202 lines
5.8 KiB
Erlang
202 lines
5.8 KiB
Erlang
%%--------------------------------------------------------------------
|
|
%% Copyright (c) 2021-2022 EMQ Technologies Co., Ltd. All Rights Reserved.
|
|
%%
|
|
%% Licensed under the Apache License, Version 2.0 (the "License");
|
|
%% you may not use this file except in compliance with the License.
|
|
%% You may obtain a copy of the License at
|
|
%%
|
|
%% http://www.apache.org/licenses/LICENSE-2.0
|
|
%%
|
|
%% Unless required by applicable law or agreed to in writing, software
|
|
%% distributed under the License is distributed on an "AS IS" BASIS,
|
|
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
%% See the License for the specific language governing permissions and
|
|
%% limitations under the License.
|
|
%%--------------------------------------------------------------------
|
|
|
|
-module(emqx_authz_utils).
|
|
|
|
-include_lib("emqx/include/emqx_placeholder.hrl").
|
|
-include_lib("emqx_authz.hrl").
|
|
|
|
-export([
|
|
cleanup_resources/0,
|
|
make_resource_id/1,
|
|
create_resource/2,
|
|
create_resource/3,
|
|
update_resource/2,
|
|
update_config/2,
|
|
parse_deep/2,
|
|
parse_str/2,
|
|
parse_sql/3,
|
|
render_deep/2,
|
|
render_str/2,
|
|
render_sql_params/2
|
|
]).
|
|
|
|
-export([
|
|
parse_http_resp_body/2,
|
|
content_type/1
|
|
]).
|
|
|
|
-define(DEFAULT_RESOURCE_OPTS, #{
|
|
auto_retry_interval => 6000,
|
|
start_after_created => false
|
|
}).
|
|
|
|
%%--------------------------------------------------------------------
|
|
%% APIs
|
|
%%--------------------------------------------------------------------
|
|
|
|
create_resource(Module, Config) ->
|
|
ResourceId = make_resource_id(Module),
|
|
create_resource(ResourceId, Module, Config).
|
|
|
|
create_resource(ResourceId, Module, Config) ->
|
|
Result = emqx_resource:create_local(
|
|
ResourceId,
|
|
?RESOURCE_GROUP,
|
|
Module,
|
|
Config,
|
|
?DEFAULT_RESOURCE_OPTS
|
|
),
|
|
start_resource_if_enabled(Result, ResourceId, Config).
|
|
|
|
update_resource(Module, #{annotations := #{id := ResourceId}} = Config) ->
|
|
Result =
|
|
case
|
|
emqx_resource:recreate_local(
|
|
ResourceId,
|
|
Module,
|
|
Config,
|
|
?DEFAULT_RESOURCE_OPTS
|
|
)
|
|
of
|
|
{ok, _} -> {ok, ResourceId};
|
|
{error, Reason} -> {error, Reason}
|
|
end,
|
|
start_resource_if_enabled(Result, ResourceId, Config).
|
|
|
|
start_resource_if_enabled({ok, _} = Result, ResourceId, #{enable := true}) ->
|
|
_ = emqx_resource:start(ResourceId),
|
|
Result;
|
|
start_resource_if_enabled(Result, _ResourceId, _Config) ->
|
|
Result.
|
|
|
|
cleanup_resources() ->
|
|
lists:foreach(
|
|
fun emqx_resource:remove_local/1,
|
|
emqx_resource:list_group_instances(?RESOURCE_GROUP)
|
|
).
|
|
|
|
make_resource_id(Name) ->
|
|
NameBin = bin(Name),
|
|
emqx_resource:generate_id(NameBin).
|
|
|
|
update_config(Path, ConfigRequest) ->
|
|
emqx_conf:update(Path, ConfigRequest, #{
|
|
rawconf_with_defaults => true,
|
|
override_to => cluster
|
|
}).
|
|
|
|
parse_deep(Template, PlaceHolders) ->
|
|
emqx_placeholder:preproc_tmpl_deep(Template, #{placeholders => PlaceHolders}).
