Authentication, ACL with MySQL Database
Erlang Makefile
Latest commit 5a23552 Jan 11, 2017 @emqplus emqplus committed on GitHub Merge pull request #25 from emqtt/emq20
Copyright (c) 2012-2017
Permalink
Failed to load latest commit information.
etc fixed emqtt/emqttd#741 Oct 31, 2016
include add cuttlefish config Oct 6, 2016
priv MyHost, MyPort Oct 31, 2016
src Copyright (c) 2012-2017 Jan 11, 2017
test Copyright (c) 2012-2017 Jan 11, 2017
.gitignore ignore emq_auth_mysql.d Nov 20, 2016
CHANGES merge emq20 Oct 2, 2016
LICENSE Licensed under the Apache, Version 2.0 Feb 5, 2016
Makefile Version 2.0.7 Jan 11, 2017
README.md update conf Oct 13, 2016
erlang.mk rm packages Aug 22, 2016
mqtt.sql super user May 27, 2016
rebar.config deps/cuttlefish/cuttlefish Dec 17, 2016

README.md

emq_auth_mysql

Authentication, ACL with MySQL Database

Notice: changed mysql driver to mysql-otp.

Build Plugin

make && make tests

Configure Plugin

File: etc/emq_auth_mysql.conf

## Mysql Server
auth.mysql.server = 127.0.0.1:3306

## Mysql Pool Size
auth.mysql.pool = 8

## Mysql Username
## auth.mysql.username =

## Mysql Password
## auth.mysql.password =

## Mysql Database
auth.mysql.database = mqtt

## Variables: %u = username, %c = clientid

## Authentication Query: select password only
auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1

## Password hash: plain, md5, sha, sha256, pbkdf2
auth.mysql.passwd_hash = sha256

## %% Superuser Query
auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1

## ACL Query Command
auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'

## ACL nomatch
auth.mysql.acl_nomatch = deny

Import mqtt.sql

Import mqtt.sql into your database.

Load Plugin

./bin/emqttd_ctl plugins load emq_auth_mysql

Auth Table

Notice: This is a demo table. You could authenticate with any user table.

CREATE TABLE `mqtt_user` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(100) DEFAULT NULL,
  `password` varchar(100) DEFAULT NULL,
  `salt` varchar(20) DEFAULT NULL,
  `is_superuser` tinyint(1) DEFAULT 0,
  `created` datetime DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `mqtt_username` (`username`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

ACL Table

CREATE TABLE `mqtt_acl` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `allow` int(1) DEFAULT NULL COMMENT '0: deny, 1: allow',
  `ipaddr` varchar(60) DEFAULT NULL COMMENT 'IpAddress',
  `username` varchar(100) DEFAULT NULL COMMENT 'Username',
  `clientid` varchar(100) DEFAULT NULL COMMENT 'ClientId',
  `access` int(2) NOT NULL COMMENT '1: subscribe, 2: publish, 3: pubsub',
  `topic` varchar(100) NOT NULL DEFAULT '' COMMENT 'Topic Filter',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

License

Apache License Version 2.0

Author

Feng Lee feng@emqtt.io.