yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'emqx-12487-fix-authz-http-content-type' into 0530-http-acl-compatibility-with-v4

This commit is contained in:
zmstone 2024-05-30 22:30:20 +02:00
parent 460081a22e 97f9c81e19
commit ca32cf8d29
3 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_auth_http/src/emqx_auth_http.app.src
View File

@ -1,7 +1,7 @@
%% -*- mode: erlang -*- %% -*- mode: erlang -*-
{application, emqx_auth_http, [ {application, emqx_auth_http, [
{description, "EMQX External HTTP API Authentication and Authorization"}, {description, "EMQX External HTTP API Authentication and Authorization"},
{vsn, "0.2.1"}, {vsn, "0.2.2"},
{registered, []}, {registered, []},
{mod, {emqx_auth_http_app, []}}, {mod, {emqx_auth_http_app, []}},
{applications, [ {applications, [

16
apps/emqx_auth_http/src/emqx_authz_http.erl
View File

@ -38,6 +38,10 @@
-compile(nowarn_export_all). -compile(nowarn_export_all).
-endif. -endif.
-define(PH_ACCESS, <<"${access}">>).
-define(LEGACY_SUBSCRIBE_ACTION, 1).
-define(LEGACY_PUBLISH_ACTION, 2).
-define(ALLOWED_VARS, [ -define(ALLOWED_VARS, [
?VAR_USERNAME, ?VAR_USERNAME,
?VAR_CLIENTID, ?VAR_CLIENTID,
@ -48,6 +52,7 @@
?VAR_ACTION, ?VAR_ACTION,
?VAR_CERT_SUBJECT, ?VAR_CERT_SUBJECT,
?VAR_CERT_CN_NAME, ?VAR_CERT_CN_NAME,
?PH_ACCESS,
?VAR_NS_CLIENT_ATTRS ?VAR_NS_CLIENT_ATTRS
]). ]).
@ -214,7 +219,7 @@ generate_request(
_ -> _ ->
NPath = append_query(Path, Query), NPath = append_query(Path, Query),
NBody = serialize_body( NBody = serialize_body(
proplists:get_value(<<"accept">>, Headers, <<"application/json">>), proplists:get_value(<<"content-type">>, Headers, <<"application/json">>),
Body Body
), ),
{NPath, Headers, NBody} {NPath, Headers, NBody}
@ -248,7 +253,14 @@ serialize_body(<<"application/x-www-form-urlencoded">>, Body) ->
client_vars(Client, Action, Topic) -> client_vars(Client, Action, Topic) ->
Vars = emqx_authz_utils:vars_for_rule_query(Client, Action), Vars = emqx_authz_utils:vars_for_rule_query(Client, Action),
Vars#{topic => Topic}. add_legacy_access_var(Vars#{topic => Topic}).
add_legacy_access_var(#{action := subscribe} = Vars) ->
Vars#{access => ?LEGACY_SUBSCRIBE_ACTION};
add_legacy_access_var(#{action := publish} = Vars) ->
Vars#{access => ?LEGACY_PUBLISH_ACTION};
add_legacy_access_var(Vars) ->
Vars.
to_list(A) when is_atom(A) -> to_list(A) when is_atom(A) ->
atom_to_list(A); atom_to_list(A);

