From 9b76df74dd8a1e5000beec6cdb627d9c426adb9f Mon Sep 17 00:00:00 2001 From: chowyu08 Date: Sat, 26 Aug 2017 21:17:33 +0800 Subject: [PATCH] 'aclmonitor' --- README.md | 67 +++++++++++++++++++++++++++++++++++++++++++++++- broker/auth.go | 51 ++++++++++++++++++++++++++++++++++++ broker/broker.go | 1 + 3 files changed, 118 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3a13d66..9e37790 100644 --- a/README.md +++ b/README.md @@ -61,4 +61,69 @@ $ go run main.go | Prefix | Examples | | ------------- |---------------------------------| | $queue/ | mosquitto_sub -t ‘$queue/topic’ | -~~~ \ No newline at end of file +~~~ + +### ACL Configure +#### The ACL rules define: +~~~ +Allow | type | value | pubsub | Topics +~~~ +#### ACL Config +~~~ +## type clientid , username, ipaddr +##pub 1 , sub 2, pubsub 3 +## %c is clientid , %u is username +allow ip 127.0.0.1 2 $SYS/# +allow clientid 0001 3 # +allow username admin 3 # +allow username joy 3 /test,hello/world +allow clientid * 1 toCloud/%c +allow username * 1 toCloud/%u +deny clientid * 3 # +~~~ + +~~~ +#allow local sub $SYS topic +allow ip 127.0.0.1 2 $SYS/# +~~~ +~~~ +#allow client who's id with 0001 or username with admin pub sub all topic +allow clientid 0001 3 # +allow username admin 3 # +~~~ +~~~ +#allow client with the username joy can pub sub topic '/test' and 'hello/world' +allow username joy 3 /test,hello/world +~~~ +~~~ +#allow all client pub the topic toCloud/{clientid/username} +allow clientid * 1 toCloud/%c +allow username * 1 toCloud/%u +~~~ +~~~ +#deny all client pub sub all topic +deny clientid * 3 # +~~~ +Client match acl rule one by one +~~~ + --------- --------- --------- +Client -> | Rule1 | --nomatch--> | Rule2 | --nomatch--> | Rule3 | --> + --------- --------- --------- + | | | + match match match + \|/ \|/ \|/ + allow | deny allow | deny allow | deny +~~~ + +## Performance + +* High throughput + +* High concurrency + +* Low memory and CPU + + +## License + +* Apache License Version 2.0 \ No newline at end of file diff --git a/broker/auth.go b/broker/auth.go index a24ed73..4fb82f9 100644 --- a/broker/auth.go +++ b/broker/auth.go @@ -3,6 +3,9 @@ package broker import ( "hmq/lib/acl" "strings" + + log "github.com/cihub/seelog" + "github.com/fsnotify/fsnotify" ) const ( @@ -27,3 +30,51 @@ func (c *client) CheckTopicAuth(typ int, topic string) bool { return acl.CheckTopicAuth(aclInfo, typ, ip, username, clientid, topic) } + +var ( + watchList = []string{"./conf"} +) + +func (b *Broker) handleFsEvent(event fsnotify.Event) error { + switch event.Name { + case b.config.AclConf: + if event.Op&fsnotify.Write == fsnotify.Write || + event.Op&fsnotify.Create == fsnotify.Create { + log.Info("text:handling acl config change event:", event) + aclconfig, err := acl.AclConfigLoad(event.Name) + if err != nil { + log.Error("aclconfig change failed, load acl conf error: ", err) + return err + } + b.AclConfig = aclconfig + } + } + return nil +} + +func (b *Broker) StartAclWatcher() { + go func() { + wch, e := fsnotify.NewWatcher() + if e != nil { + log.Error("start monitor acl config file error,", e) + return + } + defer wch.Close() + + for _, i := range watchList { + if err := wch.Add(i); err != nil { + log.Error("start monitor acl config file error,", err) + return + } + } + log.Info("watching acl config file change...") + for { + select { + case evt := <-wch.Events: + b.handleFsEvent(evt) + case err := <-wch.Errors: + log.Error("error:", err.Error()) + } + } + }() +} diff --git a/broker/broker.go b/broker/broker.go index 6268b88..5f1a597 100644 --- a/broker/broker.go +++ b/broker/broker.go @@ -54,6 +54,7 @@ func NewBroker(config *Config) *Broker { return nil } b.AclConfig = aclconfig + b.StartAclWatcher() } return b }