Closed mushroomwithegg closed 4 years ago
If you specify a —config option you should specify credentials file path in the config file
Daniel
On 16 Jul 2020, at 12:12, Raymond Saga notifications@github.com wrote:
System Information
Aedes-cli: 0.2.4 NodeJS: 14.5.0 OS: Alpine 3.11.6 Arch: x86_64 Describe the bug I run an aedes-cli command with this two --config and --credentials but after trying to connect to the broker, it is not working. I set rejectUnauthorized to true in the config file, so I am expecting that my connection requires but it did not.
Then I try to include in the aedes-cli command --reject-unautorized and it reads it, BUT it seems it can't read the file I set in --credentials.
To Reproduce Steps to reproduce the behavior:
npm install aedes-cli -g run aedes --config config.js with rejectUnauthorized: true and set a value in credentials Try to run a mqtt-client and connect to aedes broker without username/password The broker will allow the connection Expected behavior Aedes are not reading both the files set in --config and --credentials
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
Here's the exact command that I run:
docker run --rm --name aedes-test -it -p 1885:1883 -v $(pwd):/data i/aedes:latest --config /data/config-min.js
and the content of config-min.js is:
module.exports = {
// SERVERS
protos: ['tcp'],
host: '0.0.0.0',
port: 1883,
tlsPort: 8883,
rejectUnauthorized: true,
// AUTHORIZER
credentials: '/credentials.json'
}
Credentials should be placed inside data directory. And the path should be specific to the credentials file: /data/credentials.json
Daniel
On 16 Jul 2020, at 12:25, Raymond Saga notifications@github.com wrote:
Here's the exact command that I run: docker run --rm --name aedes-test -it -p 1885:1883 -v $(pwd):/data i/aedes:latest --config /data/config-min.js
and the content of config-min.js is:
module.exports = { // SERVERS protos: ['tcp'], host: '0.0.0.0', port: 1883, tlsPort: 8883, rejectUnauthorized: true, // AUTHORIZER credentials: '/credentials.json' } — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
It didn't work.
Here's my config-min.js:
module.exports = {
// SERVERS
protos: ['tcp'],
host: '0.0.0.0',
port: 1883,
wsPort: 3000,
wssPort: 4000,
tlsPort: 8883,
key: null,
cert: null,
rejectUnauthorized: true,
// AUTHORIZER
credentials: '/data/credentials.json',
// AEDES
brokerId: 'aedes-cli',
concurrency: 100,
queueLimit: 42,
maxClientsIdLength: 23,
heartbeatInterval: 60000,
connectTimeout: 30000,
stats: true,
statsInterval: 5000,
// PERSISTENCES
persistence: null,
mq: null,
// LOGGER
verbose: false,
veryVerbose: false,
noPretty: false
}
and my dockerfile:
FROM node:alpine
WORKDIR /
RUN npm install -g aedes-cli
EXPOSE 1883
EXPOSE 3000
EXPOSE 4000
EXPOSE 8883
ENTRYPOINT ["aedes"]
Do you see anything in the log outputv?
Daniel
On 16 Jul 2020, at 12:33, Raymond Saga notifications@github.com wrote:
It didn't work.
Here's my config-min.js:
module.exports = { // SERVERS protos: ['tcp'], host: '0.0.0.0', port: 1883, wsPort: 3000, wssPort: 4000, tlsPort: 8883, key: null, cert: null, rejectUnauthorized: true, // AUTHORIZER credentials: '/data/credentials.json', // AEDES brokerId: 'aedes-cli', concurrency: 100, queueLimit: 42, maxClientsIdLength: 23, heartbeatInterval: 60000, connectTimeout: 30000, stats: true, statsInterval: 5000, // PERSISTENCES persistence: null, mq: null, // LOGGER verbose: false, veryVerbose: false, noPretty: false } and my dockerfile:
FROM node:alpine
WORKDIR /
RUN npm install -g aedes-cli
EXPOSE 1883 EXPOSE 3000 EXPOSE 4000 EXPOSE 8883
ENTRYPOINT ["aedes"] — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
I see nothing out of normal. Here's a screenshot.
I changed verbose in config.js from false to true.
Did you run some commands to add users to credentials file? Whats the output of those commands?
I didn't run some commands, what I did was I run it from my first setup then copy the generated credentials.json and I am using it since then.
Although I tried to run aedes adduser --credentials /data/credentials.json user password
just to verify if I miss something but found nothing. It returned User *** successfully MODIFIED
.
@iwillflytothemoon rejectUnhautorized
is used with seured protocols (like tls and wss) to check if certs/keys are signed or not.
Anyway I have found the bug and I have submitted a pr to fix it
In the meanwhile, it should work by doing: aedes --config /data/config.js --credentials /data/credentials.json
I don't know if what I did is right. But I clone your branch then run npm install
and use this command:
node bin/aedes --config /data/config.js --credentials /data/credentials.js
and I got this result:
@iwillflytothemoon Thanks for the info, fixed that too. I havn't test authorizer functionality in 'black box' and I have missed those errors.
Try to pull the branch now and it should work :)
This is the result:
it depends on what wildecard you have used in allowed sub/pub glob for that client
What do you mean? Sorry I am just starting to look into MQTT.
BTW, I tried publishing message and here's what I've got.
@iwillflytothemoon Could you try to lull latest commits and retry?
Anyway what I mean is, when you add a user, you could specify a glob for authorized pub/sub topics of that user
Can now published, thanks!
I checked credentials.json and I think they are allowed to any pub/sub. Here's the data of user: user
"authorizePublish": "**",
"authorizeSubscribe": "**"
So the subscribe is still not working?
Yes. I am getting the same error. SUBACK contains only Error Codes
@iwillflytothemoon Try now :) and thanks for this issue, the authorizer was ported from mosca and needed some fixes I didn't noticed :)
It is working now mate!! Thanks!
Thanks to you, I will release a new version asap
@iwillflytothemoon Latest fixes are available on aedes-cli@0.3.0 on npm and docker now :)
System Information
Describe the bug I run an aedes-cli command with this two
--config
and--credentials
but after trying to connect to the broker, it is not working. I setrejectUnauthorized
totrue
in the config file, so I am expecting that my connection requires but it did not.Then I try to include in the aedes-cli command
--reject-unautorized
and it reads it, BUT it seems it can't read the file I set in--credentials
.To Reproduce Steps to reproduce the behavior:
rejectUnauthorized: true
and set a value incredentials
Expected behavior Aedes are not reading both the files set in --config and --credentials