yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: authz-http return body to reject pub/sub

This commit is contained in:
JianBo He 2022-07-01 16:18:19 +08:00 committed by JimMoen
parent 670f83e415
commit 52b77b570f
4 changed files with 50 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
apps/emqx_authz/src/emqx_authz.appup.src
View File

@ -1,7 +1,11 @@
%% -*- mode: erlang -*- %% -*- mode: erlang -*-
%% Unless you know what you are doing, DO NOT edit manually!! %% Unless you know what you are doing, DO NOT edit manually!!
{VSN, {VSN,
[{"0.1.0",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}, [{<<"0\\.1\\.[0-1]">>,[
{"0.1.1",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}], {load_module,emqx_authz_utils,brutal_purge,soft_purge,[]},
[{"0.1.0",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}, {load_module,emqx_authz_http,brutal_purge,soft_purge,[]}]}
{"0.1.1",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}]}. ],
[{<<"0\\.1\\.[0-1]">>,[
{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]},
{load_module,emqx_authz_http,brutal_purge,soft_purge,[]}]}
]}.

21
apps/emqx_authz/src/emqx_authz_http.erl
View File

@ -84,8 +84,25 @@ authorize(
{matched, allow}; {matched, allow};
{ok, 204, _Headers} -> {ok, 204, _Headers} ->
{matched, allow}; {matched, allow};
{ok, 200, _Headers, _Body} -> {ok, 200, Headers, Body} ->
{matched, allow}; ContentType = proplists:get_value(
<<"content-type">>,
Headers,
<<"application/json">>
),
case emqx_authz_utils:parse_http_resp_body(ContentType, Body) of
error ->
?SLOG(error, #{
msg => authz_http_response_incorrect,
content_type => proplists:get_value(
<<"content-type">>, Headers
),
body => Body
}),
nomatch;
Result ->
{matched, Result}
end;
{ok, _Status, _Headers} -> {ok, _Status, _Headers} ->
nomatch; nomatch;
{ok, _Status, _Headers, _Body} -> {ok, _Status, _Headers, _Body} ->

21
apps/emqx_authz/src/emqx_authz_utils.erl
View File

@ -34,6 +34,8 @@
render_sql_params/2 render_sql_params/2
]). ]).
-export([parse_http_resp_body/2]).
-define(DEFAULT_RESOURCE_OPTS, #{ -define(DEFAULT_RESOURCE_OPTS, #{
auto_retry_interval => 6000, auto_retry_interval => 6000,
start_after_created => false start_after_created => false
@ -130,6 +132,25 @@ render_sql_params(ParamList, Values) ->
#{return => rawlist, var_trans => fun handle_sql_var/2} #{return => rawlist, var_trans => fun handle_sql_var/2}
). ).
-spec parse_http_resp_body(binary(), binary()) -> allow | deny | ignore | error.
parse_http_resp_body(<<"application/x-www-form-urlencoded">>, Body) ->
try
result(maps:from_list(cow_qs:parse_qs(Body)))
catch
_:_ -> error
end;
parse_http_resp_body(<<"application/json">>, Body) ->
try
result(emqx_json:decode(Body, [return_maps]))
catch
_:_ -> error
end.
result(#{<<"result">> := <<"allow">>}) -> allow;
result(#{<<"result">> := <<"deny">>}) -> deny;
result(#{<<"result">> := <<"ignore">>}) -> ignore;
result(_) -> error.
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% Internal functions %% Internal functions
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------

4
apps/emqx_authz/test/emqx_authz_http_SUITE.erl
View File

@ -85,8 +85,8 @@ t_response_handling(_Config) ->
fun(Req0, State) -> fun(Req0, State) ->
Req = cowboy_req:reply( Req = cowboy_req:reply(
200, 200,
#{<<"content-type">> => <<"text/plain">>}, #{<<"content-type">> => <<"application/json">>},
"Response body", "{\"result\": \"allow\"}",
Req0 Req0
), ),
{ok, Req, State} {ok, Req, State}