支持在初始化时添加用户

This commit is contained in:
LingZhaoHui 2023-05-28 00:27:43 +08:00
parent 556c2f0a08
commit 8b3d9ff971
Signed by: zeekling
GPG Key ID: D96E4E75267CA2CC
3 changed files with 368 additions and 152 deletions

213
.clang-format Normal file
View File

@ -0,0 +1,213 @@
# 语言: None, Cpp, Java, JavaScript, ObjC, Proto, TableGen, TextProto
Language: Cpp
# BasedOnStyle: LLVM
# 访问说明符(public、private等)的偏移
AccessModifierOffset: -4
# 开括号(开圆括号、开尖括号、开方括号)后的对齐: Align, DontAlign, AlwaysBreak(总是在开括号后换行)
AlignAfterOpenBracket: Align
# 连续赋值时,对齐所有等号
AlignConsecutiveAssignments: false
# 连续声明时,对齐所有声明的变量名
AlignConsecutiveDeclarations: false
# 右对齐逃脱换行(使用反斜杠换行)的反斜杠
AlignEscapedNewlines: Right
# 水平对齐二元和三元表达式的操作数
AlignOperands: true
# 对齐连续的尾随的注释
AlignTrailingComments: true
# 不允许函数声明的所有参数在放在下一行
AllowAllParametersOfDeclarationOnNextLine: false
# 不允许短的块放在同一行
AllowShortBlocksOnASingleLine: true
# 允许短的case标签放在同一行
AllowShortCaseLabelsOnASingleLine: true
# 允许短的函数放在同一行: None, InlineOnly(定义在类中), Empty(空函数), Inline(定义在类中,空函数), All
AllowShortFunctionsOnASingleLine: None
# 允许短的if语句保持在同一行
AllowShortIfStatementsOnASingleLine: true
# 允许短的循环保持在同一行
AllowShortLoopsOnASingleLine: true
# 总是在返回类型后换行: None, All, TopLevel(顶级函数,不包括在类中的函数),
# AllDefinitions(所有的定义,不包括声明), TopLevelDefinitions(所有的顶级函数的定义)
AlwaysBreakAfterReturnType: None
# 总是在多行string字面量前换行
AlwaysBreakBeforeMultilineStrings: false
# 总是在template声明后换行
AlwaysBreakTemplateDeclarations: true
# false表示函数实参要么都在同一行要么都各自一行
BinPackArguments: true
# false表示所有形参要么都在同一行要么都各自一行
BinPackParameters: true
# 大括号换行只有当BreakBeforeBraces设置为Custom时才有效
BraceWrapping:
# class定义后面
AfterClass: false
# 控制语句后面
AfterControlStatement: false
# enum定义后面
AfterEnum: false
# 函数定义后面
AfterFunction: false
# 命名空间定义后面
AfterNamespace: false
# struct定义后面
AfterStruct: false
# union定义后面
AfterUnion: false
# extern之后
AfterExternBlock: false
# catch之前
BeforeCatch: false
# else之前
BeforeElse: false
# 缩进大括号
IndentBraces: false
# 分离空函数
SplitEmptyFunction: false
# 分离空语句
SplitEmptyRecord: false
# 分离空命名空间
SplitEmptyNamespace: false
# 在二元运算符前换行: None(在操作符后换行), NonAssignment(在非赋值的操作符前换行), All(在操作符前换行)
BreakBeforeBinaryOperators: NonAssignment
# 在大括号前换行: Attach(始终将大括号附加到周围的上下文), Linux(除函数、命名空间和类定义与Attach类似),
# Mozilla(除枚举、函数、记录定义与Attach类似), Stroustrup(除函数定义、catch、else与Attach类似),
# Allman(总是在大括号前换行), GNU(总是在大括号前换行,并对于控制语句的大括号增加额外的缩进), WebKit(在函数前换行), Custom
# 注:这里认为语句块也属于函数
BreakBeforeBraces: Custom
# 在三元运算符前换行
BreakBeforeTernaryOperators: false
# 在构造函数的初始化列表的冒号后换行
BreakConstructorInitializers: AfterColon
#BreakInheritanceList: AfterColon
BreakStringLiterals: false
# 每行字符的限制0表示没有限制
ColumnLimit: 0
CompactNamespaces: true
# 构造函数的初始化列表要么都在同一行,要么都各自一行
ConstructorInitializerAllOnOneLineOrOnePerLine: false
# 构造函数的初始化列表的缩进宽度
ConstructorInitializerIndentWidth: 4
# 延续的行的缩进宽度
ContinuationIndentWidth: 4
# 去除C++11的列表初始化的大括号{后和}前的空格
Cpp11BracedListStyle: true
# 继承最常用的指针和引用的对齐方式
DerivePointerAlignment: false
# 固定命名空间注释
FixNamespaceComments: true
# 缩进case标签
IndentCaseLabels: false
IndentPPDirectives: None
# 缩进宽度
IndentWidth: 4
# 函数返回类型换行时,缩进函数声明或函数定义的函数名
IndentWrappedFunctionNames: false
# 保留在块开始处的空行
KeepEmptyLinesAtTheStartOfBlocks: false
# 连续空行的最大数量
MaxEmptyLinesToKeep: 1
# 命名空间的缩进: None, Inner(缩进嵌套的命名空间中的内容), All
NamespaceIndentation: None
# 指针和引用的对齐: Left, Right, Middle
PointerAlignment: Right
# 允许重新排版注释
ReflowComments: true
# 允许排序#include
SortIncludes: false
# 允许排序 using 声明
SortUsingDeclarations: false
# 在C风格类型转换后添加空格
SpaceAfterCStyleCast: false
# 在Template 关键字后面添加空格
SpaceAfterTemplateKeyword: true
# 在赋值运算符之前添加空格
SpaceBeforeAssignmentOperators: true
# SpaceBeforeCpp11BracedList: true
# SpaceBeforeCtorInitializerColon: true
# SpaceBeforeInheritanceColon: true
# 开圆括号之前添加一个空格: Never, ControlStatements, Always
SpaceBeforeParens: ControlStatements
# SpaceBeforeRangeBasedForLoopColon: true
# 在空的圆括号中添加空格
SpaceInEmptyParentheses: false
# 在尾随的评论前添加的空格数(只适用于//)
SpacesBeforeTrailingComments: 1
# 在尖括号的<后和>前添加空格
SpacesInAngles: false
# 在C风格类型转换的括号中添加空格
SpacesInCStyleCastParentheses: false
# 在容器(ObjC和JavaScript的数组和字典等)字面量中添加空格
SpacesInContainerLiterals: true
# 在圆括号的(后和)前添加空格
SpacesInParentheses: false
# 在方括号的[后和]前添加空格lamda表达式和未指明大小的数组的声明不受影响
SpacesInSquareBrackets: false
# 标准: Cpp03, Cpp11, Auto
Standard: Cpp11
# tab宽度
TabWidth: 4
# 使用tab字符: Never, ForIndentation, ForContinuationAndIndentation, Always
UseTab: Never

