yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'emqx-12487-fix-authz-http-content-type' into 0530-http-acl-compatibility-with-v4

This commit is contained in:
zmstone 2024-05-30 22:30:20 +02:00
parent 460081a22e 97f9c81e19
commit ca32cf8d29
3 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_auth_http/src/emqx_auth_http.app.src
View File

@ -1,7 +1,7 @@
%% -*- mode: erlang -*-
{application, emqx_auth_http, [
{description, "EMQX External HTTP API Authentication and Authorization"},
{vsn, "0.2.1"},
{vsn, "0.2.2"},
{registered, []},
{mod, {emqx_auth_http_app, []}},
{applications, [

16
apps/emqx_auth_http/src/emqx_authz_http.erl
View File

@ -38,6 +38,10 @@
-compile(nowarn_export_all).
-endif.
-define(PH_ACCESS, <<"${access}">>).
-define(LEGACY_SUBSCRIBE_ACTION, 1).
-define(LEGACY_PUBLISH_ACTION, 2).
-define(ALLOWED_VARS, [
?VAR_USERNAME,
?VAR_CLIENTID,
@ -48,6 +52,7 @@
?VAR_ACTION,
?VAR_CERT_SUBJECT,
?VAR_CERT_CN_NAME,
?PH_ACCESS,
?VAR_NS_CLIENT_ATTRS
]).
@ -214,7 +219,7 @@ generate_request(
_ ->
NPath = append_query(Path, Query),
NBody = serialize_body(
proplists:get_value(<<"accept">>, Headers, <<"application/json">>),
proplists:get_value(<<"content-type">>, Headers, <<"application/json">>),
Body
),
{NPath, Headers, NBody}
@ -248,7 +253,14 @@ serialize_body(<<"application/x-www-form-urlencoded">>, Body) ->
client_vars(Client, Action, Topic) ->
Vars = emqx_authz_utils:vars_for_rule_query(Client, Action),
Vars#{topic => Topic}.
add_legacy_access_var(Vars#{topic => Topic}).
add_legacy_access_var(#{action := subscribe} = Vars) ->
Vars#{access => ?LEGACY_SUBSCRIBE_ACTION};
add_legacy_access_var(#{action := publish} = Vars) ->
Vars#{access => ?LEGACY_PUBLISH_ACTION};
add_legacy_access_var(Vars) ->
Vars.
to_list(A) when is_atom(A) ->
atom_to_list(A);

13
apps/emqx_auth_http/test/emqx_authz_http_SUITE.erl
View File

@ -199,6 +199,7 @@ t_query_params(_Config) ->
mountpoint := <<"MOUNTPOINT">>,
topic := <<"t/1">>,
action := <<"publish">>,
access := <<"2">>,
qos := <<"1">>,
retain := <<"false">>
} = cowboy_req:match_qs(
@ -210,6 +211,7 @@ t_query_params(_Config) ->
mountpoint,
topic,
action,
access,
qos,
retain
],
@ -227,6 +229,7 @@ t_query_params(_Config) ->
"mountpoint=${mountpoint}&"
"topic=${topic}&"
"action=${action}&"
"access=${access}&"
"qos=${qos}&"
"retain=${retain}"
>>
@ -261,6 +264,7 @@ t_path(_Config) ->
"MOUNTPOINT/"
"t%2F1/"
"publish/"
"2/"
"1/"
"false"
>>,
@ -278,6 +282,7 @@ t_path(_Config) ->
"${mountpoint}/"
"${topic}/"
"${action}/"
"${access}/"
"${qos}/"
"${retain}"
>>
@ -318,6 +323,7 @@ t_json_body(_Config) ->
<<"mountpoint">> := <<"MOUNTPOINT">>,
<<"topic">> := <<"t">>,
<<"action">> := <<"publish">>,
<<"access">> := <<"2">>,
<<"qos">> := <<"1">>,
<<"retain">> := <<"false">>
},
@ -335,6 +341,7 @@ t_json_body(_Config) ->
<<"mountpoint">> => <<"${mountpoint}">>,
<<"topic">> => <<"${topic}">>,
<<"action">> => <<"${action}">>,
<<"access">> => <<"${access}">>,
<<"qos">> => <<"${qos}">>,
<<"retain">> => <<"${retain}">>
}
@ -402,7 +409,7 @@ t_placeholder_and_body(_Config) ->
cowboy_req:path(Req0)
),
{ok, [{PostVars, true}], Req1} = cowboy_req:read_urlencoded_body(Req0),
{ok, PostVars, Req1} = cowboy_req:read_urlencoded_body(Req0),
?assertMatch(
#{
@ -413,10 +420,11 @@ t_placeholder_and_body(_Config) ->
<<"mountpoint">> := <<"MOUNTPOINT">>,
<<"topic">> := <<"t">>,
<<"action">> := <<"publish">>,
<<"access">> := <<"2">>,
<<"CN">> := ?PH_CERT_CN_NAME,
<<"CS">> := ?PH_CERT_SUBJECT
},
emqx_utils_json:decode(PostVars, [return_maps])
maps:from_list(PostVars)
),
{ok, ?AUTHZ_HTTP_RESP(allow, Req1), State}
end,
@ -430,6 +438,7 @@ t_placeholder_and_body(_Config) ->
<<"mountpoint">> => <<"${mountpoint}">>,
<<"topic">> => <<"${topic}">>,
<<"action">> => <<"${action}">>,
<<"access">> => <<"${access}">>,
<<"CN">> => ?PH_CERT_CN_NAME,
<<"CS">> => ?PH_CERT_SUBJECT
},