yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: authn i18n zh_CN support

This commit is contained in:
JimMoen 2022-04-19 15:55:07 +08:00
parent d45700865e
commit 86c38d283d
19 changed files with 1045 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

228
apps/emqx_authn/i18n/emqx_authn_api_i18n.conf Normal file
View File

@ -0,0 +1,228 @@
emqx_authn_api {
authentication_get {
desc {
en: """List authenticators for global authentication"""
zh: """列出全局认证链上的认证器信息"""
}
}
authentication_post {
desc {
en: """Create authenticator for global authentication"""
zh: """为全局认证链创建认证器信息"""
}
}
authentication_id_get {
desc {
en: """Get authenticator from global authentication chain"""
zh: """获取全局认证链上指定的认证器信息"""
}
}
authentication_id_put {
desc {
en: """Update authenticator from global authentication chain"""
zh: """更新全局认证链上指定的认证器"""
}
}
authentication_id_delete {
desc {
en: """Delete authenticator from global authentication chain"""
zh: """删除全局认证链上指定的认证器信息"""
}
}
authentication_id_status_get {
desc {
en: """Get authenticator status from global authentication chain"""
zh: """获取全局认证链上指定的认证器状态"""
}
}
listeners_listener_id_authentication_get {
desc {
en: """List authenticators for listener authentication"""
zh: """列出监听器上的认证器信息"""
}
}
listeners_listener_id_authentication_post {
desc {
en: """Create authenticator for listener authentication"""
zh: """在指定的监听器上创建认证器"""
}
}
listeners_listener_id_authentication_id_get {
desc {
en: """Get authenticator from listener authentication chain"""
zh: """获取监听器上指定的认证器信息"""
}
}
listeners_listener_id_authentication_id_put {
desc {
en: """Update authenticator from listener authentication chain"""
zh: """更新监听器上指定的认证器"""
}
}
listeners_listener_id_authentication_id_delete {
desc {
en: """Delete authenticator from listener authentication chain"""
zh: """删除监听器上指定的认证器"""
}
}
listeners_listener_id_authentication_id_status_get {
desc {
en: """Get authenticator status from listener authentication chain"""
zh: """获取监听器上指定的认证器状态"""
}
}
authentication_id_move_post {
desc {
en: """Move authenticator in global authentication chain"""
zh: """移动全局认证链上认证器的顺序"""
}
}
listeners_listener_id_authentication_id_move_post {
desc {
en: """Move authenticator in listener authentication chain"""
zh: """移动监听器上认证器的顺序"""
}
}
authentication_id_import_users_post {
desc {
en: """Import users into authenticator in global authentication chain"""
zh: """为全局认证链上的认证器导入用户数据"""
}
}
listeners_listener_id_authentication_id_import_users_post {
desc {
en: """Import users into authenticator in listener authentication chain"""
zh: """为监听器上的认证器导入用户数据"""
}
}
authentication_id_users_post {
desc {
en: """Create users for authenticator in global authentication chain"""
zh: """为全局认证链上的认证器创建用户数据"""
}
}
authentication_id_users_get {
desc {
en: """List users in authenticator in global authentication chain"""
zh: """获取全局认证链上指定的认证器中的用户数据"""
}
}
listeners_listener_id_authentication_id_users_post {
desc {
en: """Create users for authenticator in listener authentication chain"""
zh: """更新指定监听器上认证器中的用户数据"""
}
}
listeners_listener_id_authentication_id_users_get {
desc {
en: """List users in authenticator in listener authentication chain"""
zh: """列出指定监听器上认证器中的用户数据"""
}
}
authentication_id_users_user_id_get {
desc {
en: """Get user from authenticator in global authentication chain"""
zh: """获取指定监听器上认证器中指定的用户数据"""
}
}
authentication_id_users_user_id_put {
desc {
en: """Update user in authenticator in global authentication chain"""
zh: """为指定监听器上认证器添加用户数据"""
}
}
authentication_id_users_user_id_delete {
desc {
en: """Update user in authenticator in global authentication chain"""
zh: """更新指定监听器上认证器中的用户数据"""
}
}
listeners_listener_id_authentication_id_users_user_id_get {
desc {
en: """Get user from authenticator in listener authentication chain"""
zh: """获取指定监听器上认证器中指定的用户数据"""
}
}
listeners_listener_id_authentication_id_users_user_id_put {
desc {
en: """Update user in authenticator in listener authentication chain"""
zh: """更新指定监听器上认证器中的用户数据"""
}
}
listeners_listener_id_authentication_id_users_user_id_delete {
desc {
en: """Delete user in authenticator in listener authentication chain"""
zh: """删除指定监听器上认证器中的用户数据"""
}
}
param_auth_id {
desc {
en: """Authenticator ID"""
zh: """认证器 ID"""
}
}
param_listener_id {
desc {
en: """Listener ID"""
zh: """监听器 ID"""
}
}
param_user_id {
desc {
en: """User ID"""
zh: """用户 ID"""
}
}
like_username {
desc {
en: """Fuzzy search username"""
zh: """使用用户名模糊查询"""
}
label {
en: """like_username"""
zh: """模糊用户名"""
}
}
like_clientid {
desc {
en: """Fuzzy search clientid"""
zh: """使用客户端标识符模糊查询"""
}
label {
en: """like_clientid"""
zh: """模糊用户名"""
}
}
}

89
apps/emqx_authn/i18n/emqx_authn_http_i18n.conf Normal file
View File

@ -0,0 +1,89 @@
emqx_authn_http {
get {
desc {
en: """Settings for HTTP-based authentication (GET)."""
zh: """基于 HTTP 的认证请求 (GET)"""
}
label: {
en: """get"""
zh: """get"""
}
}
post {
desc {
en: """Settings for HTTP-based authentication (POST)."""
zh: """基于 HTTP 的认证请求 (POST)"""
}
label: {
en: """post"""
zh: """post"""
}
}
method {
desc {
en: """HTTP method."""
zh: """HTTP 请求方法"""
}
label: {
en: """method"""
zh: """请求方法"""
}
}
url {
desc {
en: """URL of the auth server."""
zh: """认证服务器地址"""
}
label: {
en: """url"""
zh: """统一资源定位符"""
}
}
headers {
desc {
en: """List of HTTP headers."""
zh: """HTTP 请求头列表"""
}
label: {
en: """headers"""
zh: """请求头"""
}
}
headers_no_content_type {
desc {
en: """List of HTTP headers. (without <code>content-type</code>)"""
zh: """HTTP 请求头列表(无 <code>content-type</code>)"""
}
label: {
en: """headers_no_content_type"""
zh: """无content_type的请求头"""
}
}
body {
desc {
en: """Body of the HTTP request."""
zh: """HTTP 请求体"""
}
label: {
en: """body"""
zh: """请求体"""
}
}
request_timeout {
desc {
en: """HTTP request timeout"""
zh: """HTTP 请求超时时长"""
}
label: {
en: """request_timeout"""
zh: """请求超时时间"""
}
}
}

