Reputation: 331
EMQX http ACL auth - broker isn't available
I use EMQ X Broker v4.0.1. Simple http auth is work fine, but when I try to use http ACL auth - it doesn't work for me, despite the fact that settings are very close. When I try to refer to the broker via Eclipse Paho I get the error with status code 3 that means the broker isn't available. I turned on emqx_auth_http from dashboard. This is my EMQX settings for http ACL auth:
emqx.conf
listener.tcp.external = 1884
plugins/emqx_auth_http.conf
auth.http.auth_req = http://127.0.0.1:8991/mqtt/auth
auth.http.auth_req.method = post
auth.http.auth_req.params = clientid=%c,username=%u,password=%P
auth.http.super_req = http://somesite.com/mqtt/superuser
auth.http.super_req.method = post
auth.http.super_req.params = clientid=%c,username=%u
auth.http.acl_req = http://somesite/mqtt/acl
auth.http.acl_req.method = post
auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m
auth.http.request.retry_times = 3
auth.http.request.retry_interval = 1s
auth.http.request.retry_backoff = 2.0
Endpoints(http://somesite.com/mqtt/superuser, http://somesite/mqtt/acl) are working fine and I can get access to it from Postaman app. May be you could tell me where I do something wrong in my configuration or somewhere else?
Upvotes: 2
Views: 869
Answers (1)
Reputation: 263
Maybe uou need to provide your HTTP server code.
http respose status 200 is ok
http respose status 4xx is unauthorized
http respose status 200 and body is ignore means break
This is a project just passed the test: egg-iot-with-mqtt
/**
* Auth
*/
router.post('/mqtt/auth', async (ctx, next) => {
const { clientid, username, password } = ctx.request.body
// Mock
// 200 means ok
if (clientid === '' || 'your condition') {
ctx.body = ''
} else {
// 4xx unauthorized
ctx.status = 401
}
})
/**
* ACL
*/
router.post('/mqtt/acl', async (ctx, next) => {
/**
* Request Body
* access: 1 | 2, 1 = sub, 2 = pub
* access in body now is string !!!
{
access: '1',
username: 'undefined',
clientid: 'mqttjs_bf980bf7',
ipaddr: '127.0.0.1',
topic: 't/1',
mountpoint: 'undefined'
}
*/
const info = ctx.request.body
console.log(info)
if (info.topic === 't/2') {
// 200 is ok
ctx.body = ''
} else {
// 4xx is unauthorized
ctx.status = 403
}
})
Upvotes: 2
Related Questions
- Cannot to EMQX Cloud Broker via unsecure Web Sockets - secure ws works
- Why does my subscription to the public MQTT broker receive no messages but my own?
- Can't connect to broker over SSL
- Mosquitto MQTT Broker setup with authentication username password
- Emqx: Url not found
- Not able to connect to emqx mqtt broker over wss from https client
- How to connect to Amazon MQ Broker with Mosquitto MQTT Client
- Unable to connect to remote mqtt broker over ssl web-socket using Paho Javascript library
- How can i connect a Java mqtt client with username and password to an emqttd(EMQ) broker?
- Problems configuring https for Active Mq broker created in spring