auth

package

v2.6.6 Latest Latest Go to latest Published: Oct 23, 2024 License: MIT Imports: 7 Imported by: 45

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mochi-mqtt/server

Links

Open Source Insights

Documentation ¶

Index ¶

func MatchTopic(filter string, topic string) (elements []string, matched bool)
type ACLRule
type ACLRules
type Access
type AllowHook
type AuthRule
type AuthRules
type Filters
type Hook
type Ledger
type Options
type RString
- func (r RString) FilterMatches(a string) bool
- func (r RString) Matches(a string) bool
type UserRule
type Users

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func MatchTopic ¶

func MatchTopic(filter string, topic string) (elements []string, matched bool)

MatchTopic checks if a given topic matches a filter, accounting for filter wildcards. Eg. filter /a/b/+/c == topic a/b/d/c.

Types ¶

type ACLRule ¶

type ACLRule struct {
	Client   RString `json:"client,omitempty" yaml:"client,omitempty"`     // the id of a connecting client
	Username RString `json:"username,omitempty" yaml:"username,omitempty"` // the username of a user
	Remote   RString `json:"remote,omitempty" yaml:"remote,omitempty"`     // remote address or
	Filters  Filters `json:"filters,omitempty" yaml:"filters,omitempty"`   // filters to match
}

ACLRule defines access rules for a specific topic or filter.

type ACLRules ¶

type ACLRules []ACLRule

ACLRules defines generic topic or filter access rules applicable to all users.

type Access ¶

type Access byte

Access determines the read/write privileges for an ACL rule.

const (
	Deny      Access = iota // user cannot access the topic
	ReadOnly                // user can only subscribe to the topic
	WriteOnly               // user can only publish to the topic
	ReadWrite               // user can both publish and subscribe to the topic
)

type AllowHook ¶

type AllowHook struct {
	mqtt.HookBase
}

AllowHook is an authentication hook which allows connection access for all users and read and write access to all topics.

func (*AllowHook) ID ¶

func (h *AllowHook) ID() string

ID returns the ID of the hook.

func (*AllowHook) OnACLCheck ¶

func (h *AllowHook) OnACLCheck(cl *mqtt.Client, topic string, write bool) bool

OnACLCheck returns true/allowed for all checks.

func (*AllowHook) OnConnectAuthenticate ¶

func (h *AllowHook) OnConnectAuthenticate(cl *mqtt.Client, pk packets.Packet) bool

OnConnectAuthenticate returns true/allowed for all requests.

func (*AllowHook) Provides ¶

func (h *AllowHook) Provides(b byte) bool

Provides indicates which hook methods this hook provides.

type AuthRule ¶

type AuthRule struct {
	Client   RString `json:"client,omitempty" yaml:"client,omitempty"`     // the id of a connecting client
	Username RString `json:"username,omitempty" yaml:"username,omitempty"` // the username of a user
	Remote   RString `json:"remote,omitempty" yaml:"remote,omitempty"`     // remote address or
	Password RString `json:"password,omitempty" yaml:"password,omitempty"` // the password of a user
	Allow    bool    `json:"allow,omitempty" yaml:"allow,omitempty"`       // allow or disallow the users
}

type AuthRules ¶

type AuthRules []AuthRule

AuthRules defines generic access rules applicable to all users.

type Filters ¶

type Filters map[RString]Access

Filters is a map of Access rules keyed on filter.

type Hook ¶

type Hook struct {
	mqtt.HookBase
	// contains filtered or unexported fields
}

Hook is an authentication hook which implements an auth ledger.

func (*Hook) ID ¶

func (h *Hook) ID() string

ID returns the ID of the hook.

func (*Hook) Init ¶

func (h *Hook) Init(config any) error

Init configures the hook with the auth ledger to be used for checking.

func (*Hook) OnACLCheck ¶

func (h *Hook) OnACLCheck(cl *mqtt.Client, topic string, write bool) bool

OnACLCheck returns true if the connecting client has matching read or write access to subscribe or publish to a given topic.

func (*Hook) OnConnectAuthenticate ¶

func (h *Hook) OnConnectAuthenticate(cl *mqtt.Client, pk packets.Packet) bool

OnConnectAuthenticate returns true if the connecting client has rules which provide access in the auth ledger.

func (*Hook) Provides ¶

func (h *Hook) Provides(b byte) bool

Provides indicates which hook methods this hook provides.

type Ledger ¶

type Ledger struct {
	sync.Mutex `json:"-" yaml:"-"`
	Users      Users     `json:"users" yaml:"users"`
	Auth       AuthRules `json:"auth" yaml:"auth"`
	ACL        ACLRules  `json:"acl" yaml:"acl"`
}

Ledger is an auth ledger containing access rules for users and topics.

func (*Ledger) ACLOk ¶

func (l *Ledger) ACLOk(cl *mqtt.Client, topic string, write bool) (n int, ok bool)

ACLOk returns true if the rules indicate the user is allowed to read or write to a specific filter or topic respectively, based on the `write` bool.

func (*Ledger) AuthOk ¶

func (l *Ledger) AuthOk(cl *mqtt.Client, pk packets.Packet) (n int, ok bool)

AuthOk returns true if the rules indicate the user is allowed to authenticate.

func (*Ledger) ToJSON ¶

func (l *Ledger) ToJSON() (data []byte, err error)

ToJSON encodes the values into a JSON string.

func (*Ledger) ToYAML ¶

func (l *Ledger) ToYAML() (data []byte, err error)

ToYAML encodes the values into a YAML string.

func (*Ledger) Unmarshal ¶

func (l *Ledger) Unmarshal(data []byte) error

Unmarshal decodes a JSON or YAML string (such as a rule config from a file) into a struct.

func (*Ledger) Update ¶

func (l *Ledger) Update(ln *Ledger)

Update updates the internal values of the ledger.

type Options ¶

type Options struct {
	Data   []byte
	Ledger *Ledger
}

Options contains the configuration/rules data for the auth ledger.

type RString ¶

type RString string

RString is a rule value string.

func (RString) FilterMatches ¶

func (r RString) FilterMatches(a string) bool

FilterMatches returns true if a filter matches a topic rule.

func (RString) Matches ¶

func (r RString) Matches(a string) bool

Matches returns true if the rule matches a given string.

type UserRule ¶

type UserRule struct {
	Username RString `json:"username,omitempty" yaml:"username,omitempty"` // the username of a user
	Password RString `json:"password,omitempty" yaml:"password,omitempty"` // the password of a user
	ACL      Filters `json:"acl,omitempty" yaml:"acl,omitempty"`           // filters to match, if desired
	Disallow bool    `json:"disallow,omitempty" yaml:"disallow,omitempty"` // allow or disallow the user
}

UserRule defines a set of access rules for a specific user.

type Users ¶

type Users map[string]UserRule

Users contains a map of access rules for specific users, keyed on username.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL