packaging
/
j7s-jwt-mosquitto-auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

General cleanup.

This commit is contained in:
James Pace 2021-11-20 15:02:30 +00:00
parent 96e419c12c
commit 160d704114
6 changed files with 23 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/jwp-plugin/AuthList.hpp
View File

@ -15,6 +15,7 @@
#include <forward_list> #include <forward_list>
#include <string> #include <string>
// A list with easily checkable contents.
class AuthList class AuthList
{ {
public: public:

3
include/jwp-plugin/Authorizer.hpp
View File

@ -15,11 +15,10 @@
#include <jwp-plugin/AuthList.hpp> #include <jwp-plugin/AuthList.hpp>
#include <jwt-cpp/jwt.h>
#include <optional> #include <optional>
#include <string> #include <string>
// Autenticates a user using jwts.
class Authorizer class Authorizer
{ {
public: public:

3
include/jwp-plugin/jwp-plugin.h
View File

@ -12,6 +12,9 @@
// See the License for the specific language governing permissions and // See the License for the specific language governing permissions and
// limitations under the License. // limitations under the License.
// Mosquitto authentication plugin that using Authorizer to authorize
// users using jwts.
extern "C" { extern "C" {
#include "mosquitto.h" #include "mosquitto.h"
#include "mosquitto_broker.h" #include "mosquitto_broker.h"

9
src/AuthList.cpp
View File

@ -23,8 +23,7 @@ void AuthList::add(const std::string& username)
{ {
// Is the username already in the list? // Is the username already in the list?
// If not add it. // If not add it.
const auto found = std::find(std::begin(_allowedUsernames), std::end(_allowedUsernames), username); if(not confirm(username))
if(found == std::end(_allowedUsernames))
{ {
_allowedUsernames.emplace_front(username); _allowedUsernames.emplace_front(username);
} }
@ -32,8 +31,9 @@ void AuthList::add(const std::string& username)
void AuthList::remove(const std::string& username) void AuthList::remove(const std::string& username)
{ {
const auto found = std::find(std::begin(_allowedUsernames), std::end(_allowedUsernames), username); // Is the user in the list?
if(found != std::end(_allowedUsernames)) // Is so, remove it,
if(confirm(username))
{ {
_allowedUsernames.remove(username); _allowedUsernames.remove(username);
} }
@ -41,6 +41,7 @@ void AuthList::remove(const std::string& username)
bool AuthList::confirm(const std::string& username) bool AuthList::confirm(const std::string& username)
{ {
// Is the user in the list?
const auto found = std::find(std::begin(_allowedUsernames), std::end(_allowedUsernames), username); const auto found = std::find(std::begin(_allowedUsernames), std::end(_allowedUsernames), username);
if(found != std::end(_allowedUsernames)) if(found != std::end(_allowedUsernames))
{ {

10
src/Authorizer.cpp
View File

@ -63,7 +63,7 @@ bool Authorizer::add(const std::string& token, const std::string& username)
} }
catch(jwt::error::token_verification_exception& exception) catch(jwt::error::token_verification_exception& exception)
{ {
std::cout << exception.what() << std::endl; std::cerr << exception.what() << std::endl;
return false; return false;
} }
auto claims = decoded_token.get_payload_claims(); auto claims = decoded_token.get_payload_claims();
@ -71,19 +71,19 @@ bool Authorizer::add(const std::string& token, const std::string& username)
// Check username matches. // Check username matches.
if(not claims.contains("upn")) if(not claims.contains("upn"))
{ {
std::cout << "Missing upn." << std::endl; std::cerr << "Missing upn." << std::endl;
return false; return false;
} }
if(claims["upn"].as_string() != username) if(claims["upn"].as_string() != username)
{ {
std::cout << "Wrong username." << std::endl; std::cerr << "Wrong username." << std::endl;
return false; return false;
} }
// Check for mqtt-write claim value. // Check for mqtt-write claim value.
if(not (claims.contains("mqtt-write") and claims.contains("mqtt-read"))) if(not (claims.contains("mqtt-write") and claims.contains("mqtt-read")))
{ {
std::cout << "Missing mqtt-write or mqtt-read." << std::endl; std::cerr << "Missing mqtt-write or mqtt-read." << std::endl;
return false; return false;
} }
@ -91,7 +91,7 @@ bool Authorizer::add(const std::string& token, const std::string& username)
bool can_read = claims["mqtt-read"].as_bool(); bool can_read = claims["mqtt-read"].as_bool();
if(not (can_write or can_read)) if(not (can_write or can_read))
{ {
std::cout << "Can't write or can't read." << std::endl; std::cerr << "Can't write or can't read." << std::endl;
return false; return false;
} }

19
src/jwp-plugin.cpp
View File

@ -50,27 +50,24 @@ int mosquitto_plugin_init(mosquitto_plugin_id_t *identifier, void **userdata, st
if(key == "public_key") if(key == "public_key")
{ {
const auto key = Authorizer::read_key(std::string(options[index].value)); const auto key = Authorizer::read_key(std::string(options[index].value));
if(key) if(not key or key->empty())
{
public_key = *key;
}
else
{ {
mosquitto_log_printf(MOSQ_LOG_ERR, "Could not read public key.");
return MOSQ_ERR_INVAL; return MOSQ_ERR_INVAL;
} }
public_key = *key;
} }
else if(key == "issuer") else if(key == "issuer")
{ {
issuer = std::string(options[index].value); issuer = std::string(options[index].value);
if(issuer.empty())
{
mosquitto_log_printf(MOSQ_LOG_ERR, "issuer not set.");
return MOSQ_ERR_INVAL;
}
} }
} }
if(public_key.empty() or issuer.empty())
{
mosquitto_log_printf(MOSQ_LOG_ERR, "public_key or issue not set.");
return MOSQ_ERR_INVAL;
}
authorizer = std::make_unique<Authorizer>(public_key, issuer); authorizer = std::make_unique<Authorizer>(public_key, issuer);
// Register the callbacks. // Register the callbacks.