From 4e4c1dd17a7b2fb20b1839647870205b174ebf22 Mon Sep 17 00:00:00 2001 From: zhanghongtong Date: Mon, 28 Jun 2021 11:45:01 +0800 Subject: [PATCH] build: delete needless auth plugins --- .../emqx_auth_http/src/emqx_auth_http.app.src | 14 -- .../src/emqx_auth_http.appup.src | 16 -- .../emqx_auth_http/src/emqx_auth_http_app.erl | 161 ------------------ apps/emqx_auth_ldap/src/emqx_acl_ldap.erl | 93 ---------- .../src/emqx_auth_ldap.appup.src | 8 - 5 files changed, 292 deletions(-) delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http.app.src delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http.appup.src delete mode 100644 apps/emqx_auth_http/src/emqx_auth_http_app.erl delete mode 100644 apps/emqx_auth_ldap/src/emqx_acl_ldap.erl delete mode 100644 apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src diff --git a/apps/emqx_auth_http/src/emqx_auth_http.app.src b/apps/emqx_auth_http/src/emqx_auth_http.app.src deleted file mode 100644 index 305487171..000000000 --- a/apps/emqx_auth_http/src/emqx_auth_http.app.src +++ /dev/null @@ -1,14 +0,0 @@ -{application, emqx_auth_http, - [{description, "EMQ X Authentication/ACL with HTTP API"}, - {vsn, "4.3.1"}, % strict semver, bump manually! - {modules, []}, - {registered, [emqx_auth_http_sup]}, - {applications, [kernel,stdlib,ehttpc]}, - {mod, {emqx_auth_http_app, []}}, - {env, []}, - {licenses, ["Apache-2.0"]}, - {maintainers, ["EMQ X Team "]}, - {links, [{"Homepage", "https://emqx.io/"}, - {"Github", "https://github.com/emqx/emqx-auth-http"} - ]} - ]}. diff --git a/apps/emqx_auth_http/src/emqx_auth_http.appup.src b/apps/emqx_auth_http/src/emqx_auth_http.appup.src deleted file mode 100644 index 620194064..000000000 --- a/apps/emqx_auth_http/src/emqx_auth_http.appup.src +++ /dev/null @@ -1,16 +0,0 @@ -%% -*-: erlang -*- - -{VSN, - [ - {"4.3.0", [ - {restart_application, emqx_auth_http} - ]}, - {<<".*">>, []} - ], - [ - {"4.3.0", [ - {restart_application, emqx_auth_http} - ]}, - {<<".*">>, []} - ] -}. diff --git a/apps/emqx_auth_http/src/emqx_auth_http_app.erl b/apps/emqx_auth_http/src/emqx_auth_http_app.erl deleted file mode 100644 index 51e376f6a..000000000 --- a/apps/emqx_auth_http/src/emqx_auth_http_app.erl +++ /dev/null @@ -1,161 +0,0 @@ -%%-------------------------------------------------------------------- -%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved. -%% -%% Licensed under the Apache License, Version 2.0 (the "License"); -%% you may not use this file except in compliance with the License. -%% You may obtain a copy of the License at -%% -%% http://www.apache.org/licenses/LICENSE-2.0 -%% -%% Unless required by applicable law or agreed to in writing, software -%% distributed under the License is distributed on an "AS IS" BASIS, -%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -%% See the License for the specific language governing permissions and -%% limitations under the License. -%%-------------------------------------------------------------------- - --module(emqx_auth_http_app). - --behaviour(application). - --emqx_plugin(auth). - --include("emqx_auth_http.hrl"). - --export([ start/2 - , stop/1 - ]). - -%%-------------------------------------------------------------------- -%% Application Callbacks -%%-------------------------------------------------------------------- - -start(_StartType, _StartArgs) -> - {ok, Sup} = emqx_auth_http_sup:start_link(), - translate_env(), - load_hooks(), - {ok, Sup}. - -stop(_State) -> - unload_hooks(). - -%%-------------------------------------------------------------------- -%% Internel functions -%%-------------------------------------------------------------------- - -translate_env() -> - lists:foreach(fun translate_env/1, [auth_req, super_req, acl_req]). - -translate_env(EnvName) -> - case application:get_env(?APP, EnvName) of - undefined -> ok; - {ok, Req} -> - {ok, PoolSize} = application:get_env(?APP, pool_size), - {ok, ConnectTimeout} = application:get_env(?APP, connect_timeout), - URL = proplists:get_value(url, Req), - {ok, #{host := Host, - port := Port, - scheme := Scheme} = URIMap} = emqx_http_lib:uri_parse(URL), - Path = path(URIMap), - MoreOpts = case Scheme of - http -> - [{transport_opts, emqx_misc:ipv6_probe([])}]; - https -> - CACertFile = application:get_env(?APP, cacertfile, undefined), - CertFile = application:get_env(?APP, certfile, undefined), - KeyFile = application:get_env(?APP, keyfile, undefined), - Verify = case application:get_env(?APP, verify, fasle) of - true -> verify_peer; - false -> verify_none - end, - SNI = case application:get_env(?APP, server_name_indication, undefined) of - "disable" -> disable; - SNI0 -> SNI0 - end, - TLSOpts = lists:filter( - fun({_, V}) -> - V =/= <<>> andalso V =/= undefined - end, [{keyfile, KeyFile}, - {certfile, CertFile}, - {cacertfile, CACertFile}, - {verify, Verify}, - {server_name_indication, SNI}]), - NTLSOpts = [ {versions, emqx_tls_lib:default_versions()} - , {ciphers, emqx_tls_lib:default_ciphers()} - | TLSOpts - ], - [{transport, ssl}, {transport_opts, emqx_misc:ipv6_probe(NTLSOpts)}] - end, - PoolOpts = [{host, Host}, - {port, Port}, - {pool_size, PoolSize}, - {pool_type, random}, - {connect_timeout, ConnectTimeout}, - {retry, 5}, - {retry_timeout, 1000}] ++ MoreOpts, - Method = proplists:get_value(method, Req), - Headers = proplists:get_value(headers, Req), - NHeaders = ensure_content_type_header(Method, emqx_http_lib:normalise_headers(Headers)), - NReq = lists:keydelete(headers, 1, Req), - {ok, Timeout} = application:get_env(?APP, timeout), - application:set_env(?APP, EnvName, [{path, Path}, - {headers, NHeaders}, - {timeout, Timeout}, - {pool_name, list_to_atom("emqx_auth_http/" ++ atom_to_list(EnvName))}, - {pool_opts, PoolOpts} | NReq]) - end. - -load_hooks() -> - case application:get_env(?APP, auth_req) of - undefined -> ok; - {ok, AuthReq} -> - ok = emqx_auth_http:register_metrics(), - PoolOpts = proplists:get_value(pool_opts, AuthReq), - PoolName = proplists:get_value(pool_name, AuthReq), - {ok, _} = ehttpc_sup:start_pool(PoolName, PoolOpts), - case application:get_env(?APP, super_req) of - undefined -> - emqx_hooks:put('client.authenticate', {emqx_auth_http, check, [#{auth => maps:from_list(AuthReq), - super => undefined}]}); - {ok, SuperReq} -> - PoolOpts1 = proplists:get_value(pool_opts, SuperReq), - PoolName1 = proplists:get_value(pool_name, SuperReq), - {ok, _} = ehttpc_sup:start_pool(PoolName1, PoolOpts1), - emqx_hooks:put('client.authenticate', {emqx_auth_http, check, [#{auth => maps:from_list(AuthReq), - super => maps:from_list(SuperReq)}]}) - end - end, - case application:get_env(?APP, acl_req) of - undefined -> ok; - {ok, ACLReq} -> - ok = emqx_acl_http:register_metrics(), - PoolOpts2 = proplists:get_value(pool_opts, ACLReq), - PoolName2 = proplists:get_value(pool_name, ACLReq), - {ok, _} = ehttpc_sup:start_pool(PoolName2, PoolOpts2), - emqx_hooks:put('client.check_acl', {emqx_acl_http, check_acl, [#{acl => maps:from_list(ACLReq)}]}) - end, - ok. - -unload_hooks() -> - emqx:unhook('client.authenticate', {emqx_auth_http, check}), - emqx:unhook('client.check_acl', {emqx_acl_http, check_acl}), - _ = ehttpc_sup:stop_pool('emqx_auth_http/auth_req'), - _ = ehttpc_sup:stop_pool('emqx_auth_http/super_req'), - _ = ehttpc_sup:stop_pool('emqx_auth_http/acl_req'), - ok. - -ensure_content_type_header(Method, Headers) - when Method =:= post orelse Method =:= put -> - Headers; -ensure_content_type_header(_Method, Headers) -> - lists:keydelete("content-type", 1, Headers). - -path(#{path := "", 'query' := Query}) -> - "?" ++ Query; -path(#{path := Path, 'query' := Query}) -> - Path ++ "?" ++ Query; -path(#{path := ""}) -> - "/"; -path(#{path := Path}) -> - Path. - diff --git a/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl b/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl deleted file mode 100644 index 8324f6414..000000000 --- a/apps/emqx_auth_ldap/src/emqx_acl_ldap.erl +++ /dev/null @@ -1,93 +0,0 @@ -%%-------------------------------------------------------------------- -%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved. -%% -%% Licensed under the Apache License, Version 2.0 (the "License"); -%% you may not use this file except in compliance with the License. -%% You may obtain a copy of the License at -%% -%% http://www.apache.org/licenses/LICENSE-2.0 -%% -%% Unless required by applicable law or agreed to in writing, software -%% distributed under the License is distributed on an "AS IS" BASIS, -%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -%% See the License for the specific language governing permissions and -%% limitations under the License. -%%-------------------------------------------------------------------- - --module(emqx_acl_ldap). - --include("emqx_auth_ldap.hrl"). - --include_lib("emqx/include/emqx.hrl"). --include_lib("eldap/include/eldap.hrl"). --include_lib("emqx/include/logger.hrl"). - --export([ register_metrics/0 - , check_acl/5 - , description/0 - ]). - --spec(register_metrics() -> ok). -register_metrics() -> - lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS). - -check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) -> - case do_check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) of - ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok; - {stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow}; - {stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny} - end. - -do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) -> - ok; - -do_check_acl(#{username := Username}, PubSub, Topic, _NoMatchAction, - #{device_dn := DeviceDn, - match_objectclass := ObjectClass, - username_attr := UidAttr, - custom_base_dn := CustomBaseDN, - pool := Pool} = Config) -> - - Filters = maps:get(filters, Config, []), - - ReplaceRules = [{"${username_attr}", UidAttr}, - {"${user}", binary_to_list(Username)}, - {"${device_dn}", DeviceDn}], - - Filter = emqx_auth_ldap:prepare_filter(Filters, UidAttr, ObjectClass, ReplaceRules), - - Attribute = case PubSub of - publish -> "mqttPublishTopic"; - subscribe -> "mqttSubscriptionTopic" - end, - Attribute1 = "mqttPubSubTopic", - ?LOG(debug, "[LDAP] search dn:~p filter:~p, attribute:~p", - [DeviceDn, Filter, Attribute]), - - BaseDN = emqx_auth_ldap:replace_vars(CustomBaseDN, ReplaceRules), - - case emqx_auth_ldap_cli:search(Pool, BaseDN, Filter, [Attribute, Attribute1]) of - {error, noSuchObject} -> - ok; - {ok, #eldap_search_result{entries = []}} -> - ok; - {ok, #eldap_search_result{entries = [Entry]}} -> - Topics = proplists:get_value(Attribute, Entry#eldap_entry.attributes, []) - ++ proplists:get_value(Attribute1, Entry#eldap_entry.attributes, []), - match(Topic, Topics); - Error -> - ?LOG(error, "[LDAP] search error:~p", [Error]), - {stop, deny} - end. - -match(_Topic, []) -> - ok; - -match(Topic, [Filter | Topics]) -> - case emqx_topic:match(Topic, list_to_binary(Filter)) of - true -> {stop, allow}; - false -> match(Topic, Topics) - end. - -description() -> - "ACL with LDAP". diff --git a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src b/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src deleted file mode 100644 index 9750f3cf1..000000000 --- a/apps/emqx_auth_ldap/src/emqx_auth_ldap.appup.src +++ /dev/null @@ -1,8 +0,0 @@ -%% -*- mode: erlang -*- -{VSN, - [{"4.3.0", - [{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}]}, - {<<".*">>,[]}], - [{"4.3.0", - [{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}]}, - {<<".*">>,[]}]}.