yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore(auth): tidy up the code

This commit is contained in:
Ilya Averyanov 2023-08-08 11:52:10 +03:00
parent 67e06b3171
commit db31e5f0d9
7 changed files with 24 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apps/emqx/include/emqx_hooks.hrl
View File

@ -29,7 +29,6 @@
-define(HP_RETAINER, 930). -define(HP_RETAINER, 930).
-define(HP_AUTO_SUB, 920). -define(HP_AUTO_SUB, 920).
-define(HP_RULE_ENGINE, 900). -define(HP_RULE_ENGINE, 900).
%% apps that can work with the republish action %% apps that can work with the republish action
-define(HP_SLOW_SUB, 880). -define(HP_SLOW_SUB, 880).
-define(HP_BRIDGE, 870). -define(HP_BRIDGE, 870).

13
apps/emqx/src/emqx_access_control.erl
View File

@ -30,8 +30,8 @@
-compile(nowarn_export_all). -compile(nowarn_export_all).
-endif. -endif.
-define(TRACE_RESULT(Label, Tag, Result, Reason), begin -define(TRACE_RESULT(Label, Result, Reason), begin
?TRACE(Label, Tag, #{ ?TRACE(Label, ?AUTHN_TRACE_TAG, #{
result => (Result), result => (Result),
reason => (Reason) reason => (Reason)
}), }),
@ -115,18 +115,13 @@ authorize(ClientInfo, Action, Topic) ->
-spec pre_hook_authenticate(emqx_types:clientinfo()) -> -spec pre_hook_authenticate(emqx_types:clientinfo()) ->
ok | continue | {error, not_authorized}. ok | continue | {error, not_authorized}.
pre_hook_authenticate(#{enable_authn := false}) -> pre_hook_authenticate(#{enable_authn := false}) ->
?TRACE_RESULT("pre_hook_authenticate", ?AUTHN_TRACE_TAG, ok, enable_authn_false); ?TRACE_RESULT("pre_hook_authenticate", ok, enable_authn_false);
pre_hook_authenticate(#{enable_authn := quick_deny_anonymous} = Credential) -> pre_hook_authenticate(#{enable_authn := quick_deny_anonymous} = Credential) ->
case is_username_defined(Credential) of case is_username_defined(Credential) of
true -> true ->
continue; continue;
false -> false ->
?TRACE_RESULT( ?TRACE_RESULT("pre_hook_authenticate", {error, not_authorized}, enable_authn_false)
"pre_hook_authenticate",
?AUTHN_TRACE_TAG,
{error, not_authorized},
enable_authn_false
)
end; end;
pre_hook_authenticate(_) -> pre_hook_authenticate(_) ->
continue. continue.

