moscajs / aedes-cli

Run Aedes MQTT Broker from the CLI
MIT License
53 stars 19 forks source link

[bug] aedes --config and --credentials are not working #27

Closed mushroomwithegg closed 4 years ago

mushroomwithegg commented 4 years ago

System Information

Describe the bug I run an aedes-cli command with this two --config and --credentials but after trying to connect to the broker, it is not working. I set rejectUnauthorized to true in the config file, so I am expecting that my connection requires but it did not.

Then I try to include in the aedes-cli command --reject-unautorized and it reads it, BUT it seems it can't read the file I set in --credentials.

To Reproduce Steps to reproduce the behavior:

  1. npm install aedes-cli -g
  2. run aedes --config config.js with rejectUnauthorized: true and set a value in credentials
  3. Try to run a mqtt-client and connect to aedes broker without username/password
  4. The broker will allow the connection

Expected behavior Aedes are not reading both the files set in --config and --credentials

robertsLando commented 4 years ago

If you specify a —config option you should specify credentials file path in the config file


Daniel

On 16 Jul 2020, at 12:12, Raymond Saga notifications@github.com wrote:

 System Information

Aedes-cli: 0.2.4 NodeJS: 14.5.0 OS: Alpine 3.11.6 Arch: x86_64 Describe the bug I run an aedes-cli command with this two --config and --credentials but after trying to connect to the broker, it is not working. I set rejectUnauthorized to true in the config file, so I am expecting that my connection requires but it did not.

Then I try to include in the aedes-cli command --reject-unautorized and it reads it, BUT it seems it can't read the file I set in --credentials.

To Reproduce Steps to reproduce the behavior:

npm install aedes-cli -g run aedes --config config.js with rejectUnauthorized: true and set a value in credentials Try to run a mqtt-client and connect to aedes broker without username/password The broker will allow the connection Expected behavior Aedes are not reading both the files set in --config and --credentials

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

mushroomwithegg commented 4 years ago

Here's the exact command that I run: docker run --rm --name aedes-test -it -p 1885:1883 -v $(pwd):/data i/aedes:latest --config /data/config-min.js

and the content of config-min.js is:

module.exports = {
  // SERVERS
  protos: ['tcp'],
  host: '0.0.0.0',
  port: 1883,
  tlsPort: 8883,
  rejectUnauthorized: true,
  // AUTHORIZER
  credentials: '/credentials.json'
}
robertsLando commented 4 years ago

Credentials should be placed inside data directory. And the path should be specific to the credentials file: /data/credentials.json


Daniel

On 16 Jul 2020, at 12:25, Raymond Saga notifications@github.com wrote:

 Here's the exact command that I run: docker run --rm --name aedes-test -it -p 1885:1883 -v $(pwd):/data i/aedes:latest --config /data/config-min.js

and the content of config-min.js is:

module.exports = { // SERVERS protos: ['tcp'], host: '0.0.0.0', port: 1883, tlsPort: 8883, rejectUnauthorized: true, // AUTHORIZER credentials: '/credentials.json' } — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

mushroomwithegg commented 4 years ago

It didn't work. image

Here's my config-min.js:

module.exports = {
  // SERVERS
  protos: ['tcp'],
  host: '0.0.0.0',
  port: 1883,
  wsPort: 3000,
  wssPort: 4000,
  tlsPort: 8883,
  key: null,
  cert: null,
  rejectUnauthorized: true,
  // AUTHORIZER
  credentials: '/data/credentials.json',
  // AEDES
  brokerId: 'aedes-cli',
  concurrency: 100,
  queueLimit: 42,
  maxClientsIdLength: 23,
  heartbeatInterval: 60000,
  connectTimeout: 30000,
  stats: true,
  statsInterval: 5000,
  // PERSISTENCES
  persistence: null,
  mq: null,
  // LOGGER
  verbose: false,
  veryVerbose: false,
  noPretty: false
}

and my dockerfile:

FROM node:alpine

WORKDIR /

RUN npm install -g aedes-cli

EXPOSE 1883
EXPOSE 3000
EXPOSE 4000
EXPOSE 8883

ENTRYPOINT ["aedes"]
robertsLando commented 4 years ago

Do you see anything in the log outputv?


