zhangyuqing
/
mosquitto-go-auth
mirror of https://github.com/iegomez/mosquitto-go-auth.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: zhangyuqing:d019677fb03afe1dc57d4eb7f74f7ba4264e97c7
Branches Tags
zhangyuqing:master
zhangyuqing:dependabot/go_modules/golang.org/x/net-0.23.0
zhangyuqing:enhancement/cache-superuser-check
zhangyuqing:upgrade-net-crypto-grpc
zhangyuqing:actions-run-tests-on-fork-pr
zhangyuqing:iegomez-patch-2
zhangyuqing:iegomez-patch-1
zhangyuqing:fix/run-tests-on-external-pr
zhangyuqing:issue-274-fix-expensive-get-name-calls
zhangyuqing:fix/disable-buildcvs-on-release-binaries-build
zhangyuqing:fix/bump-flagged-golang-org-packages
zhangyuqing:release-2.0.0
zhangyuqing:feat/http-method-option
zhangyuqing:cleanup/update-go-and-dependencies
zhangyuqing:postgresql-fix
zhangyuqing:issue-198-fix-firefox-websockets
zhangyuqing:issue-197-add-option-to-strip-prefixes
zhangyuqing:feat/add-codeql-action
zhangyuqing:security/patch-and-migrate-dependabot-alerts
zhangyuqing:feat/derive-grpc-client
zhangyuqing:upgrade/bump-mongo-version-1.5.1
zhangyuqing:user-agent
zhangyuqing:feat/jwt-files
zhangyuqing:fix/custom-plugin-docker-test
zhangyuqing:feat/register-backend-functions
zhangyuqing:fix/add-deny-and-spaces-in-files
zhangyuqing:acl-whitespace
zhangyuqing:feat/reload-file-on-sighup
zhangyuqing:feat/jwt-add-js-interpreter
zhangyuqing:fix/add-db-ping-retries
zhangyuqing:2.0.2-test
zhangyuqing:2.1.0
zhangyuqing:2.0.1
zhangyuqing:2.0.0
zhangyuqing:1.9.1
zhangyuqing:1.9.0
zhangyuqing:1.8.2
zhangyuqing:1.8.1
zhangyuqing:1.8.0
zhangyuqing:1.7.0
zhangyuqing:1.6.1
zhangyuqing:1.6.0
zhangyuqing:1.5.0
zhangyuqing:1.4.3
zhangyuqing:1.4.1
zhangyuqing:1.4.0
zhangyuqing:1.3.3
zhangyuqing:1.3.2
zhangyuqing:1.3.1
zhangyuqing:1.3.0
zhangyuqing:1.2.1
zhangyuqing:1.2.0
zhangyuqing:1.1.0
zhangyuqing:1.0.0
zhangyuqing:0.8.0
zhangyuqing:0.7.0
zhangyuqing:0.6.3
zhangyuqing:0.6.2
zhangyuqing:0.6.1
zhangyuqing:0.6.0
zhangyuqing:0.5.0
zhangyuqing:0.4.0
zhangyuqing:0.3.0
zhangyuqing:0.2.0
zhangyuqing:0.1.1
zhangyuqing:0.1.0
...
compare: zhangyuqing:d0253e9850256e1522c09d6ea7b0ee5063c1bde9
Branches Tags
zhangyuqing:dependabot/go_modules/golang.org/x/net-0.23.0
zhangyuqing:master
zhangyuqing:enhancement/cache-superuser-check
zhangyuqing:upgrade-net-crypto-grpc
zhangyuqing:actions-run-tests-on-fork-pr
zhangyuqing:iegomez-patch-2
zhangyuqing:iegomez-patch-1
zhangyuqing:fix/run-tests-on-external-pr
zhangyuqing:issue-274-fix-expensive-get-name-calls
zhangyuqing:fix/disable-buildcvs-on-release-binaries-build
zhangyuqing:fix/bump-flagged-golang-org-packages
zhangyuqing:release-2.0.0
zhangyuqing:feat/http-method-option
zhangyuqing:cleanup/update-go-and-dependencies
zhangyuqing:postgresql-fix
zhangyuqing:issue-198-fix-firefox-websockets
zhangyuqing:issue-197-add-option-to-strip-prefixes
zhangyuqing:feat/add-codeql-action
zhangyuqing:security/patch-and-migrate-dependabot-alerts
zhangyuqing:feat/derive-grpc-client
zhangyuqing:upgrade/bump-mongo-version-1.5.1
zhangyuqing:user-agent
zhangyuqing:feat/jwt-files
zhangyuqing:fix/custom-plugin-docker-test
zhangyuqing:feat/register-backend-functions
zhangyuqing:fix/add-deny-and-spaces-in-files
zhangyuqing:acl-whitespace
zhangyuqing:feat/reload-file-on-sighup
zhangyuqing:feat/jwt-add-js-interpreter
zhangyuqing:fix/add-db-ping-retries
zhangyuqing:2.0.2-test
zhangyuqing:2.1.0
zhangyuqing:2.0.1
zhangyuqing:2.0.0
zhangyuqing:1.9.1
zhangyuqing:1.9.0
zhangyuqing:1.8.2
zhangyuqing:1.8.1
zhangyuqing:1.8.0
zhangyuqing:1.7.0
zhangyuqing:1.6.1
zhangyuqing:1.6.0
zhangyuqing:1.5.0
zhangyuqing:1.4.3
zhangyuqing:1.4.1
zhangyuqing:1.4.0
zhangyuqing:1.3.3
zhangyuqing:1.3.2
zhangyuqing:1.3.1
zhangyuqing:1.3.0
zhangyuqing:1.2.1
zhangyuqing:1.2.0
zhangyuqing:1.1.0
zhangyuqing:1.0.0
zhangyuqing:0.8.0
zhangyuqing:0.7.0
zhangyuqing:0.6.3
zhangyuqing:0.6.2
zhangyuqing:0.6.1
zhangyuqing:0.6.0
zhangyuqing:0.5.0
zhangyuqing:0.4.0
zhangyuqing:0.3.0
zhangyuqing:0.2.0
zhangyuqing:0.1.1
zhangyuqing:0.1.0

