etc/acl.conf

2016-10-15 13:49:51 +08:00 · 2016-10-15 13:49:51 +08:00 · b0917e665c
parent ce4a6d0eeb
commit b0917e665c
5 changed files with 46 additions and 76 deletions
--- a/etc/acl.conf
+++ b/etc/acl.conf
@ -0,0 +1,29 @@
+%%--------------------------------------------------------------------
+%%
+%% [ACL](https://github.com/emqtt/emqttd/wiki/ACL)
+%%
+%% -type who() :: all | binary() |
+%%                {ipaddr, esockd_access:cidr()} |
+%%                {client, binary()} |
+%%                {user, binary()}.
+%%
+%% -type access() :: subscribe | publish | pubsub.
+%%
+%% -type topic() :: binary().
+%%
+%% -type rule() :: {allow, all} |
+%%                 {allow, who(), access(), list(topic())} |
+%%                 {deny, all} |
+%%                 {deny, who(), access(), list(topic())}.
+%%
+%%--------------------------------------------------------------------
+
+{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
+
+{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
+
+{deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
+
+{allow, all}.
+
+
--- a/src/emqttd_acl_anonymous.erl
+++ b/src/emqttd_acl_anonymous.erl
@ -1,35 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2012-2016 Feng Lee <feng@emqtt.io>.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
-module(emqttd_acl_anonymous).
-
-behaviour(emqttd_acl_mod).
-
-%% ACL callbacks
-export([init/1, check_acl/2, reload_acl/1, description/0]).
-
-init(Opts) ->
-    {ok, Opts}.
-
-check_acl(_Who, _State) ->
-    allow.
-
-reload_acl(_State) ->
-    ok.
-
-description() ->
-    "Anonymous ACL".
-
--- a/src/emqttd_acl_internal.erl
+++ b/src/emqttd_acl_internal.erl
@ -46,18 +46,12 @@ all_rules() ->
 %%--------------------------------------------------------------------

 %% @doc Init internal ACL
-spec(init(Opts :: list()) -> {ok, State :: any()}).
-init(Opts) ->
+-spec(init([File :: string()]) -> {ok, State :: any()}).
+init([File]) ->
    ets:new(?ACL_RULE_TAB, [set, public, named_table, {read_concurrency, true}]),
-    case proplists:get_value(config, Opts) of
-        undefined ->
-            {ok, #state{}};
-        File ->
-            Default = proplists:get_value(nomatch, Opts, allow),
-            State = #state{config = File, nomatch = Default},
-            true = load_rules_from_file(State),
-            {ok, State}
-    end.
+    State = #state{config = File},
+    true = load_rules_from_file(State),
+    {ok, State}.

 load_rules_from_file(#state{config = AclFile}) ->
    {ok, Terms} = file:consult(AclFile),
@ -118,7 +112,7 @@ reload_acl(#state{config = undefined}) ->
 reload_acl(State) ->
    case catch load_rules_from_file(State) of
        {'EXIT', Error} -> {error, Error};
-        _ -> ok
+        true -> ok
    end.

 %% @doc ACL Module Description
--- a/src/emqttd_app.erl
+++ b/src/emqttd_app.erl
@ -46,6 +46,7 @@ start(_StartType, _StartArgs) ->
    {ok, Sup} = emqttd_sup:start_link(),
    start_servers(Sup),
    emqttd_cli:load(),
+    register_acl_mod(),
    load_all_mods(),
    emqttd_plugins:init(),
    emqttd_plugins:load(),
@ -140,6 +141,16 @@ worker_spec(Module, Opts) when is_atom(Module) ->
 worker_spec(M, F, A) ->
    {M, {M, F, A}, permanent, 10000, worker, [M]}.

+%%--------------------------------------------------------------------
+%% Register default ACL File
+%%--------------------------------------------------------------------
+
+register_acl_mod() ->
+    case emqttd:env(acl_file) of
+        {ok, File} -> emqttd_access_control:register_mod(acl, emqttd_acl_internal, [File]);
+        undefined  -> ok
+    end.
+
 %%--------------------------------------------------------------------
 %% Load Modules
 %%--------------------------------------------------------------------
--- a/src/emqttd_auth_anonymous.erl
+++ b/src/emqttd_auth_anonymous.erl
@ -1,29 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2012-2016 Feng Lee <feng@emqtt.io>.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
-%% @doc Anonymous Authentication Module
-module(emqttd_auth_anonymous).
-
-behaviour(emqttd_auth_mod).
-
-export([init/1, check/3, description/0]).
-
-init(Opts) -> {ok, Opts}.
-
-check(_Client, _Password, _Opts) -> ok.
-
-description() -> "Anonymous Authentication Module".
-