yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(authn): adapt listener id type

This commit is contained in:
zhouzb 2021-09-08 09:46:47 +08:00
parent c68edb3905
commit be38bcc5cc
7 changed files with 48 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx/include/emqx.hrl
View File

@ -147,6 +147,6 @@
}).
-record(chain,
{ name :: binary()
{ name :: atom()
, authenticators :: [#authenticator{}]
}).

20
apps/emqx/src/emqx_authentication.erl
View File

@ -473,7 +473,7 @@ handle_call({update_authenticator, ChainName, AuthenticatorID, Config}, _From, S
state = #{version := Version} = ST} = Authenticator ->
case AuthenticatorID =:= generate_id(Config) of
true ->
Unique = <<ChainName/binary, "/", AuthenticatorID/binary, ":", Version/binary>>,
Unique = unique(ChainName, AuthenticatorID, Version),
case Provider:update(Config#{'_unique' => Unique}, ST) of
{ok, NewST} ->
NewAuthenticator = Authenticator#authenticator{state = switch_version(NewST)},
@ -575,17 +575,17 @@ split_by_id(ID, AuthenticatorsConfig) ->
end.
global_chain(mqtt) ->
<<"mqtt:global">>;
'mqtt:global';
global_chain('mqtt-sn') ->
<<"mqtt-sn:global">>;
'mqtt-sn:global';
global_chain(coap) ->
<<"coap:global">>;
'coap:global';
global_chain(lwm2m) ->
<<"lwm2m:global">>;
'lwm2m:global';
global_chain(stomp) ->
<<"stomp:global">>;
'stomp:global';
global_chain(_) ->
<<"unknown:global">>.
'unknown:global'.
may_hook(#{hooked := false} = State) ->
case lists:any(fun(#chain{authenticators = []}) -> false;
@ -618,7 +618,7 @@ do_create_authenticator(ChainName, AuthenticatorID, #{enable := Enable} = Config
undefined ->
{error, no_available_provider};
Provider ->
Unique = <<ChainName/binary, "/", AuthenticatorID/binary, ":", ?VER_1/binary>>,
Unique = unique(ChainName, AuthenticatorID, ?VER_1),
case Provider:create(Config#{'_unique' => Unique}) of
{ok, State} ->
Authenticator = #authenticator{id = AuthenticatorID,
@ -704,6 +704,10 @@ serialize_authenticator(#authenticator{id = ID,
, state => State
}.
unique(ChainName, AuthenticatorID, Version) ->
NChainName = atom_to_binary(ChainName),
<<NChainName/binary, "/", AuthenticatorID/binary, ":", Version/binary>>.
switch_version(State = #{version := ?VER_1}) ->
State#{version := ?VER_2};
switch_version(State = #{version := ?VER_2}) ->

8
apps/emqx/src/emqx_channel.erl
View File

@ -214,7 +214,7 @@ init(ConnInfo = #{peername := {PeerHost, _Port},
ClientInfo = set_peercert_infos(
Peercert,
#{zone => Zone,
listener => Listener,
listener => emqx_listeners:listener_id(Type, Listener),
protocol => Protocol,
peerhost => PeerHost,
sockport => SockPort,
@ -223,7 +223,7 @@ init(ConnInfo = #{peername := {PeerHost, _Port},
mountpoint => MountPoint,
is_bridge => false,
is_superuser => false
}, Zone, Listener),
}, Zone),
{NClientInfo, NConnInfo} = take_ws_cookie(ClientInfo, ConnInfo),
#channel{conninfo = NConnInfo,
clientinfo = NClientInfo,
@ -244,12 +244,12 @@ quota_policy(RawPolicy) ->
erlang:trunc(hocon_postprocess:duration(StrWind) / 1000)}}
|| {Name, [StrCount, StrWind]} <- maps:to_list(RawPolicy)].
set_peercert_infos(NoSSL, ClientInfo, _, _)
set_peercert_infos(NoSSL, ClientInfo, _)
when NoSSL =:= nossl;
NoSSL =:= undefined ->
ClientInfo#{username => undefined};
set_peercert_infos(Peercert, ClientInfo, Zone, _Listener) ->
set_peercert_infos(Peercert, ClientInfo, Zone) ->
{DN, CN} = {esockd_peercert:subject(Peercert),
esockd_peercert:common_name(Peercert)},
PeercetAs = fun(Key) ->

10
apps/emqx/test/emqx_authentication_SUITE.erl
View File

@ -94,7 +94,7 @@ end_per_suite(_) ->
t_chain(_) ->
% CRUD of authentication chain
ChainName = <<"test">>,
ChainName = 'test',
?assertMatch({ok, []}, ?AUTHN:list_chains()),
?assertMatch({ok, #{name := ChainName, authenticators := []}}, ?AUTHN:create_chain(ChainName)),
?assertEqual({error, {already_exists, {chain, ChainName}}}, ?AUTHN:create_chain(ChainName)),
@ -105,7 +105,7 @@ t_chain(_) ->
ok.
t_authenticator(_) ->
ChainName = <<"test">>,
ChainName = 'test',
AuthenticatorConfig1 = #{mechanism => 'password-based',
backend => 'built-in-database',
enable => true},
@ -155,7 +155,7 @@ t_authenticator(_) ->
ok.
t_authenticate(_) ->
ListenerID = <<"tcp:default">>,
ListenerID = 'tcp:default',
ClientInfo = #{zone => default,
listener => ListenerID,
protocol => mqtt,
@ -186,7 +186,7 @@ t_update_config(_) ->
?AUTHN:add_provider(AuthNType1, ?MODULE),
?AUTHN:add_provider(AuthNType2, ?MODULE),
Global = <<"mqtt:global">>,
Global = 'mqtt:global',
AuthenticatorConfig1 = #{mechanism => 'password-based',
backend => 'built-in-database',
enable => true},
@ -212,7 +212,7 @@ t_update_config(_) ->
?assertMatch({ok, _}, update_config([authentication], {delete_authenticator, Global, ID1})),
?assertEqual({error, {not_found, {authenticator, ID1}}}, ?AUTHN:lookup_authenticator(Global, ID1)),
ListenerID = <<"tcp:default">>,
ListenerID = 'tcp:default',
ConfKeyPath = [listeners, tcp, default, authentication],
?assertMatch({ok, _}, update_config(ConfKeyPath, {create_authenticator, ListenerID, AuthenticatorConfig1})),
?assertMatch({ok, #{id := ID1, state := #{mark := 1}}}, ?AUTHN:lookup_authenticator(ListenerID, ID1)),

2
apps/emqx_authn/include/emqx_authn.hrl
View File

@ -18,7 +18,7 @@
-define(AUTHN, emqx_authentication).
-define(GLOBAL, <<"mqtt:global">>).
-define(GLOBAL, 'mqtt:global').
-define(RE_PLACEHOLDER, "\\$\\{[a-z0-9\\-]+\\}").

