auth

package
v2.4.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 11, 2024 License: MIT Imports: 7 Imported by: 48

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func MatchTopic

func MatchTopic(filter string, topic string) (elements []string, matched bool)

MatchTopic checks if a given topic matches a filter, accounting for filter wildcards. Eg. filter /a/b/+/c == topic a/b/d/c.

Types

type ACLRule

type ACLRule struct {
	Client   RString `json:"client,omitempty" yaml:"client,omitempty"`     // the id of a connecting client
	Username RString `json:"username,omitempty" yaml:"username,omitempty"` // the username of a user
	Remote   RString `json:"remote,omitempty" yaml:"remote,omitempty"`     // remote address or
	Filters  Filters `json:"filters,omitempty" yaml:"filters,omitempty"`   // filters to match
}

ACLRule defines access rules for a specific topic or filter.

type ACLRules

type ACLRules []ACLRule

ACLRules defines generic topic or filter access rules applicable to all users.

type Access

type Access byte

Access determines the read/write privileges for an ACL rule.

const (
	Deny      Access = iota // user cannot access the topic
	ReadOnly                // user can only subscribe to the topic
	WriteOnly               // user can only publish to the topic
	ReadWrite               // user can both publish and subscribe to the topic
)

type AllowHook

type AllowHook struct {
	mqtt.HookBase
}

AllowHook is an authentication hook which allows connection access for all users and read and write access to all topics.

func (*AllowHook) ID

func (h *AllowHook) ID() string

ID returns the ID of the hook.

func (*AllowHook) OnACLCheck

func (h *AllowHook) OnACLCheck(cl *mqtt.Client, topic string, write bool) bool

OnACLCheck returns true/allowed for all checks.

func (*AllowHook) OnConnectAuthenticate

func (h *AllowHook) OnConnectAuthenticate(cl *mqtt.Client, pk packets.Packet) bool

OnConnectAuthenticate returns true/allowed for all requests.

func (*AllowHook) Provides

func (h *AllowHook) Provides(b byte) bool

Provides indicates which hook methods this hook provides.

type AuthRule

type AuthRule struct {
	Client   RString `json:"client,omitempty" yaml:"client,omitempty"`     // the id of a connecting client
	Username RString `json:"username,omitempty" yaml:"username,omitempty"` // the username of a user
	Remote   RString `json:"remote,omitempty" yaml:"remote,omitempty"`     // remote address or
	Password RString `json:"password,omitempty" yaml:"password,omitempty"` // the password of a user
	Allow    bool    `json:"allow,omitempty" yaml:"allow,omitempty"`       // allow or disallow the users
}

type AuthRules

type AuthRules []AuthRule

AuthRules defines generic access rules applicable to all users.

type Filters

type Filters map[RString]Access

Filters is a map of Access rules keyed on filter.

type Hook

type Hook struct {
	mqtt.HookBase
	// contains filtered or unexported fields
}

Hook is an authentication hook which implements an auth ledger.

func (*Hook) ID

func (h *Hook) ID() string

ID returns the ID of the hook.

func (*Hook) Init

func (h *Hook) Init(config any) error

Init configures the hook with the auth ledger to be used for checking.

func (*Hook) OnACLCheck

func (h *Hook) OnACLCheck(cl *mqtt.Client, topic string, write bool) bool

OnACLCheck returns true if the connecting client has matching read or write access to subscribe or publish to a given topic.

func (*Hook) OnConnectAuthenticate

func (h *Hook) OnConnectAuthenticate(cl *mqtt.Client, pk packets.Packet) bool

OnConnectAuthenticate returns true if the connecting client has rules which provide access in the auth ledger.

func (*Hook) Provides

func (h *Hook) Provides(b byte) bool

Provides indicates which hook methods this hook provides.

type Ledger

type Ledger struct {
	sync.Mutex `json:"-" yaml:"-"`
	Users      Users     `json:"users" yaml:"users"`
	Auth       AuthRules `json:"auth" yaml:"auth"`
	ACL        ACLRules  `json:"acl" yaml:"acl"`
}

Ledger is an auth ledger containing access rules for users and topics.

func (*Ledger) ACLOk

func (l *Ledger) ACLOk(cl *mqtt.Client, topic string, write bool) (n int, ok bool)

ACLOk returns true if the rules indicate the user is allowed to read or write to a specific filter or topic respectively, based on the `write` bool.

func (*Ledger) AuthOk

func (l *Ledger) AuthOk(cl *mqtt.Client, pk packets.Packet) (n int, ok bool)

AuthOk returns true if the rules indicate the user is allowed to authenticate.

func (*Ledger) ToJSON

func (l *Ledger) ToJSON() (data []byte, err error)

ToJSON encodes the values into a JSON string.

func (*Ledger) ToYAML

func (l *Ledger) ToYAML() (data []byte, err error)

ToYAML encodes the values into a YAML string.

func (*Ledger) Unmarshal

func (l *Ledger) Unmarshal(data []byte) error

Unmarshal decodes a JSON or YAML string (such as a rule config from a file) into a struct.

func (*Ledger) Update

func (l *Ledger) Update(ln *Ledger)

Update updates the internal values of the ledger.

type Options

type Options struct {
	Data   []byte
	Ledger *Ledger
}

Options contains the configuration/rules data for the auth ledger.

type RString

type RString string

RString is a rule value string.

func (RString) FilterMatches

func (r RString) FilterMatches(a string) bool

FilterMatches returns true if a filter matches a topic rule.

func (RString) Matches

func (r RString) Matches(a string) bool

Matches returns true if the rule matches a given string.

type UserRule

type UserRule struct {
	Username RString `json:"username,omitempty" yaml:"username,omitempty"` // the username of a user
	Password RString `json:"password,omitempty" yaml:"password,omitempty"` // the password of a user
	ACL      Filters `json:"acl,omitempty" yaml:"acl,omitempty"`           // filters to match, if desired
	Disallow bool    `json:"disallow,omitempty" yaml:"disallow,omitempty"` // allow or disallow the user
}

UserRule defines a set of access rules for a specific user.

type Users

type Users map[string]UserRule

Users contains a map of access rules for specific users, keyed on username.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL