kopia lustrzana https://github.com/Yakifo/amqtt
Add plugin for checking if anonymous connection are authorized
Nicolas Jouanin
rodzic
d70e6437cf
commit
3f2a7fc8c8
|
|
@ -31,6 +31,9 @@ from .plugins.manager import PluginManager, BaseContext
|
|||
_defaults = {
|
||||
'timeout-disconnect-delay': 2,
|
||||
'publish-retry-delay': 5,
|
||||
'auth': {
|
||||
'allow-anonymous': True,
|
||||
}
|
||||
}
|
||||
|
||||
DOLLAR_SYS_ROOT = '$SYS/broker/'
|
||||
|
|
@ -129,15 +132,15 @@ class Broker:
|
|||
|
||||
:param config: Example Yaml config
|
||||
listeners:
|
||||
- default: #Mandatory
|
||||
default: #Mandatory
|
||||
max-connections: 50000
|
||||
type: tcp
|
||||
- my-tcp-1:
|
||||
my-tcp-1:
|
||||
bind: 127.0.0.1:1883
|
||||
- my-tcp-2:
|
||||
my-tcp-2:
|
||||
bind: 1.2.3.4:1883
|
||||
max-connections: 1000
|
||||
- my-tcp-ssl-1:
|
||||
my-tcp-ssl-1:
|
||||
bind: 127.0.0.1:8883
|
||||
ssl: on
|
||||
cafile: /some/cafile
|
||||
|
|
@ -145,14 +148,14 @@ class Broker:
|
|||
capath: certificate data
|
||||
certfile: /some/certfile
|
||||
keyfile: /some/key
|
||||
- my-ws-1:
|
||||
my-ws-1:
|
||||
bind: 0.0.0.0:8080
|
||||
type: ws
|
||||
timeout-disconnect-delay: 2
|
||||
publish-retry-delay: 5
|
||||
plugins-enabled: ['auth.anonymous'] #List of plugins to activate among all registered plugins
|
||||
auth:
|
||||
allow-anonymous: true / false
|
||||
plugins: ['auth.anonymous'] #List of plugins to activate among all registered plugins
|
||||
|
||||
:param loop:
|
||||
:return:
|
||||
|
|
@ -636,7 +639,7 @@ class Broker:
|
|||
:param listener:
|
||||
:return:
|
||||
"""
|
||||
returns = yield from self.plugins_manager.map_plugin_coro("authenticate", session)
|
||||
returns = yield from self.plugins_manager.map_plugin_coro("authenticate", session=session)
|
||||
if not returns:
|
||||
self.logger.debug("Authentication plugin results: %r" % returns)
|
||||
return True
|
||||
|
|
|
|||
|
|
@ -1 +1,38 @@
|
|||
__author__ = 'nico'
|
||||
# Copyright (c) 2015 Nicolas JOUANIN
|
||||
#
|
||||
# See the file license.txt for copying permission.
|
||||
import logging
|
||||
|
||||
|
||||
class AnonymousAuthPlugin:
|
||||
def __init__(self, context):
|
||||
self.context = context
|
||||
try:
|
||||
self.auth_config = self.context.config['auth']
|
||||
except KeyError:
|
||||
self.context.logger.warn("'auth' section not found in context configuration")
|
||||
|
||||
def authenticate(self, *args, **kwargs):
|
||||
authenticated = False
|
||||
if not self.auth_config:
|
||||
# auth config section not found
|
||||
self.context.logger.warn("'auth' section not found in context configuration")
|
||||
authenticated = False
|
||||
else:
|
||||
allow_anonymous = self.auth_config.get('allow-anonymous', True) # allow anonymous by default
|
||||
if allow_anonymous:
|
||||
authenticated = True
|
||||
self.context.logger.debug("Authentication success: config allows anonymous")
|
||||
else:
|
||||
try:
|
||||
session = kwargs.get('session', None)
|
||||
authenticated = True if session.username else False
|
||||
if self.context.logger.isEnabledFor(logging.DEBUG):
|
||||
if authenticated:
|
||||
self.context.logger.debug("Authentication success: session has a non empty username")
|
||||
else:
|
||||
self.context.logger.debug("Authentication failure: session has an empty username")
|
||||
except KeyError:
|
||||
self.context.logger.warn("Session informations not available")
|
||||
authenticated = False
|
||||
return authenticated
|
||||
|
|
|
|||
1
setup.py
1
setup.py
|
|
@ -39,6 +39,7 @@ setup(
|
|||
'hbmqtt.broker.plugins': [
|
||||
# 'event_logger_plugin = hbmqtt.plugins.logging:EventLoggerPlugin',
|
||||
'packet_logger_plugin = hbmqtt.plugins.logging:PacketLoggerPlugin',
|
||||
'auth_anonymous = hbmqtt.plugins.authentication:AnonymousAuthPlugin',
|
||||
],
|
||||
'hbmqtt.client.plugins': [
|
||||
'packet_logger_plugin = hbmqtt.plugins.logging:PacketLoggerPlugin',
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue