->
{ok, 204, _} = request(post, ImportUri, #{filename => CSVFileName}). {ok, 204, _} = request(post, ImportUri, #{filename => CSVFileName}).
test_authenticator_upload_users(PathPrefix) ->
UploadUri = uri(
PathPrefix ++
[?CONF_NS, "password_based:built_in_database", "upload_users"]
),
{ok, 200, _} = request(
post,
uri(PathPrefix ++ [?CONF_NS]),
emqx_authn_test_lib:built_in_database_example()
),
{ok, 400, _} = multipart_formdata_request(UploadUri, [], [
{filenam, "user-credentials.json", <<>>}
]),
Dir = code:lib_dir(emqx_authn, test),
JSONFileName = filename:join([Dir, <<"data/user-credentials.json">>]),
CSVFileName = filename:join([Dir, <<"data/user-credentials.csv">>]),
{ok, JSONData} = file:read_file(JSONFileName),
{ok, 204, _} = multipart_formdata_request(UploadUri, [], [
{filename, "user-credentials.json", JSONData}
]),
{ok, CSVData} = file:read_file(CSVFileName),
{ok, 204, _} = multipart_formdata_request(UploadUri, [], [
{filename, "user-credentials.csv", CSVData}
]).
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
%% Helpers %% Helpers
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------

135
apps/emqx_authn/test/emqx_authn_mnesia_SUITE.erl
View File

@ -228,54 +228,139 @@ t_import_users(_) ->
Config = Config0#{password_hash_algorithm => #{name => sha256}}, Config = Config0#{password_hash_algorithm => #{name => sha256}},
{ok, State} = emqx_authn_mnesia:create(?AUTHN_ID, Config), {ok, State} = emqx_authn_mnesia:create(?AUTHN_ID, Config),
ok = emqx_authn_mnesia:import_users( ?assertEqual(
data_filename(<<"user-credentials.json">>), ok,
State emqx_authn_mnesia:import_users(
sample_filename(<<"user-credentials.json">>),
State
)
), ),
ok = emqx_authn_mnesia:import_users( ?assertEqual(
data_filename(<<"user-credentials.csv">>), ok,
State emqx_authn_mnesia:import_users(
sample_filename_and_data(<<"user-credentials.json">>),
State
)
), ),
{error, {unsupported_file_format, _}} = emqx_authn_mnesia:import_users( ?assertEqual(
<<"/file/with/unknown.extension">>, ok,
State emqx_authn_mnesia:import_users(
sample_filename(<<"user-credentials.csv">>),
State
)
), ),
{error, unknown_file_format} = emqx_authn_mnesia:import_users( ?assertEqual(
<<"/file/with/no/extension">>, ok,
State emqx_authn_mnesia:import_users(
sample_filename_and_data(<<"user-credentials.csv">>),
State
)
), ),
{error, enoent} = emqx_authn_mnesia:import_users( ?assertMatch(
<<"/file/that/not/exist.json">>, {error, {unsupported_file_format, _}},
State emqx_authn_mnesia:import_users(
<<"/file/with/unknown.extension">>,
State
)
), ),
{error, bad_format} = emqx_authn_mnesia:import_users( ?assertMatch(
data_filename(<<"user-credentials-malformed-0.json">>), {error, {unsupported_file_format, _}},
State emqx_authn_mnesia:import_users(
{<<"/file/with/unknown.extension">>, <<>>},
State
)
), ),
{error, {_, invalid_json}} = emqx_authn_mnesia:import_users( ?assertEqual(
data_filename(<<"user-credentials-malformed-1.json">>), {error, unknown_file_format},
State emqx_authn_mnesia:import_users(
<<"/file/with/no/extension">>,
State
)
), ),
{error, bad_format} = emqx_authn_mnesia:import_users( ?assertEqual(
data_filename(<<"user-credentials-malformed.csv">>), {error, unknown_file_format},
State emqx_authn_mnesia:import_users(
{<<"/file/with/no/extension">>, <<>>},
State
)
),
?assertEqual(
{error, enoent},
emqx_authn_mnesia:import_users(
<<"/file/that/not/exist.json">>,
State
)
),
?assertEqual(
{error, bad_format},
emqx_authn_mnesia:import_users(
sample_filename(<<"user-credentials-malformed-0.json">>),
State
)
),
?assertEqual(
{error, bad_format},
emqx_authn_mnesia:import_users(
sample_filename_and_data(<<"user-credentials-malformed-0.json">>),
State
)
),
?assertMatch(
{error, {_, invalid_json}},
emqx_authn_mnesia:import_users(
sample_filename(<<"user-credentials-malformed-1.json">>),
State
)
),
?assertMatch(
{error, {_, invalid_json}},
emqx_authn_mnesia:import_users(
sample_filename_and_data(<<"user-credentials-malformed-1.json">>),
State
)
),
?assertEqual(
{error, bad_format},
emqx_authn_mnesia:import_users(
sample_filename(<<"user-credentials-malformed.csv">>),
State
)
),
?assertEqual(
{error, bad_format},
emqx_authn_mnesia:import_users(
sample_filename_and_data(<<"user-credentials-malformed.csv">>),
State
)
). ).
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
%% Helpers %% Helpers
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
data_filename(Name) -> sample_filename(Name) ->
Dir = code:lib_dir(emqx_authn, test), Dir = code:lib_dir(emqx_authn, test),
filename:join([Dir, <<"data">>, Name]). filename:join([Dir, <<"data">>, Name]).
sample_filename_and_data(Name) ->
Filename = sample_filename(Name),
{ok, Data} = file:read_file(Filename),
{Filename, Data}.
config() -> config() ->
#{ #{
user_id_type => username, user_id_type => username,

