fix: don't crash when 401 and 403 unauthorize

2023-10-20 15:22:30 +08:00 · 2023-10-20 15:22:30 +08:00 · ef692596f7
parent 6a8b2dc1f9
commit ef692596f7
5 changed files with 18 additions and 16 deletions
--- a/apps/emqx/include/http_api.hrl
+++ b/apps/emqx/include/http_api.hrl
@ -17,6 +17,7 @@
 %% HTTP API Auth
 -define(BAD_USERNAME_OR_PWD, 'BAD_USERNAME_OR_PWD').
 -define(BAD_API_KEY_OR_SECRET, 'BAD_API_KEY_OR_SECRET').
+-define(API_KEY_NOT_ALLOW_MSG, <<"This API Key don't have permission to access this resource">>).

 %% Bad Request
 -define(BAD_REQUEST, 'BAD_REQUEST').
--- a/apps/emqx_dashboard/src/emqx_dashboard.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard.erl
@ -260,8 +260,7 @@ api_key_authorize(Req, Key, Secret) ->
                <<"Not allowed, Check api_key/api_secret">>
            );
        {error, unauthorized_role} ->
-            {403, 'UNAUTHORIZED_ROLE',
-                <<"This API Key don't have permission to access this resource">>};
+            {403, 'UNAUTHORIZED_ROLE', ?API_KEY_NOT_ALLOW_MSG};
        {error, _} ->
            return_unauthorized(
                ?BAD_API_KEY_OR_SECRET,
--- a/apps/emqx_dashboard/src/emqx_dashboard_audit.erl
+++ b/apps/emqx_dashboard/src/emqx_dashboard_audit.erl
@ -17,6 +17,7 @@
 -module(emqx_dashboard_audit).

 -include_lib("emqx/include/logger.hrl").
+-include_lib("emqx/include/http_api.hrl").
 %% API
 -export([log/2]).

@ -65,19 +66,20 @@ log_meta(Meta, Req) ->
 duration_ms(#{req_start := ReqStart, req_end := ReqEnd}) ->
    erlang:convert_time_unit(ReqEnd - ReqStart, native, millisecond).

-from(Meta) ->
-    case maps:find(auth_type, Meta) of
-        {ok, jwt_token} ->
+from(#{auth_type := jwt_token}) ->
    dashboard;
-        {ok, api_key} ->
+from(#{auth_type := api_key}) ->
    rest_api;
-        error ->
-            case maps:find(operation_id, Meta) of
-                %% login api create jwt_token, so we don have authorization in it's headers
-                {ok, <<"/login">>} -> dashboard;
-                _ -> unknown
-            end
+from(#{operation_id := <<"/login">>}) ->
+    dashboard;
+from(#{code := Code} = Meta) when Code =:= 401 orelse Code =:= 403 ->
+    case maps:find(failure, Meta) of
+        {ok, #{code := 'BAD_API_KEY_OR_SECRET'}} -> rest_api;
+        {ok, #{code := 'UNAUTHORIZED_ROLE', message := ?API_KEY_NOT_ALLOW_MSG}} -> rest_api;
+        %% 'TOKEN_TIME_OUT' 'BAD_TOKEN' is dashboard code.
+        _ -> dashboard
    end.
+
 source(#{source := Source}) -> Source;
 source(#{operation_id := <<"/login">>, body := #{<<"username">> := Username}}) -> Username;
 source(_Meta) -> <<"">>.
--- a/rel/i18n/emqx_audit_api.hocon
+++ b/rel/i18n/emqx_audit_api.hocon
@ -17,7 +17,7 @@ filter_from.desc:
 `rest_api`: API KEY request logs.
 `cli`: The emqx command line logs.
 `erlang_console`: The emqx remote_console run function logs.
-`event`: Logs related to events such as emqx_start, emqx_stop, audit_enabled, and audit_disabled."""
+`event`: Logs related to events such as emqx_start, emqx_gracefully_stop, audit_enabled, and audit_disabled."""

 filter_source.desc:
 """"Filter logs based on source, Possible values are:
--- a/rel/i18n/emqx_conf_schema.hocon
+++ b/rel/i18n/emqx_conf_schema.hocon
@ -726,7 +726,7 @@ audit_handler_level.label:
 """Log Level"""

 audit_log_max_filter_limit.desc:
-"""Maximum size of the filter."""
+"""Store the latest N log entries in a database for allow `/audit` HTTP API to filter and retrieval of log data."""

 audit_log_max_filter_limit.label:
 """Max Filter Limit"""