From 5427057c2c0eb25fb826005e6cb1abe3fea5e20b Mon Sep 17 00:00:00 2001 From: JianBo He Date: Mon, 4 Jan 2021 10:13:42 +0800 Subject: [PATCH] feat(auth_http): support for getting websocket cookies see: https://github.com/emqx/emqx-auth-http/pull/225 --- apps/emqx_auth_http/etc/emqx_auth_http.conf | 3 +++ apps/emqx_auth_http/src/emqx_auth_http_cli.erl | 1 + apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl | 7 +++++++ src/emqx_types.erl | 3 ++- 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/apps/emqx_auth_http/etc/emqx_auth_http.conf b/apps/emqx_auth_http/etc/emqx_auth_http.conf index 0df589169..56f76cf39 100644 --- a/apps/emqx_auth_http/etc/emqx_auth_http.conf +++ b/apps/emqx_auth_http/etc/emqx_auth_http.conf @@ -28,6 +28,7 @@ auth.http.auth_req.content_type = x-www-form-urlencoded ## - %p: sockport of server accepted ## - %C: common name of client TLS cert ## - %d: subject of client TLS cert +## - %k: websocket cookie ## ## Value: Params auth.http.auth_req.params = clientid=%c,username=%u,password=%P @@ -58,6 +59,7 @@ auth.http.auth_req.params = clientid=%c,username=%u,password=%P ## - %p: sockport of server accepted ## - %C: common name of client TLS cert ## - %d: subject of client TLS cert +## - %k: websocket cookie ## ## Value: Params #auth.http.super_req.params = clientid=%c,username=%u @@ -87,6 +89,7 @@ auth.http.acl_req.content_type = x-www-form-urlencoded ## - %r: protocol ## - %m: mountpoint ## - %t: topic +## - %k: websocket cookie ## ## Value: Params auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m diff --git a/apps/emqx_auth_http/src/emqx_auth_http_cli.erl b/apps/emqx_auth_http/src/emqx_auth_http_cli.erl index 25fac4300..82e493997 100644 --- a/apps/emqx_auth_http/src/emqx_auth_http_cli.erl +++ b/apps/emqx_auth_http/src/emqx_auth_http_cli.erl @@ -80,6 +80,7 @@ feedvar(Params, ClientInfo = #{clientid := ClientId, ({Param, "%A"}) -> {Param, maps:get(access, ClientInfo, null)}; ({Param, "%t"}) -> {Param, maps:get(topic, ClientInfo, null)}; ({Param, "%m"}) -> {Param, maps:get(mountpoint, ClientInfo, null)}; + ({Param, "%k"}) -> {Param, emqx_json:encode(maps:get(ws_cookie, ClientInfo, null))}; ({Param, Var}) -> {Param, Var} end, Params). diff --git a/apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl b/apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl index 79c02c00c..e7496ecbc 100644 --- a/apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl +++ b/apps/emqx_auth_http/test/emqx_auth_http_SUITE.erl @@ -171,3 +171,10 @@ t_comment_config(_) -> ?assertEqual(AuthCount - 1, length(emqx_hooks:lookup('client.authenticate'))), ?assertEqual(AclCount - 1, length(emqx_hooks:lookup('client.check_acl'))). +t_feedvar(_) -> + Params = [{"cookie", "%k"}], + User0 = ?USER(<<"client1">>, <<"testuser">>, mqtt, {127,0,0,1}, external), + ?assertEqual([{"cookie", <<"null">>}], emqx_auth_http_cli:feedvar(Params, User0)), + + User1 = User0#{ws_cookie => [{<<"k">>, <<"v">>}]}, + ?assertEqual([{"cookie", <<"{\"k\":\"v\"}">>}], emqx_auth_http_cli:feedvar(Params, User1)). diff --git a/src/emqx_types.erl b/src/emqx_types.erl index b92d457b8..c54832b85 100644 --- a/src/emqx_types.erl +++ b/src/emqx_types.erl @@ -136,7 +136,7 @@ is_bridge := boolean(), is_superuser := boolean(), mountpoint := maybe(binary()), - ws_cookie => maybe(list()), + ws_cookie => wscookie(), password => maybe(binary()), auth_result => auth_result(), anonymous => boolean(), @@ -150,6 +150,7 @@ -type(peerhost() :: inet:ip_address()). -type(peername() :: {inet:ip_address(), inet:port_number()} | inet:returned_non_ip_address()). +-type(wscookie() :: [{binary(), binary()}]). -type(protocol() :: mqtt | 'mqtt-sn' | coap | lwm2m | stomp | none | atom()). -type(auth_result() :: success | client_identifier_not_valid