'aclmonitor'

README.md

@@ -61,4 +61,69 @@ $ go run main.go
 | Prefix        | Examples                        |
 | ------------- |---------------------------------|
 | $queue/       | mosquitto_sub -t ‘$queue/topic’ |
-~~~
+~~~
+
+### ACL Configure
+#### The ACL rules define:
+~~~
+Allow | type | value | pubsub | Topics
+~~~
+#### ACL Config
+~~~
+## type clientid , username, ipaddr
+##pub 1 ,  sub 2,  pubsub 3
+## %c is clientid , %u is username
+allow      ip          127.0.0.1   2     $SYS/#
+allow      clientid    0001        3     #
+allow      username    admin       3     #
+allow      username    joy         3     /test,hello/world 
+allow      clientid    *           1     toCloud/%c
+allow      username    *           1     toCloud/%u
+deny       clientid    *           3     #
+~~~
+
+~~~
+#allow local sub $SYS topic
+allow      ip          127.0.0.1   2    $SYS/#
+~~~
+~~~
+#allow client who's id with 0001 or username with admin pub sub all topic
+allow      clientid    0001        3        #
+allow      username    admin       3        #
+~~~
+~~~
+#allow client with the username joy can pub sub topic '/test' and 'hello/world'
+allow      username    joy         3     /test,hello/world 
+~~~
+~~~
+#allow all client pub the topic toCloud/{clientid/username}
+allow      clientid    *         1         toCloud/%c
+allow      username    *         1         toCloud/%u
+~~~
+~~~
+#deny all client pub sub all topic
+deny       clientid    *         3           #
+~~~
+Client match acl rule one by one
+~~~
+          ---------              ---------              ---------
+Client -> | Rule1 | --nomatch--> | Rule2 | --nomatch--> | Rule3 | --> 
+          ---------              ---------              ---------
+              |                      |                      |
+            match                  match                  match
+             \|/                    \|/                    \|/
+        allow | deny           allow | deny           allow | deny
+~~~
+
+## Performance
+
+* High throughput
+
+* High concurrency
+
+* Low memory and CPU
+
+
+## License
+
+* Apache License Version 2.0

broker/auth.go

@@ -3,6 +3,9 @@ package broker
 import (
 	"hmq/lib/acl"
 	"strings"
+
+	log "github.com/cihub/seelog"
+	"github.com/fsnotify/fsnotify"
 )
 
 const (
@@ -27,3 +30,51 @@ func (c *client) CheckTopicAuth(typ int, topic string) bool {
 	return acl.CheckTopicAuth(aclInfo, typ, ip, username, clientid, topic)
 
 }
+
+var (
+	watchList = []string{"./conf"}
+)
+
+func (b *Broker) handleFsEvent(event fsnotify.Event) error {
+	switch event.Name {
+	case b.config.AclConf:
+		if event.Op&fsnotify.Write == fsnotify.Write ||
+			event.Op&fsnotify.Create == fsnotify.Create {
+			log.Info("text:handling acl config change event:", event)
+			aclconfig, err := acl.AclConfigLoad(event.Name)
+			if err != nil {
+				log.Error("aclconfig change failed, load acl conf error: ", err)
+				return err
+			}
+			b.AclConfig = aclconfig
+		}
+	}
+	return nil
+}
+
+func (b *Broker) StartAclWatcher() {
+	go func() {
+		wch, e := fsnotify.NewWatcher()
+		if e != nil {
+			log.Error("start monitor acl config file error,", e)
+			return
+		}
+		defer wch.Close()
+
+		for _, i := range watchList {
+			if err := wch.Add(i); err != nil {
+				log.Error("start monitor acl config file error,", err)
+				return
+			}
+		}
+		log.Info("watching acl config file change...")
+		for {
+			select {
+			case evt := <-wch.Events:
+				b.handleFsEvent(evt)
+			case err := <-wch.Errors:
+				log.Error("error:", err.Error())
+			}
+		}
+	}()
+}

broker/broker.go

@@ -54,6 +54,7 @@ func NewBroker(config *Config) *Broker {
 			return nil
 		}
 		b.AclConfig = aclconfig
+		b.StartAclWatcher()
 	}
 	return b
 }