Mnesia 认证

Mnesia 认证使用 EMQ X 内置 Mnesia 数据库存储客户端 Client ID/Username 与密码,支持通过 HTTP API 管理认证数据。

Mnesia 认证不依赖外部数据源,使用上足够简单轻量。

插件:

  1. emqx_auth_mnesia

哈希方法

Mnesia 认证默认使用 sha256 进行密码哈希加密,可在 etc/plugins/emqx_auth_mnesia.conf 中更改:

  1. # etc/plugins/emqx_auth_mnesia.conf
  2. ## Value: plain | md5 | sha | sha256
  3. auth.mnesia.password_hash = sha256

配置哈希方法后,新增的预设认证数据与通过 HTTP API 添加的认证数据将以哈希密文存储在 EMQ X 内置数据库中。

预设认证数据

可以通过配置文件预设认证数据,编辑配置文件:etc/plugins/emqx_auth_mnesia.conf

预设认证数据格式兼容 emqx_auth_clientidemqx_auth_username 插件的配置格式

  1. # etc/plugins/emqx_auth_mnesia.conf
  2. ## clientid 认证数据
  3. auth.client.1.clientid = admin_client
  4. auth.client.1.password = public
  5. ## username 认证数据
  6. auth.user.2.username = admin
  7. auth.user.2.password = public

插件启动时将读取预设认证数据并加载到 EMQ X 内置数据库中,节点上的认证数据会在此阶段同步至集群中。

WARNING

预设认证数据在配置文件中使用了明文密码,出于安全性与可维护性考虑应当避免使用该功能。

使用 HTTP API 管理认证数据

添加认证数据

  • Clientid

    1. # Request
    2. POST api/v4/auth_clientid
    3. {
    4. "clientid": "emqx_c",
    5. "password": "emqx_p"
    6. }
    7. # Response
    8. {
    9. "code": 0
    10. }
  • Username

    1. # Request
    2. POST api/v4/auth_username
    3. {
    4. "username": "emqx_u",
    5. "password": "emqx_p"
    6. }
    7. # Response
    8. {
    9. "code": 0
    10. }

批量添加认证数据

  • Clientid

    1. # Request
    2. POST api/v4/auth_clientid
    3. [
    4. {
    5. "clientid": "emqx_c_1",
    6. "password": "emqx_p"
    7. },
    8. {
    9. "clientid": "emqx_c_2",
    10. "password": "emqx_p"
    11. }
    12. ]
    13. # Response
    14. {
    15. "data": {
    16. "emqx_c_2": "ok",
    17. "emqx_c_1": "ok"
    18. },
    19. "code": 0
    20. }
  • Username

    1. # Request
    2. POST api/v4/auth_username
    3. [
    4. {
    5. "username": "emqx_u_1",
    6. "password": "emqx_p"
    7. },
    8. {
    9. "username": "emqx_u_2",
    10. "password": "emqx_p"
    11. }
    12. ]
    13. # Response
    14. {
    15. "data": {
    16. "emqx_c_2": "ok",
    17. "emqx_c_1": "ok"
    18. },
    19. "code": 0
    20. }

查看已经添加的认证数据

  • Clientid

    1. # Request
    2. GET api/v4/auth_clientid
    3. # Response
    4. {
    5. "meta": {
    6. "page": 1,
    7. "limit": 10,
    8. "count": 1
    9. },
    10. "data": [
    11. "clinetid": "emqx_c",
    12. "clinetid": "emqx_c_1",
    13. "clinetid": "emqx_c_2"
    14. ],
    15. "code": 0
    16. }
  • Username

    1. # Request
    2. GET api/v4/auth_username
    3. # Response
    4. {
    5. "meta": {
    6. "page": 1,
    7. "limit": 10,
    8. "count": 1
    9. },
    10. "data": [
    11. "username": "emqx_u",
    12. "username": "emqx_u_1",
    13. "username": "emqx_u_2"
    14. ],
    15. "code": 0
    16. }

更改已添加的认证数据

  • Clientid

    1. # Request
    2. PUT api/v4/auth_clientid/${clientid}
    3. {
    4. "password": "emqx_new_p"
    5. }
    6. # Response
    7. {
    8. "code": 0
    9. }
  • Username

    1. # Request
    2. PUT api/v4/auth_username/${username}
    3. {
    4. "password": "emqx_new_p"
    5. }
    6. # Response
    7. {
    8. "code": 0
    9. }

查看指定的认证数据

注意此处返回的密码是使用配置文件指定哈希方式加密后的密码:

  • Clientid

    1. # Request
    2. GET api/v4/auth_clientid/${clientid}
    3. # Response
    4. {
    5. "code": 0,
    6. "data": {
    7. "clientid": "emqx_c",
    8. "password": "091dc8753347e7dc5d348508fe6323735eecdb84fa800548870158117af8a0c0"
    9. }
    10. }
  • Username

    1. # Request
    2. GET api/v4/auth_username/${username}
    3. # Response
    4. {
    5. "code": 0,
    6. "data": {
    7. "username": "emqx_u",
    8. "password": "091dc8753347e7dc5d348508fe6323735eecdb84fa800548870158117af8a0c0"
    9. }
    10. }

删除指定的 Clientid 认证数据

  • Clinetid

    1. # Request
    2. DELETE api/v4/auth_clientid/${clientid}
    3. # Response
    4. {
    5. "code": 0
    6. }
  • Username

    1. # Request
    2. DELETE api/v4/auth_username/${username}
    3. # Response
    4. {
    5. "code": 0
    6. }