From eb8ec65162a78a22b8cfd3fc5a94ae728ea468ec Mon Sep 17 00:00:00 2001
From: JianBo He <heeejianbo@163.com>
Date: Fri, 20 Aug 2021 16:05:07 +0800
Subject: [PATCH] refactor(gw): refactor authentication to authenticator

---
 apps/emqx_gateway/etc/emqx_gateway.conf       | 34 ++++++------------
 apps/emqx_gateway/src/emqx_gateway.app.src    |  2 +-
 apps/emqx_gateway/src/emqx_gateway.erl        |  2 +-
 apps/emqx_gateway/src/emqx_gateway_api.erl    |  6 ++--
 .../src/emqx_gateway_insta_sup.erl            | 36 +++++++++----------
 apps/emqx_gateway/src/emqx_gateway_schema.erl | 35 ++++++++++++------
 6 files changed, 57 insertions(+), 58 deletions(-)

diff --git a/apps/emqx_gateway/etc/emqx_gateway.conf b/apps/emqx_gateway/etc/emqx_gateway.conf
index c4b732c39..41d1d10de 100644
--- a/apps/emqx_gateway/etc/emqx_gateway.conf
+++ b/apps/emqx_gateway/etc/emqx_gateway.conf
@@ -17,16 +17,12 @@ gateway.stomp {
     password = "${Packet.headers.passcode}"
   }
 
-  authentication {
-    enable = true
-    authenticators = [
-      {
-        name = "authenticator1"
-        mechanism = password-based
-        server_type = built-in-database
-        user_id_type = clientid
-       }
-    ]
+  authenticator {
+    #enable = true
+    name = "authenticator1"
+    mechanism = password-based
+    server_type = built-in-database
+    user_id_type = clientid
   }
 
   listener.tcp.1 {
@@ -42,17 +38,11 @@ gateway.coap {
 
   enable_stats = false
 
-  #authentication.enable: false
-  authentication {
-    enable = true
-    authenticators = [
-      {
-        name = "authenticator1"
-        mechanism = password-based
-        server_type = built-in-database
-        user_id_type = clientid
-      }
-    ]
+  authenticator {
+    name = "authenticator1"
+    mechanism = password-based
+    server_type = built-in-database
+    user_id_type = clientid
   }
 
   heartbeat = 30s
@@ -123,8 +113,6 @@ gateway.exproto {
     #ssl.cacertfile:
   }
 
-  authentication.enable = false
-
   listener.tcp.1 {
     bind = 7993
     acceptors = 8
diff --git a/apps/emqx_gateway/src/emqx_gateway.app.src b/apps/emqx_gateway/src/emqx_gateway.app.src
index e25b767cc..2fc329711 100644
--- a/apps/emqx_gateway/src/emqx_gateway.app.src
+++ b/apps/emqx_gateway/src/emqx_gateway.app.src
@@ -3,7 +3,7 @@
   {vsn, "0.1.0"},
   {registered, []},
   {mod, {emqx_gateway_app, []}},
-  {applications, [kernel, stdlib, grpc, lwm2m_coap, emqx, emqx_authn]},
+  {applications, [kernel, stdlib, grpc, lwm2m_coap, emqx]},
   {env, []},
   {modules, []},
   {licenses, ["Apache 2.0"]},
diff --git a/apps/emqx_gateway/src/emqx_gateway.erl b/apps/emqx_gateway/src/emqx_gateway.erl
index 3462f4d11..d2ab66362 100644
--- a/apps/emqx_gateway/src/emqx_gateway.erl
+++ b/apps/emqx_gateway/src/emqx_gateway.erl
@@ -23,7 +23,7 @@
         , load/2
         , unload/1
         , lookup/1
-        , update/1
+        , update/2
         , start/1
         , stop/1
         , list/0
diff --git a/apps/emqx_gateway/src/emqx_gateway_api.erl b/apps/emqx_gateway/src/emqx_gateway_api.erl
index eea26b3a0..9b77cc643 100644
--- a/apps/emqx_gateway/src/emqx_gateway_api.erl
+++ b/apps/emqx_gateway/src/emqx_gateway_api.erl
@@ -72,7 +72,7 @@ api_spec() ->
     {apis(), schemas()}.
 
 apis() ->
-    [ {"/gateway", metadata(gateway), gateway}  
+    [ {"/gateway", metadata(gateway), gateway}
     , {"/gateway/:name", metadata(gateway_insta), gateway_insta}
     , {"/gateway/:name/stats", metadata(gateway_insta_stats), gateway_insta_stats}
     ].
@@ -100,7 +100,7 @@ metadata(gateway) ->
                             }
                         }
                     }
-                }         
+                }
             }
         }
      }};
@@ -203,7 +203,7 @@ metadata(gateway_insta_stats) ->
                             }
                         }
                     }
-                }         
+                }
             }
         }
      }}.
diff --git a/apps/emqx_gateway/src/emqx_gateway_insta_sup.erl b/apps/emqx_gateway/src/emqx_gateway_insta_sup.erl
index 7bb3069d5..c32f10df6 100644
--- a/apps/emqx_gateway/src/emqx_gateway_insta_sup.erl
+++ b/apps/emqx_gateway/src/emqx_gateway_insta_sup.erl
@@ -105,10 +105,15 @@ init([Gateway, Ctx0, _GwDscrptr]) ->
     end.
 
 do_init_context(GwName, RawConf, Ctx) ->
-    Auth = case maps:get(authentication, RawConf, #{enable => false}) of
-               #{enable := true,
-                 authenticators := AuthCfgs} when is_list(AuthCfgs) ->
-                   create_authenticators_for_gateway_insta(GwName, AuthCfgs);
+    Auth = case maps:get(authenticators, RawConf, #{enable => false}) of
+               #{enable := false} -> undefined;
+               AuthCfg when is_map(AuthCfg) ->
+                   case maps:get(enable, AuthCfg, true) of
+                       false ->
+                           undefined;
+                       _ ->
+                           create_authenticator_for_gateway_insta(GwName, AuthCfg)
+                   end;
                _ ->
                    undefined
            end,
@@ -220,25 +225,16 @@ code_change(_OldVsn, State, _Extra) ->
 %% Internal funcs
 %%--------------------------------------------------------------------
 
-%% @doc AuthCfgs is a array of authenticatior configurations,
-%% see: emqx_authn_schema:authenticators/1
-create_authenticators_for_gateway_insta(GwName, AuthCfgs) ->
+create_authenticator_for_gateway_insta(GwName, AuthCfg) ->
     ChainId = atom_to_binary(GwName, utf8),
     case emqx_authn:create_chain(#{id => ChainId}) of
         {ok, _ChainInfo} ->
-            Results = lists:map(fun(AuthCfg = #{name := Name}) ->
-                         case emqx_authn:create_authenticator(
-                                ChainId,
-                                AuthCfg) of
-                             {ok, _AuthInfo} -> ok;
-                             {error, Reason} -> {Name, Reason}
-                         end
-                      end, AuthCfgs),
-            NResults = [ E || E <- Results, E /= ok],
-            NResults /= [] andalso begin
-                logger:error("Failed to create authenticators: ~p", [NResults]),
-                throw({bad_autheticators, NResults})
-            end, ChainId;
+            case emqx_authn:create_authenticator(ChainId, AuthCfg) of
+                {ok, _} -> ChainId;
+                {error, Reason} ->
+                    logger:error("Failed to create authenticator ~p", [Reason]),
+                    throw({bad_autheticator, Reason})
+            end;
         {error, Reason} ->
             logger:error("Failed to create authentication chain: ~p", [Reason]),
             throw({bad_chain, {ChainId, Reason}})
diff --git a/apps/emqx_gateway/src/emqx_gateway_schema.erl b/apps/emqx_gateway/src/emqx_gateway_schema.erl
index 938da15ba..facbe9026 100644
--- a/apps/emqx_gateway/src/emqx_gateway_schema.erl
+++ b/apps/emqx_gateway/src/emqx_gateway_schema.erl
@@ -42,7 +42,7 @@ fields("gateway") ->
 fields(stomp_structs) ->
     [ {frame, t(ref(stomp_frame))}
     , {clientinfo_override, t(ref(clientinfo_override))}
-    , {authentication,  t(ref(authentication))}
+    , {authenticator,  t(authenticator(), undefined, undefined)}
     , {listener, t(ref(tcp_listener_group))}
     ];
 
