From ac6f28dabf6a9ab3406617f442021315b56b52e9 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Wed, 31 Aug 2022 07:53:02 +0200 Subject: [PATCH 01/10] chore: bump release version to 4.3.20 --- include/emqx_release.hrl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/emqx_release.hrl b/include/emqx_release.hrl index 9e703b64b..ce07c1cdb 100644 --- a/include/emqx_release.hrl +++ b/include/emqx_release.hrl @@ -29,7 +29,7 @@ -ifndef(EMQX_ENTERPRISE). --define(EMQX_RELEASE, {opensource, "4.3.19"}). +-define(EMQX_RELEASE, {opensource, "4.3.20-alpha.1"}). -else. From 6f28e0eb837a628d3a621f156cafc9378c8ee588 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Wed, 31 Aug 2022 08:03:20 +0200 Subject: [PATCH 02/10] chore: update appup files --- apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src | 2 +- apps/emqx_exproto/src/emqx_exproto.app.src | 2 +- apps/emqx_management/src/emqx_management.app.src | 2 +- apps/emqx_rule_engine/src/emqx_rule_engine.app.src | 2 +- apps/emqx_rule_engine/src/emqx_rule_engine.appup.src | 10 ++++++++-- lib-ce/emqx_dashboard/src/emqx_dashboard.app.src | 2 +- src/emqx.app.src | 2 +- src/emqx.appup.src | 12 ++++++++++-- 8 files changed, 24 insertions(+), 10 deletions(-) diff --git a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src index 54d1317d7..6dd1dcdfc 100644 --- a/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src +++ b/apps/emqx_auth_mnesia/src/emqx_auth_mnesia.app.src @@ -1,6 +1,6 @@ {application, emqx_auth_mnesia, [{description, "EMQ X Authentication with Mnesia"}, - {vsn, "4.3.8"}, % strict semver, bump manually + {vsn, "4.3.9"}, % strict semver, bump manually {modules, []}, {registered, []}, {applications, [kernel,stdlib,mnesia]}, diff --git a/apps/emqx_exproto/src/emqx_exproto.app.src b/apps/emqx_exproto/src/emqx_exproto.app.src index a267d1daf..98610a40c 100644 --- a/apps/emqx_exproto/src/emqx_exproto.app.src +++ b/apps/emqx_exproto/src/emqx_exproto.app.src @@ -1,6 +1,6 @@ {application, emqx_exproto, [{description, "EMQ X Extension for Protocol"}, - {vsn, "4.3.10"}, %% 4.3.3 is used by ee + {vsn, "4.3.11"}, %% 4.3.3 is used by ee {modules, []}, {registered, []}, {mod, {emqx_exproto_app, []}}, diff --git a/apps/emqx_management/src/emqx_management.app.src b/apps/emqx_management/src/emqx_management.app.src index 6a5ae3d07..fbec68057 100644 --- a/apps/emqx_management/src/emqx_management.app.src +++ b/apps/emqx_management/src/emqx_management.app.src @@ -1,6 +1,6 @@ {application, emqx_management, [{description, "EMQ X Management API and CLI"}, - {vsn, "4.3.16"}, % strict semver, bump manually! + {vsn, "4.3.17"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_management_sup]}, {applications, [kernel,stdlib,minirest]}, diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.app.src b/apps/emqx_rule_engine/src/emqx_rule_engine.app.src index 90620e2df..cbdb2e7f7 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_engine.app.src +++ b/apps/emqx_rule_engine/src/emqx_rule_engine.app.src @@ -1,6 +1,6 @@ {application, emqx_rule_engine, [{description, "EMQ X Rule Engine"}, - {vsn, "4.3.14"}, % strict semver, bump manually! + {vsn, "4.3.15"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_rule_engine_sup, emqx_rule_registry]}, {applications, [kernel,stdlib,rulesql,getopt]}, diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src index a9cb51d8e..b976a92bd 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src +++ b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src @@ -1,7 +1,10 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.13", + [{"4.3.14", + [{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, + {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}]}, + {"4.3.13", [{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_actions,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, @@ -180,7 +183,10 @@ {load_module,emqx_rule_runtime,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.13", + [{"4.3.14", + [{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, + {load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}]}, + {"4.3.13", [{load_module,emqx_rule_engine,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_actions,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_utils,brutal_purge,soft_purge,[]}, diff --git a/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src b/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src index 3c9a4e3fa..1cf6184cd 100644 --- a/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src +++ b/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src @@ -1,6 +1,6 @@ {application, emqx_dashboard, [{description, "EMQ X Web Dashboard"}, - {vsn, "4.3.15"}, % strict semver, bump manually! + {vsn, "4.3.16"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_dashboard_sup]}, {applications, [kernel,stdlib,mnesia,minirest]}, diff --git a/src/emqx.app.src b/src/emqx.app.src index 14c63c75e..869b13392 100644 --- a/src/emqx.app.src +++ b/src/emqx.app.src @@ -6,7 +6,7 @@ %% the emqx `release' version, which in turn is comprised of several %% apps, one of which is this. See `emqx_release.hrl' for more %% info. - {vsn, "4.3.20"}, % strict semver, bump manually! + {vsn, "4.3.21"}, % strict semver, bump manually! {modules, []}, {registered, []}, {applications, [ kernel diff --git a/src/emqx.appup.src b/src/emqx.appup.src index 9d0787e79..682da8bf6 100644 --- a/src/emqx.appup.src +++ b/src/emqx.appup.src @@ -1,7 +1,11 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.19", + [{"4.3.20", + [{load_module,emqx_app,brutal_purge,soft_purge,[]}, + {load_module,emqx_message,brutal_purge,soft_purge,[]}, + {load_module,emqx_cm,brutal_purge,soft_purge,[]}]}, + {"4.3.19", [{load_module,emqx_message,brutal_purge,soft_purge,[]}, {load_module,emqx_misc,brutal_purge,soft_purge,[]}, {load_module,emqx_app,brutal_purge,soft_purge,[]}, @@ -707,7 +711,11 @@ {load_module,emqx_message,brutal_purge,soft_purge,[]}, {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.19", + [{"4.3.20", + [{load_module,emqx_app,brutal_purge,soft_purge,[]}, + {load_module,emqx_message,brutal_purge,soft_purge,[]}, + {load_module,emqx_cm,brutal_purge,soft_purge,[]}]}, + {"4.3.19", [{load_module,emqx_message,brutal_purge,soft_purge,[]}, {load_module,emqx_misc,brutal_purge,soft_purge,[]}, {load_module,emqx_app,brutal_purge,soft_purge,[]}, From 51412e25c8a0678d64bbc6e06f62384168634cac Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Tue, 30 Aug 2022 21:45:21 +0200 Subject: [PATCH 03/10] fix(emqx_rule_engine): fix rule update function Prior to this change, the update of a rule will always try to initialise the action because the 'enabled' flag is by default 'true' --- CHANGES-4.3.md | 6 ++ .../emqx_rule_engine/src/emqx_rule_engine.erl | 56 +++++++++++++------ 2 files changed, 44 insertions(+), 18 deletions(-) diff --git a/CHANGES-4.3.md b/CHANGES-4.3.md index a250de823..9774e305a 100644 --- a/CHANGES-4.3.md +++ b/CHANGES-4.3.md @@ -10,6 +10,12 @@ File format: - One list item per change topic Change log ends with a list of GitHub PRs +## v4.3.20 + +### Bug fixes + +- Fix rule-engine update behaviour which may initialize actions for disabled rules. [#8849](https://github.com/emqx/emqx/pull/8849) + ## v4.3.19 ### Enhancements diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.erl b/apps/emqx_rule_engine/src/emqx_rule_engine.erl index d5c3ba92c..f48b8a02b 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_engine.erl +++ b/apps/emqx_rule_engine/src/emqx_rule_engine.erl @@ -547,11 +547,21 @@ with_resource_params(Args = #{<<"$resource">> := ResId}) -> end; with_resource_params(Args) -> Args. --dialyzer([{nowarn_function, may_update_rule_params/2}]). -may_update_rule_params(Rule, Params = #{rawsql := SQL}) -> +may_update_rule_params(Rule, Params) -> + %% NOTE: order matters, e.g. update_actions must be after update_enabled + FL = [fun update_raw_sql/2, + fun update_enabled/2, + fun update_description/2, + fun update_on_action_failed/2, + fun update_actions/2 + ], + lists:foldl(fun(F, RuleIn) -> + F(RuleIn, Params) + end, Rule, FL). + +update_raw_sql(Rule, #{rawsql := SQL}) -> case emqx_rule_sqlparser:parse_select(SQL) of {ok, Select} -> - may_update_rule_params( Rule#rule{ rawsql = SQL, for = emqx_rule_sqlparser:select_from(Select), @@ -560,12 +570,14 @@ may_update_rule_params(Rule, Params = #{rawsql := SQL}) -> doeach = emqx_rule_sqlparser:select_doeach(Select), incase = emqx_rule_sqlparser:select_incase(Select), conditions = emqx_rule_sqlparser:select_where(Select) - }, - maps:remove(rawsql, Params)); - Reason -> throw(Reason) + }; + Reason -> + throw(Reason) end; -may_update_rule_params(Rule = #rule{enabled = OldEnb, actions = Actions, state = OldState}, - Params = #{enabled := NewEnb}) -> +update_raw_sql(Rule, _) -> + Rule. + +update_enabled(Rule = #rule{enabled = OldEnb, actions = Actions, state = OldState}, #{enabled := NewEnb}) -> State = case {OldEnb, NewEnb} of {false, true} -> _ = ?CLUSTER_CALL(refresh_rule, [Rule]), @@ -575,19 +587,27 @@ may_update_rule_params(Rule = #rule{enabled = OldEnb, actions = Actions, state = force_changed; _NoChange -> OldState end, - may_update_rule_params(Rule#rule{enabled = NewEnb, state = State}, maps:remove(enabled, Params)); -may_update_rule_params(Rule, Params = #{description := Descr}) -> - may_update_rule_params(Rule#rule{description = Descr}, maps:remove(description, Params)); -may_update_rule_params(Rule, Params = #{on_action_failed := OnFailed}) -> - may_update_rule_params(Rule#rule{on_action_failed = OnFailed}, - maps:remove(on_action_failed, Params)); -may_update_rule_params(Rule = #rule{actions = OldActions}, Params = #{actions := Actions}) -> + Rule#rule{enabled = NewEnb, state = State}; +update_enabled(Rule, _) -> + Rule. + +update_description(Rule, #{description := Descr}) -> + Rule#rule{description = Descr}; +update_description(Rule, _) -> + Rule. + +update_on_action_failed(Rule, #{on_action_failed := OnFailed}) -> + Rule#rule{on_action_failed = OnFailed}; +update_on_action_failed(Rule, _) -> + Rule. + +update_actions(Rule = #rule{actions = OldActions, enabled = Enabled}, #{actions := Actions}) -> %% prepare new actions before removing old ones - NewActions = prepare_actions(Actions, maps:get(enabled, Params, true)), + NewActions = prepare_actions(Actions, Enabled), _ = ?CLUSTER_CALL(restore_action_metrics, [OldActions, NewActions]), _ = ?CLUSTER_CALL(clear_actions, [OldActions]), - may_update_rule_params(Rule#rule{actions = NewActions}, maps:remove(actions, Params)); -may_update_rule_params(Rule, _Params) -> %% ignore all the unsupported params + Rule#rule{actions = NewActions}; +update_actions(Rule, _) -> Rule. %% NOTE: if the user removed an action, but the action is not the last one in the list, From f95d9ca653ac3459bdd79b5236b6d4e9c60fced6 Mon Sep 17 00:00:00 2001 From: Thales Macedo Garitezi Date: Wed, 31 Aug 2022 17:04:45 -0300 Subject: [PATCH 04/10] ci: check repo type directly in step --- .github/workflows/run_test_cases.yaml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml index d971ef200..96cce885a 100644 --- a/.github/workflows/run_test_cases.yaml +++ b/.github/workflows/run_test_cases.yaml @@ -39,16 +39,8 @@ jobs: use-self-hosted: false steps: - uses: actions/checkout@v2 - - name: set edition - id: set_edition - run: | - if make emqx-ee --dry-run > /dev/null 2>&1; then - echo "EDITION=enterprise" >> $GITHUB_ENV - else - echo "EDITION=opensource" >> $GITHUB_ENV - fi - name: docker compose up - if: env.EDITION == 'opensource' + if: endsWith(github.repository, 'emqx') env: MYSQL_TAG: 8 REDIS_TAG: 6 @@ -66,7 +58,7 @@ jobs: -f .ci/docker-compose-file/docker-compose-redis-single-tcp.yaml \ up -d --build - name: docker compose up - if: env.EDITION == 'enterprise' + if: endsWith(github.repository, 'emqx-enterprise') env: MYSQL_TAG: 8 REDIS_TAG: 6 From 15c84ba15271f2f7a6074bd59e150f3159ff9153 Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 1 Sep 2022 15:43:32 +0800 Subject: [PATCH 05/10] fix(jwt): support non-integer timestamp claims --- apps/emqx_auth_jwt/src/emqx_auth_jwt.erl | 42 +++++++++++++++---- apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl | 8 ++-- .../test/emqx_auth_jwt_SUITE.erl | 13 +++++- 3 files changed, 49 insertions(+), 14 