fix(listeners): Constraints the atom convert when parsing the esockd access rules
esockd rules only use words 'allow' and 'deny', both are existing, so it is better to restrict the conversion and print a log when errors
This commit is contained in:
firest
parent
5886db08e0
commit
bb7476d3af
|
|
@ -49,7 +49,8 @@
|
||||||
-export([
|
-export([
|
||||||
listener_id/2,
|
listener_id/2,
|
||||||
parse_listener_id/1,
|
parse_listener_id/1,
|
||||||
ensure_override_limiter_conf/2
|
ensure_override_limiter_conf/2,
|
||||||
|
esockd_access_rules/1
|
||||||
]).
|
]).
|
||||||
|
|
||||||
-export([pre_config_update/3, post_config_update/5]).
|
-export([pre_config_update/3, post_config_update/5]).
|
||||||
|
|
@ -497,17 +498,28 @@ ip_port({Addr, Port}) ->
|
||||||
[{ip, Addr}, {port, Port}].
|
[{ip, Addr}, {port, Port}].
|
||||||
|
|
||||||
esockd_access_rules(StrRules) ->
|
esockd_access_rules(StrRules) ->
|
||||||
Access = fun(S) ->
|
Access = fun(S, Acc) ->
|
||||||
[A, CIDR] = string:tokens(S, " "),
|
[A, CIDR] = string:tokens(S, " "),
|
||||||
{
|
%% esockd rules only use words 'allow' and 'deny', both are existing
|
||||||
list_to_atom(A),
|
%% comparison of strings may be better, but there is a loss of backward compatibility
|
||||||
case CIDR of
|
case emqx_misc:safe_to_existing_atom(A) of
|
||||||
"all" -> all;
|
{ok, Action} ->
|
||||||
_ -> CIDR
|
[
|
||||||
end
|
{
|
||||||
}
|
Action,
|
||||||
|
case CIDR of
|
||||||
|
"all" -> all;
|
||||||
|
_ -> CIDR
|
||||||
|
end
|
||||||
|
}
|
||||||
|
| Acc
|
||||||
|
];
|
||||||
|
_ ->
|
||||||
|
?SLOG(warning, #{msg => "invalid esockd access rule", rule => S}),
|
||||||
|
Acc
|
||||||
|
end
|
||||||
end,
|
end,
|
||||||
[Access(R) || R <- StrRules].
|
lists:foldr(Access, [], StrRules).
|
||||||
|
|
||||||
merge_default(Options) ->
|
merge_default(Options) ->
|
||||||
case lists:keytake(tcp_options, 1, Options) of
|
case lists:keytake(tcp_options, 1, Options) of
|
||||||
|
|
|
||||||
|
|
@ -469,9 +469,9 @@ safe_to_existing_atom(In) ->
|
||||||
safe_to_existing_atom(In, utf8).
|
safe_to_existing_atom(In, utf8).
|
||||||
|
|
||||||
safe_to_existing_atom(Bin, Encoding) when is_binary(Bin) ->
|
safe_to_existing_atom(Bin, Encoding) when is_binary(Bin) ->
|
||||||
try_to_existing_atom(fun erlang:binary_to_existing_atom/2, [Bin, Encoding]);
|
try_to_existing_atom(fun erlang:binary_to_existing_atom/2, Bin, Encoding);
|
||||||
safe_to_existing_atom(List, _Encoding) when is_list(List) ->
|
safe_to_existing_atom(List, Encoding) when is_list(List) ->
|
||||||
try_to_existing_atom(fun erlang:list_to_existing_atom/1, [List]);
|
try_to_existing_atom(fun(In, _) -> erlang:list_to_existing_atom(In) end, List, Encoding);
|
||||||
safe_to_existing_atom(Atom, _Encoding) when is_atom(Atom) ->
|
safe_to_existing_atom(Atom, _Encoding) when is_atom(Atom) ->
|
||||||
{ok, Atom};
|
{ok, Atom};
|
||||||
safe_to_existing_atom(_Any, _Encoding) ->
|
safe_to_existing_atom(_Any, _Encoding) ->
|
||||||
|
|
@ -547,8 +547,8 @@ readable_error_msg(Error) ->
|
||||||
end
|
end
|
||||||
end.
|
end.
|
||||||
|
|
||||||
try_to_existing_atom(Fun, Args) ->
|
try_to_existing_atom(Convert, Data, Encoding) ->
|
||||||
try erlang:apply(Fun, Args) of
|
try Convert(Data, Encoding) of
|
||||||
Atom ->
|
Atom ->
|
||||||
{ok, Atom}
|
{ok, Atom}
|
||||||
catch
|
catch
|
||||||
|
|
|
||||||
|
|
@ -121,13 +121,7 @@ apply_publish_opts(Msg, MQTTMsg) ->
|
||||||
maps:fold(
|
maps:fold(
|
||||||
fun
|
fun
|
||||||
(<<"retain">>, V, Acc) ->
|
(<<"retain">>, V, Acc) ->
|
||||||
Val =
|
Val = V =:= <<"true">>,
|
||||||
case emqx_misc:safe_to_existing_atom(V) of
|
|
||||||
{ok, true} ->
|
|
||||||
true;
|
|
||||||
_ ->
|
|
||||||
false
|
|
||||||
end,
|
|
||||||
emqx_message:set_flag(retain, Val, Acc);
|
emqx_message:set_flag(retain, Val, Acc);
|
||||||
(<<"expiry">>, V, Acc) ->
|
(<<"expiry">>, V, Acc) ->
|
||||||
Val = erlang:binary_to_integer(V),
|
Val = erlang:binary_to_integer(V),
|
||||||
|
|
|
||||||
|
|
@ -70,6 +70,8 @@
|
||||||
default_subopts/0
|
default_subopts/0
|
||||||
]).
|
]).
|
||||||
|
|
||||||
|
-import(emqx_listeners, [esockd_access_rules/1]).
|
||||||
|
|
||||||
-define(ACTIVE_N, 100).
|
-define(ACTIVE_N, 100).
|
||||||
-define(DEFAULT_IDLE_TIMEOUT, 30000).
|
-define(DEFAULT_IDLE_TIMEOUT, 30000).
|
||||||
-define(DEFAULT_GC_OPTS, #{count => 1000, bytes => 1024 * 1024}).
|
-define(DEFAULT_GC_OPTS, #{count => 1000, bytes => 1024 * 1024}).
|
||||||
|
|
@ -443,19 +445,6 @@ esockd_opts(Type, Opts0) ->
|
||||||
end
|
end
|
||||||
).
|
).
|
||||||
|
|
||||||
esockd_access_rules(StrRules) ->
|
|
||||||
Access = fun(S) ->
|
|
||||||
[A, CIDR] = string:tokens(S, " "),
|
|
||||||
{
|
|
||||||
list_to_atom(A),
|
|
||||||
case CIDR of
|
|
||||||
"all" -> all;
|
|
||||||
_ -> CIDR
|
|
||||||
end
|
|
||||||
}
|
|
||||||
end,
|
|
||||||
[Access(R) || R <- StrRules].
|
|
||||||
|
|
||||||
ssl_opts(Name, Opts) ->
|
ssl_opts(Name, Opts) ->
|
||||||
Type =
|
Type =
|
||||||
case Name of
|
case Name of
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue