feat(coap): use emqx_access_control:check_acl before pub/sub

2020-12-17 10:36:51 +09:00 · 2020-12-17 10:36:51 +09:00 · c89dad559e
parent ab57c19e7a
commit c89dad559e
1 changed files with 17 additions and 6 deletions
--- a/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
+++ b/apps/emqx_coap/src/emqx_coap_mqtt_adapter.erl
@ -206,8 +206,13 @@ code_change(_OldVsn, State, _Extra) ->

 chann_subscribe(Topic, State = #state{clientid = ClientId}) ->
    ?LOG(debug, "subscribe Topic=~p", [Topic]),
+    case emqx_access_control:check_acl(clientinfo(State), subscribe, Topic) of
+        allow ->
            emqx_broker:subscribe(Topic, ClientId, ?SUBOPTS),
-    emqx_hooks:run('session.subscribed', [clientinfo(State), Topic, ?SUBOPTS]).
+            emqx_hooks:run('session.subscribed', [clientinfo(State), Topic, ?SUBOPTS]);
+        deny  ->
+            ?LOG(warning, "subscribe to ~p by clientid ~p failed due to acl check.", [Topic, ClientId])
+    end.

 chann_unsubscribe(Topic, State) ->
    ?LOG(debug, "unsubscribe Topic=~p", [Topic]),
@ -215,11 +220,17 @@ chann_unsubscribe(Topic, State) ->
    emqx_broker:unsubscribe(Topic),
    emqx_hooks:run('session.unsubscribed', [clientinfo(State), Topic, Opts]).

-chann_publish(Topic, Payload, #state{clientid = ClientId}) ->
+chann_publish(Topic, Payload, State = #state{clientid = ClientId}) ->
    ?LOG(debug, "publish Topic=~p, Payload=~p", [Topic, Payload]),
+    case emqx_access_control:check_acl(clientinfo(State), publish, Topic) of
+        allow ->
            emqx_broker:publish(
                emqx_message:set_flag(retain, false,
-            emqx_message:make(ClientId, ?QOS_0, Topic, Payload))).
+                                      emqx_message:make(ClientId, ?QOS_0, Topic, Payload)));
+        deny  ->
+            ?LOG(warning, "publish to ~p by clientid ~p failed due to acl check.", [Topic, ClientId])
+    end.
+

 %%--------------------------------------------------------------------
 %% Deliver