yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: use minirest filter

This commit is contained in:
Stefan Strigler 2023-10-24 09:57:08 +02:00
parent 4e0e755b28
commit ea9228108b
2 changed files with 154 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
apps/emqx_auth_mnesia/src/emqx_authz_api_mnesia.erl
View File

@ -18,6 +18,7 @@
-behaviour(minirest_api). -behaviour(minirest_api).
-include("emqx_auth_mnesia.hrl").
-include_lib("emqx_auth/include/emqx_authz.hrl"). -include_lib("emqx_auth/include/emqx_authz.hrl").
-include_lib("emqx/include/logger.hrl"). -include_lib("emqx/include/logger.hrl").
-include_lib("hocon/include/hoconsc.hrl"). -include_lib("hocon/include/hoconsc.hrl").
@ -55,6 +56,9 @@
format_result/1 format_result/1
]). ]).
%% minirest filter callback
-export([is_configured_authz_source/2]).
-define(BAD_REQUEST, 'BAD_REQUEST'). -define(BAD_REQUEST, 'BAD_REQUEST').
-define(NOT_FOUND, 'NOT_FOUND'). -define(NOT_FOUND, 'NOT_FOUND').
-define(ALREADY_EXISTS, 'ALREADY_EXISTS'). -define(ALREADY_EXISTS, 'ALREADY_EXISTS').
@ -85,6 +89,7 @@ paths() ->
schema("/authorization/sources/built_in_database/rules/users") -> schema("/authorization/sources/built_in_database/rules/users") ->
#{ #{
'operationId' => users, 'operationId' => users,
filter => fun ?MODULE:is_configured_authz_source/2,
get => get =>
#{ #{
tags => [<<"authorization">>], tags => [<<"authorization">>],
@ -131,6 +136,7 @@ schema("/authorization/sources/built_in_database/rules/users") ->
schema("/authorization/sources/built_in_database/rules/clients") -> schema("/authorization/sources/built_in_database/rules/clients") ->
#{ #{
'operationId' => clients, 'operationId' => clients,
filter => fun ?MODULE:is_configured_authz_source/2,
get => get =>
#{ #{
tags => [<<"authorization">>], tags => [<<"authorization">>],
@ -177,6 +183,7 @@ schema("/authorization/sources/built_in_database/rules/clients") ->
schema("/authorization/sources/built_in_database/rules/users/:username") -> schema("/authorization/sources/built_in_database/rules/users/:username") ->
#{ #{
'operationId' => user, 'operationId' => user,
filter => fun ?MODULE:is_configured_authz_source/2,
get => get =>
#{ #{
tags => [<<"authorization">>], tags => [<<"authorization">>],
@ -230,6 +237,7 @@ schema("/authorization/sources/built_in_database/rules/users/:username") ->
schema("/authorization/sources/built_in_database/rules/clients/:clientid") -> schema("/authorization/sources/built_in_database/rules/clients/:clientid") ->
#{ #{
'operationId' => client, 'operationId' => client,
filter => fun ?MODULE:is_configured_authz_source/2,
get => get =>
#{ #{
tags => [<<"authorization">>], tags => [<<"authorization">>],
@ -283,6 +291,7 @@ schema("/authorization/sources/built_in_database/rules/clients/:clientid") ->
schema("/authorization/sources/built_in_database/rules/all") -> schema("/authorization/sources/built_in_database/rules/all") ->
#{ #{
'operationId' => all, 'operationId' => all,
filter => fun ?MODULE:is_configured_authz_source/2,
get => get =>
#{ #{
tags => [<<"authorization">>], tags => [<<"authorization">>],
@ -317,6 +326,7 @@ schema("/authorization/sources/built_in_database/rules/all") ->
schema("/authorization/sources/built_in_database/rules") -> schema("/authorization/sources/built_in_database/rules") ->
#{ #{
'operationId' => rules, 'operationId' => rules,
filter => fun ?MODULE:is_configured_authz_source/2,
delete => delete =>
#{ #{
tags => [<<"authorization">>], tags => [<<"authorization">>],
@ -426,17 +436,15 @@ fields(rules) ->
%% HTTP API %% HTTP API
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
-define(IF_CONFIGURED_AUTHZ_SOURCE(EXPR), is_configured_authz_source(Params, _Meta) ->
emqx_authz_api_sources:with_source( emqx_authz_api_sources:with_source(
<<"built_in_database">>, ?AUTHZ_TYPE_BIN,
fun(_Source) -> fun(_Source) ->
EXPR {ok, Params}
end end
)
). ).