View File

@ -10,172 +10,177 @@ static int MAX_TIME = 1000;
static RedisModuleDict *userDict = NULL; static RedisModuleDict *userDict = NULL;
RedisModuleUser *createUser(RedisModuleCtx *ctx, const char *name) { RedisModuleUser *createUser(RedisModuleCtx *ctx, const char *name) {
REDISMODULE_NOT_USED(ctx); REDISMODULE_NOT_USED(ctx);
RedisModuleUser *user = RedisModule_CreateModuleUser(name); RedisModuleUser *user = RedisModule_CreateModuleUser(name);
RedisModule_SetModuleUserACL(user, "allcommands"); RedisModule_SetModuleUserACL(user, "allcommands");
RedisModule_SetModuleUserACL(user, "allkeys"); RedisModule_SetModuleUserACL(user, "allkeys");
RedisModule_SetModuleUserACL(user, "on"); RedisModule_SetModuleUserACL(user, "on");
return user; return user;
} }
int authReply(RedisModuleCtx *ctx, RedisModuleString *username, RedisModuleString *password, RedisModuleString **err) { int authReply(RedisModuleCtx *ctx, RedisModuleString *username,
REDISMODULE_NOT_USED(password); RedisModuleString *password, RedisModuleString **err) {
void **targ = RedisModule_GetBlockedClientPrivateData(ctx); REDISMODULE_NOT_USED(password);
int result = (uintptr_t)targ[0]; void **targ = RedisModule_GetBlockedClientPrivateData(ctx);
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "auth reply"); int result = (uintptr_t)targ[0];
size_t userlen = 0; RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "auth reply");
const char *user = RedisModule_StringPtrLen(username, &userlen); size_t userlen = 0;
if (result == 1) { const char *user = RedisModule_StringPtrLen(username, &userlen);
// auth success if (result == 1) {
RedisModuleUser *moduleUser = createUser(ctx, user); // auth success
uint64_t client_id; RedisModuleUser *moduleUser = createUser(ctx, user);
int authResult = RedisModule_AuthenticateClientWithUser( uint64_t client_id;
ctx, moduleUser, NULL, NULL, &client_id); int authResult = RedisModule_AuthenticateClientWithUser(
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "auth success user=%s, %lu", user, client_id); ctx, moduleUser, NULL, NULL, &client_id);
if (authResult == REDISMODULE_ERR) { RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "auth success user=%s, %lu", user,
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "user not exits user=%s", user); client_id);
if (authResult == REDISMODULE_ERR) {
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "user not exits user=%s", user);
}
return REDISMODULE_AUTH_HANDLED;
} else if (result == 0) {
// auth failed
const char *err_msg = "Auth denied by Misc Module.";
*err = RedisModule_CreateString(ctx, err_msg, strlen(err_msg));
return REDISMODULE_AUTH_HANDLED;
} }
/** skip auth*/
return REDISMODULE_AUTH_HANDLED; return REDISMODULE_AUTH_HANDLED;
} else if (result == 0) {
// auth failed
const char *err_msg = "Auth denied by Misc Module.";
*err = RedisModule_CreateString(ctx, err_msg, strlen(err_msg));
return REDISMODULE_AUTH_HANDLED;
}
/** skip auth*/
return REDISMODULE_AUTH_HANDLED;
} }
void freeAuthData(RedisModuleCtx *ctx, void *privdata) { void freeAuthData(RedisModuleCtx *ctx, void *privdata) {
REDISMODULE_NOT_USED(ctx); REDISMODULE_NOT_USED(ctx);
RedisModule_Free(privdata); RedisModule_Free(privdata);