deletions(-) diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl index 040f9b629..1f304a65e 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl @@ -26,6 +26,8 @@ , description/0 ]). +-export([binary_to_number/1]). + %%-------------------------------------------------------------------- %% Authentication callbacks %%-------------------------------------------------------------------- @@ -56,16 +58,12 @@ check_acl(ClientInfo = #{jwt_claims := Claims}, #{acl_claim_name := AclClaimName}) -> case Claims of #{AclClaimName := Acl, <<"exp">> := Exp} -> - try is_expired(Exp) of + case is_expired(Exp) of true -> ?DEBUG("acl_deny_due_to_jwt_expired", []), deny; false -> verify_acl(ClientInfo, Acl, PubSub, Topic) - catch - _:_ -> - ?DEBUG("acl_deny_due_to_invalid_jwt_exp", []), - deny end; #{AclClaimName := Acl} -> verify_acl(ClientInfo, Acl, PubSub, Topic); @@ -75,14 +73,40 @@ check_acl(ClientInfo = #{jwt_claims := Claims}, end. is_expired(Exp) when is_binary(Exp) -> - ExpInt = binary_to_integer(Exp), - is_expired(ExpInt); -is_expired(Exp) -> + case binary_to_number(Exp) of + {ok, Val} -> + is_expired(Val); + _ -> + ?DEBUG("acl_deny_due_to_invalid_jwt_exp:~p", [Exp]), + true + end; +is_expired(Exp) when is_integer(Exp) -> Now = erlang:system_time(second), - Now > Exp. + Now > Exp; +is_expired(Exp) -> + ?DEBUG("acl_deny_due_to_invalid_jwt_exp:~p", [Exp]), + true. description() -> "Authentication with JWT". +binary_to_number(Bin) -> + Checker = fun([], _) -> + false; + ([H | T], Self) -> + try + {ok, H(Bin)} + catch _:_ -> + Self(T, Self) + end + end, + + Checker([fun erlang:binary_to_integer/1, + fun(In) -> + Val = erlang:binary_to_float(In), + erlang:round(Val) + end], + Checker). + %%------------------------------------------------------------------------------ %% Verify Claims %%-------------------------------------------------------------------- diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl index ac07a8640..a9b35dbec 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl @@ -215,13 +215,13 @@ with_int_value(Fun) -> case Value of Int when is_integer(Int) -> Fun(Int); Bin when is_binary(Bin) -> - case string:to_integer(Bin) of - {Int, <<>>} -> Fun(Int); + case emqx_auth_jwt:binary_to_number(Bin) of + {ok, Int} -> Fun(Int); _ -> false end; Str when is_list(Str) -> - case string:to_integer(Str) of - {Int, ""} -> Fun(Int); + case emqx_auth_jwt:binary_to_number(Str) of + {ok, Int} -> Fun(Int); _ -> false end end diff --git a/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl b/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl index c8eed8b41..934d80f41 100644 --- a/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl +++ b/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl @@ -164,7 +164,18 @@ t_check_auth_str_exp(_Config) -> Result1 = emqx_access_control:authenticate(Plain#{password => Jwt1}), ct:pal("Auth result: ~p~n", [Result1]), - ?assertMatch({error, _}, Result1). + ?assertMatch({error, _}, Result1), + + Exp2 = float_to_binary(os:system_time(seconds) + 3.5), + + Jwt2 = sign([{clientid, <<"client1">>}, + {username, <<"plain">>}, + {exp, Exp2}], <<"HS256">>, <<"emqxsecret">>), + ct:pal("Jwt: ~p~n", [Jwt2]), + + Result2 = emqx_access_control:authenticate(Plain#{password => Jwt2}), + ct:pal("Auth result: ~p~n", [Result2]), + ?assertMatch({ok, #{auth_result := success, jwt_claims := _}}, Result2). t_check_claims(init, _Config) -> application:set_env(emqx_auth_jwt, verify_claims, [{sub, <<"value">>}]). From c999b43144d4ad381b4c05e933665689c4fbb4dd Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 1 Sep 2022 15:48:14 +0800 Subject: [PATCH 06/10] chore: bump emqx_auth_jwt version && update appup --- apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src | 2 +- apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src b/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src index 72e6e749b..44882dc1b 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src @@ -1,6 +1,6 @@ {application, emqx_auth_jwt, [{description, "EMQ X Authentication with JWT"}, - {vsn, "4.3.5"}, % strict semver, bump