yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
22,136 Commits 393 Branches 684 Tags 74 MiB
Commit Graph

89 Commits

Author SHA1 Message Date
Ilya Averyanov f8e6aab86f Merge branch 'release-57' into 0617-release-57-sync 
* release-57:
  chore(auth,http): cache REs for parsing URIs
  fix(auth,http): improve URI handling
  chore: revert ULOG/ELOG
  test: generate dispatch.eterm in dashboard test
  docs: refine change log
  feat: make the dashboard restart quicker
  chore: fix typo
  fix(http authz): handle unknown content types in responses
  chore: change types of mysql and mongodb fields to `template()`
  fix(client mgmt api): allow projecting `client_attrs` from client fields
  fix(emqx_rule_funcs): expose regex_extract function to rule engine
 2024-06-17 18:53:39 +03:00
Ilya Averyanov f7ac829f28 fix(auth,http): improve URI handling 2024-06-17 14:42:29 +03:00
zmstone 2b7f3a597f
Merge pull request #13245 from qzhuyan/merge/william/sync-rel57-to-master 
sync release57 to master
 2024-06-15 09:13:55 +02:00
zmstone 626aae6edf chore: fix bad conflict resolution 2024-06-14 16:57:53 +02:00
Thales Macedo Garitezi 2c264d9a4b fix(http authz): handle unknown content types in responses 
Fixes https://emqx.atlassian.net/browse/EMQX-12530
 2024-06-12 14:31:12 -03:00
zmstone 751f7a24e9 feat(authn): support ${cert_pem} placeholder 2024-06-11 19:54:24 +02:00
firest e64f60b73f fix(auth): redact sensitive data for the authn/authz APIs 2024-06-11 16:05:11 +08:00
zhongwencool fda365a87b chore: make authz's logs easier to understand 2024-06-03 18:01:57 +08:00
Ivan Dyachkov 29ad07ce29 Merge remote-tracking branch 'upstream/release-57' into 0531-sync-release-57 2024-05-31 07:32:26 +02:00
zmstone 78a6100346 chore: fix app vsn bumps 
only bug fixes so far
 2024-05-29 21:56:22 +02:00
zmstone 062ab31ecf Merge remote-tracking branch 'origin/release-57' into 0527-port-back-diverged-modules 2024-05-28 14:35:25 +02:00
ieQu1 8fbeca4321
chore: Version bumps 2024-05-28 00:14:01 +02:00
zmstone 2771a10d39 test: fix a flaky one 2024-05-27 20:59:50 +02:00
zmstone 238c207b09 chore: bump app versions 2024-05-27 20:26:52 +02:00
zmstone b0832ecc74 test: fix a flaky one 2024-05-23 08:55:28 +02:00
Ilia Averianov 322989c83f
Merge pull request #13040 from savonarola/0513-fix-http-authn-error-handling 
fix(auth_http): fix query encoding
 2024-05-16 15:12:57 +03:00
zmstone 2acde5a4e4 fix(authn/http): log meaningful error message if http header is missing 2024-05-16 11:36:52 +03:00
Ilya Averyanov daf2e5a444 chore(auth_http): unify http request generation 
Co-authored-by: Thales Macedo Garitezi <thalesmg@gmail.com>
 2024-05-16 11:36:52 +03:00
zmstone 93232d4253 fix(authn/http): log meaningful error message if http header is missing 2024-05-14 10:22:07 +02:00
Ilya Averyanov bca3782d73 fix(auth_http): fix query encoding 
* ignore authenticator if JSON format is set up for requests, but non-utf8 data is going to be sent
* use application/json format by default
* fix encoding of query part of the requests
 2024-05-14 10:32:53 +03:00
zmstone 290ebe2fc5 fix: deny subscribing to +/# by default ACL 
Prior to this change, EMQX default ACL has a deny rule to reject
subscribing to `#`.
For completeness, the default ACL should also deny `+/#` because
they are essentially equivalent.
 2024-05-13 09:26:42 +02:00
Thales Macedo Garitezi 401f0fa84b Merge branch 'release-57' into sync-r57-m-20240508 2024-05-09 09:13:30 -03:00
Ilya Averyanov 3b655f56cb fix(auth,http): improve URI handling 2024-05-04 09:47:13 +03:00
Thales Macedo Garitezi 42cb17360e Merge branch 'release-57' into sync-r57-m-20240430 2024-04-30 14:42:22 -03:00
Ilya Averyanov e4154dd472 feat(authn): use correct time resolution for setting channel expire in JWT authn 2024-04-30 19:01:16 +03:00
Ilya Averyanov 80d724c504 feat(authn): add connection expire based on authn data 2024-04-30 17:04:55 +03:00
Ilya Averyanov aaf57ecfbc chore(authz): improve and clarify types 2024-04-26 12:09:18 +03:00
zmstone 01923147a2 fix(variform and authz): do not initialize empty client_attrs field 
when client_attrs_init expression renders to empty string,
do not initialize the attribute.