66
apps/emqx_dashboard/test/emqx_dashboard_api_test_helpers.erl
View File

@ -22,6 +22,8 @@
request/2, request/2,
request/3, request/3,
request/4, request/4,
multipart_formdata_request/3,
multipart_formdata_request/4,
uri/0, uri/0,
uri/1 uri/1
]). ]).
@ -97,3 +99,67 @@ auth_header(Username) ->
Password = <<"public">>, Password = <<"public">>,
{ok, Token} = emqx_dashboard_admin:sign_token(Username, Password), {ok, Token} = emqx_dashboard_admin:sign_token(Username, Password),
{"Authorization", "Bearer " ++ binary_to_list(Token)}. {"Authorization", "Bearer " ++ binary_to_list(Token)}.
multipart_formdata_request(Url, Fields, Files) ->
multipart_formdata_request(Url, <<"admin">>, Fields, Files).
multipart_formdata_request(Url, Username, Fields, Files) ->
Boundary =
"------------" ++ integer_to_list(rand:uniform(99999999999999999)) ++
integer_to_list(erlang:system_time(millisecond)),
Body = format_multipart_formdata(Boundary, Fields, Files),
ContentType = lists:concat(["multipart/form-data; boundary=", Boundary]),
Headers =
[
auth_header(Username),
{"Content-Length", integer_to_list(length(Body))}
],
case httpc:request(post, {Url, Headers, ContentType, Body}, [], []) of
{error, socket_closed_remotely} ->
{error, socket_closed_remotely};
{ok, {{"HTTP/1.1", Code, _}, _Headers, Return}} ->
{ok, Code, Return};
{ok, {Reason, _, _}} ->
{error, Reason}
end.
format_multipart_formdata(Boundary, Fields, Files) ->
FieldParts = lists:map(
fun({FieldName, FieldContent}) ->
[
lists:concat(["--", Boundary]),
lists:concat([
"Content-Disposition: form-data; name=\"", atom_to_list(FieldName), "\""
]),
"",
to_list(FieldContent)
]
end,
Fields
),
FieldParts2 = lists:append(FieldParts),
FileParts = lists:map(
fun({FieldName, FileName, FileContent}) ->
[
lists:concat(["--", Boundary]),
lists:concat([
"Content-Disposition: form-data; name=\"",
atom_to_list(FieldName),
"\"; filename=\"",
FileName,
"\""
]),
lists:concat(["Content-Type: ", "application/octet-stream"]),
"",
to_list(FileContent)
]
end,
Files
),
FileParts2 = lists:append(FileParts),
EndingParts = [lists:concat(["--", Boundary, "--"]), ""],
Parts = lists:append([FieldParts2, FileParts2, EndingParts]),
string:join(Parts, "\r\n").
to_list(Bin) when is_binary(Bin) -> binary_to_list(Bin);
to_list(Str) when is_list(Str) -> Str.