@@ -60,7 +60,7 @@ fields(mqttsn_structs) ->
     , {idle_timeout, t(duration())}
     , {predefined, hoconsc:array(ref(mqttsn_predefined))}
     , {clientinfo_override, t(ref(clientinfo_override))}
-    , {authentication,  t(ref(authentication))}
+    , {authenticator,  t(authenticator(), undefined, undefined)}
     , {listener, t(ref(udp_listener_group))}
     ];
 
@@ -79,14 +79,14 @@ fields(lwm2m_structs) ->
     , {mountpoint, t(string())}
     , {update_msg_publish_condition, t(union([always, contains_object_list]))}
     , {translators, t(ref(translators))}
-    , {authentication,  t(ref(authentication))}
+    , {authenticator,  t(authenticator(), undefined, undefined)}
     , {listener, t(ref(udp_listener_group))}
     ];
 
 fields(exproto_structs) ->
     [ {server, t(ref(exproto_grpc_server))}
     , {handler, t(ref(exproto_grpc_handler))}
-    , {authentication,  t(ref(authentication))}
+    , {authenticator,  t(authenticator(), undefined, undefined)}
     , {listener, t(ref(udp_tcp_listener_group))}
     ];
 
@@ -100,11 +100,6 @@ fields(exproto_grpc_handler) ->
       %% TODO: ssl
     ];
 
-fields(authentication) ->
-    [ {enable, #{type => boolean(), default => false}}
-    , {authenticators, fun emqx_authn_schema:authenticators/1}
-    ];
-
 fields(clientinfo_override) ->
     [ {username, t(string())}
     , {password, t(string())}
@@ -207,7 +202,7 @@ fields(coap_structs) ->
     , {notify_type, t(union([non, con, qos]), undefined, qos)}
     , {subscribe_qos, t(union([qos0, qos1, qos2, coap]), undefined, coap)}
     , {publish_qos, t(union([qos0, qos1, qos2, coap]), undefined, coap)}
-    , {authentication,  t(ref(authentication))}
+    , {authenticator,  t(authenticator(), undefined, undefined)}
     , {listener, t(ref(udp_listener_group))}
     ];
 
@@ -215,6 +210,26 @@ fields(ExtraField) ->
     Mod = list_to_atom(ExtraField++"_schema"),
     Mod:fields(ExtraField).
 
+authenticator() ->
+    hoconsc:union(
+      [ undefined
+      , hoconsc:ref(emqx_authn_mnesia, config)
+      , hoconsc:ref(emqx_authn_mysql, config)
+      , hoconsc:ref(emqx_authn_pgsql, config)
+      , hoconsc:ref(emqx_authn_mongodb, standalone)
+      , hoconsc:ref(emqx_authn_mongodb, 'replica-set')
+      , hoconsc:ref(emqx_authn_mongodb, 'sharded-cluster')
+      , hoconsc:ref(emqx_authn_redis, standalone)
+      , hoconsc:ref(emqx_authn_redis, cluster)
+      , hoconsc:ref(emqx_authn_redis, sentinel)
+      , hoconsc:ref(emqx_authn_http, get)
+      , hoconsc:ref(emqx_authn_http, post)
+      , hoconsc:ref(emqx_authn_jwt, 'hmac-based')
+      , hoconsc:ref(emqx_authn_jwt, 'public-key')
+      , hoconsc:ref(emqx_authn_jwt, 'jwks')
+      , hoconsc:ref(emqx_enhanced_authn_scram_mnesia, config)
+      ]).
+
 %translations() -> [].
 %
 %translations(_) -> [].