kennyh
/
emqx4.3


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980
							%%--------------------------------------------------------------------
%% Copyright (c) 2013-2018 EMQ Enterprise, Inc. (http://emqtt.io)
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%%     http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%--------------------------------------------------------------------

-module(emqttd_auth_mod).

-author("Feng Lee <feng@emqtt.io>").

-include("emqttd.hrl").

-export([passwd_hash/2]).

-type(hash_type() :: plain | md5 | sha | sha256 | pbkdf2 | bcrypt).

%%--------------------------------------------------------------------
%% Authentication behavihour
%%--------------------------------------------------------------------

-ifdef(use_specs).

-callback(init(AuthOpts :: list()) -> {ok, State :: any()}).

-callback(check(Client   :: mqtt_client(),
                Password :: binary(),
                State    :: any())
          -> ok | | {ok, boolean()} | ignore | {error, string()}).

-callback(description() -> string()).

-else.

-export([behaviour_info/1]).

behaviour_info(callbacks) ->
    [{init, 1}, {check, 3}, {description, 0}];
behaviour_info(_Other) ->
    undefined.

-endif.

%% @doc Password Hash
-spec(passwd_hash(hash_type(), binary() | tuple()) -> binary()).
passwd_hash(plain,  Password)  ->
    Password;
passwd_hash(md5,    Password)  ->
    hexstring(crypto:hash(md5, Password));
passwd_hash(sha,    Password)  ->
    hexstring(crypto:hash(sha, Password));
passwd_hash(sha256, Password)  ->
    hexstring(crypto:hash(sha256, Password));
passwd_hash(pbkdf2, {Salt, Password, Macfun, Iterations, Dklen}) ->
    case pbkdf2:pbkdf2(Macfun, Password, Salt, Iterations, Dklen) of
        {ok, Hexstring} -> pbkdf2:to_hex(Hexstring);
        {error, Error} -> lager:error("PasswdHash with pbkdf2 error:~p", [Error]), <<>>
    end;
passwd_hash(bcrypt, {Salt, Password}) ->
    case bcrypt:hashpw(Password, Salt) of
        {ok, HashPassword} -> list_to_binary(HashPassword);
        {error, Error}-> lager:error("PasswdHash with bcrypt error:~p", [Error]), <<>>
    end.

hexstring(<<X:128/big-unsigned-integer>>) ->
    iolist_to_binary(io_lib:format("~32.16.0b", [X]));
hexstring(<<X:160/big-unsigned-integer>>) ->
    iolist_to_binary(io_lib:format("~40.16.0b", [X]));
hexstring(<<X:256/big-unsigned-integer>>) ->
    iolist_to_binary(io_lib:format("~64.16.0b", [X])).