155
apps/emqx_authn/i18n/emqx_authn_i18n.conf Normal file
View File

@ -0,0 +1,155 @@
emqx_authn_schema {
enable {
desc {
en: """Set to <code>true</code> or <code>false</code> to disable this auth provider"""
zh: """设为 <code>true</code> 或 <code>false</code> 以启用或禁用此认证数据源"""
}
label: {
en: """enable"""
zh: """启用"""
}
}
mechanism {
desc {
en: """Authentication mechanism."""
zh: """认证机制"""
}
label: {
en: """mechanism"""
zh: """机制"""
}
}
backend {
desc {
en: """Backend type."""
zh: """后端类型"""
}
label: {
en: """backend"""
zh: """后端"""
}
}
metrics {
desc {
en: """The metrics of the resource"""
zh: """统计指标"""
}
label: {
en: """metrics"""
zh: """指标"""
}
}
node_metrics {
desc {
en: """The metrics of the resource for each node"""
zh: """每个节点上资源的统计指标"""
}
label: {
en: """node_metrics"""
zh: """节点指标"""
}
}
status {
desc {
en: """The status of the resource"""
zh: """资源状态"""
}
label: {
en: """status"""
zh: """状态"""
}
}
node_status {
desc {
en: """The status of the resource for each node"""
zh: """每个节点上资源的状态"""
}
label: {
en: """node_status"""
zh: """节点状态"""
}
}
matched {
desc {
en: """Count of this resource is queried"""
zh: """请求命中次数"""
}
label: {
en: """matched"""
zh: """已命中"""
}
}
success {
desc {
en: """Count of query success"""
zh: """请求成功次数"""
}
label: {
en: """success"""
zh: """成功"""
}
}
failed {
desc {
en: """Count of query failed"""
zh: """请求失败次数"""
}
label: {
en: """failed"""
zh: """失败"""
}
}
rate {
desc {
en: """The rate of matched, times/second"""
zh: """命中速率,单位: 次/秒"""
}
label: {
en: """rate"""
zh: """速率"""
}
}
rate_max {
desc {
en: """The max rate of matched, times/second"""
zh: """最大命中速率,单位: 次/秒"""
}
label: {
en: """rate_max"""
zh: """最大速率"""
}
}
rate_last5m {
desc {
en: """The average rate of matched in the last 5 minutes, times/second"""
zh: """5分钟内平均命中速率单位 次/秒"""
}
label: {
en: """rate_last5m"""
zh: """5分钟内速率"""
}
}
node {
desc {
en: """The node name"""
zh: """节点名"""
}
label: {
en: """node"""
zh: """节点"""
}
}
}

232
apps/emqx_authn/i18n/emqx_authn_jwt_i18n.conf Normal file
View File

@ -0,0 +1,232 @@
emqx_authn_jwt {
use_jwks {
desc {
en: """jwks flag"""
zh: """jwks 状态"""
}
label {
en: """use_jwks"""
zh: """使用jwks"""
}
}
algorithm {
desc {
en: """Signing algorithm."""
zh: """签名算法"""
}
label {
en: """algorithm"""
zh: """算法"""
}
}
certificate {
desc {
en: """The certificate used for signing the token."""
zh: """用于签名token的证书"""
}
label {
en: """certificate"""
zh: """证书"""
}
}
secret_base64_encoded {
desc {
en: """Enable/disable base64 encoding of the secret."""
zh: """启用/关闭私匙 base64 编码"""
}
label {
en: """secret_base64_encoded"""
zh: """密钥 base64 编码"""
}
}
secret {
desc {
en: """The key to verify the JWT Token using HMAC algorithm."""
zh: """使用对称加密的算法"""
}
label {
en: """secret"""
zh: """secret"""
}
}
endpoint {
desc {
en: """JWKs endpoint"""
zh: """JWKs endpoint"""
}
label {
en: """endpoint"""
zh: """endpoint"""
}
}
refresh_interval {
desc {
en: """JWKs refresh interval"""
zh: """JWKs 更新间隔"""
}
label {
en: """refresh_interval"""
zh: """更新间隔"""
}
}
cacertfile {
desc {
en: """Path to the SSL CA certificate file."""
zh: """SSL CA 证书公钥文件路径"""
}
label {
en: """cacertfile"""
zh: """CA 证书文件"""
}
}
certfile {
desc {
en: """Path to the SSL certificate file."""
zh: """证书文件路径"""
}
label {
en: """certfile"""
zh: """证书文件"""
}
}
keyfile {
desc {
en: """Path to the SSL secret key file."""
zh: """SSL 私钥文件路径"""
}
label {
en: """keyfile"""
zh: """私钥文件"""
}
}
verify {
desc {
en: """Enable or disable SSL peer verification."""
zh: """指定握手过程中是否校验客户端"""
}
label {
en: """verify"""
zh: """verify"""
}
}
server_name_indication {
desc {
en: """SSL SNI (Server Name Indication)"""
zh: """SSL SNI (服务器名称指示)"""
}
label {
en: """server_name_indication"""
zh: """服务器名称指示"""
}
}
verify_claims {
desc {
en: """The list of claims to verify."""
zh: """The list of claims to verify."""
}
label {
en: """verify_claims"""
zh: """verify_claims"""
}
}
pool_size {
desc {
en: """JWKs connection count"""
zh: """JWKs 连接数量"""
}
label {
en: """pool_size"""
zh: """pool_size"""
}
}
ssl {
desc {
en: """SSL options."""
zh: """SSL 选项"""
}
label {
en: """ssl"""
zh: """ssl"""
}
}
enable {
desc {
en: """Enable/disable SSL."""
zh: """启用/禁用 SSL"""
}
label {
en: """enable"""
zh: """启用"""
}
}
hmac-based {
desc {
en: """Settings for HMAC-based token signing algorithm."""
zh: """HMAC-based token 签名配置"""
}
label {
en: """hmac-based"""
zh: """hmac-based"""
}
}
public-key {
desc {
en: """Settings for public key-based token signing algorithm."""
zh: """公钥token签名配置"""
}
label {
en: """public-key"""
zh: """public-key"""
}
}
jwks {
desc {
en: """Settings for a signing using JSON Web Key Set (JWKs)."""
zh: """JWks 签名配置"""
}
label {
en: """jwks"""
zh: """jwks"""
}
}
ssl_disable {
desc {
en: """SSL disabled"""
zh: """SSL 关闭"""
}
label {
en: """ssl_disable"""
zh: """关闭SSL"""
}
}
ssl_enable {
desc {
en: """SSL configuration."""
zh: """SSL 配置"""
}
label {
en: """ssl_enable"""
zh: """启用SSL"""
}
}
}

23
apps/emqx_authn/i18n/emqx_authn_mnesia_i18n.conf Normal file
View File

@ -0,0 +1,23 @@
emqx_authn_mnesia {
authentication {
desc {
en: """Configuration for authentication using the built-in database."""
zh: """内置数据库认证配置"""
}
label: {
en: """authentication"""
zh: """认证配置"""
}
}
user_id_type {
desc {
en: """Authenticate by Client ID or Username."""
zh: """认证类型,基于 Client ID 或 Username"""
}
label: {
en: """user_id_type"""
zh: """用户标识类型"""
}
}
}

99
apps/emqx_authn/i18n/emqx_authn_mongo_i18n.conf Normal file
View File

@ -0,0 +1,99 @@
emqx_authn_mongodb {
standalone {
desc {
en: """Configuration for a standalone MongoDB instance."""
zh: """MongoDB 单节点认证配置"""
}
label: {
en: """standalone"""
zh: """standalone 模式"""
}
}
replica-set {
desc {
en: """Configuration for a replica set."""
zh: """MongoDB replica set 模式认证配置"""
}
label: {
en: """replica-set"""
zh: """replica-set 模式"""
}
}
sharded-cluster {
desc {
en: """Configuration for a sharded cluster."""
zh: """MongoDB sharded cluster 模式认证配置"""
}
label: {
en: """sharded-cluster"""
zh: """sharded-cluster 模式"""
}
}
collection {
desc {
en: """Collection used to store authentication data."""
zh: """认证数据集名称"""
}
label: {
en: """collection"""
zh: """数据集"""
}
}
selector {
desc {
en: """
Statement that is executed during the authentication process.
Commands can support following wildcards:\n
- `${username}`: substituted with client's username\n
- `${clientid}`: substituted with the clientid
"""
zh: """
认证过程中所使用的查询命令。
查询命令支持如下占位符:
- `${username}`: 代替客户端的用户名
- `${clientid}`: 代替客户端的客户端标识符
"""
}
label: {
en: """selector"""
zh: """认证查询"""
}
}
password_hash_field {
desc {
en: """Document field that contains password hash."""
zh: """数据文档中的密码散列值"""
}
label: {
en: """password_hash_field"""
zh: """密码散列字段"""
}
}
salt_field {
desc {
en: """Document field that contains the password salt."""
zh: """数据文档中的密码加盐"""
}
label: {
en: """salt_field"""
zh: """加盐字段"""
}
}
is_superuser_field {
desc {
en: """Document field that defines if the user has superuser privileges."""
zh: """数据文档中的超级用户权限记录"""
}
label: {
en: """is_superuser_field"""
zh: """超级用户字段"""
}
}
}