22
apps/emqx/src/emqx_schema_hooks.erl
View File

@ -24,12 +24,12 @@
}. }.
-optional_callbacks([injected_fields/0]). -optional_callbacks([injected_fields/0]).
-export_type([hookpoint/0]).
-define(HOOKPOINT_PT_KEY(POINT_NAME), {?MODULE, fields, POINT_NAME}). -define(HOOKPOINT_PT_KEY(POINT_NAME), {?MODULE, fields, POINT_NAME}).
-export([ -export([
injection_point/1, injection_point/1,
any_injections/1,
inject_fields/2,
inject_from_modules/1 inject_from_modules/1
]). ]).
@ -46,10 +46,6 @@
injection_point(PointName) -> injection_point(PointName) ->
persistent_term:get(?HOOKPOINT_PT_KEY(PointName), []). persistent_term:get(?HOOKPOINT_PT_KEY(PointName), []).
inject_fields(PointName, Fields) ->
Key = ?HOOKPOINT_PT_KEY(PointName),
persistent_term:put(Key, Fields).
erase_injections() -> erase_injections() ->
lists:foreach( lists:foreach(
fun fun
@ -72,9 +68,6 @@ any_injections() ->
persistent_term:get() persistent_term:get()
). ).
any_injections(PointName) ->
persistent_term:get(?HOOKPOINT_PT_KEY(PointName), undefined) =/= undefined.
inject_from_modules(Modules) -> inject_from_modules(Modules) ->
Injections = Injections =
lists:foldl( lists:foldl(
@ -109,10 +102,17 @@ append_module_injections(ModuleInjections, AllInjections) when is_map(ModuleInje
inject_fields([]) -> inject_fields([]) ->
ok; ok;
inject_fields([{PointName, Fields} | Rest]) -> inject_fields([{PointName, Fields} | Rest]) ->
case emqx_schema_hooks:any_injections(PointName) of case any_injections(PointName) of
true -> true ->
inject_fields(Rest); inject_fields(Rest);
false -> false ->
ok = emqx_schema_hooks:inject_fields(PointName, Fields), ok = inject_fields(PointName, Fields),
inject_fields(Rest) inject_fields(Rest)
end. end.
inject_fields(PointName, Fields) ->
Key = ?HOOKPOINT_PT_KEY(PointName),
persistent_term:put(Key, Fields).
any_injections(PointName) ->
persistent_term:get(?HOOKPOINT_PT_KEY(PointName), undefined) =/= undefined.

10
apps/emqx_authn/include/emqx_authentication.hrl
View File

@ -20,11 +20,6 @@
-include_lib("emqx/include/logger.hrl"). -include_lib("emqx/include/logger.hrl").
-include_lib("emqx/include/emqx_access_control.hrl"). -include_lib("emqx/include/emqx_access_control.hrl").
%% config root name all auth providers have to agree on.
-define(EMQX_AUTHENTICATION_CONFIG_ROOT_NAME, "authentication").
-define(EMQX_AUTHENTICATION_CONFIG_ROOT_NAME_ATOM, authentication).
-define(EMQX_AUTHENTICATION_CONFIG_ROOT_NAME_BINARY, <<"authentication">>).
-define(GLOBAL, 'mqtt:global'). -define(GLOBAL, 'mqtt:global').
-define(TRACE_AUTHN_PROVIDER(Msg), ?TRACE_AUTHN_PROVIDER(Msg, #{})). -define(TRACE_AUTHN_PROVIDER(Msg), ?TRACE_AUTHN_PROVIDER(Msg, #{})).
@ -36,6 +31,11 @@
-define(TRACE_AUTHN(Msg, Meta), ?TRACE_AUTHN(debug, Msg, Meta)). -define(TRACE_AUTHN(Msg, Meta), ?TRACE_AUTHN(debug, Msg, Meta)).
-define(TRACE_AUTHN(Level, Msg, Meta), ?TRACE(Level, ?AUTHN_TRACE_TAG, Msg, Meta)). -define(TRACE_AUTHN(Level, Msg, Meta), ?TRACE(Level, ?AUTHN_TRACE_TAG, Msg, Meta)).
%% config root name all auth providers have to agree on.
-define(EMQX_AUTHENTICATION_CONFIG_ROOT_NAME, "authentication").
-define(EMQX_AUTHENTICATION_CONFIG_ROOT_NAME_ATOM, authentication).
-define(EMQX_AUTHENTICATION_CONFIG_ROOT_NAME_BINARY, <<"authentication">>).
%% authentication move cmd %% authentication move cmd
-define(CMD_MOVE_FRONT, front). -define(CMD_MOVE_FRONT, front).
-define(CMD_MOVE_REAR, rear). -define(CMD_MOVE_REAR, rear).