32
apps/emqx_authn/src/emqx_authn_api.erl
View File

@ -1824,7 +1824,8 @@ find_listener(ListenerID) ->
{ok, {Type, Name}}
end.
create_authenticator(ConfKeyPath, ChainName, Config) ->
create_authenticator(ConfKeyPath, ChainName0, Config) ->
ChainName = to_atom(ChainName0),
case update_config(ConfKeyPath, {create_authenticator, ChainName, Config}) of
{ok, #{post_config_update := #{?AUTHN := #{id := ID}},
raw_config := AuthenticatorsConfig}} ->
@ -1849,7 +1850,8 @@ list_authenticator(ConfKeyPath, AuthenticatorID) ->
serialize_error(Reason)
end.
update_authenticator(ConfKeyPath, ChainName, AuthenticatorID, Config) ->
update_authenticator(ConfKeyPath, ChainName0, AuthenticatorID, Config) ->
ChainName = to_atom(ChainName0),
case update_config(ConfKeyPath,
{update_authenticator, ChainName, AuthenticatorID, Config}) of
{ok, #{post_config_update := #{?AUTHN := #{id := ID}},
@ -1860,7 +1862,8 @@ update_authenticator(ConfKeyPath, ChainName, AuthenticatorID, Config) ->
serialize_error(Reason)
end.
delete_authenticator(ConfKeyPath, ChainName, AuthenticatorID) ->
delete_authenticator(ConfKeyPath, ChainName0, AuthenticatorID) ->
ChainName = to_atom(ChainName0),
case update_config(ConfKeyPath, {delete_authenticator, ChainName, AuthenticatorID}) of
{ok, _} ->
{204};
@ -1868,7 +1871,8 @@ delete_authenticator(ConfKeyPath, ChainName, AuthenticatorID) ->
serialize_error(Reason)
end.
move_authenitcator(ConfKeyPath, ChainName, AuthenticatorID, Position) ->
move_authenitcator(ConfKeyPath, ChainName0, AuthenticatorID, Position) ->
ChainName = to_atom(ChainName0),
case update_config(ConfKeyPath, {move_authenticator, ChainName, AuthenticatorID, Position}) of
{ok, _} ->
{204};
@ -1876,7 +1880,8 @@ move_authenitcator(ConfKeyPath, ChainName, AuthenticatorID, Position) ->
serialize_error(Reason)
end.
add_user(ChainName, AuthenticatorID, #{<<"user_id">> := UserID, <<"password">> := Password} = UserInfo) ->
add_user(ChainName0, AuthenticatorID, #{<<"user_id">> := UserID, <<"password">> := Password} = UserInfo) ->
ChainName = to_atom(ChainName0),
Superuser = maps:get(<<"superuser">>, UserInfo, false),
case ?AUTHN:add_user(ChainName, AuthenticatorID, #{ user_id => UserID
, password => Password
@ -1891,7 +1896,8 @@ add_user(_, _, #{<<"user_id">> := _}) ->
add_user(_, _, _) ->
serialize_error({missing_parameter, user_id}).
update_user(ChainName, AuthenticatorID, UserID, UserInfo) ->
update_user(ChainName0, AuthenticatorID, UserID, UserInfo) ->
ChainName = to_atom(ChainName0),
case maps:with([<<"password">>, <<"superuser">>], UserInfo) =:= #{} of
true ->
serialize_error({missing_parameter, password});
@ -1904,7 +1910,8 @@ update_user(ChainName, AuthenticatorID, UserID, UserInfo) ->
end
end.
find_user(ChainName, AuthenticatorID, UserID) ->
find_user(ChainName0, AuthenticatorID, UserID) ->
ChainName = to_atom(ChainName0),
case ?AUTHN:lookup_user(ChainName, AuthenticatorID, UserID) of
{ok, User} ->
{200, User};
@ -1912,7 +1919,8 @@ find_user(ChainName, AuthenticatorID, UserID) ->
serialize_error(Reason)
end.
delete_user(ChainName, AuthenticatorID, UserID) ->
delete_user(ChainName0, AuthenticatorID, UserID) ->
ChainName = to_atom(ChainName0),
case ?AUTHN:delete_user(ChainName, AuthenticatorID, UserID) of
ok ->
{204};
@ -1920,7 +1928,8 @@ delete_user(ChainName, AuthenticatorID, UserID) ->
serialize_error(Reason)
end.
list_users(ChainName, AuthenticatorID) ->
list_users(ChainName0, AuthenticatorID) ->
ChainName = to_atom(ChainName0),
case ?AUTHN:list_users(ChainName, AuthenticatorID) of
{ok, Users} ->
{200, Users};
@ -1974,3 +1983,8 @@ to_list(M) when is_map(M) ->
[M];
to_list(L) when is_list(L) ->
L.
to_atom(B) when is_binary(B) ->
binary_to_atom(B);
to_atom(A) when is_atom(A) ->
A.

2
apps/emqx_authn/src/emqx_authn_app.erl
View File

@ -53,7 +53,7 @@ remove_providers() ->
initialize() ->
?AUTHN:initialize_authentication(?GLOBAL, emqx:get_raw_config([authentication], [])),
lists:foreach(fun({ListenerID, ListenerConfig}) ->
?AUTHN:initialize_authentication(atom_to_binary(ListenerID), maps:get(authentication, ListenerConfig, []))
?AUTHN:initialize_authentication(ListenerID, maps:get(authentication, ListenerConfig, []))
end, emqx_listeners:list()),
ok.