emqx/apps/emqx_authz/src/emqx_authz_utils.erl

202 lines
5.8 KiB
Erlang

%%--------------------------------------------------------------------
%% Copyright (c) 2021-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%% http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%--------------------------------------------------------------------
-module(emqx_authz_utils).
-include_lib("emqx/include/emqx_placeholder.hrl").
-include_lib("emqx_authz.hrl").
-export([
cleanup_resources/0,
make_resource_id/1,
create_resource/2,
create_resource/3,
update_resource/2,
update_config/2,
parse_deep/2,
parse_str/2,
parse_sql/3,
render_deep/2,
render_str/2,
render_sql_params/2
]).
-export([
parse_http_resp_body/2,
content_type/1
]).
-define(DEFAULT_RESOURCE_OPTS, #{
auto_retry_interval => 6000,
start_after_created => false
}).
%%--------------------------------------------------------------------
%% APIs
%%--------------------------------------------------------------------
create_resource(Module, Config) ->
ResourceId = make_resource_id(Module),
create_resource(ResourceId, Module, Config).
create_resource(ResourceId, Module, Config) ->
Result = emqx_resource:create_local(
ResourceId,
?RESOURCE_GROUP,
Module,
Config,
?DEFAULT_RESOURCE_OPTS
),
start_resource_if_enabled(Result, ResourceId, Config).
update_resource(Module, #{annotations := #{id := ResourceId}} = Config) ->
Result =
case
emqx_resource:recreate_local(
ResourceId,
Module,
Config,
?DEFAULT_RESOURCE_OPTS
)
of
{ok, _} -> {ok, ResourceId};
{error, Reason} -> {error, Reason}
end,
start_resource_if_enabled(Result, ResourceId, Config).
start_resource_if_enabled({ok, _} = Result, ResourceId, #{enable := true}) ->
_ = emqx_resource:start(ResourceId),
Result;
start_resource_if_enabled(Result, _ResourceId, _Config) ->
Result.
cleanup_resources() ->
lists:foreach(
fun emqx_resource:remove_local/1,
emqx_resource:list_group_instances(?RESOURCE_GROUP)
).
make_resource_id(Name) ->
NameBin = bin(Name),
emqx_resource:generate_id(NameBin).
update_config(Path, ConfigRequest) ->
emqx_conf:update(Path, ConfigRequest, #{
rawconf_with_defaults => true,
override_to => cluster
}).
parse_deep(Template, PlaceHolders) ->
emqx_placeholder:preproc_tmpl_deep(Template, #{placeholders => PlaceHolders}).
parse_str(Template, PlaceHolders) ->
emqx_placeholder:preproc_tmpl(Template, #{placeholders => PlaceHolders}).
parse_sql(Template, ReplaceWith, PlaceHolders) ->
emqx_placeholder:preproc_sql(
Template,
#{
replace_with => ReplaceWith,
placeholders => PlaceHolders,
strip_double_quote => true
}
).
render_deep(Template, Values) ->
emqx_placeholder:proc_tmpl_deep(
Template,
client_vars(Values),
#{return => full_binary, var_trans => fun handle_var/2}
).
render_str(Template, Values) ->
emqx_placeholder:proc_tmpl(
Template,
client_vars(Values),
#{return => full_binary, var_trans => fun handle_var/2}
).
render_sql_params(ParamList, Values) ->
emqx_placeholder:proc_tmpl(
ParamList,
client_vars(Values),
#{return => rawlist, var_trans => fun handle_sql_var/2}
).
-spec parse_http_resp_body(binary(), binary()) -> allow | deny | ignore | error.
parse_http_resp_body(<<"application/x-www-form-urlencoded", _/binary>>, Body) ->
try
result(maps:from_list(cow_qs:parse_qs(Body)))
catch
_:_ -> error
end;
parse_http_resp_body(<<"application/json", _/binary>>, Body) ->
try
result(emqx_json:decode(Body, [return_maps]))
catch
_:_ -> error
end.
result(#{<<"result">> := <<"allow">>}) -> allow;
result(#{<<"result">> := <<"deny">>}) -> deny;
result(#{<<"result">> := <<"ignore">>}) -> ignore;
result(_) -> error.
-spec content_type(cow_http:headers()) -> binary().
content_type(Headers) when is_list(Headers) ->
%% header name is lower case, see:
%% https://github.com/ninenines/cowlib/blob/ce6798c6b2e95b6a34c6a76d2489eaf159827d80/src/cow_http.erl#L192
proplists:get_value(
<<"content-type">>,
Headers,
<<"application/json">>
).
%%--------------------------------------------------------------------
%% Internal functions
%%--------------------------------------------------------------------
client_vars(ClientInfo) ->
maps:from_list(
lists:map(
fun convert_client_var/1,
maps:to_list(ClientInfo)
)
).
convert_client_var({cn, CN}) -> {cert_common_name, CN};
convert_client_var({dn, DN}) -> {cert_subject, DN};
convert_client_var({protocol, Proto}) -> {proto_name, Proto};
convert_client_var(Other) -> Other.
handle_var({var, _Name}, undefined) ->
<<>>;
handle_var({var, <<"peerhost">>}, IpAddr) ->
inet_parse:ntoa(IpAddr);
handle_var(_Name, Value) ->
emqx_placeholder:bin(Value).
handle_sql_var({var, _Name}, undefined) ->
<<>>;
handle_sql_var({var, <<"peerhost">>}, IpAddr) ->
inet_parse:ntoa(IpAddr);
handle_sql_var(_Name, Value) ->
emqx_placeholder:sql_data(Value).
bin(A) when is_atom(A) -> atom_to_binary(A, utf8);
bin(L) when is_list(L) -> list_to_binary(L);
bin(X) -> X.