diff --git a/.github/workflows/runtests.yaml b/.github/workflows/runtests.yaml index af78f13..c780f94 100644 --- a/.github/workflows/runtests.yaml +++ b/.github/workflows/runtests.yaml @@ -17,5 +17,14 @@ jobs: - name: Build run: go build ./... + - name: Docker compose up + run: | + docker compose up -d + + until docker exec mysql mysqladmin ping -h "127.0.0.1" --silent; do + echo 'waiting for mysql...' + sleep 3 + done + - name: Test - run: go test ./... \ No newline at end of file + run: go test -v ./... diff --git a/README.md b/README.md index 15091fa..2d17a58 100644 --- a/README.md +++ b/README.md @@ -207,6 +207,30 @@ if err != nil { } println("Password hash for MQTT client: ", hashed) ``` +### MySQL + +The schema required is as follows: +```sql +BEGIN; +CREATE TABLE auth ( + id INT AUTO_INCREMENT PRIMARY KEY, + username VARCHAR(255) NOT NULL UNIQUE, + password VARCHAR(255) NOT NULL, + allow SMALLINT DEFAULT 1 NOT NULL, + created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + updated TIMESTAMP NULL +); +CREATE TABLE acl ( + id INT AUTO_INCREMENT PRIMARY KEY, + username VARCHAR(255) NOT NULL, + topic VARCHAR(255) NOT NULL, + access SMALLINT DEFAULT 3 NOT NULL, + created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + updated TIMESTAMP NULL +); +CREATE INDEX acl_username_idx ON acl(username); +COMMIT; +``` ### Access Control #### Allow Hook By default, Comqtt uses a DENY-ALL access control rule. To allow connections, this must overwritten using an Access Control hook. The simplest of these hooks is the `auth.AllowAll` hook, which provides ALLOW-ALL rules to all connections, subscriptions, and publishing. It's also the simplest hook to use: diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..78b1738 --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,12 @@ +services: + mysql: + image: mysql:8.0 + container_name: mysql + environment: + MYSQL_ROOT_PASSWORD: 12345678 + MYSQL_DATABASE: comqtt + ports: + - "3306:3306" + command: --character-set-server=utf8 --collation-server=utf8_general_ci + volumes: + - ./plugin/auth/mysql/testdata/init.sql:/docker-entrypoint-initdb.d/init.sql \ No newline at end of file diff --git a/plugin/auth/crypto.go b/plugin/auth/crypto.go index 745f78f..02b8394 100644 --- a/plugin/auth/crypto.go +++ b/plugin/auth/crypto.go @@ -8,6 +8,7 @@ import ( "crypto/sha512" "encoding/base64" "encoding/hex" + "golang.org/x/crypto/bcrypt" ) diff --git a/plugin/auth/mysql/mysql_test.go b/plugin/auth/mysql/mysql_test.go index 2b93c8e..dccf155 100644 --- a/plugin/auth/mysql/mysql_test.go +++ b/plugin/auth/mysql/mysql_test.go @@ -14,7 +14,7 @@ import ( "github.com/wind-c/comqtt/v2/plugin" ) -const path = "./conf.yml" +const path = "./testdata/conf.yml" var ( // Currently, the input is directed to /dev/null. If you need to diff --git a/plugin/auth/mysql/conf.yml b/plugin/auth/mysql/testdata/conf.yml similarity index 100% rename from plugin/auth/mysql/conf.yml rename to plugin/auth/mysql/testdata/conf.yml diff --git a/plugin/auth/mysql/testdata/init.sql b/plugin/auth/mysql/testdata/init.sql new file mode 100644 index 0000000..b81ae14 --- /dev/null +++ b/plugin/auth/mysql/testdata/init.sql @@ -0,0 +1,27 @@ +BEGIN; + +CREATE TABLE auth ( + id INT AUTO_INCREMENT PRIMARY KEY, + username VARCHAR(255) NOT NULL UNIQUE, + password VARCHAR(255) NOT NULL, + allow SMALLINT DEFAULT 1 NOT NULL, + created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + updated TIMESTAMP NULL +); + +CREATE TABLE acl ( + id INT AUTO_INCREMENT PRIMARY KEY, + username VARCHAR(255) NOT NULL, + topic VARCHAR(255) NOT NULL, + access SMALLINT DEFAULT 3 NOT NULL, + created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, + updated TIMESTAMP NULL +); + +CREATE INDEX acl_username_idx ON acl(username); + +-- 123456 +INSERT INTO auth (username, password, allow) VALUES ('zhangsan', '$2a$12$j8bs10UCRC5GUENPqZXLceACpN1l72wcDaN6F0j0rIbcHIZpt0Cbq', 1); +INSERT INTO acl (username, topic, access) VALUES ('zhangsan', 'topictest/1', 2); + +COMMIT;