yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #7367 from zhongwencool/fix-bad-authorization-500-crash 

fix: bad authorization format crash with 500
This commit is contained in:
Xinyu Liu 2022-03-23 17:58:19 +08:00 committed by GitHub
parent ce2e4f51ac b993595c6d
commit c9ed3cb657
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 30 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_management/src/emqx_management.app.src
View File

@ -1,6 +1,6 @@
{application, emqx_management, {application, emqx_management,
[{description, "EMQ X Management API and CLI"}, [{description, "EMQ X Management API and CLI"},
{vsn, "4.3.13"}, % strict semver, bump manually! {vsn, "4.3.11"}, % strict semver, bump manually!
{modules, []}, {modules, []},
{registered, [emqx_management_sup]}, {registered, [emqx_management_sup]},
{applications, [kernel,stdlib,minirest]}, {applications, [kernel,stdlib,minirest]},

7
apps/emqx_management/src/emqx_mgmt_http.erl
View File

@ -118,9 +118,10 @@ handle_request(_Method, _Path, Req) ->
cowboy_req:reply(400, #{<<"content-type">> => <<"text/plain">>}, <<"Not found.">>, Req). cowboy_req:reply(400, #{<<"content-type">> => <<"text/plain">>}, <<"Not found.">>, Req).
authorize_appid(Req) -> authorize_appid(Req) ->
case cowboy_req:parse_header(<<"authorization">>, Req) of try
{basic, AppId, AppSecret} -> emqx_mgmt_auth:is_authorized(AppId, AppSecret); {basic, AppId, AppSecret} = cowboy_req:parse_header(<<"authorization">>, Req),
_ -> false emqx_mgmt_auth:is_authorized(AppId, AppSecret)
catch _:_ -> false
end. end.
-ifdef(EMQX_ENTERPRISE). -ifdef(EMQX_ENTERPRISE).

14
apps/emqx_rule_engine/src/emqx_rule_engine.appup.src
View File

@ -2,11 +2,13 @@
{VSN, {VSN,
[{"4.3.7", [{"4.3.7",
[{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, [{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}]},
{"4.3.6", {"4.3.6",
[{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, [{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]},
{update,emqx_rule_metrics,{advanced,["4.3.6"]}}, {update,emqx_rule_metrics,{advanced,["4.3.6"]}},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_events,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_events,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]},
@ -15,6 +17,7 @@
[{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, [{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
{update,emqx_rule_metrics,{advanced,["4.3.5"]}}, {update,emqx_rule_metrics,{advanced,["4.3.5"]}},
{load_module,emqx_rule_events,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_events,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
@ -23,6 +26,7 @@
[{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, [{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
{update,emqx_rule_metrics,{advanced,["4.3.4"]}}, {update,emqx_rule_metrics,{advanced,["4.3.4"]}},
{load_module,emqx_rule_events,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_events,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
@ -31,6 +35,7 @@
[{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, [{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
{update,emqx_rule_metrics,{advanced,["4.3.3"]}}, {update,emqx_rule_metrics,{advanced,["4.3.3"]}},
{load_module,emqx_rule_events,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_events,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_actions,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_actions,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
@ -43,6 +48,7 @@
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]},
{apply,{emqx_stats,cancel_update,[rule_registery_stats]}}, {apply,{emqx_stats,cancel_update,[rule_registery_stats]}},
{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_actions,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_actions,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]}]}, {load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]}]},
@ -51,6 +57,7 @@
{update,emqx_rule_metrics,{advanced,["4.3.1"]}}, {update,emqx_rule_metrics,{advanced,["4.3.1"]}},
{load_module,emqx_rule_events,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_events,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]},
{apply,{emqx_stats,cancel_update,[rule_registery_stats]}}, {apply,{emqx_stats,cancel_update,[rule_registery_stats]}},
{load_module,emqx_rule_actions,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_actions,brutal_purge,soft_purge,[]},
@ -70,12 +77,14 @@
{<<".*">>,[]}], {<<".*">>,[]}],
[{"4.3.7", [{"4.3.7",
[{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, [{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}]},
{"4.3.6", {"4.3.6",
[{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, [{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]},
{update,emqx_rule_metrics,{advanced,["4.3.6"]}}, {update,emqx_rule_metrics,{advanced,["4.3.6"]}},
{load_module,emqx_rule_events,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_events,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]}]}, {load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]}]},
@ -83,6 +92,7 @@
[{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, [{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
{update,emqx_rule_metrics,{advanced,["4.3.5"]}}, {update,emqx_rule_metrics,{advanced,["4.3.5"]}},
{load_module,emqx_rule_events,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_events,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
@ -91,6 +101,7 @@
[{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, [{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
{update,emqx_rule_metrics,{advanced,["4.3.4"]}}, {update,emqx_rule_metrics,{advanced,["4.3.4"]}},
{load_module,emqx_rule_events,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_events,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
@ -99,6 +110,7 @@
[{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, [{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
{update,emqx_rule_metrics,{advanced,["4.3.3"]}}, {update,emqx_rule_metrics,{advanced,["4.3.3"]}},
{load_module,emqx_rule_events,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_events,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_actions,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_actions,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
@ -108,6 +120,7 @@
[{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, [{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
{update,emqx_rule_metrics,{advanced,["4.3.2"]}}, {update,emqx_rule_metrics,{advanced,["4.3.2"]}},
{load_module,emqx_rule_events,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_events,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]},
{apply,{emqx_stats,cancel_update,[rule_registery_stats]}}, {apply,{emqx_stats,cancel_update,[rule_registery_stats]}},
{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
@ -118,6 +131,7 @@
[{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, [{load_module,emqx_rule_utils,brutal_purge,soft_purge,[]},
{update,emqx_rule_metrics,{advanced,["4.3.1"]}}, {update,emqx_rule_metrics,{advanced,["4.3.1"]}},
{load_module,emqx_rule_events,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_events,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_funcs,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]},
{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_registry,brutal_purge,soft_purge,[]},
{apply,{emqx_stats,cancel_update,[rule_registery_stats]}}, {apply,{emqx_stats,cancel_update,[rule_registery_stats]}},

22
lib-ce/emqx_dashboard/src/emqx_dashboard.erl
View File

@ -103,17 +103,17 @@ is_authorized(Req) ->
is_authorized("/api/v4/auth", _Req) -> is_authorized("/api/v4/auth", _Req) ->
true; true;
is_authorized(_Path, Req) -> is_authorized(_Path, Req) ->
case cowboy_req:parse_header(<<"authorization">>, Req) of try
{basic, Username, Password} -> {basic, Username, Password} = cowboy_req:parse_header(<<"authorization">>, Req),
case emqx_dashboard_admin:check(iolist_to_binary(Username), case emqx_dashboard_admin:check(iolist_to_binary(Username), iolist_to_binary(Password)) of
iolist_to_binary(Password)) of ok -> true;
ok -> true; {error, Reason} ->
{error, Reason} -> ?LOG(error, "[Dashboard] Authorization Failure: username=~s, reason=~p",
?LOG(error, "[Dashboard] Authorization Failure: username=~s, reason=~p", [Username, Reason]),
[Username, Reason]), false
false end
end; catch _:_ -> %% bad authorization header will crash.
_ -> false false
end. end.
filter(#{app := emqx_modules}) -> true; filter(#{app := emqx_modules}) -> true;