also fixed an ACL error: a template render failure for a topic
would stop the ACL checks for the following topics if more
than one topic is configured.
 2024-04-25 17:32:07 +02:00
zmstone d30b52f0f9 docs: refine acl.conf comments 2024-04-25 17:32:07 +02:00
Ilya Averyanov 407b0cd0ca feat(jwt_auth): improve verify_claims handling and docs 2024-04-25 17:49:29 +03:00
zmstone ab763fe665 test: fix test case flakyness 2024-04-18 09:32:05 +02:00
zmstone b76b6fbe63 feat(variform): initialize client_attrs with variform 
Moved regular expression extraction as a variform function.
 2024-04-14 10:13:24 +02:00
zmstone da5b01aa46 refactor(client_attr): allow more than one initial extraction 2024-04-13 01:00:25 +02:00
Ivan Dyachkov db9efb9317 chore: bump apps versions 2024-03-28 10:19:09 +01:00
zmstone 22838f027a fix: mountpoint template render should not replace unknown as undefined 
For backward compatibility, the unknown vars used in mountpoint
is kept unchanged.
e.g. '${unknown}/foo/bar' should be rendered as '${unknown}/foo/bar'
but not 'undefined/foo/bar'
 2024-03-23 10:16:05 +01:00
zmstone 3136ec5958 feat: allow mountpoint to use client_attrs 2024-03-23 10:16:05 +01:00
zmstone 5e9814d171 fix: add debug level logging for invalid client attributes 2024-03-23 10:16:05 +01:00
zmstone 0cf61932b6 feat: allow using client_attrs in authentication templates 2024-03-23 10:16:05 +01:00
zmstone 2fd0a2cd4d feat: support extracting initial client attrs from clientinfo 2024-03-23 10:16:02 +01:00
zmstone c75840306b fix: restrict client_attr key and value string format 
The keys and values are used to render templates for
authz rules, such as topic names, and SQL statements etc.
 2024-03-23 10:16:02 +01:00
zmstone 9ec99fef4a feat: allow client_attr used in authz rules 2024-03-23 10:16:02 +01:00
zmstone e5816f5a13 refactor: rename attr to client_attr 
client_attr is unique enough for all contexts
so the name can be unified from external responses
to internal template rendering, and rule-engine template rendering
 2024-03-23 10:16:02 +01:00
Zaiming (Stone) Shi 5af01c041b
Merge pull request #12559 from zmstone/0221-refactor-use-atom-fileds 
refactor: use atoms for root config fields
 2024-02-23 14:38:19 +01:00
Zaiming (Stone) Shi 46877e979b chore: update copyright-year 2024-02-23 08:21:06 +01:00
Zaiming (Stone) Shi 88b1d9ba88 refactor: use atoms for root config fields and types 2024-02-22 16:51:40 +01:00
Thales Macedo Garitezi d469f4158e chore: bump app vsns 2024-02-20 16:53:57 -03:00
JimMoen ba1d24d054
test(prom_api): '/prometheus/auth' and '/prometheus/data_integration' 2024-02-18 02:32:25 +08:00
Zaiming (Stone) Shi f57f617ba3 refactor(schema): ensure roots/0 and namespace/0 for all schema modules 2024-02-16 11:35:32 +01:00
Serge Tupchii 7272ef25d4 feat(emqx_auth): implement API to re-order all authenticators/authz sources 
Fixes: EMQX-11770
 2024-02-14 14:35:46 +02:00
Ilya Averyanov 90fd2b26d3 feat(banned): allow ban by clientid/username regexps, peerhost cidrs 2024-02-10 17:59:22 +03:00