refactor(gw): refactor authentication to authenticator

2021-08-20 16:05:07 +08:00 · 2021-08-20 16:05:07 +08:00 · eb8ec65162
parent 6de250741e
commit eb8ec65162
6 changed files with 57 additions and 58 deletions
--- a/apps/emqx_gateway/etc/emqx_gateway.conf
+++ b/apps/emqx_gateway/etc/emqx_gateway.conf
@ -17,17 +17,13 @@ gateway.stomp {
    password = "${Packet.headers.passcode}"
  }

-  authentication {
-    enable = true
-    authenticators = [
-      {
+  authenticator {
+    #enable = true
    name = "authenticator1"
    mechanism = password-based
    server_type = built-in-database
    user_id_type = clientid
  }
-    ]
-  }

  listener.tcp.1 {
    bind = 61613
@ -42,18 +38,12 @@ gateway.coap {

  enable_stats = false

-  #authentication.enable: false
-  authentication {
-    enable = true
-    authenticators = [
-      {
+  authenticator {
    name = "authenticator1"
    mechanism = password-based
    server_type = built-in-database
    user_id_type = clientid
  }
-    ]
-  }

  heartbeat = 30s
  notify_type = qos
@ -123,8 +113,6 @@ gateway.exproto {
    #ssl.cacertfile:
  }

-  authentication.enable = false
-
  listener.tcp.1 {
    bind = 7993
    acceptors = 8
--- a/apps/emqx_gateway/src/emqx_gateway.app.src
+++ b/apps/emqx_gateway/src/emqx_gateway.app.src
@ -3,7 +3,7 @@
  {vsn, "0.1.0"},
  {registered, []},
  {mod, {emqx_gateway_app, []}},
-  {applications, [kernel, stdlib, grpc, lwm2m_coap, emqx, emqx_authn]},
+  {applications, [kernel, stdlib, grpc, lwm2m_coap, emqx]},
  {env, []},
  {modules, []},
  {licenses, ["Apache 2.0"]},
--- a/apps/emqx_gateway/src/emqx_gateway.erl
+++ b/apps/emqx_gateway/src/emqx_gateway.erl
@ -23,7 +23,7 @@
        , load/2
        , unload/1
        , lookup/1
-        , update/1
+        , update/2
        , start/1
        , stop/1
        , list/0
--- a/apps/emqx_gateway/src/emqx_gateway_insta_sup.erl
+++ b/apps/emqx_gateway/src/emqx_gateway_insta_sup.erl
@ -105,10 +105,15 @@ init([Gateway, Ctx0, _GwDscrptr]) ->
    end.

 do_init_context(GwName, RawConf, Ctx) ->
-    Auth = case maps:get(authentication, RawConf, #{enable => false}) of
-               #{enable := true,
-                 authenticators := AuthCfgs} when is_list(AuthCfgs) ->
-                   create_authenticators_for_gateway_insta(GwName, AuthCfgs);
+    Auth = case maps:get(authenticators, RawConf, #{enable => false}) of
+               #{enable := false} -> undefined;
+               AuthCfg when is_map(AuthCfg) ->
+                   case maps:get(enable, AuthCfg, true) of
+                       false ->
+                           undefined;
+                       _ ->
+                           create_authenticator_for_gateway_insta(GwName, AuthCfg)
+                   end;
               _ ->
                   undefined
           end,
@ -220,25 +225,16 @@ code_change(_OldVsn, State, _Extra) ->
 %% Internal funcs
 %%--------------------------------------------------------------------

-%% @doc AuthCfgs is a array of authenticatior configurations,
-%% see: emqx_authn_schema:authenticators/1
-create_authenticators_for_gateway_insta(GwName, AuthCfgs) ->
+create_authenticator_for_gateway_insta(GwName, AuthCfg) ->
    ChainId = atom_to_binary(GwName, utf8),
    case emqx_authn:create_chain(#{id => ChainId}) of
        {ok, _ChainInfo} ->
-            Results = lists:map(fun(AuthCfg = #{name := Name}) ->
-                         case emqx_authn:create_authenticator(
-                                ChainId,
-                                AuthCfg) of
-                             {ok, _AuthInfo} -> ok;
-                             {error, Reason} -> {Name, Reason}
-                         end
-                      end, AuthCfgs),
-            NResults = [ E || E <- Results, E /= ok],
-            NResults /= [] andalso begin
-                logger:error("Failed to create authenticators: ~p", [NResults]),
-                throw({bad_autheticators, NResults})
-            end, ChainId;
+            case emqx_authn:create_authenticator(ChainId, AuthCfg) of
+                {ok, _} -> ChainId;
+                {error, Reason} ->
+                    logger:error("Failed to create authenticator ~p", [Reason]),
+                    throw({bad_autheticator, Reason})
+            end;
        {error, Reason} ->
            logger:error("Failed to create authentication chain: ~p", [Reason]),
            throw({bad_chain, {ChainId, Reason}})
--- a/apps/emqx_gateway/src/emqx_gateway_schema.erl
+++ b/apps/emqx_gateway/src/emqx_gateway_schema.erl
@ -42,7 +42,7 @@ fields("gateway") ->
 fields(stomp_structs) ->
    [ {frame, t(ref(stomp_frame))}
    , {clientinfo_override, t(ref(clientinfo_override))}
-    , {authentication,  t(ref(authentication))}
+    , {authenticator,  t(authenticator(), undefined, undefined)}
    , {listener, t(ref(tcp_listener_group))}
    ];

@ -60,7 +60,7 @@ fields(mqttsn_structs) ->
    , {idle_timeout, t(duration())}
    , {predefined, hoconsc:array(ref(mqttsn_predefined))}
    , {clientinfo_override, t(ref(clientinfo_override))}
-    , {authentication,  t(ref(authentication))}
+    , {authenticator,  t(authenticator(), undefined, undefined)}
    , {listener, t(ref(udp_listener_group))}
    ];

@ -79,14 +79,14 @@ fields(lwm2m_structs) ->
    , {mountpoint, t(string())}
    , {update_msg_publish_condition, t(union([always, contains_object_list]))}
    , {translators, t(ref(translators))}
-    , {authentication,  t(ref(authentication))}
+    , {authenticator,  t(authenticator(), undefined, undefined)}
    , {listener, t(ref(udp_listener_group))}
    ];

 fields(exproto_structs) ->
    [ {server, t(ref(exproto_grpc_server))}
    , {handler, t(ref(exproto_grpc_handler))}
-    , {authentication,  t(ref(authentication))}
+    , {authenticator,  t(authenticator(), undefined, undefined)}
    , {listener, t(ref(udp_tcp_listener_group))}
    ];

@ -100,11 +100,6 @@ fields(exproto_grpc_handler) ->
      %% TODO: ssl
    ];

-fields(authentication) ->
-    [ {enable, #{type => boolean(), default => false}}
-    , {authenticators, fun emqx_authn_schema:authenticators/1}
-    ];
-
 fields(clientinfo_override) ->
    [ {username, t(string())}
    , {password, t(string())}
@ -207,7 +202,7 @@ fields(coap_structs) ->
    , {notify_type, t(union([non, con, qos]), undefined, qos)}
    , {subscribe_qos, t(union([qos0, qos1, qos2, coap]), undefined, coap)}
    , {publish_qos, t(union([qos0, qos1, qos2, coap]), undefined, coap)}
-    , {authentication,  t(ref(authentication))}
+    , {authenticator,  t(authenticator(), undefined, undefined)}
    , {listener, t(ref(udp_listener_group))}
    ];

@ -215,6 +210,26 @@ fields(ExtraField) ->
    Mod = list_to_atom(ExtraField++"_schema"),
    Mod:fields(ExtraField).

+authenticator() ->
+    hoconsc:union(
+      [ undefined
+      , hoconsc:ref(emqx_authn_mnesia, config)
+      , hoconsc:ref(emqx_authn_mysql, config)
+      , hoconsc:ref(emqx_authn_pgsql, config)
+      , hoconsc:ref(emqx_authn_mongodb, standalone)
+      , hoconsc:ref(emqx_authn_mongodb, 'replica-set')
+      , hoconsc:ref(emqx_authn_mongodb, 'sharded-cluster')
+      , hoconsc:ref(emqx_authn_redis, standalone)
+      , hoconsc:ref(emqx_authn_redis, cluster)
+      , hoconsc:ref(emqx_authn_redis, sentinel)
+      , hoconsc:ref(emqx_authn_http, get)
+      , hoconsc:ref(emqx_authn_http, post)
+      , hoconsc:ref(emqx_authn_jwt, 'hmac-based')
+      , hoconsc:ref(emqx_authn_jwt, 'public-key')
+      , hoconsc:ref(emqx_authn_jwt, 'jwks')
+      , hoconsc:ref(emqx_enhanced_authn_scram_mnesia, config)
+      ]).
+
 %translations() -> [].
 %
 %translations(_) -> [].