How to allow specific username to read/write on a specific topic, and denied enything else?

[hisamafahri]

I have the following auth.yml configuration:

auth:
  - username: admin
    password: admin
    allow: true
  - username: client_1
    password: client_1
    allow: true

# 0 = deny, 1 = read only, 2 = write only, 3 = read and write
acl:
  - username: admin
    filters:
      '#': 3
  - username: client_1
    filters:
      '#': 0
      client_1/#: 3

In the config above, the client_1 cannot read or write to any topics (even though I specifically wants set the client_1/#: 3.

If I remove '#': 0 from the client_1's filters, now client_1 filter can read/write to any topics.

Any idea on how to limit specific username to only able to read/write on a specific topic and denied the rest?

[mochi-co]

I had a little look at this and I think you are correct. The implementation of the ACL prevents the user from subscribing to #, but it does not prevent them for reading or writing to 'all topics matching filter' outside of this. Truthfully when I made the auth ledger hook it was supposed to be a quick example of what could be done, I never thought it would get so much use. We may need to rework the ACL code in hooks/auth/ledger.go:ACLOk to more accurately match topic filtering.