manually! + {vsn, "4.3.6"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_auth_jwt_sup]}, {applications, [kernel,stdlib,jose]}, diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src index 2364f901e..d3dbad3ad 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src @@ -1,11 +1,17 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.4",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, + [{"4.3.5",[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]} + ]}, + {"4.3.4",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, {"4.3.3",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[0-2]">>,[{restart_application,emqx_auth_jwt}]}, {<<".*">>,[]}], - [{"4.3.4",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, + [{"4.3.5",[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]} + ]}, + {"4.3.4",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, {"4.3.3",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[0-2]">>,[{restart_application,emqx_auth_jwt}]}, {<<".*">>,[]}]}. From ddc25fc5c297c066352b10a5646c5fd04199c8d5 Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 1 Sep 2022 16:27:15 +0800 Subject: [PATCH 07/10] fix(jwt): simplify binary_to_number function --- apps/emqx_auth_jwt/src/emqx_auth_jwt.erl | 26 +++++++++--------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl index 1f304a65e..1dee41677 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl @@ -90,22 +90,16 @@ is_expired(Exp) -> description() -> "Authentication with JWT". binary_to_number(Bin) -> - Checker = fun([], _) -> - false; - ([H | T], Self) -> - try - {ok, H(Bin)} - catch _:_ -> - Self(T, Self) - end - end, - - Checker([fun erlang:binary_to_integer/1, - fun(In) -> - Val = erlang:binary_to_float(In), - erlang:round(Val) - end], - Checker). + try + {ok, erlang:binary_to_integer(Bin)} + catch _:_ -> + try + Val = erlang:binary_to_float(Bin), + {ok, erlang:round(Val)} + catch _:_ -> + false + end + end. %%------------------------------------------------------------------------------ %% Verify Claims From a6cf74ea6f098b4862db02a8a3b106c7decc0161 Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 1 Sep 2022 16:52:41 +0800 Subject: [PATCH 08/10] chore: fix emqx_auth_jwt appup --- .../emqx_auth_jwt/src/emqx_auth_jwt.appup.src | 28 ++++++++++++------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src index d3dbad3ad..5868efc9e 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src @@ -1,17 +1,25 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.5",[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, - {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]} - ]}, - {"4.3.4",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, - {"4.3.3",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, + [{"4.3.5", + [{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, + {"4.3.4", + [{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, + {"4.3.3", + [{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[0-2]">>,[{restart_application,emqx_auth_jwt}]}, {<<".*">>,[]}], - [{"4.3.5",[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, - {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]} - ]}, - {"4.3.4",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, - {"4.3.3",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, + [{"4.3.5", + [{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, + {"4.3.4", + [{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, + {"4.3.3", + [{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[0-2]">>,[{restart_application,emqx_auth_jwt}]}, {<<".