yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
21,515 Commits 393 Branches 684 Tags 74 MiB
Commit Graph

64 Commits

Author SHA1 Message Date
zmstone 93232d4253 fix(authn/http): log meaningful error message if http header is missing 2024-05-14 10:22:07 +02:00
Ilya Averyanov e4154dd472 feat(authn): use correct time resolution for setting channel expire in JWT authn 2024-04-30 19:01:16 +03:00
Ilya Averyanov 80d724c504 feat(authn): add connection expire based on authn data 2024-04-30 17:04:55 +03:00
zmstone 01923147a2 fix(variform and authz): do not initialize empty client_attrs field 
when client_attrs_init expression renders to empty string,
do not initialize the attribute.

also fixed an ACL error: a template render failure for a topic
would stop the ACL checks for the following topics if more
than one topic is configured.
 2024-04-25 17:32:07 +02:00
zmstone d30b52f0f9 docs: refine acl.conf comments 2024-04-25 17:32:07 +02:00
zmstone ab763fe665 test: fix test case flakyness 2024-04-18 09:32:05 +02:00
zmstone b76b6fbe63 feat(variform): initialize client_attrs with variform 
Moved regular expression extraction as a variform function.
 2024-04-14 10:13:24 +02:00
zmstone da5b01aa46 refactor(client_attr): allow more than one initial extraction 2024-04-13 01:00:25 +02:00
Ivan Dyachkov db9efb9317 chore: bump apps versions 2024-03-28 10:19:09 +01:00
zmstone 22838f027a fix: mountpoint template render should not replace unknown as undefined 
For backward compatibility, the unknown vars used in mountpoint
is kept unchanged.
e.g. '${unknown}/foo/bar' should be rendered as '${unknown}/foo/bar'
but not 'undefined/foo/bar'
 2024-03-23 10:16:05 +01:00
zmstone 3136ec5958 feat: allow mountpoint to use client_attrs 2024-03-23 10:16:05 +01:00
zmstone 5e9814d171 fix: add debug level logging for invalid client attributes 2024-03-23 10:16:05 +01:00
zmstone 0cf61932b6 feat: allow using client_attrs in authentication templates 2024-03-23 10:16:05 +01:00
zmstone 2fd0a2cd4d feat: support extracting initial client attrs from clientinfo 2024-03-23 10:16:02 +01:00
zmstone c75840306b fix: restrict client_attr key and value string format 
The keys and values are used to render templates for
authz rules, such as topic names, and SQL statements etc.
 2024-03-23 10:16:02 +01:00
zmstone 9ec99fef4a feat: allow client_attr used in authz rules 2024-03-23 10:16:02 +01:00
zmstone e5816f5a13 refactor: rename attr to client_attr 
client_attr is unique enough for all contexts
so the name can be unified from external responses
to internal template rendering, and rule-engine template rendering
 2024-03-23 10:16:02 +01:00
Zaiming (Stone) Shi 5af01c041b
Merge pull request #12559 from zmstone/0221-refactor-use-atom-fileds 
refactor: use atoms for root config fields
 2024-02-23 14:38:19 +01:00
Zaiming (Stone) Shi 46877e979b chore: update copyright-year 2024-02-23 08:21:06 +01:00
Zaiming (Stone) Shi 88b1d9ba88 refactor: use atoms for root config fields and types 2024-02-22 16:51:40 +01:00
Thales Macedo Garitezi d469f4158e chore: bump app vsns 2024-02-20 16:53:57 -03:00
JimMoen ba1d24d054
test(prom_api): '/prometheus/auth' and '/prometheus/data_integration' 2024-02-18 02:32:25 +08:00
Zaiming (Stone) Shi f57f617ba3 refactor(schema): ensure roots/0 and namespace/0 for all schema modules 2024-02-16 11:35:32 +01:00
Serge Tupchii 7272ef25d4 feat(emqx_auth): implement API to re-order all authenticators/authz sources 
Fixes: EMQX-11770
 2024-02-14 14:35:46 +02:00
Ilya Averyanov 90fd2b26d3 feat(banned): allow ban by clientid/username regexps, peerhost cidrs 2024-02-10 17:59:22 +03:00
JianBo He 9aad7997ca chore: compatible the contet-type sytanx 2024-02-02 08:48:56 +01:00
JianBo He aedfc8e8c0 fix(user_import): ensure the last record overwrites previous one 2024-01-30 14:14:20 +08:00
JianBo He 8fc8106819 test: cover password_type and new data format 2024-01-29 10:49:07 +08:00
JianBo He 829887630d test: refine existed test cases 2024-01-29 10:49:07 +08:00
JianBo He e65cfb836c feat(import_users): support user's password in plain text 2024-01-29 10:49:07 +08:00
Zaiming (Stone) Shi 9e8a67fd68 feat: support authz cache exclusion config 
now one can configure a list of topic-filters to avoid
caching ACL check results

for example

authorization.cache.excludes = ["nocache/#"]

this means ACL check results for topics having 'nocache/' prefix
will not be cached
 2024-01-10 13:52:00 +01:00
Zaiming (Stone) Shi 23ded313ec chore: update app versions 2023-12-22 15:29:22 +01:00
Zaiming (Stone) Shi 322b7bb7d2 chore: bump app vsn 2023-12-22 13:00:37 +01:00
Zaiming (Stone) Shi 2be898ca4d refactor(auth/jwt): support raw rules from jwt acl claim 2023-12-19 08:10:38 +01:00
Zaiming (Stone) Shi a9963e043b refactor(authz): improve logging 
Move authz result logging to common place.

Prior to this change, the final result is not logged when
fallback to the default authorization.no_match config value.

Aso, if the result is provided by a hook callback,
it's also not logged.

After this change, only the final result is logged.
The authz chain resutls can be traced (or logged at debug level).
 2023-12-17 22:32:26 +01:00
zhongwencool c73b371a7a feat: don't merge default headers if user already setting one 2023-12-13 08:47:55 +08:00
Zaiming (Stone) Shi ddbb8560fa fix(dialyzer): batch 2 2023-12-08 17:59:55 +01:00
Zaiming (Stone) Shi 33a7282cdd fix(dialyzer): only include eunit when TEST is defined 2023-12-06 20:39:26 +01:00
Stefan Strigler 8ba116d378 fix(emqx_auth): check authenticator exists in /authenticator/:id/users 2023-11-23 16:15:03 +01:00
Zaiming (Stone) Shi d9f964a44f test: fix test cases after schema type namespace change 2023-11-22 16:58:05 +01:00
Zaiming (Stone) Shi db33bc616a feat(schema): Add v2 scheam JSON dump 2023-11-22 13:12:35 +01:00
Zaiming (Stone) Shi 1b2c052646 docs: add type namespaces 2023-11-22 13:12:35 +01:00
Ivan Dyachkov 28a577ad09 chore: bump apps versions 2023-11-14 11:02:26 +01:00
Zaiming (Stone) Shi f1de0aa176 fix(schema): add namespace to authn schemas 2023-11-10 13:41:51 +01:00
Zaiming (Stone) Shi 86110824eb feat: upgrade hocon to 0.40.0 which supports union type display name 2023-11-10 13:41:51 +01:00
Zaiming (Stone) Shi b24b66081a refactor(authn/authz_http_schema): use typerefl alias 2023-11-10 13:41:51 +01:00
Andrew Mayorov 910e81bc41
Merge pull request #10442 from keynslug/ft/EMQX-9257/placeholder 
feat(tpl): split `emqx_placeholder` into a couple of modules
 2023-11-02 22:50:05 +07:00
Andrew Mayorov 8e4585d64f
chore: move template modules to `emqx_utils` 
Even though most of the time these modules will be used by
connectors, there are exceptions (namely, `emqx_rule_engine`).
Besides, they are general enough to land there, more so given
that `emqx_placeholder` is already there.
 2023-11-02 17:11:12 +07:00
Andrew Mayorov 343b679741
feat(tpl): make escaping mechanism more foolproof 
Treat "${$}" as literal "$". This allows to template express
strings, for example, of the form "${some_var_value}" where
`some_var_value` is interpolated from bindings.
 2023-11-02 17:11:11 +07:00
Andrew Mayorov a9693eada7
fix(tpl): rename `trivial` -> `is_const` 
This is clearer. Former naming was a bit misleading.
 2023-11-02 17:11:11 +07:00