diff --git a/apps/emqx/include/http_api.hrl b/apps/emqx/include/http_api.hrl index ba1438374..0f6372584 100644 --- a/apps/emqx/include/http_api.hrl +++ b/apps/emqx/include/http_api.hrl @@ -17,6 +17,7 @@ %% HTTP API Auth -define(BAD_USERNAME_OR_PWD, 'BAD_USERNAME_OR_PWD'). -define(BAD_API_KEY_OR_SECRET, 'BAD_API_KEY_OR_SECRET'). +-define(API_KEY_NOT_ALLOW_MSG, <<"This API Key don't have permission to access this resource">>). %% Bad Request -define(BAD_REQUEST, 'BAD_REQUEST'). diff --git a/apps/emqx_dashboard/src/emqx_dashboard.erl b/apps/emqx_dashboard/src/emqx_dashboard.erl index 6d6d3d596..cf4330e34 100644 --- a/apps/emqx_dashboard/src/emqx_dashboard.erl +++ b/apps/emqx_dashboard/src/emqx_dashboard.erl @@ -260,8 +260,7 @@ api_key_authorize(Req, Key, Secret) -> <<"Not allowed, Check api_key/api_secret">> ); {error, unauthorized_role} -> - {403, 'UNAUTHORIZED_ROLE', - <<"This API Key don't have permission to access this resource">>}; + {403, 'UNAUTHORIZED_ROLE', ?API_KEY_NOT_ALLOW_MSG}; {error, _} -> return_unauthorized( ?BAD_API_KEY_OR_SECRET, diff --git a/apps/emqx_dashboard/src/emqx_dashboard_audit.erl b/apps/emqx_dashboard/src/emqx_dashboard_audit.erl index 78608ee9b..c2ef1a99f 100644 --- a/apps/emqx_dashboard/src/emqx_dashboard_audit.erl +++ b/apps/emqx_dashboard/src/emqx_dashboard_audit.erl @@ -17,6 +17,7 @@ -module(emqx_dashboard_audit). -include_lib("emqx/include/logger.hrl"). +-include_lib("emqx/include/http_api.hrl"). %% API -export([log/2]). @@ -65,19 +66,20 @@ log_meta(Meta, Req) -> duration_ms(#{req_start := ReqStart, req_end := ReqEnd}) -> erlang:convert_time_unit(ReqEnd - ReqStart, native, millisecond). -from(Meta) -> - case maps:find(auth_type, Meta) of - {ok, jwt_token} -> - dashboard; - {ok, api_key} -> - rest_api; - error -> - case maps:find(operation_id, Meta) of - %% login api create jwt_token, so we don have authorization in it's headers - {ok, <<"/login">>} -> dashboard; - _ -> unknown - end +from(#{auth_type := jwt_token}) -> + dashboard; +from(#{auth_type := api_key}) -> + rest_api; +from(#{operation_id := <<"/login">>}) -> + dashboard; +from(#{code := Code} = Meta) when Code =:= 401 orelse Code =:= 403 -> + case maps:find(failure, Meta) of + {ok, #{code := 'BAD_API_KEY_OR_SECRET'}} -> rest_api; + {ok, #{code := 'UNAUTHORIZED_ROLE', message := ?API_KEY_NOT_ALLOW_MSG}} -> rest_api; + %% 'TOKEN_TIME_OUT' 'BAD_TOKEN' is dashboard code. + _ -> dashboard end. + source(#{source := Source}) -> Source; source(#{operation_id := <<"/login">>, body := #{<<"username">> := Username}}) -> Username; source(_Meta) -> <<"">>. diff --git a/rel/i18n/emqx_audit_api.hocon b/rel/i18n/emqx_audit_api.hocon index 89c335f12..37080838b 100644 --- a/rel/i18n/emqx_audit_api.hocon +++ b/rel/i18n/emqx_audit_api.hocon @@ -17,7 +17,7 @@ filter_from.desc: `rest_api`: API KEY request logs. `cli`: The emqx command line logs. `erlang_console`: The emqx remote_console run function logs. -`event`: Logs related to events such as emqx_start, emqx_stop, audit_enabled, and audit_disabled.""" +`event`: Logs related to events such as emqx_start, emqx_gracefully_stop, audit_enabled, and audit_disabled.""" filter_source.desc: """"Filter logs based on source, Possible values are: diff --git a/rel/i18n/emqx_conf_schema.hocon b/rel/i18n/emqx_conf_schema.hocon index b68c44fcb..ff2c3109a 100644 --- a/rel/i18n/emqx_conf_schema.hocon +++ b/rel/i18n/emqx_conf_schema.hocon @@ -726,7 +726,7 @@ audit_handler_level.label: """Log Level""" audit_log_max_filter_limit.desc: -"""Maximum size of the filter.""" +"""Store the latest N log entries in a database for allow `/audit` HTTP API to filter and retrieval of log data.""" audit_log_max_filter_limit.label: """Max Filter Limit"""