使用emqx4.3的版本开启了http认证,使用普通用户去连的时候,/mqtt/auth接口返回200,/mqtt/superuser返回401,提示连不上not_authorized,将emqx版本退回到4.2的时候就可以连接上,这个是什么原因
这个应该看下你的http server的处理代码
或者配置哦
我的httpserver的处理代码很简单,因为是测试,所以没有逻辑,接口直接返回http statusCode 200或者401,这是我打开调试日志eqmx的日志信息
2023-02-24T15:18:34.068769+08:00 [error] mqttx_ce632167@122.224.148.170:49085 [Hooks] Failed to execute {emqx_auth_http,check,[#{auth => #{headers => [{<<“content-type”>>,“application/x-www-form-urlencoded”}],method => post,params => [{“clientid”,“%c”},{“username”,“%u”},{“password”,“%P”}],path => “/api/home/auth”,pool_name => ‘emqx_auth_http/auth_req’,pool_opts => [{host,{111,229,66,227}},{port,83},{enable_pipelining,100},{pool_size,32},{pool_type,random},{connect_timeout,10000},{retry,5},{retry_timeout,1000},{transport_opts,[{ipv6_probe,true}]}],timeout => 10000,url => “http://111.229.66.227:83/api/home/auth”},super => #{headers => [],method => post,params => [{“clientid”,“%c”},{“username”,“%u”}],path => “/api/home/superuser”,pool_name => ‘emqx_auth_http/super_req’,pool_opts => [{host,{111,229,66,227}},{port,83},{enable_pipelining,100},{pool_size,32},{pool_type,random},{connect_timeout,10000},{retry,5},{retry_timeout,1000},{transport_opts,[{ipv6_probe,true}]}],timeout => 10000,url => “http://111.229.66.227:83/api/home/superuser”}}]}: {error,{case_clause,undefined},[{emqx_auth_http_cli,request,7,[{file,“emqx_auth_http_cli.erl”},{line,39}]},{emqx_auth_http,is_superuser,2,[{file,“emqx_auth_http.erl”},{line,90}]},{emqx_auth_http,check,3,[{file,“emqx_auth_http.erl”},{line,44}]},{emqx_hooks,safe_execute,2,[{file,“emqx_hooks.erl”},{line,214}]},{emqx_hooks,do_run_fold,3,[{file,“emqx_hooks.erl”},{line,193}]},{emqx_access_control,authenticate,1,[{file,“emqx_access_control.erl”},{line,43}]},{emqx_channel,auth_connect,2,[{file,“emqx_channel.erl”},{line,1331}]},{emqx_misc,pipeline,3,[{file,“emqx_misc.erl”},{line,168}]},{emqx_channel,handle_in,2,[{file,“emqx_channel.erl”},{line,285}]},{emqx_connection,with_channel,3,[{file,“emqx_connection.erl”},{line,656}]},{emqx_connection,process_msg,2,[{file,“emqx_connection.erl”},{line,356}]},{emqx_connection,process_msg,2,[{file,“emqx_connection.erl”},{line,362}]},{emqx_connection,handle_recv,3,[{file,“emqx_connection.erl”},{line,320}]},{proc_lib,wake_up,3,[{file,“proc_lib.erl”},{line,236}]}]}
2023-02-24T15:18:34.069765+08:00 [warning] mqttx_ce632167@122.224.148.170:49085 [Channel] Client mqttx_ce632167 (Username: ‘test’) login failed for not_authorized
2023-02-24T15:18:34.069941+08:00 [debug] mqttx_ce632167@122.224.148.170:49085 [MQTT] SEND CONNACK(Q0, R0, D0AckFlags=0, ReasonCode=135)
2023-02-24T15:18:34.070224+08:00 [debug] mqttx_ce632167@122.224.148.170:49085 file: emqx_connection.erl, line: 512, mfa: {emqx_connection,terminate,2}, msg: terminate, pid: <0.2246.0>, reason: {shutdown,not_authorized}
配置信息也是直接配置的docker的环境变量
这两个接口都是通的且都返回200
日志里面倒是没有看到401,但是有一个可能是bug的日志,你4.3的具体版本是多少?可以升级到最新版本看下
版本4.3.22,这个问题应该是个bug,我刚才试了一下,直接去改emqx_auth_http.conf这个配置文件,发现这个配置文件中关于super的部分都是注释状态
我打开这些注释改成我配置的地址就可以了
我使用docker镜像的环境变量就不行