5 Commits
d019677fb0 ... d0253e9850

Author SHA1 Message Date
Justin Dalrymple d0253e9850
Merge 84ac164557 into 59681181c0 2024-03-20 15:36:54 +01:00
Ignacio Gómez 59681181c0
Merge pull request #322 from iegomez/dependabot/go_modules/google.golang.org/protobuf-1.33.0 
Bump google.golang.org/protobuf from 1.30.0 to 1.33.0
 2024-03-16 15:33:42 -03:00
dependabot[bot] 4668815a2c
Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 
Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-03-13 22:32:04 +00:00
Justin Dalrymple 84ac164557
Update jwt_local.go 2023-05-03 21:33:32 -04:00
Justin Dalrymple e90423f7fd
Update jwt_local.go 
Adding prelim updates for mongo support in JWT backend
 2023-05-03 21:27:34 -04:00
3 changed files with 59 additions and 31 deletions
Show Stats Expand all files Collapse all files

84
backends/jwt_local.go
View File

@ -3,7 +3,8 @@ package backends
import (
"database/sql"
"strings"
"context"
"github.com/iegomez/mosquitto-go-auth/hashing"
"github.com/pkg/errors"
log "github.com/sirupsen/logrus"
@ -13,6 +14,7 @@ type localJWTChecker struct {
db string
postgres Postgres
mysql Mysql
mongo Mongo
userQuery string
hasher hashing.HashComparer
options tokenOptions
@ -21,10 +23,11 @@ type localJWTChecker struct {
const (
mysqlDB = "mysql"
postgresDB = "postgres"
mongoDB = "mongo"
)
// NewLocalJWTChecker initializes a checker with a local DB.
func NewLocalJWTChecker(authOpts map[string]string, logLevel log.Level, hasher hashing.HashComparer, options tokenOptions) (jwtChecker, error) {
func NewLocalJWTChecker(authOpts map[string]string, logLevel log.Level, hasher hashing.HashComparer, options tokenOptions) (JWTChecker, error) {
checker := &localJWTChecker{
hasher: hasher,
db: postgresDB,
@ -35,7 +38,7 @@ func NewLocalJWTChecker(authOpts map[string]string, logLevel log.Level, hasher h
localOk := true
if options.secret == "" {
return nil, errors.New("JWT backend error: missing jwt secret")
return nil, errors.New("JWT backend error: missing JWT secret")
}
if db, ok := authOpts["jwt_db"]; ok {
@ -59,21 +62,28 @@ func NewLocalJWTChecker(authOpts map[string]string, logLevel log.Level, hasher h
if checker.db == mysqlDB {
mysql, err := NewMysql(dbAuthOpts, logLevel, hasher)
if err != nil {
return nil, errors.Errorf("JWT backend error: couldn't create mysql connector for local jwt: %s", err)
return nil, errors.Errorf("JWT backend error: couldn't create mysql connector for local JWT: %s", err)
}
checker.mysql = mysql
} else if checker.db == mongoDB {
mongodb, err := NewMongo(dbAuthOpts, logLevel, hasher)
return checker, nil
if err != nil {
return nil, errors.Errorf("JWT backend error: couldn't create mysql connector for local JWT: %s", err)
}
checker.mongo = mongodb
} else {
postgres, err := NewPostgres(dbAuthOpts, logLevel, hasher)
checker.postgres = postgres
}
postgres, err := NewPostgres(dbAuthOpts, logLevel, hasher)
if err != nil {
return nil, errors.Errorf("JWT backend error: couldn't create postgres connector for local jwt: %s", err)
return nil, errors.Errorf("JWT backend error: couldn't create postgres connector for local JWT: %s", err)
}
checker.postgres = postgres
return checker, nil
}
@ -81,7 +91,7 @@ func (o *localJWTChecker) GetUser(token string) (bool, error) {
username, err := getUsernameForToken(o.options, token, o.options.skipUserExpiration)
if err != nil {
log.Printf("jwt local get user error: %s", err)
