yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: authz-http return body to reject pub/sub

This commit is contained in:
JianBo He 2022-07-01 16:18:19 +08:00 committed by JimMoen
parent 670f83e415
commit 52b77b570f
4 changed files with 50 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
apps/emqx_authz/src/emqx_authz.appup.src
View File

@ -1,7 +1,11 @@
%% -*- mode: erlang -*-
%% Unless you know what you are doing, DO NOT edit manually!!
{VSN,
[{"0.1.0",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]},
{"0.1.1",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}],
[{"0.1.0",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]},
{"0.1.1",[{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]}]}]}.
[{<<"0\\.1\\.[0-1]">>,[
{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]},
{load_module,emqx_authz_http,brutal_purge,soft_purge,[]}]}
],
[{<<"0\\.1\\.[0-1]">>,[
{load_module,emqx_authz_utils,brutal_purge,soft_purge,[]},
{load_module,emqx_authz_http,brutal_purge,soft_purge,[]}]}
]}.

21
apps/emqx_authz/src/emqx_authz_http.erl
View File

@ -84,8 +84,25 @@ authorize(
{matched, allow};
{ok, 204, _Headers} ->
{matched, allow};
{ok, 200, _Headers, _Body} ->
{matched, allow};
{ok, 200, Headers, Body} ->
ContentType = proplists:get_value(
<<"content-type">>,
Headers,
<<"application/json">>
),
case emqx_authz_utils:parse_http_resp_body(ContentType, Body) of
error ->
?SLOG(error, #{
msg => authz_http_response_incorrect,
content_type => proplists:get_value(
<<"content-type">>, Headers
),
body => Body
}),
nomatch;
Result ->
{matched, Result}
end;
{ok, _Status, _Headers} ->
nomatch;
{ok, _Status, _Headers, _Body} ->

21
apps/emqx_authz/src/emqx_authz_utils.erl
View File

@ -34,6 +34,8 @@
render_sql_params/2
]).
-export([parse_http_resp_body/2]).
-define(DEFAULT_RESOURCE_OPTS, #{
auto_retry_interval => 6000,
start_after_created => false
@ -130,6 +132,25 @@ render_sql_params(ParamList, Values) ->
#{return => rawlist, var_trans => fun handle_sql_var/2}
).
-spec parse_http_resp_body(binary(), binary()) -> allow | deny | ignore | error.
parse_http_resp_body(<<"application/x-www-form-urlencoded">>, Body) ->
try
result(maps:from_list(cow_qs:parse_qs(Body)))
catch
_:_ -> error
end;
parse_http_resp_body(<<"application/json">>, Body) ->
try
result(emqx_json:decode(Body, [return_maps]))
catch
_:_ -> error
end.
result(#{<<"result">> := <<"allow">>}) -> allow;
result(#{<<"result">> := <<"deny">>}) -> deny;
result(#{<<"result">> := <<"ignore">>}) -> ignore;
result(_) -> error.
%%--------------------------------------------------------------------
%% Internal functions
%%--------------------------------------------------------------------

4
apps/emqx_authz/test/emqx_authz_http_SUITE.erl
View File

@ -85,8 +85,8 @@ t_response_handling(_Config) ->
fun(Req0, State) ->
Req = cowboy_req:reply(
200,
#{<<"content-type">> => <<"text/plain">>},
"Response body",
#{<<"content-type">> => <<"application/json">>},
"{\"result\": \"allow\"}",
Req0
),
{ok, Req, State}