34
apps/emqx_authn/i18n/emqx_authn_mysql_i18n.conf Normal file
View File

@ -0,0 +1,34 @@
emqx_authn_mysql {
authentication {
desc {
en: """Configuration for authentication using MySQL database."""
zh: """MySQL 认证配置"""
}
label: {
en: """authentication"""
zh: """认证配置"""
}
}
query {
desc {
en: """SQL query used to lookup client data."""
zh: """客户端数据查询 SQL 语句"""
}
label: {
en: """query"""
zh: """请求"""
}
}
query_timeout {
dsec {
en: """Timeout for the SQL query."""
zh: """SQL 查询超时时长"""
}
label: {
en: """query_timeout"""
zh: """请求超时"""
}
}
}

23
apps/emqx_authn/i18n/emqx_authn_pgsql_i18n.conf Normal file
View File

@ -0,0 +1,23 @@
emqx_authn_pgsql {
authentication {
desc {
en: """Configuration for PostgreSQL authentication backend."""
zh: """PostgreSQL 认证配置"""
}
label: {
en: """authentication"""
zh: """认证配置"""
}
}
query {
desc {
en: """`SQL` query for looking up authentication data."""
zh: """客户端数据查询 SQL 语句"""
}
label: {
en: """query"""
zh: """请求"""
}
}
}

45
apps/emqx_authn/i18n/emqx_authn_redis_i18n.conf Normal file
View File

@ -0,0 +1,45 @@
emqx_authn_redis {
standalone {
desc {
en: """Configuration for a standalone Redis instance."""
zh: """Redis 单节点认证配置"""
}
label: {
en: """standalone"""
zh: """standalone"""
}
}
cluster {
desc {
en: """Configuration for a Redis cluster."""
zh: """Redis 集群模式认证配置"""
}
label: {
en: """cluster"""
zh: """cluster"""
}
}
sentinel {
desc {
en: """Configuration for a Redis Sentinel."""
zh: """Redis 哨兵模式认证配置"""
}
label: {
en: """sentinel"""
zh: """sentinel"""
}
}
cmd {
desc {
en: """Database query used to retrieve authentication data."""
zh: """Redis 认证数据查询语句"""
}
label: {
en: """cmd"""
zh: """查询命令"""
}
}
}