|
|
|
|
parse_str(Template, PlaceHolders) ->
|
|
emqx_placeholder:preproc_tmpl(Template, #{placeholders => PlaceHolders}).
|
|
|
|
parse_sql(Template, ReplaceWith, PlaceHolders) ->
|
|
emqx_placeholder:preproc_sql(
|
|
Template,
|
|
#{
|
|
replace_with => ReplaceWith,
|
|
placeholders => PlaceHolders,
|
|
strip_double_quote => true
|
|
}
|
|
).
|
|
|
|
render_deep(Template, Values) ->
|
|
emqx_placeholder:proc_tmpl_deep(
|
|
Template,
|
|
client_vars(Values),
|
|
#{return => full_binary, var_trans => fun handle_var/2}
|
|
).
|
|
|
|
render_str(Template, Values) ->
|
|
emqx_placeholder:proc_tmpl(
|
|
Template,
|
|
client_vars(Values),
|
|
#{return => full_binary, var_trans => fun handle_var/2}
|
|
).
|
|
|
|
render_sql_params(ParamList, Values) ->
|
|
emqx_placeholder:proc_tmpl(
|
|
ParamList,
|
|
client_vars(Values),
|
|
#{return => rawlist, var_trans => fun handle_sql_var/2}
|
|
).
|
|
|
|
-spec parse_http_resp_body(binary(), binary()) -> allow | deny | ignore | error.
|
|
parse_http_resp_body(<<"application/x-www-form-urlencoded", _/binary>>, Body) ->
|
|
try
|
|
result(maps:from_list(cow_qs:parse_qs(Body)))
|
|
catch
|
|
_:_ -> error
|
|
end;
|
|
parse_http_resp_body(<<"application/json", _/binary>>, Body) ->
|
|
try
|
|
result(emqx_json:decode(Body, [return_maps]))
|
|
catch
|
|
_:_ -> error
|
|
end.
|
|
|
|
result(#{<<"result">> := <<"allow">>}) -> allow;
|
|
result(#{<<"result">> := <<"deny">>}) -> deny;
|
|
result(#{<<"result">> := <<"ignore">>}) -> ignore;
|
|
result(_) -> error.
|
|
|
|
-spec content_type(cow_http:headers()) -> binary().
|
|
content_type(Headers) when is_list(Headers) ->
|
|
%% header name is lower case, see:
|
|
%% https://github.com/ninenines/cowlib/blob/ce6798c6b2e95b6a34c6a76d2489eaf159827d80/src/cow_http.erl#L192
|
|
proplists:get_value(
|
|
<<"content-type">>,
|
|
Headers,
|
|
<<"application/json">>
|
|
).
|
|
|
|
%%--------------------------------------------------------------------
|
|
%% Internal functions
|
|
%%--------------------------------------------------------------------
|
|
|
|
client_vars(ClientInfo) ->
|
|
maps:from_list(
|
|
lists:map(
|
|
fun convert_client_var/1,
|
|
maps:to_list(ClientInfo)
|
|
)
|
|
).
|
|
|
|
convert_client_var({cn, CN}) -> {cert_common_name, CN};
|
|
convert_client_var({dn, DN}) -> {cert_subject, DN};
|
|
convert_client_var({protocol, Proto}) -> {proto_name, Proto};
|
|
convert_client_var(Other) -> Other.
|
|
|
|
handle_var({var, _Name}, undefined) ->
|
|
<<>>;
|
|
handle_var({var, <<"peerhost">>}, IpAddr) ->
|
|
inet_parse:ntoa(IpAddr);
|
|
handle_var(_Name, Value) ->
|
|
emqx_placeholder:bin(Value).
|
|
|
|
handle_sql_var({var, _Name}, undefined) ->
|
|
<<>>;
|
|
handle_sql_var({var, <<"peerhost">>}, IpAddr) ->
|
|
inet_parse:ntoa(IpAddr);
|
|
handle_sql_var(_Name, Value) ->
|
|
emqx_placeholder:sql_data(Value).
|
|
|
|
bin(A) when is_atom(A) -> atom_to_binary(A, utf8);
|
|
bin(L) when is_list(L) -> list_to_binary(L);
|
|
bin(X) -> X.
|