| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184 |
- %%-*- mode: erlang -*-
- %% emqx_auth_pgsl config mapping
- {mapping, "auth.pgsql.server", "emqx_auth_pgsql.server", [
- {default, {"127.0.0.1", 5432}},
- {datatype, [integer, ip, string]}
- ]}.
- {mapping, "auth.pgsql.pool", "emqx_auth_pgsql.server", [
- {default, 8},
- {datatype, integer}
- ]}.
- {mapping, "auth.pgsql.database", "emqx_auth_pgsql.server", [
- {datatype, string}
- ]}.
- {mapping, "auth.pgsql.username", "emqx_auth_pgsql.server", [
- {default, ""},
- {datatype, string}
- ]}.
- {mapping, "auth.pgsql.password", "emqx_auth_pgsql.server", [
- {default, ""},
- {datatype, string}
- ]}.
- {mapping, "auth.pgsql.encoding", "emqx_auth_pgsql.server", [
- {default, utf8},
- {datatype, atom}
- ]}.
- {mapping, "auth.pgsql.ssl.enable", "emqx_auth_pgsql.server", [
- {default, off},
- {datatype, {enum, [on, off, true, false]}} %% FIXME: true/fasle is compatible with 4.0-4.2 version format, plan to delete in 5.0
- ]}.
- {mapping, "auth.pgsql.ssl.tls_versions", "emqx_auth_pgsql.server", [
- {default, "tlsv1.3,tlsv1.2,tlsv1.1"},
- {datatype, string}
- ]}.
- {mapping, "auth.pgsql.ssl.keyfile", "emqx_auth_pgsql.server", [
- {datatype, string}
- ]}.
- {mapping, "auth.pgsql.ssl.certfile", "emqx_auth_pgsql.server", [
- {datatype, string}
- ]}.
- {mapping, "auth.pgsql.ssl.cacertfile", "emqx_auth_pgsql.server", [
- {datatype, string}
- ]}.
- {mapping, "auth.pgsql.ssl.verify", "emqx_auth_pgsql.server", [
- {default, false},
- {datatype, {enum, [true, false]}}
- ]}.
- {mapping, "auth.pgsql.ssl.server_name_indication", "emqx_auth_pgsql.server", [
- {datatype, string}
- ]}.
- %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
- {mapping, "auth.pgsql.ssl_opts.keyfile", "emqx_auth_pgsql.server", [
- {datatype, string}
- ]}.
- %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
- {mapping, "auth.pgsql.ssl_opts.certfile", "emqx_auth_pgsql.server", [
- {datatype, string}
- ]}.
- %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
- {mapping, "auth.pgsql.ssl_opts.cacertfile", "emqx_auth_pgsql.server", [
- {datatype, string}
- ]}.
- %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
- {mapping, "auth.pgsql.ssl_opts.tls_versions", "emqx_auth_pgsql.server", [
- {default, "tlsv1.2"},
- {datatype, string}
- ]}.
- {translation, "emqx_auth_pgsql.server", fun(Conf) ->
- {PgHost, PgPort} =
- case cuttlefish:conf_get("auth.pgsql.server", Conf) of
- {Ip, Port} -> {Ip, Port};
- S -> case string:tokens(S, ":") of
- [Domain] -> {Domain, 5432};
- [Domain, Port] -> {Domain, list_to_integer(Port)}
- end
- end,
- Pool = cuttlefish:conf_get("auth.pgsql.pool", Conf),
- Username = cuttlefish:conf_get("auth.pgsql.username", Conf),
- Passwd = cuttlefish:conf_get("auth.pgsql.password", Conf, ""),
- DB = cuttlefish:conf_get("auth.pgsql.database", Conf),
- Encoding = cuttlefish:conf_get("auth.pgsql.encoding", Conf),
- Filter = fun(Opts) -> [{K, V} || {K, V} <- Opts, V =/= undefined] end,
- SslOpts = fun(Prefix) ->
- Verify = case cuttlefish:conf_get(Prefix ++ ".verify", Conf, false) of
- true -> verify_peer;
- false -> verify_none
- end,
- Filter([{keyfile, cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
- {certfile, cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
- {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
- {verify, Verify},
- {server_name_indication, case cuttlefish:conf_get(Prefix ++ ".server_name_indication", Conf, undefined) of
- "disable" -> disable;
- SNI -> SNI
- end},
- {versions, [list_to_existing_atom(Value)
- || Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}])
- end,
- %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
- GenSsl = case cuttlefish:conf_get("auth.pgsql.ssl.cacertfile", Conf, undefined) of
- undefined -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl_opts")}];
- _ -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl")}]
- end,
- %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0
- Ssl = case cuttlefish:conf_get("auth.pgsql.ssl.enable", Conf) of
- on -> GenSsl;
- off -> [];
- true -> [{ssl, true}, {ssl_opts, SslOpts("auth.pgsql.ssl_opts")}];
- false -> []
- end,
- TempHost = case inet:parse_address(PgHost) of
- {ok, IpAddr} ->
- IpAddr;
- _ ->
- PgHost
- end,
- [{pool_size, Pool},
- {auto_reconnect, 1},
- {host, TempHost},
- {port, PgPort},
- {username, Username},
- {password, Passwd},
- {database, DB},
- {encoding, Encoding}] ++ Ssl
- end}.
- {mapping, "auth.pgsql.auth_query", "emqx_auth_pgsql.auth_query", [
- {datatype, string}
- ]}.
- {mapping, "auth.pgsql.password_hash", "emqx_auth_pgsql.password_hash", [
- {datatype, string}
- ]}.
- {mapping, "auth.pgsql.pbkdf2_macfun", "emqx_auth_pgsql.pbkdf2_macfun", [
- {datatype, atom}
- ]}.
- {mapping, "auth.pgsql.pbkdf2_iterations", "emqx_auth_pgsql.pbkdf2_iterations", [
- {datatype, integer}
- ]}.
- {mapping, "auth.pgsql.pbkdf2_dklen", "emqx_auth_pgsql.pbkdf2_dklen", [
- {datatype, integer}
- ]}.
- {mapping, "auth.pgsql.super_query", "emqx_auth_pgsql.super_query", [
- {datatype, string}
- ]}.
- {mapping, "auth.pgsql.acl_query", "emqx_auth_pgsql.acl_query", [
- {datatype, string}
- ]}.
- {translation, "emqx_auth_pgsql.password_hash", fun(Conf) ->
- HashValue = cuttlefish:conf_get("auth.pgsql.password_hash", Conf),
- case string:tokens(HashValue, ",") of
- [Hash] -> list_to_atom(Hash);
- [Prefix, Suffix] -> {list_to_atom(Prefix), list_to_atom(Suffix)};
- [Hash, MacFun, Iterations, Dklen] -> {list_to_atom(Hash), list_to_atom(MacFun), list_to_integer(Iterations), list_to_integer(Dklen)};
- _ -> plain
- end
- end}.
|