66
apps/emqx_authn/src/emqx_authn_api.erl
View File

@ -18,11 +18,11 @@
-behaviour(minirest_api). -behaviour(minirest_api).
-include_lib("typerefl/include/types.hrl").
-include("emqx_authn.hrl"). -include("emqx_authn.hrl").
-include_lib("emqx/include/emqx_placeholder.hrl").
-include_lib("emqx/include/logger.hrl"). -include_lib("emqx/include/logger.hrl").
-include_lib("emqx/include/emqx_placeholder.hrl").
-include_lib("emqx/include/emqx_authentication.hrl"). -include_lib("emqx/include/emqx_authentication.hrl").
-include_lib("hocon/include/hoconsc.hrl").
-import(hoconsc, [mk/2, ref/1, ref/2]). -import(hoconsc, [mk/2, ref/1, ref/2]).
-import(emqx_dashboard_swagger, [error_codes/2]). -import(emqx_dashboard_swagger, [error_codes/2]).
@ -154,7 +154,7 @@ schema("/authentication") ->
'operationId' => authenticators, 'operationId' => authenticators,
get => #{ get => #{
tags => ?API_TAGS_GLOBAL, tags => ?API_TAGS_GLOBAL,
description => <<"List authenticators for global authentication">>, description => ?DESC(authentication_get),
responses => #{ responses => #{
200 => emqx_dashboard_swagger:schema_with_example( 200 => emqx_dashboard_swagger:schema_with_example(
hoconsc:array(emqx_authn_schema:authenticator_type()), hoconsc:array(emqx_authn_schema:authenticator_type()),
@ -164,7 +164,7 @@ schema("/authentication") ->
}, },
post => #{ post => #{
tags => ?API_TAGS_GLOBAL, tags => ?API_TAGS_GLOBAL,
description => <<"Create authenticator for global authentication">>, description => ?DESC(authentication_post),
'requestBody' => emqx_dashboard_swagger:schema_with_examples( 'requestBody' => emqx_dashboard_swagger:schema_with_examples(
emqx_authn_schema:authenticator_type(), emqx_authn_schema:authenticator_type(),
authenticator_examples() authenticator_examples()
@ -184,7 +184,7 @@ schema("/authentication/:id") ->
'operationId' => authenticator, 'operationId' => authenticator,
get => #{ get => #{
tags => ?API_TAGS_GLOBAL, tags => ?API_TAGS_GLOBAL,
description => <<"Get authenticator from global authentication chain">>, description => ?DESC(authentication_id_get),
parameters => [param_auth_id()], parameters => [param_auth_id()],
responses => #{ responses => #{
200 => emqx_dashboard_swagger:schema_with_examples( 200 => emqx_dashboard_swagger:schema_with_examples(
@ -196,7 +196,7 @@ schema("/authentication/:id") ->
}, },
put => #{ put => #{
tags => ?API_TAGS_GLOBAL, tags => ?API_TAGS_GLOBAL,
description => <<"Update authenticator from global authentication chain">>, description => ?DESC(authentication_id_put),
parameters => [param_auth_id()], parameters => [param_auth_id()],
'requestBody' => emqx_dashboard_swagger:schema_with_examples( 'requestBody' => emqx_dashboard_swagger:schema_with_examples(
emqx_authn_schema:authenticator_type(), emqx_authn_schema:authenticator_type(),
@ -214,7 +214,7 @@ schema("/authentication/:id") ->
}, },
delete => #{ delete => #{
tags => ?API_TAGS_GLOBAL, tags => ?API_TAGS_GLOBAL,
description => <<"Delete authenticator from global authentication chain">>, description => ?DESC(authentication_id_delete),
parameters => [param_auth_id()], parameters => [param_auth_id()],
responses => #{ responses => #{
204 => <<"Authenticator deleted">>, 204 => <<"Authenticator deleted">>,
@ -227,7 +227,7 @@ schema("/authentication/:id/status") ->
'operationId' => authenticator_status, 'operationId' => authenticator_status,
get => #{ get => #{
tags => ?API_TAGS_GLOBAL, tags => ?API_TAGS_GLOBAL,
description => <<"Get authenticator status from global authentication chain">>, description => ?DESC(authentication_id_status_get),
parameters => [param_auth_id()], parameters => [param_auth_id()],
responses => #{ responses => #{
200 => emqx_dashboard_swagger:schema_with_examples( 200 => emqx_dashboard_swagger:schema_with_examples(
@ -243,7 +243,7 @@ schema("/listeners/:listener_id/authentication") ->
'operationId' => listener_authenticators, 'operationId' => listener_authenticators,
get => #{ get => #{
tags => ?API_TAGS_SINGLE, tags => ?API_TAGS_SINGLE,
description => <<"List authenticators for listener authentication">>, description => ?DESC(listeners_listener_id_authentication_get),
parameters => [param_listener_id()], parameters => [param_listener_id()],
responses => #{ responses => #{
200 => emqx_dashboard_swagger:schema_with_example( 200 => emqx_dashboard_swagger:schema_with_example(
@ -254,7 +254,7 @@ schema("/listeners/:listener_id/authentication") ->
}, },
post => #{ post => #{
tags => ?API_TAGS_SINGLE, tags => ?API_TAGS_SINGLE,
description => <<"Create authenticator for listener authentication">>, description => ?DESC(listeners_listener_id_authentication_post),
parameters => [param_listener_id()], parameters => [param_listener_id()],
'requestBody' => emqx_dashboard_swagger:schema_with_examples( 'requestBody' => emqx_dashboard_swagger:schema_with_examples(
emqx_authn_schema:authenticator_type(), emqx_authn_schema:authenticator_type(),
@ -275,7 +275,7 @@ schema("/listeners/:listener_id/authentication/:id") ->
'operationId' => listener_authenticator, 'operationId' => listener_authenticator,
get => #{ get => #{
tags => ?API_TAGS_SINGLE, tags => ?API_TAGS_SINGLE,
description => <<"Get authenticator from listener authentication chain">>, description => ?DESC(listeners_listener_id_authentication_id_get),
parameters => [param_listener_id(), param_auth_id()], parameters => [param_listener_id(), param_auth_id()],
responses => #{ responses => #{
200 => emqx_dashboard_swagger:schema_with_examples( 200 => emqx_dashboard_swagger:schema_with_examples(
@ -287,7 +287,7 @@ schema("/listeners/:listener_id/authentication/:id") ->
}, },
put => #{ put => #{
tags => ?API_TAGS_SINGLE, tags => ?API_TAGS_SINGLE,
description => <<"Update authenticator from listener authentication chain">>, description => ?DESC(listeners_listener_id_authentication_id_put),
parameters => [param_listener_id(), param_auth_id()], parameters => [param_listener_id(), param_auth_id()],
'requestBody' => emqx_dashboard_swagger:schema_with_examples( 'requestBody' => emqx_dashboard_swagger:schema_with_examples(
emqx_authn_schema:authenticator_type(), emqx_authn_schema:authenticator_type(),
@ -305,7 +305,7 @@ schema("/listeners/:listener_id/authentication/:id") ->
}, },
delete => #{ delete => #{
tags => ?API_TAGS_SINGLE, tags => ?API_TAGS_SINGLE,
description => <<"Delete authenticator from listener authentication chain">>, description => ?DESC(listeners_listener_id_authentication_id_delete),
parameters => [param_listener_id(), param_auth_id()], parameters => [param_listener_id(), param_auth_id()],
responses => #{ responses => #{
204 => <<"Authenticator deleted">>, 204 => <<"Authenticator deleted">>,
@ -318,7 +318,7 @@ schema("/listeners/:listener_id/authentication/:id/status") ->
'operationId' => listener_authenticator_status, 'operationId' => listener_authenticator_status,
get => #{ get => #{
tags => ?API_TAGS_SINGLE, tags => ?API_TAGS_SINGLE,
description => <<"Get authenticator status from listener authentication chain">>, description => ?DESC(listeners_listener_id_authentication_id_status_get),
parameters => [param_listener_id(), param_auth_id()], parameters => [param_listener_id(), param_auth_id()],
responses => #{ responses => #{
200 => emqx_dashboard_swagger:schema_with_examples( 200 => emqx_dashboard_swagger:schema_with_examples(
@ -334,7 +334,7 @@ schema("/authentication/:id/move") ->
'operationId' => authenticator_move, 'operationId' => authenticator_move,
post => #{ post => #{
tags => ?API_TAGS_GLOBAL, tags => ?API_TAGS_GLOBAL,
description => <<"Move authenticator in global authentication chain">>, description => ?DESC(authentication_id_move_post),
parameters => [param_auth_id()], parameters => [param_auth_id()],
'requestBody' => emqx_dashboard_swagger:schema_with_examples( 'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_move), ref(request_move),
@ -352,7 +352,7 @@ schema("/listeners/:listener_id/authentication/:id/move") ->
'operationId' => listener_authenticator_move, 'operationId' => listener_authenticator_move,
post => #{ post => #{
tags => ?API_TAGS_SINGLE, tags => ?API_TAGS_SINGLE,
description => <<"Move authenticator in listener authentication chain">>, description => ?DESC(listeners_listener_id_authentication_id_move_post),
parameters => [param_listener_id(), param_auth_id()], parameters => [param_listener_id(), param_auth_id()],
'requestBody' => emqx_dashboard_swagger:schema_with_examples( 'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_move), ref(request_move),
@ -370,7 +370,7 @@ schema("/authentication/:id/import_users") ->
'operationId' => authenticator_import_users, 'operationId' => authenticator_import_users,
post => #{ post => #{
tags => ?API_TAGS_GLOBAL, tags => ?API_TAGS_GLOBAL,
description => <<"Import users into authenticator in global authentication chain">>, description => ?DESC(authentication_id_import_users_post),
parameters => [param_auth_id()], parameters => [param_auth_id()],
'requestBody' => emqx_dashboard_swagger:schema_with_examples( 'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_import_users), ref(request_import_users),
@ -388,7 +388,7 @@ schema("/listeners/:listener_id/authentication/:id/import_users") ->
'operationId' => listener_authenticator_import_users, 'operationId' => listener_authenticator_import_users,
post => #{ post => #{
tags => ?API_TAGS_SINGLE, tags => ?API_TAGS_SINGLE,
description => <<"Import users into authenticator in listener authentication chain">>, description => ?DESC(listeners_listener_id_authentication_id_import_users_post),
parameters => [param_listener_id(), param_auth_id()], parameters => [param_listener_id(), param_auth_id()],
'requestBody' => emqx_dashboard_swagger:schema_with_examples( 'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_import_users), ref(request_import_users),
@ -406,7 +406,7 @@ schema("/authentication/:id/users") ->
'operationId' => authenticator_users, 'operationId' => authenticator_users,
post => #{ post => #{
tags => ?API_TAGS_GLOBAL, tags => ?API_TAGS_GLOBAL,
description => <<"Create users for authenticator in global authentication chain">>, description => ?DESC(authentication_id_users_post),
parameters => [param_auth_id()], parameters => [param_auth_id()],
'requestBody' => emqx_dashboard_swagger:schema_with_examples( 'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_user_create), ref(request_user_create),
@ -423,7 +423,7 @@ schema("/authentication/:id/users") ->
}, },
get => #{ get => #{
tags => ?API_TAGS_GLOBAL, tags => ?API_TAGS_GLOBAL,
description => <<"List users in authenticator in global authentication chain">>, description => ?DESC(authentication_id_users_get),
parameters => [ parameters => [
param_auth_id(), param_auth_id(),
ref(emqx_dashboard_swagger, page), ref(emqx_dashboard_swagger, page),
@ -431,13 +431,13 @@ schema("/authentication/:id/users") ->
{like_username, {like_username,
mk(binary(), #{ mk(binary(), #{
in => query, in => query,
desc => <<"Fuzzy search username">>, desc => ?DESC(like_username),
required => false required => false
})}, })},
{like_clientid, {like_clientid,
mk(binary(), #{ mk(binary(), #{
in => query, in => query,
desc => <<"Fuzzy search clientid">>, desc => ?DESC(like_clientid),
required => false required => false
})} })}
], ],
@ -455,7 +455,7 @@ schema("/listeners/:listener_id/authentication/:id/users") ->
'operationId' => listener_authenticator_users, 'operationId' => listener_authenticator_users,
post => #{ post => #{
tags => ?API_TAGS_SINGLE, tags => ?API_TAGS_SINGLE,
description => <<"Create users for authenticator in global authentication chain">>, description => ?DESC(listeners_listener_id_authentication_id_users_post),
parameters => [param_auth_id(), param_listener_id()], parameters => [param_auth_id(), param_listener_id()],
'requestBody' => emqx_dashboard_swagger:schema_with_examples( 'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_user_create), ref(request_user_create),
@ -472,7 +472,7 @@ schema("/listeners/:listener_id/authentication/:id/users") ->
}, },
get => #{ get => #{
tags => ?API_TAGS_SINGLE, tags => ?API_TAGS_SINGLE,
description => <<"List users in authenticator in listener authentication chain">>, description => ?DESC(listeners_listener_id_authentication_id_users_get),
parameters => [ parameters => [
param_listener_id(), param_listener_id(),
param_auth_id(), param_auth_id(),
@ -493,7 +493,7 @@ schema("/authentication/:id/users/:user_id") ->
'operationId' => authenticator_user, 'operationId' => authenticator_user,
get => #{ get => #{
tags => ?API_TAGS_GLOBAL, tags => ?API_TAGS_GLOBAL,
description => <<"Get user from authenticator in global authentication chain">>, description => ?DESC(authentication_id_users_user_id_get),
parameters => [param_auth_id(), param_user_id()], parameters => [param_auth_id(), param_user_id()],
responses => #{ responses => #{
200 => emqx_dashboard_swagger:schema_with_examples( 200 => emqx_dashboard_swagger:schema_with_examples(
@ -505,7 +505,7 @@ schema("/authentication/:id/users/:user_id") ->
}, },
put => #{ put => #{
tags => ?API_TAGS_GLOBAL, tags => ?API_TAGS_GLOBAL,
description => <<"Update user in authenticator in global authentication chain">>, description => ?DESC(authentication_id_users_user_id_put),
parameters => [param_auth_id(), param_user_id()], parameters => [param_auth_id(), param_user_id()],
'requestBody' => emqx_dashboard_swagger:schema_with_examples( 'requestBody' => emqx_dashboard_swagger:schema_with_examples(
ref(request_user_update), ref(request_user_update),
@ -522,7 +522,7 @@ schema("/authentication/:id/users/:user_id") ->
}, },
delete => #{ delete => #{
tags => ?API_TAGS_GLOBAL, tags => ?API_TAGS_GLOBAL,
description => <<"Update user in authenticator in global authentication chain">>, description => ?DESC(authentication_id_users_user_id_delete),
parameters => [param_auth_id(), param_user_id()], parameters => [param_auth_id(), param_user_id()],
responses => #{ responses => #{
204 => <<"User deleted">>, 204 => <<"User deleted">>,
@ -535,7 +535,7 @@ schema("/listeners/:listener_id/authentication/:id/users/:user_id") ->
'operationId' => listener_authenticator_user, 'operationId' => listener_authenticator_user,
get => #{ get => #{
tags => ?API_TAGS_SINGLE, tags => ?API_TAGS_SINGLE,
description => <<"Get user from authenticator in listener authentication chain">>, description => ?DESC(listeners_listener_id_authentication_id_users_user_id_get),
parameters => [param_listener_id(), param_auth_id(), param_user_id()], parameters => [param_listener_id(), param_auth_id(), param_user_id()],
responses => #{ responses => #{
200 => emqx_dashboard_swagger:schema_with_example( 200 => emqx_dashboard_swagger:schema_with_example(
@ -547,7 +547,7 @@ schema("/listeners/:listener_id/authentication/:id/users/:user_id") ->
}, },
put => #{ put => #{
tags => ?API_TAGS_SINGLE, tags => ?API_TAGS_SINGLE,
description => <<"Update user in authenticator in listener authentication chain">>, description => ?DESC(listeners_listener_id_authentication_id_users_user_id_put),
parameters => [param_listener_id(), param_auth_id(), param_user_id()], parameters => [param_listener_id(), param_auth_id(), param_user_id()],
'requestBody' => emqx_dashboard_swagger:schema_with_example( 'requestBody' => emqx_dashboard_swagger:schema_with_example(
ref(request_user_update), ref(request_user_update),
@ -564,7 +564,7 @@ schema("/listeners/:listener_id/authentication/:id/users/:user_id") ->
}, },
delete => #{ delete => #{
tags => ?API_TAGS_SINGLE, tags => ?API_TAGS_SINGLE,
description => <<"Update user in authenticator in listener authentication chain">>, description => ?DESC(listeners_listener_id_authentication_id_users_user_id_delete),
parameters => [param_listener_id(), param_auth_id(), param_user_id()], parameters => [param_listener_id(), param_auth_id(), param_user_id()],
responses => #{ responses => #{
204 => <<"User deleted">>, 204 => <<"User deleted">>,
@ -578,7 +578,7 @@ param_auth_id() ->
id, id,
mk(binary(), #{ mk(binary(), #{
in => path, in => path,
desc => <<"Authenticator ID">>, desc => ?DESC(param_auth_id),
required => true required => true
}) })
}. }.
@ -588,7 +588,7 @@ param_listener_id() ->
listener_id, listener_id,
mk(binary(), #{ mk(binary(), #{
in => path, in => path,
desc => <<"Listener ID">>, desc => ?DESC(param_listener_id),
required => true, required => true,
example => emqx_listeners:id_example() example => emqx_listeners:id_example()
}) })
@ -599,7 +599,7 @@ param_user_id() ->
user_id, user_id,
mk(binary(), #{ mk(binary(), #{
in => path, in => path,
desc => <<"User ID">> desc => ?DESC(param_user_id)
}) })
}. }.