8
apps/emqx_authn/src/emqx_authentication.erl
View File

@ -60,7 +60,6 @@
register_providers/1, register_providers/1,
deregister_provider/1, deregister_provider/1,
deregister_providers/1, deregister_providers/1,
providers/0,
delete_chain/1, delete_chain/1,
lookup_chain/1, lookup_chain/1,
list_chains/0, list_chains/0,
@ -266,6 +265,7 @@ get_enabled(Authenticators) ->
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
%% @doc Get all registered authentication providers. %% @doc Get all registered authentication providers.
-spec get_providers() -> #{authn_type() => module()}.
get_providers() -> get_providers() ->
call(get_providers). call(get_providers).
@ -332,10 +332,6 @@ deregister_providers(AuthNTypes) when is_list(AuthNTypes) ->
deregister_provider(AuthNType) -> deregister_provider(AuthNType) ->
deregister_providers([AuthNType]). deregister_providers([AuthNType]).
-spec providers() -> [{authn_type(), module()}].
providers() ->
call(providers).
-spec delete_chain(chain_name()) -> ok | {error, term()}. -spec delete_chain(chain_name()) -> ok | {error, term()}.
delete_chain(Name) -> delete_chain(Name) ->
call({delete_chain, Name}). call({delete_chain, Name}).
@ -468,8 +464,6 @@ handle_call(
end; end;
handle_call({deregister_providers, AuthNTypes}, _From, #{providers := Providers} = State) -> handle_call({deregister_providers, AuthNTypes}, _From, #{providers := Providers} = State) ->
reply(ok, State#{providers := maps:without(AuthNTypes, Providers)}); reply(ok, State#{providers := maps:without(AuthNTypes, Providers)});
handle_call(providers, _From, #{providers := Providers} = State) ->
reply(maps:to_list(Providers), State);
handle_call({delete_chain, ChainName}, _From, State) -> handle_call({delete_chain, ChainName}, _From, State) ->
UpdateFun = fun(Chain) -> UpdateFun = fun(Chain) ->
{_MatchedIDs, NewChain} = do_delete_authenticators(fun(_) -> true end, Chain), {_MatchedIDs, NewChain} = do_delete_authenticators(fun(_) -> true end, Chain),

5
apps/emqx_authn/src/emqx_authentication_config.erl
View File

@ -148,7 +148,7 @@ do_pre_config_update(Paths, NewConfig, _OldConfig) ->
]}. ]}.
-spec propagated_pre_config_update(list(atom()), update_request(), emqx_config:raw_config()) -> -spec propagated_pre_config_update(list(atom()), update_request(), emqx_config:raw_config()) ->
ok | {error, term()}. {ok, map() | list()} | {error, term()}.
propagated_pre_config_update(Paths, NewConfig, OldConfig) -> propagated_pre_config_update(Paths, NewConfig, OldConfig) ->
do_pre_config_update(Paths, NewConfig, OldConfig). do_pre_config_update(Paths, NewConfig, OldConfig).
@ -217,8 +217,7 @@ do_post_config_update(Paths, _UpdateReq, NewConfig0, OldConfig0, _AppEnvs) ->
emqx_config:raw_config(), emqx_config:raw_config(),
emqx_config:app_envs() emqx_config:app_envs()
) -> ) ->
ok | {ok, map()} | {error, term()}. ok.
propagated_post_config_update(Paths, UpdateReq, NewConfig, OldConfig, AppEnvs) -> propagated_post_config_update(Paths, UpdateReq, NewConfig, OldConfig, AppEnvs) ->
ok = post_config_update(Paths, UpdateReq, NewConfig, OldConfig, AppEnvs), ok = post_config_update(Paths, UpdateReq, NewConfig, OldConfig, AppEnvs),
ok. ok.

2
apps/emqx_authn/test/emqx_authentication_SUITE.erl
View File

@ -591,5 +591,5 @@ deregister_providers() ->
fun({Type, _Module}) -> fun({Type, _Module}) ->
ok = ?AUTHN:deregister_provider(Type) ok = ?AUTHN:deregister_provider(Type)
end, end,
lists:flatten([?AUTHN:providers()]) maps:to_list(?AUTHN:get_providers())
). ).