users(get, #{query_string := QueryString}) -> users(get, #{query_string := QueryString}) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
case case
emqx_mgmt_api:node_query( emqx_mgmt_api:node_query(
node(), node(),
@ -456,10 +464,8 @@ users(get, #{query_string := QueryString}) ->
{500, #{code => <<"NODE_DOWN">>, message => Message}}; {500, #{code => <<"NODE_DOWN">>, message => Message}};
Result -> Result ->
{200, Result} {200, Result}
end end;
);
users(post, #{body := Body}) when is_list(Body) -> users(post, #{body := Body}) when is_list(Body) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
case ensure_all_not_exists(<<"username">>, username, Body) of case ensure_all_not_exists(<<"username">>, username, Body) of
[] -> [] ->
lists:foreach( lists:foreach(
@ -474,11 +480,9 @@ users(post, #{body := Body}) when is_list(Body) ->
code => <<"ALREADY_EXISTS">>, code => <<"ALREADY_EXISTS">>,
message => binfmt("Users '~ts' already exist", [binjoin(Exists)]) message => binfmt("Users '~ts' already exist", [binjoin(Exists)])
}} }}
end end.
).
clients(get, #{query_string := QueryString}) -> clients(get, #{query_string := QueryString}) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
case case
emqx_mgmt_api:node_query( emqx_mgmt_api:node_query(
node(), node(),
@ -498,10 +502,8 @@ clients(get, #{query_string := QueryString}) ->
{500, #{code => <<"NODE_DOWN">>, message => Message}}; {500, #{code => <<"NODE_DOWN">>, message => Message}};
Result -> Result ->
{200, Result} {200, Result}
end end;
);
clients(post, #{body := Body}) when is_list(Body) -> clients(post, #{body := Body}) when is_list(Body) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
case ensure_all_not_exists(<<"clientid">>, clientid, Body) of case ensure_all_not_exists(<<"clientid">>, clientid, Body) of
[] -> [] ->
lists:foreach( lists:foreach(
@ -516,11 +518,9 @@ clients(post, #{body := Body}) when is_list(Body) ->
code => <<"ALREADY_EXISTS">>, code => <<"ALREADY_EXISTS">>,
message => binfmt("Clients '~ts' already exist", [binjoin(Exists)]) message => binfmt("Clients '~ts' already exist", [binjoin(Exists)])
}} }}
end end.
).
user(get, #{bindings := #{username := Username}}) -> user(get, #{bindings := #{username := Username}}) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
case emqx_authz_mnesia:get_rules({username, Username}) of case emqx_authz_mnesia:get_rules({username, Username}) of
not_found -> not_found ->
{404, #{code => <<"NOT_FOUND">>, message => <<"Not Found">>}}; {404, #{code => <<"NOT_FOUND">>, message => <<"Not Found">>}};
@ -529,31 +529,23 @@ user(get, #{bindings := #{username := Username}}) ->
username => Username, username => Username,
rules => format_rules(Rules) rules => format_rules(Rules)
}} }}
end end;
);
user(put, #{ user(put, #{
bindings := #{username := Username}, bindings := #{username := Username},
body := #{<<"username">> := Username, <<"rules">> := Rules} body := #{<<"username">> := Username, <<"rules">> := Rules}
}) -> }) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
begin
emqx_authz_mnesia:store_rules({username, Username}, Rules), emqx_authz_mnesia:store_rules({username, Username}, Rules),
{204} {204};
end
);
user(delete, #{bindings := #{username := Username}}) -> user(delete, #{bindings := #{username := Username}}) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
case emqx_authz_mnesia:get_rules({username, Username}) of case emqx_authz_mnesia:get_rules({username, Username}) of
not_found -> not_found ->
{404, #{code => <<"NOT_FOUND">>, message => <<"Username Not Found">>}}; {404, #{code => <<"NOT_FOUND">>, message => <<"Username Not Found">>}};
{ok, _Rules} -> {ok, _Rules} ->
emqx_authz_mnesia:delete_rules({username, Username}), emqx_authz_mnesia:delete_rules({username, Username}),
{204} {204}
end end.