38
apps/emqx_authn/src/emqx_authn_schema.erl
View File

@ -17,7 +17,7 @@
-module(emqx_authn_schema). -module(emqx_authn_schema).
-elvis([{elvis_style, invalid_dynamic_call, disable}]). -elvis([{elvis_style, invalid_dynamic_call, disable}]).
-include_lib("typerefl/include/types.hrl"). -include_lib("hocon/include/hoconsc.hrl").
-import(hoconsc, [mk/2, ref/2]). -import(hoconsc, [mk/2, ref/2]).
-export([ -export([
@ -38,7 +38,7 @@ common_fields() ->
enable(type) -> boolean(); enable(type) -> boolean();
enable(default) -> true; enable(default) -> true;
enable(desc) -> "Set to <code>false</code> to disable this auth provider"; enable(desc) -> ?DESC(?FUNCTION_NAME);
enable(_) -> undefined. enable(_) -> undefined.
authenticator_type() -> authenticator_type() ->
@ -74,7 +74,7 @@ mechanism(Name) ->
hoconsc:enum([Name]), hoconsc:enum([Name]),
#{ #{
required => true, required => true,
desc => "Authentication mechanism." desc => ?DESC("mechanism")
} }
). ).
@ -83,51 +83,47 @@ backend(Name) ->
hoconsc:enum([Name]), hoconsc:enum([Name]),
#{ #{
required => true, required => true,
desc => "Backend type." desc => ?DESC("backend")
} }
). ).
fields("metrics_status_fields") -> fields("metrics_status_fields") ->
[ [
{"metrics", mk(ref(?MODULE, "metrics"), #{desc => "The metrics of the resource"})}, {"metrics", mk(ref(?MODULE, "metrics"), #{desc => ?DESC("metrics")})},
{"node_metrics", {"node_metrics",
mk( mk(
hoconsc:array(ref(?MODULE, "node_metrics")), hoconsc:array(ref(?MODULE, "node_metrics")),
#{desc => "The metrics of the resource for each node"} #{desc => ?DESC("node_metrics")}
)}, )},
{"status", mk(status(), #{desc => "The status of the resource"})}, {"status", mk(status(), #{desc => ?DESC("status")})},
{"node_status", {"node_status",
mk( mk(
hoconsc:array(ref(?MODULE, "node_status")), hoconsc:array(ref(?MODULE, "node_status")),
#{desc => "The status of the resource for each node"} #{desc => ?DESC("node_status")}
)} )}
]; ];
fields("metrics") -> fields("metrics") ->
[ [
{"matched", mk(integer(), #{desc => "Count of this resource is queried"})}, {"matched", mk(integer(), #{desc => ?DESC("matched")})},
{"success", mk(integer(), #{desc => "Count of query success"})}, {"success", mk(integer(), #{desc => ?DESC("success")})},
{"failed", mk(integer(), #{desc => "Count of query failed"})}, {"failed", mk(integer(), #{desc => ?DESC("failed")})},
{"rate", mk(float(), #{desc => "The rate of matched, times/second"})}, {"rate", mk(float(), #{desc => ?DESC("rate")})},
{"rate_max", mk(float(), #{desc => "The max rate of matched, times/second"})}, {"rate_max", mk(float(), #{desc => ?DESC("rate_max")})},
{"rate_last5m", {"rate_last5m", mk(float(), #{desc => ?DESC("rate_last5m")})}
mk(
float(),
#{desc => "The average rate of matched in the last 5 minutes, times/second"}
)}
]; ];
fields("node_metrics") -> fields("node_metrics") ->
[ [
node_name(), node_name(),
{"metrics", mk(ref(?MODULE, "metrics"), #{})} {"metrics", mk(ref(?MODULE, "metrics"), #{desc => ?DESC("metrics")})}
]; ];
fields("node_status") -> fields("node_status") ->
[ [
node_name(), node_name(),
{"status", mk(status(), #{desc => "Status of the node."})} {"status", mk(status(), #{desc => ?DESC("node_status")})}
]. ].
status() -> status() ->
hoconsc:enum([connected, disconnected, connecting]). hoconsc:enum([connected, disconnected, connecting]).
node_name() -> node_name() ->
{"node", mk(binary(), #{desc => "The node name", example => "emqx@127.0.0.1"})}. {"node", mk(binary(), #{desc => ?DESC("node"), example => "emqx@127.0.0.1"})}.

