Skip to content

wuming123057/emqttd_plugin_pgsql

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
etc
etc
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CHANGELOG
CHANGELOG
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
rebar.config
rebar.config
 
 

Repository files navigation

Overview

emqttd Authentication/ACL with PostgreSQL Database.

Build Plugin

Build the plugin in emqttd project. Checkout the plugin to 'emqttd/plugins/' folder:

If the submodules exist:

git submodule update --remote plugins/emqttd_plugin_pgsql

Orelse:

git submodule add https://github.com/emqtt/emqttd_plugin_pgsql.git plugins/emqttd_plugin_pgsql

make && make dist

Configure Plugin

File: etc/plugin.config

[
  {epgsql, [
      {pools, [
          {pgauth, [
              {size, 2},
              {host, "localhost"},
              {port, 5432},
              {username,  ""},
              {password,  ""},
              {database,  "mqtt"},
              {encoding,  utf8}
          ]}
      ]}
  ]},

  {emqttd_plugin_pgsql, [

    %% select password only
    {authquery, "select password from mqtt_user where username = '%u' limit 1"},

    %% hash algorithm: md5, sha, sha256, pbkdf2?
    {password_hash, sha256},

    %% select password with salt
    %% {authquery, "select password, salt from mqtt_user where username = '%u'"},

    %% sha256 with salt prefix
    %% {password_hash, {salt, sha256}},

    %% sha256 with salt suffix
    %% {password_hash, {sha256, salt}},

    %% Comment this query, the acl will be disabled. Notice: don't edit this query!
    {aclquery, "select allow, ipaddr, username, clientid, access, topic from mqtt_acl
                 where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"},

    %% If no rules matched, return...
    {acl_nomatch, allow}
  ]}
].

Load Plugin

./bin/emqttd_ctl plugins load emqttd_plugin_pgsql

Auth Table

Notice: This is a demo table. You could authenticate with any user table.

CREATE TABLE mqtt_user (
  id SERIAL primary key,
  username character varying(100),
  password character varying(100)
  salt character varying(40)
)

ACL Table

CREATE TABLE mqtt_acl (
  id SERIAL primary key,
  allow integer,
  ipaddr character varying(60),
  username character varying(100),
  clientid character varying(100),
  access  integer,
  topic character varying(100)
) 

INSERT INTO mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)
VALUES
	(1,1,NULL,'$all',NULL,2,'#'),
	(2,0,NULL,'$all',NULL,1,'$SYS/#'),
	(3,0,NULL,'$all',NULL,1,'eq #'),
	(5,1,'127.0.0.1',NULL,NULL,2,'$SYS/#'),
	(6,1,'127.0.0.1',NULL,NULL,2,'#'),
	(7,1,NULL,'dashboard',NULL,1,'$SYS/#');

Notice that only one value allowed for ipaddr, username and clientid fields.

Support

Fork this project and implement your own authentication/ACL mechanism.

Contact feng at emqtt.io if any issues.

About

PostgreSQL Authentication Plugin

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Erlang 100.0%