yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(gw): refactor authentication to authenticator

This commit is contained in:
JianBo He 2021-08-20 16:05:07 +08:00 committed by turtleDeng
parent 6de250741e
commit eb8ec65162
6 changed files with 57 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
apps/emqx_gateway/etc/emqx_gateway.conf
View File

@ -17,16 +17,12 @@ gateway.stomp {
password = "${Packet.headers.passcode}" password = "${Packet.headers.passcode}"
} }
authentication { authenticator {
enable = true #enable = true
authenticators = [ name = "authenticator1"
{ mechanism = password-based
name = "authenticator1" server_type = built-in-database
mechanism = password-based user_id_type = clientid
server_type = built-in-database
user_id_type = clientid
}
]
} }
listener.tcp.1 { listener.tcp.1 {
@ -42,17 +38,11 @@ gateway.coap {
enable_stats = false enable_stats = false
#authentication.enable: false authenticator {
authentication { name = "authenticator1"
enable = true mechanism = password-based
authenticators = [ server_type = built-in-database
{ user_id_type = clientid
name = "authenticator1"
mechanism = password-based
server_type = built-in-database
user_id_type = clientid
}
]
} }
heartbeat = 30s heartbeat = 30s
@ -123,8 +113,6 @@ gateway.exproto {
#ssl.cacertfile: #ssl.cacertfile:
} }
authentication.enable = false
listener.tcp.1 { listener.tcp.1 {
bind = 7993 bind = 7993
acceptors = 8 acceptors = 8

2
apps/emqx_gateway/src/emqx_gateway.app.src
View File

@ -3,7 +3,7 @@
{vsn, "0.1.0"}, {vsn, "0.1.0"},
{registered, []}, {registered, []},
{mod, {emqx_gateway_app, []}}, {mod, {emqx_gateway_app, []}},
{applications, [kernel, stdlib, grpc, lwm2m_coap, emqx, emqx_authn]}, {applications, [kernel, stdlib, grpc, lwm2m_coap, emqx]},
{env, []}, {env, []},
{modules, []}, {modules, []},
{licenses, ["Apache 2.0"]}, {licenses, ["Apache 2.0"]},

2
apps/emqx_gateway/src/emqx_gateway.erl
View File

@ -23,7 +23,7 @@
, load/2 , load/2
, unload/1 , unload/1
, lookup/1 , lookup/1
, update/1 , update/2
, start/1 , start/1
, stop/1 , stop/1
, list/0 , list/0

6
apps/emqx_gateway/src/emqx_gateway_api.erl
View File

@ -72,7 +72,7 @@ api_spec() ->
{apis(), schemas()}. {apis(), schemas()}.
apis() -> apis() ->
[ {"/gateway", metadata(gateway), gateway} [ {"/gateway", metadata(gateway), gateway}
, {"/gateway/:name", metadata(gateway_insta), gateway_insta} , {"/gateway/:name", metadata(gateway_insta), gateway_insta}
, {"/gateway/:name/stats", metadata(gateway_insta_stats), gateway_insta_stats} , {"/gateway/:name/stats", metadata(gateway_insta_stats), gateway_insta_stats}
]. ].
@ -100,7 +100,7 @@ metadata(gateway) ->
} }
} }
} }
} }
} }
} }
}}; }};
@ -203,7 +203,7 @@ metadata(gateway_insta_stats) ->
} }
} }
} }
} }
} }
} }
}}. }}.

36
apps/emqx_gateway/src/emqx_gateway_insta_sup.erl
View File

@ -105,10 +105,15 @@ init([Gateway, Ctx0, _GwDscrptr]) ->
end. end.
do_init_context(GwName, RawConf, Ctx) -> do_init_context(GwName, RawConf, Ctx) ->
Auth = case maps:get(authentication, RawConf, #{enable => false}) of Auth = case maps:get(authenticators, RawConf, #{enable => false}) of
#{enable := true, #{enable := false} -> undefined;
authenticators := AuthCfgs} when is_list(AuthCfgs) -> AuthCfg when is_map(AuthCfg) ->
create_authenticators_for_gateway_insta(GwName, AuthCfgs); case maps:get(enable, AuthCfg, true) of
false ->
undefined;
_ ->
create_authenticator_for_gateway_insta(GwName, AuthCfg)
end;
_ -> _ ->
undefined undefined
end, end,
@ -220,25 +225,16 @@ code_change(_OldVsn, State, _Extra) ->
%% Internal funcs %% Internal funcs
%%-------------------------------------------------------------------- %%--------------------------------------------------------------------
%% @doc AuthCfgs is a array of authenticatior configurations, create_authenticator_for_gateway_insta(GwName, AuthCfg) ->
%% see: emqx_authn_schema:authenticators/1
create_authenticators_for_gateway_insta(GwName, AuthCfgs) ->
ChainId = atom_to_binary(GwName, utf8), ChainId = atom_to_binary(GwName, utf8),
case emqx_authn:create_chain(#{id => ChainId}) of case emqx_authn:create_chain(#{id => ChainId}) of
{ok, _ChainInfo} -> {ok, _ChainInfo} ->
Results = lists:map(fun(AuthCfg = #{name := Name}) -> case emqx_authn:create_authenticator(ChainId, AuthCfg) of
case emqx_authn:create_authenticator( {ok, _} -> ChainId;
ChainId, {error, Reason} ->
AuthCfg) of logger:error("Failed to create authenticator ~p", [Reason]),
{ok, _AuthInfo} -> ok; throw({bad_autheticator, Reason})
{error, Reason} -> {Name, Reason} end;
end
end, AuthCfgs),
NResults = [ E || E <- Results, E /= ok],
NResults /= [] andalso begin
logger:error("Failed to create authenticators: ~p", [NResults]),
throw({bad_autheticators, NResults})
end, ChainId;
{error, Reason} -> {error, Reason} ->
logger:error("Failed to create authentication chain: ~p", [Reason]), logger:error("Failed to create authentication chain: ~p", [Reason]),
throw({bad_chain, {ChainId, Reason}}) throw({bad_chain, {ChainId, Reason}})