log.Printf("JWT local get user error: %s", err)
return false, err
}
@ -92,43 +102,47 @@ func (o *localJWTChecker) GetSuperuser(token string) (bool, error) {
username, err := getUsernameForToken(o.options, token, o.options.skipUserExpiration)
if err != nil {
log.Printf("jwt local get superuser error: %s", err)
log.Printf("JWT local get superuser error: %s", err)
return false, err
}
if o.db == mysqlDB {
return o.mysql.GetSuperuser(username)
} else if o.db == mongoDB {
return o.mongo.GetSuperuser(username)
} else {
return o.postgres.GetSuperuser(username)
}
return o.postgres.GetSuperuser(username)
}
func (o *localJWTChecker) CheckAcl(token, topic, clientid string, acc int32) (bool, error) {
username, err := getUsernameForToken(o.options, token, o.options.skipACLExpiration)
if err != nil {
log.Printf("jwt local check acl error: %s", err)
log.Printf("JWT local check acl error: %s", err)
return false, err
}
if o.db == mysqlDB {
return o.mysql.CheckAcl(username, topic, clientid, acc)
} else if o.db == mongoDB {
return o.mongo.CheckAcl(username)
} else {
return o.postgres.CheckAcl(username)
}
return o.postgres.CheckAcl(username, topic, clientid, acc)
}
func (o *localJWTChecker) Halt() {
if o.postgres != (Postgres{}) && o.postgres.DB != nil {
err := o.postgres.DB.Close()
if err != nil {
log.Errorf("JWT cleanup error: %s", err)
}
} else if o.mysql != (Mysql{}) && o.mysql.DB != nil {
err := o.mysql.DB.Close()
if err != nil {
log.Errorf("JWT cleanup error: %s", err)
}
} else if o.mongo != (Mongo{}) && o.mongo.Conn != nil {
err := o.mongo.Conn.Disconnect(context.TODO())
}
if err != nil {
log.Errorf("JWT cleanup error: %s", err)
}
}
@ -137,25 +151,36 @@ func (o *localJWTChecker) getLocalUser(username string) (bool, error) {
return false, nil
}
var count sql.NullInt64
var err error
var sqlCount sql.NullInt64
var count Int64
var valid boolean
if o.db == mysqlDB {
err = o.mysql.DB.Get(&count, o.userQuery, username)
valid = sqlCount.Valid
count = sqlCount.Int64
} else if o.db == mongoDB {
var uc := o.mongo.Conn.Database(o.mongo.DBName).Collection(o.mongo.UsersCollection)
count, err := uc.CountDocuments(context.TODO(), bson.M{"username": username})
} else {
err = o.postgres.DB.Get(&count, o.userQuery, username)
}
valid = sqlCount.Valid
count = sqlCount.Int64
}
if err != nil {
log.Debugf("local JWT get user error: %s", err)
return false, err
}
if !count.Valid {
if !valid {
log.Debugf("local JWT get user error: user %s not found", username)
return false, nil
}
if count.Int64 > 0 {
if count > 0 {
return true, nil
}
@ -165,9 +190,12 @@ func (o *localJWTChecker) getLocalUser(username string) (bool, error) {
func extractOpts(authOpts map[string]string, db string) map[string]string {
dbAuthOpts := make(map[string]string)
dbPrefix := "pg"
if db == mysqlDB {
dbPrefix = mysqlDB
} else if db == mongoDB {
dbPrefix = mongoDB
} else {
dbPrefix := "pg"
}
prefix := "jwt_" + dbPrefix

2
go.mod
View File

@ -42,7 +42,7 @@ require (
golang.org/x/sys v0.15.0 // indirect
golang.org/x/text v0.14.0 // indirect
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
google.golang.org/protobuf v1.30.0 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
gopkg.in/sourcemap.v1 v1.0.5 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect

4
go.sum
View File

@ -222,8 +222,8 @@ google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc=
google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=