- Notifications
You must be signed in to change notification settings - Fork56
Authentication, ACL with MySQL Database
License
NotificationsYou must be signed in to change notification settings
emqx/emqx-auth-mysql
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Authentication, ACL with MySQL Database.
Notice: changed mysql driver tomysql-otp.
- FullAuthentication,Superuser,ACL support
- IPv4, IPv6 and TLS support
- Connection pool byecpool
- Completely cover MySQL 5.7, MySQL 8 in our tests
make && make tests
File: etc/emqx_auth_mysql.conf
## MySQL server address.#### Value: Port | IP:Port#### Examples: 3306, 127.0.0.1:3306, localhost:3306auth.mysql.server = 127.0.0.1:3306## MySQL pool size.#### Value: Numberauth.mysql.pool = 8## MySQL username.#### Value: String## auth.mysql.username =## MySQL Password.#### Value: String## auth.mysql.password =## MySQL database.#### Value: Stringauth.mysql.database = mqtt## Variables: %u = username, %c = clientid## Authentication query.#### Note that column names should be 'password' and 'salt' (if used).## In case column names differ in your DB - please use aliases,## e.g. "my_column_name as password".#### Value: SQL#### Variables:## - %u: username## - %c: clientid## - %C: common name of client TLS cert## - %d: subject of client TLS cert##auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1## Password hash.#### Value: plain | md5 | sha | sha256 | bcryptauth.mysql.password_hash = sha256## sha256 with salt prefix## auth.mysql.password_hash = salt,sha256## bcrypt with salt only prefix## auth.mysql.password_hash = salt,bcrypt## sha256 with salt suffix## auth.mysql.password_hash = sha256,salt## pbkdf2 with macfun iterations dklen## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512## auth.mysql.password_hash = pbkdf2,sha256,1000,20## Superuser query.#### Value: SQL#### Variables:## - %u: username## - %c: clientid## - %C: common name of client TLS cert## - %d: subject of client TLS certauth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1## ACL query.#### Value: SQL#### Variables:## - %a: ipaddr## - %u: username## - %c: clientid## Note: You can add the 'ORDER BY' statement to control the rules match orderauth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'Import mqtt.sql into your database.
./bin/emqx_ctl plugins load emqx_auth_mysql
Notice: This is a demo table. You could authenticate with any user table.
CREATETABLE `mqtt_user` (`id`int(11) unsignedNOT NULL AUTO_INCREMENT,`username`varchar(100) DEFAULTNULL,`password`varchar(100) DEFAULTNULL,`salt`varchar(35) DEFAULTNULL,`is_superuser`tinyint(1) DEFAULT0,`created` datetime DEFAULTNULL,PRIMARY KEY (`id`), UNIQUE KEY`mqtt_username` (`username`)) ENGINE=MyISAM DEFAULT CHARSET=utf8;
CREATETABLE `mqtt_acl` (`id`int(11) unsignedNOT NULL AUTO_INCREMENT,`allow`int(1) DEFAULTNULL COMMENT'0: deny, 1: allow',`ipaddr`varchar(60) DEFAULTNULL COMMENT'IpAddress',`username`varchar(100) DEFAULTNULL COMMENT'Username',`clientid`varchar(100) DEFAULTNULL COMMENT'ClientId',`access`int(2)NOT NULL COMMENT'1: subscribe, 2: publish, 3: pubsub',`topic`varchar(100)NOT NULL DEFAULT'' COMMENT'Topic Filter',PRIMARY KEY (`id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Apache License Version 2.0
EMQ X Team.
About
Authentication, ACL with MySQL Database
Topics
Resources
License
Stars
Watchers
Forks
Packages0
No packages published