21
apps/emqx_authn/src/simple_authn/emqx_authn_http.erl
View File

@ -18,7 +18,7 @@
-include("emqx_authn.hrl"). -include("emqx_authn.hrl").
-include_lib("emqx/include/logger.hrl"). -include_lib("emqx/include/logger.hrl").
-include_lib("typerefl/include/types.hrl"). -include_lib("hocon/include/hoconsc.hrl").
-include_lib("emqx_connector/include/emqx_connector.hrl"). -include_lib("emqx_connector/include/emqx_connector.hrl").
-behaviour(hocon_schema). -behaviour(hocon_schema).
@ -62,19 +62,19 @@ roots() ->
fields(get) -> fields(get) ->
[ [
{method, #{type => get, required => true, default => post, desc => "HTTP method."}}, {method, #{type => get, required => true, default => post, desc => ?DESC(method)}},
{headers, fun headers_no_content_type/1} {headers, fun headers_no_content_type/1}
] ++ common_fields(); ] ++ common_fields();
fields(post) -> fields(post) ->
[ [
{method, #{type => post, required => true, default => post, desc => "HTTP method."}}, {method, #{type => post, required => true, default => post, desc => ?DESC(method)}},
{headers, fun headers/1} {headers, fun headers/1}
] ++ common_fields(). ] ++ common_fields().
desc(get) -> desc(get) ->
"Settings for HTTP-based authentication (GET)."; ?DESC(get);
desc(post) -> desc(post) ->
"Settings for HTTP-based authentication (POST)."; ?DESC(post);
desc(_) -> desc(_) ->
undefined. undefined.
@ -83,8 +83,7 @@ common_fields() ->
{mechanism, emqx_authn_schema:mechanism(password_based)}, {mechanism, emqx_authn_schema:mechanism(password_based)},
{backend, emqx_authn_schema:backend(http)}, {backend, emqx_authn_schema:backend(http)},
{url, fun url/1}, {url, fun url/1},
{body, {body, hoconsc:mk(map([{fuzzy, term(), binary()}]), #{desc => ?DESC(body)})},
hoconsc:mk(map([{fuzzy, term(), binary()}]), #{desc => "Body of the HTTP request."})},
{request_timeout, fun request_timeout/1} {request_timeout, fun request_timeout/1}
] ++ emqx_authn_schema:common_fields() ++ ] ++ emqx_authn_schema:common_fields() ++
maps:to_list( maps:to_list(
@ -104,7 +103,7 @@ validations() ->
]. ].
url(type) -> binary(); url(type) -> binary();
url(desc) -> "URL of the auth server."; url(desc) -> ?DESC(?FUNCTION_NAME);
url(validator) -> [?NOT_EMPTY("the value of the field 'url' cannot be empty")]; url(validator) -> [?NOT_EMPTY("the value of the field 'url' cannot be empty")];
url(required) -> true; url(required) -> true;
url(_) -> undefined. url(_) -> undefined.
@ -112,7 +111,7 @@ url(_) -> undefined.
headers(type) -> headers(type) ->
map(); map();
headers(desc) -> headers(desc) ->
"List of HTTP headers."; ?DESC(?FUNCTION_NAME);
headers(converter) -> headers(converter) ->
fun(Headers) -> fun(Headers) ->
maps:merge(default_headers(), transform_header_name(Headers)) maps:merge(default_headers(), transform_header_name(Headers))
@ -125,7 +124,7 @@ headers(_) ->
headers_no_content_type(type) -> headers_no_content_type(type) ->
map(); map();
headers_no_content_type(desc) -> headers_no_content_type(desc) ->
"List of HTTP headers."; ?DESC(?FUNCTION_NAME);
headers_no_content_type(converter) -> headers_no_content_type(converter) ->
fun(Headers) -> fun(Headers) ->
maps:merge(default_headers_no_content_type(), transform_header_name(Headers)) maps:merge(default_headers_no_content_type(), transform_header_name(Headers))
@ -136,7 +135,7 @@ headers_no_content_type(_) ->
undefined. undefined.
request_timeout(type) -> emqx_schema:duration_ms(); request_timeout(type) -> emqx_schema:duration_ms();
request_timeout(desc) -> "HTTP request timeout"; request_timeout(desc) -> ?DESC(?FUNCTION_NAME);
request_timeout(default) -> <<"5s">>; request_timeout(default) -> <<"5s">>;
request_timeout(_) -> undefined. request_timeout(_) -> undefined.

