1 anno fa · 97f9c81e19
--- a/apps/emqx_authz/src/emqx_authz_http.erl
+++ b/apps/emqx_authz/src/emqx_authz_http.erl
@@ -39,6 +39,10 @@
 
				 -compile(nowarn_export_all).
			
 
				 -endif.
			
 
				 
			
 
				+-define(PH_ACCESS, <<"${access}">>).
			
 
				+-define(LEGACY_SUBSCRIBE_ACTION, 1).
			
 
				+-define(LEGACY_PUBLISH_ACTION, 2).
			
 
				+
			
 
				 -define(PLACEHOLDERS, [
			
 
				     ?PH_USERNAME,
			
 
				     ?PH_CLIENTID,
			
@@ -48,7 +52,8 @@
 
				     ?PH_TOPIC,
			
 
				     ?PH_ACTION,
			
 
				     ?PH_CERT_SUBJECT,
			
 
				-    ?PH_CERT_CN_NAME
			
 
				+    ?PH_CERT_CN_NAME,
			
 
				+    ?PH_ACCESS
			
 
				 ]).
			
 
				 
			
 
				 -define(PLACEHOLDERS_FOR_RICH_ACTIONS, [
			
@@ -234,7 +239,14 @@ serialize_body(<<"application/x-www-form-urlencoded">>, Body) ->
 
				 
			
 
				 client_vars(Client, Action, Topic) ->
			
 
				     Vars = emqx_authz_utils:vars_for_rule_query(Client, Action),
			
 
				-    Vars#{topic => Topic}.
			
 
				+    add_legacy_access_var(Vars#{topic => Topic}).
			
 
				+
			
 
				+add_legacy_access_var(#{action := subscribe} = Vars) ->
			
 
				+    Vars#{access => ?LEGACY_SUBSCRIBE_ACTION};
			
 
				+add_legacy_access_var(#{action := publish} = Vars) ->
			
 
				+    Vars#{access => ?LEGACY_PUBLISH_ACTION};
			
 
				+add_legacy_access_var(Vars) ->
			
 
				+    Vars.
			
 
				 
			
 
				 to_list(A) when is_atom(A) ->
			
 
				     atom_to_list(A);
			
--- a/apps/emqx_authz/test/emqx_authz_http_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_http_SUITE.erl
@@ -202,6 +202,7 @@ t_query_params(_Config) ->
 
				                 mountpoint := <<"MOUNTPOINT">>,
			
 
				                 topic := <<"t/1">>,
			
 
				                 action := <<"publish">>,
			
 
				+                access := <<"2">>,
			
 
				                 qos := <<"1">>,
			
 
				                 retain := <<"false">>
			
 
				             } = cowboy_req:match_qs(
			
@@ -213,6 +214,7 @@ t_query_params(_Config) ->
 
				                     mountpoint,
			
 
				                     topic,
			
 
				                     action,
			
 
				+                    access,
			
 
				                     qos,
			
 
				                     retain
			
 
				                 ],
			
@@ -230,6 +232,7 @@ t_query_params(_Config) ->
 
				                 "mountpoint=${mountpoint}&"
			
 
				                 "topic=${topic}&"
			
 
				                 "action=${action}&"
			
 
				+                "access=${access}&"
			
 
				                 "qos=${qos}&"
			
 
				                 "retain=${retain}"
			
 
				             >>
			
@@ -264,6 +267,7 @@ t_path(_Config) ->
 
				                     "MOUNTPOINT/"
			
 
				                     "t%2F1/"
			
 
				                     "publish/"
			
 
				+                    "2/"
			
 
				                     "1/"
			
 
				                     "false"
			
 
				                 >>,
			
@@ -281,6 +285,7 @@ t_path(_Config) ->
 
				                 "${mountpoint}/"
			
 
				                 "${topic}/"
			
 
				                 "${action}/"
			
 
				+                "${access}/"
			
 
				                 "${qos}/"
			
 
				                 "${retain}"
			
 
				             >>
			
@@ -321,6 +326,7 @@ t_json_body(_Config) ->
 
				                     <<"mountpoint">> := <<"MOUNTPOINT">>,
			
 
				                     <<"topic">> := <<"t">>,
			
 
				                     <<"action">> := <<"publish">>,
			
 
				+                    <<"access">> := <<"2">>,
			
 
				                     <<"qos">> := <<"1">>,
			
 
				                     <<"retain">> := <<"false">>
			
 
				                 },
			
@@ -338,6 +344,7 @@ t_json_body(_Config) ->
 
				                 <<"mountpoint">> => <<"${mountpoint}">>,
			
 
				                 <<"topic">> => <<"${topic}">>,
			
 
				                 <<"action">> => <<"${action}">>,
			
 
				+                <<"access">> => <<"${access}">>,
			
 
				                 <<"qos">> => <<"${qos}">>,
			
 
				                 <<"retain">> => <<"${retain}">>
			
 
				             }
			
@@ -405,7 +412,7 @@ t_placeholder_and_body(_Config) ->
 
				                 cowboy_req:path(Req0)
			
 
				             ),
			
 
				 
			
 
				-            {ok, [{PostVars, true}], Req1} = cowboy_req:read_urlencoded_body(Req0),
			
 
				+            {ok, PostVars, Req1} = cowboy_req:read_urlencoded_body(Req0),
			
 
				 
			
 
				             ?assertMatch(
			
 
				                 #{
			
@@ -416,10 +423,11 @@ t_placeholder_and_body(_Config) ->
 
				                     <<"mountpoint">> := <<"MOUNTPOINT">>,
			
 
				                     <<"topic">> := <<"t">>,
			
 
				                     <<"action">> := <<"publish">>,
			
 
				+                    <<"access">> := <<"2">>,
			
 
				                     <<"CN">> := ?PH_CERT_CN_NAME,
			
 
				                     <<"CS">> := ?PH_CERT_SUBJECT
			
 
				                 },
			
 
				-                emqx_utils_json:decode(PostVars, [return_maps])
			
 
				+                maps:from_list(PostVars)
			
 
				             ),
			
 
				             {ok, ?AUTHZ_HTTP_RESP(allow, Req1), State}
			
 
				         end,
			
@@ -433,6 +441,7 @@ t_placeholder_and_body(_Config) ->
 
				                 <<"mountpoint">> => <<"${mountpoint}">>,
			
 
				                 <<"topic">> => <<"${topic}">>,
			
 
				                 <<"action">> => <<"${action}">>,
			
 
				+                <<"access">> => <<"${access}">>,
			
 
				                 <<"CN">> => ?PH_CERT_CN_NAME,
			
 
				                 <<"CS">> => ?PH_CERT_SUBJECT
			
 
				             },