13
apps/emqx_auth_http/test/emqx_authz_http_SUITE.erl
View File

@ -199,6 +199,7 @@ t_query_params(_Config) ->
mountpoint := <<"MOUNTPOINT">>, mountpoint := <<"MOUNTPOINT">>,
topic := <<"t/1">>, topic := <<"t/1">>,
action := <<"publish">>, action := <<"publish">>,
access := <<"2">>,
qos := <<"1">>, qos := <<"1">>,
retain := <<"false">> retain := <<"false">>
} = cowboy_req:match_qs( } = cowboy_req:match_qs(
@ -210,6 +211,7 @@ t_query_params(_Config) ->
mountpoint, mountpoint,
topic, topic,
action, action,
access,
qos, qos,
retain retain
], ],
@ -227,6 +229,7 @@ t_query_params(_Config) ->
"mountpoint=${mountpoint}&" "mountpoint=${mountpoint}&"
"topic=${topic}&" "topic=${topic}&"
"action=${action}&" "action=${action}&"
"access=${access}&"
"qos=${qos}&" "qos=${qos}&"
"retain=${retain}" "retain=${retain}"
>> >>
@ -261,6 +264,7 @@ t_path(_Config) ->
"MOUNTPOINT/" "MOUNTPOINT/"
"t%2F1/" "t%2F1/"
"publish/" "publish/"
"2/"
"1/" "1/"
"false" "false"
>>, >>,
@ -278,6 +282,7 @@ t_path(_Config) ->
"${mountpoint}/" "${mountpoint}/"
"${topic}/" "${topic}/"
"${action}/" "${action}/"
"${access}/"
"${qos}/" "${qos}/"
"${retain}" "${retain}"
>> >>
@ -318,6 +323,7 @@ t_json_body(_Config) ->
<<"mountpoint">> := <<"MOUNTPOINT">>, <<"mountpoint">> := <<"MOUNTPOINT">>,
<<"topic">> := <<"t">>, <<"topic">> := <<"t">>,
<<"action">> := <<"publish">>, <<"action">> := <<"publish">>,
<<"access">> := <<"2">>,
<<"qos">> := <<"1">>, <<"qos">> := <<"1">>,
<<"retain">> := <<"false">> <<"retain">> := <<"false">>
}, },
@ -335,6 +341,7 @@ t_json_body(_Config) ->
<<"mountpoint">> => <<"${mountpoint}">>, <<"mountpoint">> => <<"${mountpoint}">>,
<<"topic">> => <<"${topic}">>, <<"topic">> => <<"${topic}">>,
<<"action">> => <<"${action}">>, <<"action">> => <<"${action}">>,
<<"access">> => <<"${access}">>,
<<"qos">> => <<"${qos}">>, <<"qos">> => <<"${qos}">>,
<<"retain">> => <<"${retain}">> <<"retain">> => <<"${retain}">>
} }
@ -402,7 +409,7 @@ t_placeholder_and_body(_Config) ->
cowboy_req:path(Req0) cowboy_req:path(Req0)
), ),
{ok, [{PostVars, true}], Req1} = cowboy_req:read_urlencoded_body(Req0), {ok, PostVars, Req1} = cowboy_req:read_urlencoded_body(Req0),
?assertMatch( ?assertMatch(
#{ #{
@ -413,10 +420,11 @@ t_placeholder_and_body(_Config) ->
<<"mountpoint">> := <<"MOUNTPOINT">>, <<"mountpoint">> := <<"MOUNTPOINT">>,
<<"topic">> := <<"t">>, <<"topic">> := <<"t">>,
<<"action">> := <<"publish">>, <<"action">> := <<"publish">>,
<<"access">> := <<"2">>,
<<"CN">> := ?PH_CERT_CN_NAME, <<"CN">> := ?PH_CERT_CN_NAME,
<<"CS">> := ?PH_CERT_SUBJECT <<"CS">> := ?PH_CERT_SUBJECT
}, },
emqx_utils_json:decode(PostVars, [return_maps]) maps:from_list(PostVars)
), ),
{ok, ?AUTHZ_HTTP_RESP(allow, Req1), State} {ok, ?AUTHZ_HTTP_RESP(allow, Req1), State}
end, end,
@ -430,6 +438,7 @@ t_placeholder_and_body(_Config) ->
<<"mountpoint">> => <<"${mountpoint}">>, <<"mountpoint">> => <<"${mountpoint}">>,
<<"topic">> => <<"${topic}">>, <<"topic">> => <<"${topic}">>,
<<"action">> => <<"${action}">>, <<"action">> => <<"${action}">>,
<<"access">> => <<"${access}">>,
<<"CN">> => ?PH_CERT_CN_NAME, <<"CN">> => ?PH_CERT_CN_NAME,
<<"CS">> => ?PH_CERT_SUBJECT <<"CS">> => ?PH_CERT_SUBJECT
}, },