- Notifications
You must be signed in to change notification settings - Fork57
Authentication, ACL with MySQL Database
License
NotificationsYou must be signed in to change notification settings
emqx/emqx-auth-mysql
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Authentication, ACL with MySQL Database.
Notice: changed mysql driver tomysql-otp.
- FullAuthentication,Superuser,ACL support
- IPv4, IPv6 and TLS support
- Connection pool byecpool
- Completely cover MySQL 5.7, MySQL 8 in our tests
make && make tests
File: etc/emqx_auth_mysql.conf
## MySQL server address.#### Value: Port | IP:Port#### Examples: 3306, 127.0.0.1:3306, localhost:3306auth.mysql.server = 127.0.0.1:3306## MySQL pool size.#### Value: Numberauth.mysql.pool = 8## MySQL username.#### Value: String## auth.mysql.username =## MySQL Password.#### Value: String## auth.mysql.password =## MySQL database.#### Value: Stringauth.mysql.database = mqtt## Variables: %u = username, %c = clientid## Authentication query.#### Note that column names should be 'password' and 'salt' (if used).## In case column names differ in your DB - please use aliases,## e.g. "my_column_name as password".#### Value: SQL#### Variables:## - %u: username## - %c: clientid## - %C: common name of client TLS cert## - %d: subject of client TLS cert##auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1## Password hash.#### Value: plain | md5 | sha | sha256 | bcryptauth.mysql.password_hash = sha256## sha256 with salt prefix## auth.mysql.password_hash = salt,sha256## bcrypt with salt only prefix## auth.mysql.password_hash = salt,bcrypt## sha256 with salt suffix## auth.mysql.password_hash = sha256,salt## pbkdf2 with macfun iterations dklen## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512## auth.mysql.password_hash = pbkdf2,sha256,1000,20## Superuser query.#### Value: SQL#### Variables:## - %u: username## - %c: clientid## - %C: common name of client TLS cert## - %d: subject of client TLS certauth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1## ACL query.#### Value: SQL#### Variables:## - %a: ipaddr## - %u: username## - %c: clientid## Note: You can add the 'ORDER BY' statement to control the rules match orderauth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'Import mqtt.sql into your database.
./bin/emqx_ctl plugins load emqx_auth_mysql
Notice: This is a demo table. You could authenticate with any user table.
CREATETABLE `mqtt_user` (`id`int(11) unsignedNOT NULL AUTO_INCREMENT,`username`varchar(100) DEFAULTNULL,`password`varchar(100) DEFAULTNULL,`salt`varchar(35) DEFAULTNULL,`is_superuser`tinyint(1) DEFAULT0,`created` datetime DEFAULTNULL,PRIMARY KEY (`id`), UNIQUE KEY`mqtt_username` (`username`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATETABLE `mqtt_acl` (`id`int(11) unsignedNOT NULL AUTO_INCREMENT,`allow`int(1) DEFAULTNULL COMMENT'0: deny, 1: allow',`ipaddr`varchar(60) DEFAULTNULL COMMENT'IpAddress',`username`varchar(100) DEFAULTNULL COMMENT'Username',`clientid`varchar(100) DEFAULTNULL COMMENT'ClientId',`access`int(2)NOT NULL COMMENT'1: subscribe, 2: publish, 3: pubsub',`topic`varchar(100)NOT NULL DEFAULT'' COMMENT'Topic Filter',PRIMARY KEY (`id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Apache License Version 2.0
EMQ X Team.
About
Authentication, ACL with MySQL Database
Topics
Resources
License
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Packages0
No packages published
Uh oh!
There was an error while loading.Please reload this page.
Contributors15
Uh oh!
There was an error while loading.Please reload this page.