52
apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
View File

@ -17,8 +17,8 @@
-module(emqx_authn_jwt). -module(emqx_authn_jwt).
-include("emqx_authn.hrl"). -include("emqx_authn.hrl").
-include_lib("typerefl/include/types.hrl").
-include_lib("emqx/include/logger.hrl"). -include_lib("emqx/include/logger.hrl").
-include_lib("hocon/include/hoconsc.hrl").
-behaviour(hocon_schema). -behaviour(hocon_schema).
-behaviour(emqx_authentication). -behaviour(emqx_authentication).
@ -55,22 +55,22 @@ roots() ->
fields('hmac-based') -> fields('hmac-based') ->
[ [
{use_jwks, sc(hoconsc:enum([false]), #{required => true, desc => ""})}, {use_jwks, sc(hoconsc:enum([false]), #{required => true, desc => ?DESC(use_jwks)})},
{algorithm, {algorithm,
sc(hoconsc:enum(['hmac-based']), #{required => true, desc => "Signing algorithm."})}, sc(hoconsc:enum(['hmac-based']), #{required => true, desc => ?DESC(algorithm)})},
{secret, fun secret/1}, {secret, fun secret/1},
{secret_base64_encoded, fun secret_base64_encoded/1} {secret_base64_encoded, fun secret_base64_encoded/1}
] ++ common_fields(); ] ++ common_fields();
fields('public-key') -> fields('public-key') ->
[ [
{use_jwks, sc(hoconsc:enum([false]), #{required => true, desc => ""})}, {use_jwks, sc(hoconsc:enum([false]), #{required => true, desc => ?DESC(use_jwks)})},
{algorithm, {algorithm,
sc(hoconsc:enum(['public-key']), #{required => true, desc => "Signing algorithm."})}, sc(hoconsc:enum(['public-key']), #{required => true, desc => ?DESC(algorithm)})},
{certificate, fun certificate/1} {certificate, fun certificate/1}
] ++ common_fields(); ] ++ common_fields();
fields('jwks') -> fields('jwks') ->
[ [
{use_jwks, sc(hoconsc:enum([true]), #{required => true, desc => ""})}, {use_jwks, sc(hoconsc:enum([true]), #{required => true, desc => ?DESC(use_jwks)})},
{endpoint, fun endpoint/1}, {endpoint, fun endpoint/1},
{pool_size, fun pool_size/1}, {pool_size, fun pool_size/1},
{refresh_interval, fun refresh_interval/1}, {refresh_interval, fun refresh_interval/1},
@ -79,14 +79,14 @@ fields('jwks') ->
hoconsc:ref(?MODULE, ssl_enable), hoconsc:ref(?MODULE, ssl_enable),
hoconsc:ref(?MODULE, ssl_disable) hoconsc:ref(?MODULE, ssl_disable)
]), ]),
desc => "Enable/disable SSL.", desc => ?DESC(ssl),
default => #{<<"enable">> => false}, default => #{<<"enable">> => false},
required => false required => false
}} }}
] ++ common_fields(); ] ++ common_fields();
fields(ssl_enable) -> fields(ssl_enable) ->
[ [
{enable, #{type => true, desc => ""}}, {enable, #{type => true, desc => ?DESC(enable)}},
{cacertfile, fun cacertfile/1}, {cacertfile, fun cacertfile/1},
{certfile, fun certfile/1}, {certfile, fun certfile/1},
{keyfile, fun keyfile/1}, {keyfile, fun keyfile/1},
@ -94,18 +94,18 @@ fields(ssl_enable) ->
{server_name_indication, fun server_name_indication/1} {server_name_indication, fun server_name_indication/1}
]; ];
fields(ssl_disable) -> fields(ssl_disable) ->
[{enable, #{type => false, desc => ""}}]. [{enable, #{type => false, desc => ?DESC(enable)}}].
desc('hmac-based') -> desc('hmac-based') ->
"Settings for HMAC-based token signing algorithm."; ?DESC('hmac-based');
desc('public-key') -> desc('public-key') ->
"Settings for public key-based token signing algorithm."; ?DESC('public-key');
desc('jwks') -> desc('jwks') ->
"Settings for a signing using JSON Web Key Set (JWKs)."; ?DESC('jwks');
desc(ssl_disable) -> desc(ssl_disable) ->
""; ?DESC(ssl_disable);
desc(ssl_enable) -> desc(ssl_enable) ->
"SSL configuration."; ?DESC(ssl_enable);
desc(_) -> desc(_) ->
undefined. undefined.
@ -116,56 +116,56 @@ common_fields() ->
] ++ emqx_authn_schema:common_fields(). ] ++ emqx_authn_schema:common_fields().
secret(type) -> binary(); secret(type) -> binary();
secret(desc) -> "The key to verify the JWT Token using HMAC algorithm."; secret(desc) -> ?DESC(?FUNCTION_NAME);
secret(required) -> true; secret(required) -> true;
secret(_) -> undefined. secret(_) -> undefined.
secret_base64_encoded(type) -> boolean(); secret_base64_encoded(type) -> boolean();
secret_base64_encoded(desc) -> "Enable/disable base64 encoding of the secret."; secret_base64_encoded(desc) -> ?DESC(?FUNCTION_NAME);
secret_base64_encoded(default) -> false; secret_base64_encoded(default) -> false;
secret_base64_encoded(_) -> undefined. secret_base64_encoded(_) -> undefined.
certificate(type) -> string(); certificate(type) -> string();
certificate(desc) -> "The certificate used for signing the token."; certificate(desc) -> ?DESC(?FUNCTION_NAME);
certificate(required) -> ture; certificate(required) -> ture;
certificate(_) -> undefined. certificate(_) -> undefined.
endpoint(type) -> string(); endpoint(type) -> string();
endpoint(desc) -> "JWKs endpoint."; endpoint(desc) -> ?DESC(?FUNCTION_NAME);
endpoint(required) -> true; endpoint(required) -> true;
endpoint(_) -> undefined. endpoint(_) -> undefined.
refresh_interval(type) -> integer(); refresh_interval(type) -> integer();
refresh_interval(desc) -> "JWKs refresh interval"; refresh_interval(desc) -> ?DESC(?FUNCTION_NAME);
refresh_interval(default) -> 300; refresh_interval(default) -> 300;
refresh_interval(validator) -> [fun(I) -> I > 0 end]; refresh_interval(validator) -> [fun(I) -> I > 0 end];
refresh_interval(_) -> undefined. refresh_interval(_) -> undefined.
cacertfile(type) -> string(); cacertfile(type) -> string();
cacertfile(desc) -> "Path to the SSL CA certificate file."; cacertfile(desc) -> ?DESC(?FUNCTION_NAME);
cacertfile(_) -> undefined. cacertfile(_) -> undefined.
certfile(type) -> string(); certfile(type) -> string();
certfile(desc) -> "Path to the SSL certificate file."; certfile(desc) -> ?DESC(?FUNCTION_NAME);
certfile(_) -> undefined. certfile(_) -> undefined.
keyfile(type) -> string(); keyfile(type) -> string();
keyfile(desc) -> "Path to the SSL secret key file."; keyfile(desc) -> ?DESC(?FUNCTION_NAME);
keyfile(_) -> undefined. keyfile(_) -> undefined.
verify(type) -> hoconsc:enum([verify_peer, verify_none]); verify(type) -> hoconsc:enum([verify_peer, verify_none]);
verify(desc) -> "Enable or disable SSL peer verification."; verify(desc) -> ?DESC(?FUNCTION_NAME);
verify(default) -> verify_none; verify(default) -> verify_none;
verify(_) -> undefined. verify(_) -> undefined.
server_name_indication(type) -> string(); server_name_indication(type) -> string();
server_name_indication(desc) -> "SSL SNI (Server Name Indication)"; server_name_indication(desc) -> ?DESC(?FUNCTION_NAME);
server_name_indication(_) -> undefined. server_name_indication(_) -> undefined.
verify_claims(type) -> verify_claims(type) ->
list(); list();
verify_claims(desc) -> verify_claims(desc) ->
"The list of claims to verify."; ?DESC(?FUNCTION_NAME);
verify_claims(default) -> verify_claims(default) ->
#{}; #{};
verify_claims(validator) -> verify_claims(validator) ->
@ -180,7 +180,7 @@ verify_claims(_) ->
undefined. undefined.
pool_size(type) -> integer(); pool_size(type) -> integer();
pool_size(desc) -> "JWKS connection count"; pool_size(desc) -> ?DESC(?FUNCTION_NAME);
pool_size(default) -> 8; pool_size(default) -> 8;
pool_size(validator) -> [fun(I) -> I > 0 end]; pool_size(validator) -> [fun(I) -> I > 0 end];
pool_size(_) -> undefined. pool_size(_) -> undefined.

6
apps/emqx_authn/src/simple_authn/emqx_authn_mnesia.erl
View File

@ -18,7 +18,7 @@
-include("emqx_authn.hrl"). -include("emqx_authn.hrl").
-include_lib("stdlib/include/ms_transform.hrl"). -include_lib("stdlib/include/ms_transform.hrl").
-include_lib("typerefl/include/types.hrl"). -include_lib("hocon/include/hoconsc.hrl").
-behaviour(hocon_schema). -behaviour(hocon_schema).
-behaviour(emqx_authentication). -behaviour(emqx_authentication).
@ -110,12 +110,12 @@ fields(?CONF_NS) ->
] ++ emqx_authn_schema:common_fields(). ] ++ emqx_authn_schema:common_fields().
desc(?CONF_NS) -> desc(?CONF_NS) ->
"Configuration for authentication using the built-in database."; ?DESC(?CONF_NS);
desc(_) -> desc(_) ->
undefined. undefined.
user_id_type(type) -> user_id_type(); user_id_type(type) -> user_id_type();
user_id_type(desc) -> "Authenticate by client ID or username."; user_id_type(desc) -> ?DESC(?FUNCTION_NAME);
user_id_type(default) -> <<"username">>; user_id_type(default) -> <<"username">>;
user_id_type(required) -> true; user_id_type(required) -> true;
user_id_type(_) -> undefined. user_id_type(_) -> undefined.