Daniel

On 16 Jul 2020, at 12:33, Raymond Saga notifications@github.com wrote:

 It didn't work.

Here's my config-min.js:

module.exports = { // SERVERS protos: ['tcp'], host: '0.0.0.0', port: 1883, wsPort: 3000, wssPort: 4000, tlsPort: 8883, key: null, cert: null, rejectUnauthorized: true, // AUTHORIZER credentials: '/data/credentials.json', // AEDES brokerId: 'aedes-cli', concurrency: 100, queueLimit: 42, maxClientsIdLength: 23, heartbeatInterval: 60000, connectTimeout: 30000, stats: true, statsInterval: 5000, // PERSISTENCES persistence: null, mq: null, // LOGGER verbose: false, veryVerbose: false, noPretty: false } and my dockerfile:

FROM node:alpine

WORKDIR /

RUN npm install -g aedes-cli

EXPOSE 1883 EXPOSE 3000 EXPOSE 4000 EXPOSE 8883

ENTRYPOINT ["aedes"] — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

mushroomwithegg commented 4 years ago

I see nothing out of normal. Here's a screenshot. image

I changed verbose in config.js from false to true.

robertsLando commented 4 years ago

Did you run some commands to add users to credentials file? Whats the output of those commands?

mushroomwithegg commented 4 years ago

I didn't run some commands, what I did was I run it from my first setup then copy the generated credentials.json and I am using it since then.

Although I tried to run aedes adduser --credentials /data/credentials.json user password just to verify if I miss something but found nothing. It returned User *** successfully MODIFIED.

robertsLando commented 4 years ago

@iwillflytothemoon rejectUnhautorized is used with seured protocols (like tls and wss) to check if certs/keys are signed or not.

Anyway I have found the bug and I have submitted a pr to fix it

robertsLando commented 4 years ago

In the meanwhile, it should work by doing: aedes --config /data/config.js --credentials /data/credentials.json

mushroomwithegg commented 4 years ago

I don't know if what I did is right. But I clone your branch then run npm install and use this command: node bin/aedes --config /data/config.js --credentials /data/credentials.js and I got this result:

image

robertsLando commented 4 years ago

@iwillflytothemoon Thanks for the info, fixed that too. I havn't test authorizer functionality in 'black box' and I have missed those errors.

Try to pull the branch now and it should work :)

mushroomwithegg commented 4 years ago

This is the result: image

robertsLando commented 4 years ago

it depends on what wildecard you have used in allowed sub/pub glob for that client

mushroomwithegg commented 4 years ago

What do you mean? Sorry I am just starting to look into MQTT.

BTW, I tried publishing message and here's what I've got. image

robertsLando commented 4 years ago

@iwillflytothemoon Could you try to lull latest commits and retry?

robertsLando commented 4 years ago

Anyway what I mean is, when you add a user, you could specify a glob for authorized pub/sub topics of that user

mushroomwithegg commented 4 years ago

Can now published, thanks! I checked credentials.json and I think they are allowed to any pub/sub. Here's the data of user: user

"authorizePublish": "**",   
"authorizeSubscribe": "**"
robertsLando commented 4 years ago

So the subscribe is still not working?

mushroomwithegg commented 4 years ago

Yes. I am getting the same error. SUBACK contains only Error Codes

robertsLando commented 4 years ago

@iwillflytothemoon Try now :) and thanks for this issue, the authorizer was ported from mosca and needed some fixes I didn't noticed :)

mushroomwithegg commented 4 years ago

It is working now mate!! Thanks!

robertsLando commented 4 years ago

Thanks to you, I will release a new version asap

robertsLando commented 4 years ago

@iwillflytothemoon Latest fixes are available on aedes-cli@0.3.0 on npm and docker now :)