feat(metrics): optimize client.authenticate

apps/emqx/src/emqx_access_control.erl

@@ -34,7 +34,7 @@
     | {continue, binary(), map()}
     | {error, term()}.
 authenticate(Credential) ->
-    case run_hooks('client.authenticate', [Credential], {ok, #{is_superuser => false}}) of
+    case emqx_hooks:run_fold('client.authenticate', [Credential], {ok, #{is_superuser => false}}) of
         ok ->
             {ok, #{is_superuser => false}};
         Other ->

apps/emqx/src/emqx_authentication.erl

@@ -215,17 +215,20 @@ when
 %%------------------------------------------------------------------------------
 
 authenticate(#{enable_authn := false}, _AuthResult) ->
+    inc_authenticate_metric('authentication.success.anonymous'),
     ignore;
 authenticate(#{listener := Listener, protocol := Protocol} = Credential, _AuthResult) ->
     case get_authenticators(Listener, global_chain(Protocol)) of
         {ok, ChainName, Authenticators} ->
             case get_enabled(Authenticators) of
                 [] ->
+                    inc_authenticate_metric('authentication.success.anonymous'),
                     ignore;
                 NAuthenticators ->
                     do_authenticate(ChainName, NAuthenticators, Credential)
             end;
         none ->
+            inc_authenticate_metric('authentication.success.anonymous'),
             ignore
     end.
 
@@ -611,6 +614,7 @@ handle_create_authenticator(Chain, Config, Providers) ->
     end.
 
 do_authenticate(_ChainName, [], _) ->
+    inc_authenticate_metric('authentication.failure'),
     {stop, {error, not_authorized}};
 do_authenticate(
     ChainName, [#authenticator{id = ID, provider = Provider, state = State} | More], Credential
@@ -629,8 +633,10 @@ do_authenticate(
             %% {error, Reason}
             case Result of
                 {ok, _} ->
+                    inc_authenticate_metric('authentication.success'),
                     emqx_metrics_worker:inc(authn_metrics, MetricsID, success);
                 {error, _} ->
+                    inc_authenticate_metric('authentication.failure'),
                     emqx_metrics_worker:inc(authn_metrics, MetricsID, failed);
                 _ ->
                     ok
@@ -902,3 +908,13 @@ to_list(M) when is_map(M) -> [M];
 to_list(L) when is_list(L) -> L.
 
 call(Call) -> gen_server:call(?MODULE, Call, infinity).
+
+inc_authenticate_metric(Metric) ->
+    emqx_metrics:inc('client.authenticate'),
+    inc_authenticate_metric2(Metric).
+
+inc_authenticate_metric2('authentication.success.anonymous' = Metric) ->
+    emqx_metrics:inc(Metric),
+    emqx_metrics:inc('authentication.success');
+inc_authenticate_metric2(Metric) ->
+    emqx_metrics:inc(Metric).

apps/emqx/src/emqx_metrics.erl

@@ -260,6 +260,13 @@
     {counter, 'authorization.cache_hit'}
 ]).
 
+%% Statistic metrics for auth checking
+-define(STASTS_AUTHN_METRICS, [
+    {counter, 'authentication.success'},
+    {counter, 'authentication.success.anonymous'},
+    {counter, 'authentication.failure'}
+]).
+
 %% Overload protetion counters
 -define(OLP_METRICS, [
     {counter, 'olp.delay.ok'},
@@ -543,6 +550,7 @@ init([]) ->
         ?CLIENT_METRICS,
         ?SESSION_METRICS,
         ?STASTS_ACL_METRICS,
+        ?STASTS_AUTHN_METRICS,
         ?OLP_METRICS
     ]),
     % Store reserved indices
@@ -690,6 +698,9 @@ reserved_idx('session.terminated') -> 224;
 reserved_idx('authorization.allow') -> 300;
 reserved_idx('authorization.deny') -> 301;
 reserved_idx('authorization.cache_hit') -> 302;
+reserved_idx('authentication.success') -> 310;
+reserved_idx('authentication.success.anonymous') -> 311;
+reserved_idx('authentication.failure') -> 312;
 reserved_idx('olp.delay.ok') -> 400;
 reserved_idx('olp.delay.timeout') -> 401;
 reserved_idx('olp.hbn') -> 402;