feat(auth): add legacy ${access} placeholder
This commit is contained in:
Ilya Averyanov
parent
0c4da98b52
commit
97f9c81e19
|
|
@ -39,6 +39,10 @@
|
|||
-compile(nowarn_export_all).
|
||||
-endif.
|
||||
|
||||
-define(PH_ACCESS, <<"${access}">>).
|
||||
-define(LEGACY_SUBSCRIBE_ACTION, 1).
|
||||
-define(LEGACY_PUBLISH_ACTION, 2).
|
||||
|
||||
-define(PLACEHOLDERS, [
|
||||
?PH_USERNAME,
|
||||
?PH_CLIENTID,
|
||||
|
|
@ -48,7 +52,8 @@
|
|||
?PH_TOPIC,
|
||||
?PH_ACTION,
|
||||
?PH_CERT_SUBJECT,
|
||||
?PH_CERT_CN_NAME
|
||||
?PH_CERT_CN_NAME,
|
||||
?PH_ACCESS
|
||||
]).
|
||||
|
||||
-define(PLACEHOLDERS_FOR_RICH_ACTIONS, [
|
||||
|
|
@ -234,7 +239,14 @@ serialize_body(<<"application/x-www-form-urlencoded">>, Body) ->
|
|||
|
||||
client_vars(Client, Action, Topic) ->
|
||||
Vars = emqx_authz_utils:vars_for_rule_query(Client, Action),
|
||||
Vars#{topic => Topic}.
|
||||
add_legacy_access_var(Vars#{topic => Topic}).
|
||||
|
||||
add_legacy_access_var(#{action := subscribe} = Vars) ->
|
||||
Vars#{access => ?LEGACY_SUBSCRIBE_ACTION};
|
||||
add_legacy_access_var(#{action := publish} = Vars) ->
|
||||
Vars#{access => ?LEGACY_PUBLISH_ACTION};
|
||||
add_legacy_access_var(Vars) ->
|
||||
Vars.
|
||||
|
||||
to_list(A) when is_atom(A) ->
|
||||
atom_to_list(A);
|
||||
|
|
|
|||
|
|
@ -202,6 +202,7 @@ t_query_params(_Config) ->
|
|||
mountpoint := <<"MOUNTPOINT">>,
|
||||
topic := <<"t/1">>,
|
||||
action := <<"publish">>,
|
||||
access := <<"2">>,
|
||||
qos := <<"1">>,
|
||||
retain := <<"false">>
|
||||
} = cowboy_req:match_qs(
|
||||
|
|
@ -213,6 +214,7 @@ t_query_params(_Config) ->
|
|||
mountpoint,
|
||||
topic,
|
||||
action,
|
||||
access,
|
||||
qos,
|
||||
retain
|
||||
],
|
||||
|
|
@ -230,6 +232,7 @@ t_query_params(_Config) ->
|
|||
"mountpoint=${mountpoint}&"
|
||||
"topic=${topic}&"
|
||||
"action=${action}&"
|
||||
"access=${access}&"
|
||||
"qos=${qos}&"
|
||||
"retain=${retain}"
|
||||
>>
|
||||
|
|
@ -264,6 +267,7 @@ t_path(_Config) ->
|
|||
"MOUNTPOINT/"
|
||||
"t%2F1/"
|
||||
"publish/"
|
||||
"2/"
|
||||
"1/"
|
||||
"false"
|
||||
>>,
|
||||
|
|
@ -281,6 +285,7 @@ t_path(_Config) ->
|
|||
"${mountpoint}/"
|
||||
"${topic}/"
|
||||
"${action}/"
|
||||
"${access}/"
|
||||
"${qos}/"
|
||||
"${retain}"
|
||||
>>
|
||||
|
|
@ -321,6 +326,7 @@ t_json_body(_Config) ->
|
|||
<<"mountpoint">> := <<"MOUNTPOINT">>,
|
||||
<<"topic">> := <<"t">>,
|
||||
<<"action">> := <<"publish">>,
|
||||
<<"access">> := <<"2">>,
|
||||
<<"qos">> := <<"1">>,
|
||||
<<"retain">> := <<"false">>
|
||||
},
|
||||
|
|
@ -338,6 +344,7 @@ t_json_body(_Config) ->
|
|||
<<"mountpoint">> => <<"${mountpoint}">>,
|
||||
<<"topic">> => <<"${topic}">>,
|
||||
<<"action">> => <<"${action}">>,
|
||||
<<"access">> => <<"${access}">>,
|
||||
<<"qos">> => <<"${qos}">>,
|
||||
<<"retain">> => <<"${retain}">>
|
||||
}
|
||||
|
|
@ -405,7 +412,7 @@ t_placeholder_and_body(_Config) ->
|
|||
cowboy_req:path(Req0)
|
||||
),
|
||||
|
||||
{ok, [{PostVars, true}], Req1} = cowboy_req:read_urlencoded_body(Req0),
|
||||
{ok, PostVars, Req1} = cowboy_req:read_urlencoded_body(Req0),
|
||||
|
||||
?assertMatch(
|
||||
#{
|
||||
|
|
@ -416,10 +423,11 @@ t_placeholder_and_body(_Config) ->
|
|||
<<"mountpoint">> := <<"MOUNTPOINT">>,
|
||||
<<"topic">> := <<"t">>,
|
||||
<<"action">> := <<"publish">>,
|
||||
<<"access">> := <<"2">>,
|
||||
<<"CN">> := ?PH_CERT_CN_NAME,
|
||||
<<"CS">> := ?PH_CERT_SUBJECT
|
||||
},
|
||||
emqx_utils_json:decode(PostVars, [return_maps])
|
||||
maps:from_list(PostVars)
|
||||
),
|
||||
{ok, ?AUTHZ_HTTP_RESP(allow, Req1), State}
|
||||
end,
|
||||
|
|
@ -433,6 +441,7 @@ t_placeholder_and_body(_Config) ->
|
|||
<<"mountpoint">> => <<"${mountpoint}">>,
|
||||
<<"topic">> => <<"${topic}">>,
|
||||
<<"action">> => <<"${action}">>,
|
||||
<<"access">> => <<"${access}">>,
|
||||
<<"CN">> => ?PH_CERT_CN_NAME,
|
||||
<<"CS">> => ?PH_CERT_SUBJECT
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in New Issue