).
client(get, #{bindings := #{clientid := ClientID}}) -> client(get, #{bindings := #{clientid := ClientID}}) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
case emqx_authz_mnesia:get_rules({clientid, ClientID}) of case emqx_authz_mnesia:get_rules({clientid, ClientID}) of
not_found -> not_found ->
{404, #{code => <<"NOT_FOUND">>, message => <<"Not Found">>}}; {404, #{code => <<"NOT_FOUND">>, message => <<"Not Found">>}};
@ -562,31 +554,23 @@ client(get, #{bindings := #{clientid := ClientID}}) ->
clientid => ClientID, clientid => ClientID,
rules => format_rules(Rules) rules => format_rules(Rules)
}} }}
end end;
);
client(put, #{ client(put, #{
bindings := #{clientid := ClientID}, bindings := #{clientid := ClientID},
body := #{<<"clientid">> := ClientID, <<"rules">> := Rules} body := #{<<"clientid">> := ClientID, <<"rules">> := Rules}
}) -> }) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
begin
emqx_authz_mnesia:store_rules({clientid, ClientID}, Rules), emqx_authz_mnesia:store_rules({clientid, ClientID}, Rules),
{204} {204};
end
);
client(delete, #{bindings := #{clientid := ClientID}}) -> client(delete, #{bindings := #{clientid := ClientID}}) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
case emqx_authz_mnesia:get_rules({clientid, ClientID}) of case emqx_authz_mnesia:get_rules({clientid, ClientID}) of
not_found -> not_found ->
{404, #{code => <<"NOT_FOUND">>, message => <<"ClientID Not Found">>}}; {404, #{code => <<"NOT_FOUND">>, message => <<"ClientID Not Found">>}};
{ok, _Rules} -> {ok, _Rules} ->
emqx_authz_mnesia:delete_rules({clientid, ClientID}), emqx_authz_mnesia:delete_rules({clientid, ClientID}),
{204} {204}
end end.
).
all(get, _) -> all(get, _) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
case emqx_authz_mnesia:get_rules(all) of case emqx_authz_mnesia:get_rules(all) of
not_found -> not_found ->
{200, #{rules => []}}; {200, #{rules => []}};
@ -594,25 +578,15 @@ all(get, _) ->
{200, #{ {200, #{
rules => format_rules(Rules) rules => format_rules(Rules)
}} }}
end end;
);
all(post, #{body := #{<<"rules">> := Rules}}) -> all(post, #{body := #{<<"rules">> := Rules}}) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
begin
emqx_authz_mnesia:store_rules(all, Rules), emqx_authz_mnesia:store_rules(all, Rules),
{204} {204};
end
);
all(delete, _) -> all(delete, _) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
begin
emqx_authz_mnesia:store_rules(all, []), emqx_authz_mnesia:store_rules(all, []),
{204} {204}.
end
).
rules(delete, _) -> rules(delete, _) ->
?IF_CONFIGURED_AUTHZ_SOURCE(
case emqx_authz_api_sources:get_raw_source(<<"built_in_database">>) of case emqx_authz_api_sources:get_raw_source(<<"built_in_database">>) of
[#{<<"enable">> := false}] -> [#{<<"enable">> := false}] ->
ok = emqx_authz_mnesia:purge_rules(), ok = emqx_authz_mnesia:purge_rules(),
@ -628,8 +602,7 @@ rules(delete, _) ->
code => <<"BAD_REQUEST">>, code => <<"BAD_REQUEST">>,
message => <<"'built_in_database' type source is not found.">> message => <<"'built_in_database' type source is not found.">>
}} }}
end end.
).
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% QueryString to MatchSpec %% QueryString to MatchSpec

8
apps/emqx_auth_mnesia/test/emqx_authz_api_mnesia_SUITE.erl
View File

@ -415,7 +415,9 @@ run_examples(Code, Examples) when is_number(Code) ->
run_examples( run_examples(
fun fun
({ok, ResCode, _}) when Code =:= ResCode -> true; ({ok, ResCode, _}) when Code =:= ResCode -> true;
(_) -> false (_Res) ->
ct:pal("check failed: ~p", [_Res]),
false
end, end,
Examples Examples
). ).
@ -455,7 +457,9 @@ make_examples(ApiMod, Replacements) ->
end, end,
{replace_parts(to_parts(Path), Replacements), Op, Body} {replace_parts(to_parts(Path), Replacements), Op, Body}
end, end,
lists:sort(fun op_sort/2, maps:to_list(maps:remove('operationId', Schema))) lists:sort(
fun op_sort/2, maps:to_list(maps:with([get, put, post, delete], Schema))
)
) )
end, end,
Paths Paths