build: delete needless auth plugins

This commit is contained in:
zhanghongtong 2021-06-28 11:45:01 +08:00
parent d0d14f7a02
commit 4e4c1dd17a
5 changed files with 0 additions and 292 deletions

View File

@ -1,14 +0,0 @@
{application, emqx_auth_http,
[{description, "EMQ X Authentication/ACL with HTTP API"},
{vsn, "4.3.1"}, % strict semver, bump manually!
{modules, []},
{registered, [emqx_auth_http_sup]},
{applications, [kernel,stdlib,ehttpc]},
{mod, {emqx_auth_http_app, []}},
{env, []},
{licenses, ["Apache-2.0"]},
{maintainers, ["EMQ X Team <contact@emqx.io>"]},
{links, [{"Homepage", "https://emqx.io/"},
{"Github", "https://github.com/emqx/emqx-auth-http"}
]}
]}.

View File

@ -1,16 +0,0 @@
%% -*-: erlang -*-
{VSN,
[
{"4.3.0", [
{restart_application, emqx_auth_http}
]},
{<<".*">>, []}
],
[
{"4.3.0", [
{restart_application, emqx_auth_http}
]},
{<<".*">>, []}
]
}.

View File

@ -1,161 +0,0 @@
%%--------------------------------------------------------------------
%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%% http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%--------------------------------------------------------------------
-module(emqx_auth_http_app).
-behaviour(application).
-emqx_plugin(auth).
-include("emqx_auth_http.hrl").
-export([ start/2
, stop/1
]).
%%--------------------------------------------------------------------
%% Application Callbacks
%%--------------------------------------------------------------------
start(_StartType, _StartArgs) ->
{ok, Sup} = emqx_auth_http_sup:start_link(),
translate_env(),
load_hooks(),
{ok, Sup}.
stop(_State) ->
unload_hooks().
%%--------------------------------------------------------------------
%% Internel functions
%%--------------------------------------------------------------------
translate_env() ->
lists:foreach(fun translate_env/1, [auth_req, super_req, acl_req]).
translate_env(EnvName) ->
case application:get_env(?APP, EnvName) of
undefined -> ok;
{ok, Req} ->
{ok, PoolSize} = application:get_env(?APP, pool_size),
{ok, ConnectTimeout} = application:get_env(?APP, connect_timeout),
URL = proplists:get_value(url, Req),
{ok, #{host := Host,
port := Port,
scheme := Scheme} = URIMap} = emqx_http_lib:uri_parse(URL),
Path = path(URIMap),
MoreOpts = case Scheme of
http ->
[{transport_opts, emqx_misc:ipv6_probe([])}];
https ->
CACertFile = application:get_env(?APP, cacertfile, undefined),
CertFile = application:get_env(?APP, certfile, undefined),
KeyFile = application:get_env(?APP, keyfile, undefined),
Verify = case application:get_env(?APP, verify, fasle) of
true -> verify_peer;
false -> verify_none
end,
SNI = case application:get_env(?APP, server_name_indication, undefined) of
"disable" -> disable;
SNI0 -> SNI0
end,
TLSOpts = lists:filter(
fun({_, V}) ->
V =/= <<>> andalso V =/= undefined
end, [{keyfile, KeyFile},
{certfile, CertFile},
{cacertfile, CACertFile},
{verify, Verify},
{server_name_indication, SNI}]),
NTLSOpts = [ {versions, emqx_tls_lib:default_versions()}
, {ciphers, emqx_tls_lib:default_ciphers()}
| TLSOpts
],
[{transport, ssl}, {transport_opts, emqx_misc:ipv6_probe(NTLSOpts)}]
end,
PoolOpts = [{host, Host},
{port, Port},
{pool_size, PoolSize},
{pool_type, random},
{connect_timeout, ConnectTimeout},
{retry, 5},
{retry_timeout, 1000}] ++ MoreOpts,
Method = proplists:get_value(method, Req),
Headers = proplists:get_value(headers, Req),
NHeaders = ensure_content_type_header(Method, emqx_http_lib:normalise_headers(Headers)),
NReq = lists:keydelete(headers, 1, Req),
{ok, Timeout} = application:get_env(?APP, timeout),
application:set_env(?APP, EnvName, [{path, Path},
{headers, NHeaders},
{timeout, Timeout},
{pool_name, list_to_atom("emqx_auth_http/" ++ atom_to_list(EnvName))},
{pool_opts, PoolOpts} | NReq])
end.
load_hooks() ->
case application:get_env(?APP, auth_req) of
undefined -> ok;
{ok, AuthReq} ->
ok = emqx_auth_http:register_metrics(),
PoolOpts = proplists:get_value(pool_opts, AuthReq),
PoolName = proplists:get_value(pool_name, AuthReq),
{ok, _} = ehttpc_sup:start_pool(PoolName, PoolOpts),
case application:get_env(?APP, super_req) of
undefined ->
emqx_hooks:put('client.authenticate', {emqx_auth_http, check, [#{auth => maps:from_list(AuthReq),
super => undefined}]});
{ok, SuperReq} ->
PoolOpts1 = proplists:get_value(pool_opts, SuperReq),
PoolName1 = proplists:get_value(pool_name, SuperReq),
{ok, _} = ehttpc_sup:start_pool(PoolName1, PoolOpts1),
emqx_hooks:put('client.authenticate', {emqx_auth_http, check, [#{auth => maps:from_list(AuthReq),
super => maps:from_list(SuperReq)}]})
end
end,
case application:get_env(?APP, acl_req) of
undefined -> ok;
{ok, ACLReq} ->
ok = emqx_acl_http:register_metrics(),
PoolOpts2 = proplists:get_value(pool_opts, ACLReq),
PoolName2 = proplists:get_value(pool_name, ACLReq),
{ok, _} = ehttpc_sup:start_pool(PoolName2, PoolOpts2),
emqx_hooks:put('client.check_acl', {emqx_acl_http, check_acl, [#{acl => maps:from_list(ACLReq)}]})
end,
ok.
unload_hooks() ->
emqx:unhook('client.authenticate', {emqx_auth_http, check}),
emqx:unhook('client.check_acl', {emqx_acl_http, check_acl}),
_ = ehttpc_sup:stop_pool('emqx_auth_http/auth_req'),
_ = ehttpc_sup:stop_pool('emqx_auth_http/super_req'),
_ = ehttpc_sup:stop_pool('emqx_auth_http/acl_req'),
ok.
ensure_content_type_header(Method, Headers)
when Method =:= post orelse Method =:= put ->
Headers;
ensure_content_type_header(_Method, Headers) ->
lists:keydelete("content-type", 1, Headers).
path(#{path := "", 'query' := Query}) ->
"?" ++ Query;
path(#{path := Path, 'query' := Query}) ->
Path ++ "?" ++ Query;
path(#{path := ""}) ->
"/";
path(#{path := Path}) ->
Path.