23
apps/emqx_authn/src/simple_authn/emqx_authn_mongodb.erl
View File

@ -18,7 +18,7 @@
-include("emqx_authn.hrl"). -include("emqx_authn.hrl").
-include_lib("emqx/include/logger.hrl"). -include_lib("emqx/include/logger.hrl").
-include_lib("typerefl/include/types.hrl"). -include_lib("hocon/include/hoconsc.hrl").
-behaviour(hocon_schema). -behaviour(hocon_schema).
-behaviour(emqx_authentication). -behaviour(emqx_authentication).
@ -61,17 +61,17 @@ fields('sharded-cluster') ->
common_fields() ++ emqx_connector_mongo:fields(sharded). common_fields() ++ emqx_connector_mongo:fields(sharded).
desc(standalone) -> desc(standalone) ->
"Configuration for a standalone MongoDB instance."; ?DESC(standalone);
desc('replica-set') -> desc('replica-set') ->
"Configuration for a replica set."; ?DESC('replica-set');
desc('sharded-cluster') -> desc('sharded-cluster') ->
"Configuration for a sharded cluster."; ?DESC('sharded-cluster');
desc(_) -> desc(_) ->
undefined. undefined.
common_fields() -> common_fields() ->
[ [
{mechanism, emqx_authn_schema:mechanism('password_based')}, {mechanism, emqx_authn_schema:mechanism(password_based)},
{backend, emqx_authn_schema:backend(mongodb)}, {backend, emqx_authn_schema:backend(mongodb)},
{collection, fun collection/1}, {collection, fun collection/1},
{selector, fun selector/1}, {selector, fun selector/1},
@ -82,32 +82,29 @@ common_fields() ->
] ++ emqx_authn_schema:common_fields(). ] ++ emqx_authn_schema:common_fields().
collection(type) -> binary(); collection(type) -> binary();
collection(desc) -> "Collection used to store authentication data."; collection(desc) -> ?DESC(?FUNCTION_NAME);
collection(required) -> true; collection(required) -> true;
collection(_) -> undefined. collection(_) -> undefined.
selector(type) -> selector(type) ->
map(); map();
selector(desc) -> selector(desc) ->
"Statement that is executed during the authentication process. " ?DESC(?FUNCTION_NAME);
"Commands can support following wildcards:\n"
" - `${username}`: substituted with client's username\n"
" - `${clientid}`: substituted with the clientid";
selector(_) -> selector(_) ->
undefined. undefined.
password_hash_field(type) -> binary(); password_hash_field(type) -> binary();
password_hash_field(desc) -> "Document field that contains password hash."; password_hash_field(desc) -> ?DESC(?FUNCTION_NAME);
password_hash_field(required) -> false; password_hash_field(required) -> false;
password_hash_field(_) -> undefined. password_hash_field(_) -> undefined.
salt_field(type) -> binary(); salt_field(type) -> binary();
salt_field(desc) -> "Document field that contains the password salt."; salt_field(desc) -> ?DESC(?FUNCTION_NAME);
salt_field(required) -> false; salt_field(required) -> false;
salt_field(_) -> undefined. salt_field(_) -> undefined.
is_superuser_field(type) -> binary(); is_superuser_field(type) -> binary();
is_superuser_field(desc) -> "Document field that defines if the user has superuser privileges."; is_superuser_field(desc) -> ?DESC(?FUNCTION_NAME);
is_superuser_field(required) -> false; is_superuser_field(required) -> false;
is_superuser_field(_) -> undefined. is_superuser_field(_) -> undefined.

8
apps/emqx_authn/src/simple_authn/emqx_authn_mysql.erl
View File

@ -18,7 +18,7 @@
-include("emqx_authn.hrl"). -include("emqx_authn.hrl").
-include_lib("emqx/include/logger.hrl"). -include_lib("emqx/include/logger.hrl").
-include_lib("typerefl/include/types.hrl"). -include_lib("hocon/include/hoconsc.hrl").
-behaviour(hocon_schema). -behaviour(hocon_schema).
-behaviour(emqx_authentication). -behaviour(emqx_authentication).
@ -59,17 +59,17 @@ fields(?CONF_NS) ->
proplists:delete(prepare_statement, emqx_connector_mysql:fields(config)). proplists:delete(prepare_statement, emqx_connector_mysql:fields(config)).
desc(?CONF_NS) -> desc(?CONF_NS) ->
"Configuration for authentication using MySQL database."; ?DESC(?CONF_NS);
desc(_) -> desc(_) ->
undefined. undefined.
query(type) -> string(); query(type) -> string();
query(desc) -> "SQL query used to lookup client data."; query(desc) -> ?DESC(?FUNCTION_NAME);
query(required) -> true; query(required) -> true;
query(_) -> undefined. query(_) -> undefined.
query_timeout(type) -> emqx_schema:duration_ms(); query_timeout(type) -> emqx_schema:duration_ms();
query_timeout(desc) -> "Timeout for the SQL query."; query_timeout(desc) -> ?DESC(?FUNCTION_NAME);
query_timeout(default) -> "5s"; query_timeout(default) -> "5s";
query_timeout(_) -> undefined. query_timeout(_) -> undefined.

6
apps/emqx_authn/src/simple_authn/emqx_authn_pgsql.erl
View File

@ -19,7 +19,7 @@
-include("emqx_authn.hrl"). -include("emqx_authn.hrl").
-include_lib("emqx/include/logger.hrl"). -include_lib("emqx/include/logger.hrl").
-include_lib("epgsql/include/epgsql.hrl"). -include_lib("epgsql/include/epgsql.hrl").
-include_lib("typerefl/include/types.hrl"). -include_lib("hocon/include/hoconsc.hrl").
-behaviour(hocon_schema). -behaviour(hocon_schema).
-behaviour(emqx_authentication). -behaviour(emqx_authentication).
@ -63,12 +63,12 @@ fields(?CONF_NS) ->
proplists:delete(prepare_statement, emqx_connector_pgsql:fields(config)). proplists:delete(prepare_statement, emqx_connector_pgsql:fields(config)).
desc(?CONF_NS) -> desc(?CONF_NS) ->
"Configuration for PostgreSQL authentication backend."; ?DESC(?CONF_NS);
desc(_) -> desc(_) ->
undefined. undefined.
query(type) -> string(); query(type) -> string();
query(desc) -> "`SQL` query for looking up authentication data."; query(desc) -> ?DESC(?FUNCTION_NAME);
query(required) -> true; query(required) -> true;
query(_) -> undefined. query(_) -> undefined.

12
apps/emqx_authn/src/simple_authn/emqx_authn_redis.erl
View File

@ -18,7 +18,7 @@
-include("emqx_authn.hrl"). -include("emqx_authn.hrl").
-include_lib("emqx/include/logger.hrl"). -include_lib("emqx/include/logger.hrl").
-include_lib("typerefl/include/types.hrl"). -include_lib("hocon/include/hoconsc.hrl").
-behaviour(hocon_schema). -behaviour(hocon_schema).
-behaviour(emqx_authentication). -behaviour(emqx_authentication).
@ -61,24 +61,24 @@ fields(sentinel) ->
common_fields() ++ emqx_connector_redis:fields(sentinel). common_fields() ++ emqx_connector_redis:fields(sentinel).
desc(standalone) -> desc(standalone) ->
"Configuration for a standalone Redis instance."; ?DESC(standalone);
desc(cluster) -> desc(cluster) ->
"Configuration for a Redis cluster."; ?DESC(cluster);
desc(sentinel) -> desc(sentinel) ->
"Configuration for a Redis Sentinel."; ?DESC(sentinel);
desc(_) -> desc(_) ->
"". "".
common_fields() -> common_fields() ->
[ [
{mechanism, emqx_authn_schema:mechanism('password_based')}, {mechanism, emqx_authn_schema:mechanism(password_based)},
{backend, emqx_authn_schema:backend(redis)}, {backend, emqx_authn_schema:backend(redis)},
{cmd, fun cmd/1}, {cmd, fun cmd/1},
{password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1} {password_hash_algorithm, fun emqx_authn_password_hashing:type_ro/1}
] ++ emqx_authn_schema:common_fields(). ] ++ emqx_authn_schema:common_fields().
cmd(type) -> string(); cmd(type) -> string();
cmd(desc) -> "Redis query."; cmd(desc) -> ?DESC(?FUNCTION_NAME);
cmd(required) -> true; cmd(required) -> true;
cmd(_) -> undefined. cmd(_) -> undefined.