35
apps/emqx_gateway/src/emqx_gateway_schema.erl
View File

@ -42,7 +42,7 @@ fields("gateway") ->
fields(stomp_structs) -> fields(stomp_structs) ->
[ {frame, t(ref(stomp_frame))} [ {frame, t(ref(stomp_frame))}
, {clientinfo_override, t(ref(clientinfo_override))} , {clientinfo_override, t(ref(clientinfo_override))}
, {authentication, t(ref(authentication))} , {authenticator, t(authenticator(), undefined, undefined)}
, {listener, t(ref(tcp_listener_group))} , {listener, t(ref(tcp_listener_group))}
]; ];
@ -60,7 +60,7 @@ fields(mqttsn_structs) ->
, {idle_timeout, t(duration())} , {idle_timeout, t(duration())}
, {predefined, hoconsc:array(ref(mqttsn_predefined))} , {predefined, hoconsc:array(ref(mqttsn_predefined))}
, {clientinfo_override, t(ref(clientinfo_override))} , {clientinfo_override, t(ref(clientinfo_override))}
, {authentication, t(ref(authentication))} , {authenticator, t(authenticator(), undefined, undefined)}
, {listener, t(ref(udp_listener_group))} , {listener, t(ref(udp_listener_group))}
]; ];
@ -79,14 +79,14 @@ fields(lwm2m_structs) ->
, {mountpoint, t(string())} , {mountpoint, t(string())}
, {update_msg_publish_condition, t(union([always, contains_object_list]))} , {update_msg_publish_condition, t(union([always, contains_object_list]))}
, {translators, t(ref(translators))} , {translators, t(ref(translators))}
, {authentication, t(ref(authentication))} , {authenticator, t(authenticator(), undefined, undefined)}
, {listener, t(ref(udp_listener_group))} , {listener, t(ref(udp_listener_group))}
]; ];
fields(exproto_structs) -> fields(exproto_structs) ->
[ {server, t(ref(exproto_grpc_server))} [ {server, t(ref(exproto_grpc_server))}
, {handler, t(ref(exproto_grpc_handler))} , {handler, t(ref(exproto_grpc_handler))}
, {authentication, t(ref(authentication))} , {authenticator, t(authenticator(), undefined, undefined)}
, {listener, t(ref(udp_tcp_listener_group))} , {listener, t(ref(udp_tcp_listener_group))}
]; ];
@ -100,11 +100,6 @@ fields(exproto_grpc_handler) ->
%% TODO: ssl %% TODO: ssl
]; ];
fields(authentication) ->
[ {enable, #{type => boolean(), default => false}}
, {authenticators, fun emqx_authn_schema:authenticators/1}
];
fields(clientinfo_override) -> fields(clientinfo_override) ->
[ {username, t(string())} [ {username, t(string())}
, {password, t(string())} , {password, t(string())}
@ -207,7 +202,7 @@ fields(coap_structs) ->
, {notify_type, t(union([non, con, qos]), undefined, qos)} , {notify_type, t(union([non, con, qos]), undefined, qos)}
, {subscribe_qos, t(union([qos0, qos1, qos2, coap]), undefined, coap)} , {subscribe_qos, t(union([qos0, qos1, qos2, coap]), undefined, coap)}
, {publish_qos, t(union([qos0, qos1, qos2, coap]), undefined, coap)} , {publish_qos, t(union([qos0, qos1, qos2, coap]), undefined, coap)}
, {authentication, t(ref(authentication))} , {authenticator, t(authenticator(), undefined, undefined)}
, {listener, t(ref(udp_listener_group))} , {listener, t(ref(udp_listener_group))}
]; ];
@ -215,6 +210,26 @@ fields(ExtraField) ->
Mod = list_to_atom(ExtraField++"_schema"), Mod = list_to_atom(ExtraField++"_schema"),
Mod:fields(ExtraField). Mod:fields(ExtraField).
authenticator() ->
hoconsc:union(
[ undefined
, hoconsc:ref(emqx_authn_mnesia, config)
, hoconsc:ref(emqx_authn_mysql, config)
, hoconsc:ref(emqx_authn_pgsql, config)
, hoconsc:ref(emqx_authn_mongodb, standalone)
, hoconsc:ref(emqx_authn_mongodb, 'replica-set')
, hoconsc:ref(emqx_authn_mongodb, 'sharded-cluster')
, hoconsc:ref(emqx_authn_redis, standalone)
, hoconsc:ref(emqx_authn_redis, cluster)
, hoconsc:ref(emqx_authn_redis, sentinel)
, hoconsc:ref(emqx_authn_http, get)
, hoconsc:ref(emqx_authn_http, post)
, hoconsc:ref(emqx_authn_jwt, 'hmac-based')
, hoconsc:ref(emqx_authn_jwt, 'public-key')
, hoconsc:ref(emqx_authn_jwt, 'jwks')
, hoconsc:ref(emqx_enhanced_authn_scram_mnesia, config)
]).
%translations() -> []. %translations() -> [].
% %
%translations(_) -> []. %translations(_) -> [].