fix: don't crash when 401 and 403 unauthorize

apps/emqx/include/http_api.hrl

@@ -17,6 +17,7 @@
 %% HTTP API Auth
 -define(BAD_USERNAME_OR_PWD, 'BAD_USERNAME_OR_PWD').
 -define(BAD_API_KEY_OR_SECRET, 'BAD_API_KEY_OR_SECRET').
+-define(API_KEY_NOT_ALLOW_MSG, <<"This API Key don't have permission to access this resource">>).
 
 %% Bad Request
 -define(BAD_REQUEST, 'BAD_REQUEST').

apps/emqx_dashboard/src/emqx_dashboard.erl

@@ -260,8 +260,7 @@ api_key_authorize(Req, Key, Secret) ->
                 <<"Not allowed, Check api_key/api_secret">>
             );
         {error, unauthorized_role} ->
-            {403, 'UNAUTHORIZED_ROLE',
-                <<"This API Key don't have permission to access this resource">>};
+            {403, 'UNAUTHORIZED_ROLE', ?API_KEY_NOT_ALLOW_MSG};
         {error, _} ->
             return_unauthorized(
                 ?BAD_API_KEY_OR_SECRET,

apps/emqx_dashboard/src/emqx_dashboard_audit.erl

@@ -17,6 +17,7 @@
 -module(emqx_dashboard_audit).
 
 -include_lib("emqx/include/logger.hrl").
+-include_lib("emqx/include/http_api.hrl").
 %% API
 -export([log/2]).
 
@@ -65,19 +66,20 @@ log_meta(Meta, Req) ->
 duration_ms(#{req_start := ReqStart, req_end := ReqEnd}) ->
     erlang:convert_time_unit(ReqEnd - ReqStart, native, millisecond).
 
-from(Meta) ->
-    case maps:find(auth_type, Meta) of
-        {ok, jwt_token} ->
-            dashboard;
-        {ok, api_key} ->
-            rest_api;
-        error ->
-            case maps:find(operation_id, Meta) of
-                %% login api create jwt_token, so we don have authorization in it's headers
-                {ok, <<"/login">>} -> dashboard;
-                _ -> unknown
-            end
+from(#{auth_type := jwt_token}) ->
+    dashboard;
+from(#{auth_type := api_key}) ->
+    rest_api;
+from(#{operation_id := <<"/login">>}) ->
+    dashboard;
+from(#{code := Code} = Meta) when Code =:= 401 orelse Code =:= 403 ->
+    case maps:find(failure, Meta) of
+        {ok, #{code := 'BAD_API_KEY_OR_SECRET'}} -> rest_api;
+        {ok, #{code := 'UNAUTHORIZED_ROLE', message := ?API_KEY_NOT_ALLOW_MSG}} -> rest_api;
+        %% 'TOKEN_TIME_OUT' 'BAD_TOKEN' is dashboard code.
+        _ -> dashboard
     end.
+
 source(#{source := Source}) -> Source;
 source(#{operation_id := <<"/login">>, body := #{<<"username">> := Username}}) -> Username;
 source(_Meta) -> <<"">>.

rel/i18n/emqx_audit_api.hocon

@@ -17,7 +17,7 @@ filter_from.desc:
 `rest_api`: API KEY request logs.
 `cli`: The emqx command line logs.
 `erlang_console`: The emqx remote_console run function logs.
-`event`: Logs related to events such as emqx_start, emqx_stop, audit_enabled, and audit_disabled."""
+`event`: Logs related to events such as emqx_start, emqx_gracefully_stop, audit_enabled, and audit_disabled."""
 
 filter_source.desc:
 """"Filter logs based on source, Possible values are:

rel/i18n/emqx_conf_schema.hocon

@@ -726,7 +726,7 @@ audit_handler_level.label:
 """Log Level"""
 
 audit_log_max_filter_limit.desc:
-"""Maximum size of the filter."""
+"""Store the latest N log entries in a database for allow `/audit` HTTP API to filter and retrieval of log data."""
 
 audit_log_max_filter_limit.label:
 """Max Filter Limit"""