From 4cf3d181d807e848739ea14840f6c4a28ba421aa Mon Sep 17 00:00:00 2001 From: JianBo He Date: Wed, 20 Apr 2022 22:24:58 +0800 Subject: [PATCH] chore(auth-http): more infos for auth/acl checking failure --- apps/emqx_auth_http/src/emqx_acl_http.erl | 15 +++++++++++---- apps/emqx_auth_http/src/emqx_auth_http.erl | 11 ++++++++--- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/apps/emqx_auth_http/src/emqx_acl_http.erl b/apps/emqx_auth_http/src/emqx_acl_http.erl index 51bf9c303..3d1a9d00a 100644 --- a/apps/emqx_auth_http/src/emqx_acl_http.erl +++ b/apps/emqx_auth_http/src/emqx_acl_http.erl @@ -41,12 +41,19 @@ check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _AclResult, _Params) ok; check_acl(ClientInfo, PubSub, Topic, _AclResult, #{acl := ACLParams = #{path := Path}}) -> ClientInfo1 = ClientInfo#{access => access(PubSub), topic => Topic}, + ClientId = maps:get(clientid, ClientInfo1, undefined), + Username = maps:get(username, ClientInfo1, undefined), case check_acl_request(ACLParams, ClientInfo1) of {ok, 200, <<"ignore">>} -> ok; - {ok, 200, _Body} -> {stop, allow}; - {ok, _Code, _Body} -> {stop, deny}; - {error, Error} -> - ?LOG(error, "Request ACL path ~s, error: ~p", [Path, Error]), + {ok, 200, _Body} -> {stop, allow}; + {ok, Code, _Body} -> + ?LOG(error, "Deny ~s ~s to topic ~s, username: ~p, http response code: ~p", + [ClientId, PubSub, Topic, Username, Code]), + {stop, deny}; + {error, Error} -> + ?LOG(error, "Deny ~s ~s to topic ~s, username: ~p, due to request " + "http server failure, path: ~p, error: ~0p", + [ClientId, PubSub, Topic, Username, Path, Error]), ok end. diff --git a/apps/emqx_auth_http/src/emqx_auth_http.erl b/apps/emqx_auth_http/src/emqx_auth_http.erl index 620750bd0..f6585567b 100644 --- a/apps/emqx_auth_http/src/emqx_auth_http.erl +++ b/apps/emqx_auth_http/src/emqx_auth_http.erl @@ -36,6 +36,8 @@ check(ClientInfo, AuthResult, #{auth := AuthParms = #{path := Path}, super := SuperParams}) -> + ClientId = maps:get(clientid, ClientInfo, undefined), + Username = maps:get(username, ClientInfo, undefined), case authenticate(AuthParms, ClientInfo) of {ok, 200, <<"ignore">>} -> ok; @@ -46,12 +48,15 @@ check(ClientInfo, AuthResult, #{auth := AuthParms = #{path := Path}, anonymous => false, mountpoint => mountpoint(Body, ClientInfo)}}; {ok, Code, _Body} -> - ?LOG(error, "Deny connection from path: ~s, response http code: ~p", - [Path, Code]), + ?LOG(error, "Deny connection(~s) from path: ~s, username: ~s, http " + "response code: ~p", + [ClientId, Path, Username, Code]), {stop, AuthResult#{auth_result => http_to_connack_error(Code), anonymous => false}}; {error, Error} -> - ?LOG(error, "Request auth path: ~s, error: ~p", [Path, Error]), + ?LOG(error, "Deny connection(~s) from path: ~s, username: ~s, due to " + "request http-server failed: ~0p", + [ClientId, Path, Username, Error]), %%FIXME later: server_unavailable is not right. {stop, AuthResult#{auth_result => server_unavailable, anonymous => false}}