View File

@ -1,93 +0,0 @@
%%--------------------------------------------------------------------
%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%% http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%--------------------------------------------------------------------
-module(emqx_acl_ldap).
-include("emqx_auth_ldap.hrl").
-include_lib("emqx/include/emqx.hrl").
-include_lib("eldap/include/eldap.hrl").
-include_lib("emqx/include/logger.hrl").
-export([ register_metrics/0
, check_acl/5
, description/0
]).
-spec(register_metrics() -> ok).
register_metrics() ->
lists:foreach(fun emqx_metrics:ensure/1, ?ACL_METRICS).
check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) ->
case do_check_acl(ClientInfo, PubSub, Topic, NoMatchAction, State) of
ok -> emqx_metrics:inc(?ACL_METRICS(ignore)), ok;
{stop, allow} -> emqx_metrics:inc(?ACL_METRICS(allow)), {stop, allow};
{stop, deny} -> emqx_metrics:inc(?ACL_METRICS(deny)), {stop, deny}
end.
do_check_acl(#{username := <<$$, _/binary>>}, _PubSub, _Topic, _NoMatchAction, _State) ->
ok;
do_check_acl(#{username := Username}, PubSub, Topic, _NoMatchAction,
#{device_dn := DeviceDn,
match_objectclass := ObjectClass,
username_attr := UidAttr,
custom_base_dn := CustomBaseDN,
pool := Pool} = Config) ->
Filters = maps:get(filters, Config, []),
ReplaceRules = [{"${username_attr}", UidAttr},
{"${user}", binary_to_list(Username)},
{"${device_dn}", DeviceDn}],
Filter = emqx_auth_ldap:prepare_filter(Filters, UidAttr, ObjectClass, ReplaceRules),
Attribute = case PubSub of
publish -> "mqttPublishTopic";
subscribe -> "mqttSubscriptionTopic"
end,
Attribute1 = "mqttPubSubTopic",
?LOG(debug, "[LDAP] search dn:~p filter:~p, attribute:~p",
[DeviceDn, Filter, Attribute]),
BaseDN = emqx_auth_ldap:replace_vars(CustomBaseDN, ReplaceRules),
case emqx_auth_ldap_cli:search(Pool, BaseDN, Filter, [Attribute, Attribute1]) of
{error, noSuchObject} ->
ok;
{ok, #eldap_search_result{entries = []}} ->
ok;
{ok, #eldap_search_result{entries = [Entry]}} ->
Topics = proplists:get_value(Attribute, Entry#eldap_entry.attributes, [])
++ proplists:get_value(Attribute1, Entry#eldap_entry.attributes, []),
match(Topic, Topics);
Error ->
?LOG(error, "[LDAP] search error:~p", [Error]),
{stop, deny}
end.
match(_Topic, []) ->
ok;
match(Topic, [Filter | Topics]) ->
case emqx_topic:match(Topic, list_to_binary(Filter)) of
true -> {stop, allow};
false -> match(Topic, Topics)
end.
description() ->
"ACL with LDAP".

View File

@ -1,8 +0,0 @@
%% -*- mode: erlang -*-
{VSN,
[{"4.3.0",
[{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}]},
{<<".*">>,[]}],
[{"4.3.0",
[{load_module,emqx_acl_ldap,brutal_purge,soft_purge,[]}]},
{<<".*">>,[]}]}.