17
apps/emqx_gateway/i18n/emqx_gateway_api_authn_user_upload_i18n.conf Normal file
View File

@ -0,0 +1,17 @@
emqx_gateway_api_authn_user_upload {
upload_users {
desc {
en: """Upload file with users into the gateway authentication"""
zh: """将带有用户的文件上传到网关身份验证中。"""
}
}
upload_listener_users {
desc {
en: """Upload file with users into listener-specific authentication"""
zh: """将带有用户的文件上传到特定于侦听器的身份验证中。"""
}
}
}

190
apps/emqx_gateway/src/emqx_gateway_api_authn_user_upload.erl Normal file
View File

@ -0,0 +1,190 @@
%%--------------------------------------------------------------------
%% Copyright (c) 2021-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%% http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%--------------------------------------------------------------------
-module(emqx_gateway_api_authn_user_upload).
-behaviour(minirest_api).
-include("emqx_gateway_http.hrl").
-include_lib("hocon/include/hoconsc.hrl").
-include_lib("typerefl/include/types.hrl").
-import(emqx_dashboard_swagger, [error_codes/2]).
-import(hoconsc, [mk/2, ref/2]).
-import(
emqx_gateway_http,
[
with_authn/2,
with_listener_authn/3
]
).
%% minirest/dashbaord_swagger behaviour callbacks
-export([
api_spec/0,
paths/0,
schema/1
]).
%% http handlers
-export([
upload_users/2,
upload_listener_users/2
]).
%%--------------------------------------------------------------------
%% minirest behaviour callbacks
%%--------------------------------------------------------------------
api_spec() ->
emqx_dashboard_swagger:spec(?MODULE, #{check_schema => false}).
paths() ->
[
"/gateway/:name/authentication/upload_users",
"/gateway/:name/listeners/:id/authentication/upload_users"
].
%%--------------------------------------------------------------------
%% http handlers
upload_users(post, #{
bindings := #{name := Name0},
body := Body
}) ->
with_authn(Name0, fun(
_GwName,
#{
id := AuthId,
chain_name := ChainName
}
) ->
case maps:get(<<"filename">>, Body, undefined) of
undefined ->
emqx_authn_api:serialize_error({missing_parameter, filename});
File ->
[{FileName, FileData}] = maps:to_list(maps:without([type], File)),
case
emqx_authentication:import_users(
ChainName, AuthId, {FileName, FileData}
)
of
ok -> {204};
{error, Reason} -> emqx_authn_api:serialize_error(Reason)
end
end
end).
upload_listener_users(post, #{
bindings := #{name := Name0, id := Id},
body := Body
}) ->
with_listener_authn(
Name0,
Id,
fun(_GwName, #{id := AuthId, chain_name := ChainName}) ->
case maps:get(<<"filename">>, Body, undefined) of
undefined ->
emqx_authn_api:serialize_error({missing_parameter, filename});
File ->
[{FileName, FileData}] = maps:to_list(maps:without([type], File)),
case
emqx_authentication:import_users(
ChainName, AuthId, {FileName, FileData}
)
of
ok -> {204};
{error, Reason} -> emqx_authn_api:serialize_error(Reason)
end
end
end
).
%%--------------------------------------------------------------------
%% Swagger defines
%%--------------------------------------------------------------------
schema("/gateway/:name/authentication/upload_users") ->
#{
'operationId' => upload_users,
post =>
#{
desc => ?DESC(upload_users),
parameters => params_gateway_name_in_path(),
'requestBody' => #{
content => #{
'multipart/form-data' => #{
schema => #{
filename => file
}
}
}
},
responses =>
?STANDARD_RESP(#{204 => <<"Imported">>})
}
};
schema("/gateway/:name/listeners/:id/authentication/upload_users") ->
#{
'operationId' => upload_listener_users,
post =>
#{
desc => ?DESC(upload_listener_users),
parameters => params_gateway_name_in_path() ++
params_listener_id_in_path(),
'requestBody' => #{
content => #{
'multipart/form-data' => #{
schema => #{
filename => file
}
}
}
},
responses =>
?STANDARD_RESP(#{204 => <<"Imported">>})
}
}.
%%--------------------------------------------------------------------
%% params defines
%%--------------------------------------------------------------------
params_gateway_name_in_path() ->
[
{name,
mk(
binary(),
#{
in => path,
desc => ?DESC(emqx_gateway_api, gateway_name),
example => <<"stomp">>
}
)}
].
params_listener_id_in_path() ->
[
{id,
mk(
binary(),
#{
in => path,
desc => ?DESC(emqx_gateway_api_listeners, listener_id),
example => <<"stomp:tcp:def">>
}
)}
].

35
apps/emqx_gateway/test/emqx_gateway_api_SUITE.erl
View File

@ -312,6 +312,23 @@ t_authn_data_mgmt(_) ->
"/gateway/stomp/authentication/users" "/gateway/stomp/authentication/users"
), ),
UploadUri = emqx_dashboard_api_test_helpers:uri(
["gateway", "stomp", "authentication", "upload_users"]
),
Dir = code:lib_dir(emqx_authn, test),
JSONFileName = filename:join([Dir, <<"data/user-credentials.json">>]),
{ok, JSONData} = file:read_file(JSONFileName),
{ok, 204, _} = emqx_dashboard_api_test_helpers:multipart_formdata_request(UploadUri, [], [
{filename, "user-credentials.json", JSONData}
]),
CSVFileName = filename:join([Dir, <<"data/user-credentials.csv">>]),
{ok, CSVData} = file:read_file(CSVFileName),
{ok, 204, _} = emqx_dashboard_api_test_helpers:multipart_formdata_request(UploadUri, [], [
{filename, "user-credentials.csv", CSVData}
]),
{204, _} = request(delete, "/gateway/stomp/authentication"), {204, _} = request(delete, "/gateway/stomp/authentication"),
{204, _} = request(get, "/gateway/stomp/authentication"), {204, _} = request(get, "/gateway/stomp/authentication"),
{204, _} = request(delete, "/gateway/stomp"). {204, _} = request(delete, "/gateway/stomp").
@ -451,6 +468,24 @@ t_listeners_authn_data_mgmt(_) ->
get, get,
Path ++ "/users" Path ++ "/users"
), ),
UploadUri = emqx_dashboard_api_test_helpers:uri(
["gateway", "stomp", "listeners", "stomp:tcp:def", "authentication", "upload_users"]
),
Dir = code:lib_dir(emqx_authn, test),
JSONFileName = filename:join([Dir, <<"data/user-credentials.json">>]),
{ok, JSONData} = file:read_file(JSONFileName),
{ok, 204, _} = emqx_dashboard_api_test_helpers:multipart_formdata_request(UploadUri, [], [
{filename, "user-credentials.json", JSONData}
]),
CSVFileName = filename:join([Dir, <<"data/user-credentials.csv">>]),
{ok, CSVData} = file:read_file(CSVFileName),
{ok, 204, _} = emqx_dashboard_api_test_helpers:multipart_formdata_request(UploadUri, [], [
{filename, "user-credentials.csv", CSVData}
]),
{204, _} = request(delete, "/gateway/stomp"). {204, _} = request(delete, "/gateway/stomp").
t_authn_fuzzy_search(_) -> t_authn_fuzzy_search(_) ->