'acl'

2026-04-26 19:48:34 +00:00 · 2017-08-26 21:08:25 +08:00
parent 202a8f349d
commit 393dfaa1c8
9 changed files with 387 additions and 8 deletions
--- a/broker/auth.go
+++ b/broker/auth.go
@@ -0,0 +1,29 @@
+package broker
+
+import (
+	"hmq/lib/acl"
+	"strings"
+)
+
+const (
+	PUB = 1
+	SUB = 2
+)
+
+func (c *client) CheckTopicAuth(typ int, topic string) bool {
+	if !c.broker.config.Acl {
+		return true
+	}
+	if strings.HasPrefix(topic, "$queue/") {
+		topic = string([]byte(topic)[7:])
+		if topic == "" {
+			return false
+		}
+	}
+	ip := c.info.remoteIP
+	username := string(c.info.username)
+	clientid := string(c.info.clientID)
+	aclInfo := c.broker.AclConfig
+	return acl.CheckTopicAuth(aclInfo, typ, ip, username, clientid, topic)
+
+}
--- a/broker/broker.go
+++ b/broker/broker.go
@@ -2,6 +2,7 @@ package broker

 import (
 	"crypto/tls"
+	"hmq/lib/acl"
 	"hmq/lib/message"
 	"net"
 	"net/http"
@@ -18,6 +19,7 @@ type Broker struct {
 	cid       uint64
 	config    *Config
 	tlsConfig *tls.Config
+	AclConfig *acl.ACLConfig
 	clients   cMap
 	routes    cMap
 	remotes   cMap
@@ -45,10 +47,22 @@ func NewBroker(config *Config) *Broker {
 		}
 		b.tlsConfig = tlsconfig
 	}
+	if b.config.Acl {
+		aclconfig, err := acl.AclConfigLoad(b.config.AclConf)
+		if err != nil {
+			log.Error("Load acl conf error: ", err)
+			return nil
+		}
+		b.AclConfig = aclconfig
+	}
 	return b
 }

 func (b *Broker) Start() {
+	if b == nil {
+		log.Error("broker is null")
+		return
+	}
 	if b.config.Port != "" {
 		go b.StartListening(CLIENT)
 	}
--- a/broker/client.go
+++ b/broker/client.go
@@ -146,11 +146,16 @@ func (c *client) ProcessPublish(buf []byte) {
 		c.Close()
 		return
 	}
+	topic := msg.Topic()
+
+	if c.typ != CLIENT || !c.CheckTopicAuth(PUB, string(topic)) {
+		return
+	}
 	c.ProcessPublishMessage(buf, msg)

 	if msg.Retain() {
 		if b := c.broker; b != nil {
-			err := b.rl.Insert(msg.Topic(), buf)
+			err := b.rl.Insert(topic, buf)
 			if err != nil {
 				log.Error("Insert Retain Message error: ", err)
 			}
@@ -246,12 +251,13 @@ func (c *client) ProcessSubscribe(buf []byte) {
 	for i, t := range topics {
 		topic := string(t)
 		//check topic auth for client
-		// if !c.CheckTopicAuth(topic, SUB) {
-		// 	log.Error("CheckSubAuth failed")
-		// 	retcodes = append(retcodes, message.QosFailure)
-		// 	continue
-		// }
-
+		if c.typ == CLIENT {
+			if !c.CheckTopicAuth(SUB, topic) {
+				log.Error("CheckSubAuth failed")
+				retcodes = append(retcodes, message.QosFailure)
+				continue
+			}
+		}
 		if _, exist := c.subs[topic]; !exist {
 			queue := false
 			if strings.HasPrefix(topic, "$queue/") {
--- a/broker/retain.go
+++ b/broker/retain.go
@@ -1,6 +1,8 @@
 package broker

-import "sync"
+import (
+	"sync"
+)

 type RetainList struct {
 	sync.RWMutex