yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

etc/acl.conf

This commit is contained in:
Feng Lee 2016-10-15 13:49:51 +08:00
parent ce4a6d0eeb
commit b0917e665c
5 changed files with 46 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
etc/acl.conf Normal file
View File

@ -0,0 +1,29 @@
%%--------------------------------------------------------------------
%%
%% [ACL](https://github.com/emqtt/emqttd/wiki/ACL)
%%
%% -type who() :: all | binary() |
%% {ipaddr, esockd_access:cidr()} |
%% {client, binary()} |
%% {user, binary()}.
%%
%% -type access() :: subscribe | publish | pubsub.
%%
%% -type topic() :: binary().
%%
%% -type rule() :: {allow, all} |
%% {allow, who(), access(), list(topic())} |
%% {deny, all} |
%% {deny, who(), access(), list(topic())}.
%%
%%--------------------------------------------------------------------
{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
{deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
{allow, all}.

35
src/emqttd_acl_anonymous.erl
View File

@ -1,35 +0,0 @@
%%--------------------------------------------------------------------
%% Copyright (c) 2012-2016 Feng Lee <feng@emqtt.io>.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%% http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%--------------------------------------------------------------------
-module(emqttd_acl_anonymous).
-behaviour(emqttd_acl_mod).
%% ACL callbacks
-export([init/1, check_acl/2, reload_acl/1, description/0]).
init(Opts) ->
{ok, Opts}.
check_acl(_Who, _State) ->
allow.
reload_acl(_State) ->
ok.
description() ->
"Anonymous ACL".

18
src/emqttd_acl_internal.erl
View File

@ -46,18 +46,12 @@ all_rules() ->
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% @doc Init internal ACL %% @doc Init internal ACL
-spec(init(Opts :: list()) -> {ok, State :: any()}). -spec(init([File :: string()]) -> {ok, State :: any()}).
init(Opts) -> init([File]) ->
ets:new(?ACL_RULE_TAB, [set, public, named_table, {read_concurrency, true}]), ets:new(?ACL_RULE_TAB, [set, public, named_table, {read_concurrency, true}]),
case proplists:get_value(config, Opts) of State = #state{config = File},
undefined -> true = load_rules_from_file(State),
{ok, #state{}}; {ok, State}.
File ->
Default = proplists:get_value(nomatch, Opts, allow),
State = #state{config = File, nomatch = Default},
true = load_rules_from_file(State),
{ok, State}
end.
load_rules_from_file(#state{config = AclFile}) -> load_rules_from_file(#state{config = AclFile}) ->
{ok, Terms} = file:consult(AclFile), {ok, Terms} = file:consult(AclFile),
@ -118,7 +112,7 @@ reload_acl(#state{config = undefined}) ->
reload_acl(State) -> reload_acl(State) ->
case catch load_rules_from_file(State) of case catch load_rules_from_file(State) of
{'EXIT', Error} -> {error, Error}; {'EXIT', Error} -> {error, Error};
_ -> ok true -> ok
end. end.
%% @doc ACL Module Description %% @doc ACL Module Description

11
src/emqttd_app.erl
View File

@ -46,6 +46,7 @@ start(_StartType, _StartArgs) ->
{ok, Sup} = emqttd_sup:start_link(), {ok, Sup} = emqttd_sup:start_link(),
start_servers(Sup), start_servers(Sup),
emqttd_cli:load(), emqttd_cli:load(),
register_acl_mod(),
load_all_mods(), load_all_mods(),
emqttd_plugins:init(), emqttd_plugins:init(),
emqttd_plugins:load(), emqttd_plugins:load(),
@ -140,6 +141,16 @@ worker_spec(Module, Opts) when is_atom(Module) ->
worker_spec(M, F, A) -> worker_spec(M, F, A) ->
{M, {M, F, A}, permanent, 10000, worker, [M]}. {M, {M, F, A}, permanent, 10000, worker, [M]}.
%%--------------------------------------------------------------------
%% Register default ACL File
%%--------------------------------------------------------------------
register_acl_mod() ->
case emqttd:env(acl_file) of
{ok, File} -> emqttd_access_control:register_mod(acl, emqttd_acl_internal, [File]);
undefined -> ok
end.
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% Load Modules %% Load Modules
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------

29
src/emqttd_auth_anonymous.erl
View File

@ -1,29 +0,0 @@
%%--------------------------------------------------------------------
%% Copyright (c) 2012-2016 Feng Lee <feng@emqtt.io>.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%% http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%--------------------------------------------------------------------
%% @doc Anonymous Authentication Module
-module(emqttd_auth_anonymous).
-behaviour(emqttd_auth_mod).
-export([init/1, check/3, description/0]).
init(Opts) -> {ok, Opts}.
check(_Client, _Password, _Opts) -> ok.
description() -> "Anonymous Authentication Module".