*">>,[]}]}. From 884ec15567c1fbbda104053aeb6ab1171c160d59 Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 1 Sep 2022 17:05:39 +0800 Subject: [PATCH 09/10] fix(jwt): make binary_to_number function support list type --- apps/emqx_auth_jwt/src/emqx_auth_jwt.erl | 32 ++++++++++++-------- apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl | 8 ++--- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl index 1dee41677..acf367c56 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl @@ -26,7 +26,7 @@ , description/0 ]). --export([binary_to_number/1]). +-export([string_to_number/1]). %%-------------------------------------------------------------------- %% Authentication callbacks @@ -73,7 +73,7 @@ check_acl(ClientInfo = #{jwt_claims := Claims}, end. is_expired(Exp) when is_binary(Exp) -> - case binary_to_number(Exp) of + case string_to_number(Exp) of {ok, Val} -> is_expired(Val); _ -> @@ -89,17 +89,12 @@ is_expired(Exp) -> description() -> "Authentication with JWT". -binary_to_number(Bin) -> - try - {ok, erlang:binary_to_integer(Bin)} - catch _:_ -> - try - Val = erlang:binary_to_float(Bin), - {ok, erlang:round(Val)} - catch _:_ -> - false - end - end. +string_to_number(Bin) when is_binary(Bin) -> + string_to_number(Bin, fun erlang:binary_to_integer/1, fun erlang:binary_to_float/1); +string_to_number(Str) when is_list(Str) -> + string_to_number(Str, fun erlang:list_to_integer/1, fun erlang:list_to_float/1); +string_to_number(_) -> + false. %%------------------------------------------------------------------------------ %% Verify Claims @@ -145,3 +140,14 @@ match_topic(ClientInfo, AclTopic, Topic) -> TopicWords = emqx_topic:words(Topic), AclTopicRendered = emqx_access_rule:feed_var(ClientInfo, AclTopicWords), emqx_topic:match(TopicWords, AclTopicRendered). + +string_to_number(Str, IntFun, FloatFun) -> + try + {ok, IntFun(Str)} + catch _:_ -> + try + {ok, FloatFun(Str)} + catch _:_ -> + false + end + end. diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl index a9b35dbec..0f09be22e 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt_svr.erl @@ -215,13 +215,13 @@ with_int_value(Fun) -> case Value of Int when is_integer(Int) -> Fun(Int); Bin when is_binary(Bin) -> - case emqx_auth_jwt:binary_to_number(Bin) of - {ok, Int} -> Fun(Int); + case emqx_auth_jwt:string_to_number(Bin) of + {ok, Num} -> Fun(Num); _ -> false end; Str when is_list(Str) -> - case emqx_auth_jwt:binary_to_number(Str) of - {ok, Int} -> Fun(Int); + case emqx_auth_jwt:string_to_number(Str) of + {ok, Num} -> Fun(Num); _ -> false end end From 9c77dbf1686ea3667248d2a6ca2ffc3d03542090 Mon Sep 17 00:00:00 2001 From: Thales Macedo Garitezi Date: Thu, 1 Sep 2022 15:53:16 -0300 Subject: [PATCH 10/10] chore: bump vsns and appups --- apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src | 2 +- .../emqx_auth_jwt/src/emqx_auth_jwt.appup.src | 24 ++++++++++++++----- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src b/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src index 2d6524000..b2b56e273 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src @@ -1,6 +1,6 @@ {application, emqx_auth_jwt, [{description, "EMQ X Authentication with JWT"}, - {vsn, "4.4.4"}, % strict semver, bump manually! + {vsn, "4.4.5"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_auth_jwt_sup]}, {applications, [kernel,stdlib,jose]}, diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src index b89b715f2..206c2af1a 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src @@ -1,13 +1,25 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.4.3",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, - {"4.4.2",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}, - {load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]}, + [{"4.4.4", + [{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]}, + {"4.4.3", + [{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, + {"4.4.2", + [{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]}, {<<"4\\.4\\.[0-1]">>,[{restart_application,emqx_auth_jwt}]}, {<<".*">>,[]}], - [{"4.4.3",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, - {"4.4.2",[{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}, - {load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]}, + [{"4.4.4", + [{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]}, + {"4.4.3", + [{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, + {"4.4.2", + [{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}, + {load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]}, {<<"4\\.4\\.[0-1]">>,[{restart_application,emqx_auth_jwt}]}, {<<".*">>,[]}]}.