} }
void *AuthBlockThreadMain(void *arg) { void *AuthBlockThreadMain(void *arg) {
void **targ = arg; void **targ = arg;
RedisModuleBlockedClient *bc = targ[0]; RedisModuleBlockedClient *bc = targ[0];
RedisModuleCtx *ctx = targ[1]; RedisModuleCtx *ctx = targ[1];
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "begin auth "); RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "begin auth ");
const char *pwd = RedisModule_StringPtrLen(targ[3], NULL); const char *user = RedisModule_StringPtrLen(targ[2], NULL);
void **replyarg = RedisModule_Alloc(sizeof(void *)); const char *pwd = RedisModule_StringPtrLen(targ[3], NULL);
int result = 2; void **replyarg = RedisModule_Alloc(sizeof(void *));
int nokey; int result = 2;
struct redisAcl *acl = (struct redisAcl *)RedisModule_DictGet(userDict, targ[2], &nokey); struct redisAcl *acl = (struct redisAcl *)RedisModule_DictGetC(userDict, user, strlen(user), NULL);
if (nokey || !acl) { if (!acl) {
RedisModule_Log(ctx, LOG_LEVEL_WARNING, "auth failed"); RedisModule_Log(ctx, LOG_LEVEL_WARNING, "auth failed");
result = 0; result = 0;
goto returnResult; goto returnResult;
} }
if (!strcmp(pwd, acl->password)) { const char *passwdInModule = RedisModule_StringPtrLen(acl->password, NULL);
result = 1; if (!strcmp(pwd, passwdInModule)) {
} else { result = 1;
result = 0; } else {
} result = 0;
}
returnResult: returnResult:
replyarg[0] = (void *)(uintptr_t)result; replyarg[0] = (void *)(uintptr_t)result;
RedisModule_BlockedClientMeasureTimeEnd(bc); RedisModule_BlockedClientMeasureTimeEnd(bc);
RedisModule_UnblockClient(bc, replyarg); RedisModule_UnblockClient(bc, replyarg);
RedisModule_FreeString(NULL, targ[2]); RedisModule_FreeString(NULL, targ[2]);
RedisModule_FreeString(NULL, targ[3]); RedisModule_FreeString(NULL, targ[3]);
RedisModule_Free(targ); RedisModule_Free(targ);
return NULL; return NULL;
} }
int moduleBlockAuth(RedisModuleCtx *ctx, RedisModuleString *username, RedisModuleString *password, RedisModuleString **err) { int moduleBlockAuth(RedisModuleCtx *ctx, RedisModuleString *username,
REDISMODULE_NOT_USED(password); RedisModuleString *password, RedisModuleString **err) {
REDISMODULE_NOT_USED(err); REDISMODULE_NOT_USED(password);
RedisModuleBlockedClient *bc = REDISMODULE_NOT_USED(err);
RedisModule_BlockClientOnAuth(ctx, authReply, freeAuthData); RedisModuleBlockedClient *bc =
int ctx_flags = RedisModule_GetContextFlags(ctx); RedisModule_BlockClientOnAuth(ctx, authReply, freeAuthData);
if (ctx_flags & REDISMODULE_CTX_FLAGS_MULTI || int ctx_flags = RedisModule_GetContextFlags(ctx);
ctx_flags & REDISMODULE_CTX_FLAGS_LUA) { if (ctx_flags & REDISMODULE_CTX_FLAGS_MULTI || ctx_flags & REDISMODULE_CTX_FLAGS_LUA) {
RedisModule_UnblockClient(bc, NULL); RedisModule_UnblockClient(bc, NULL);
return REDISMODULE_AUTH_HANDLED; return REDISMODULE_AUTH_HANDLED;
} }
RedisModule_BlockedClientMeasureTimeStart(bc); RedisModule_BlockedClientMeasureTimeStart(bc);
pthread_t tid; pthread_t tid;
void **targ = RedisModule_Alloc(sizeof(void *) * 4); void **targ = RedisModule_Alloc(sizeof(void *) * 4);
targ[0] = bc; targ[0] = bc;
targ[1] = ctx; targ[1] = ctx;
targ[2] = RedisModule_CreateStringFromString(NULL, username); targ[2] = RedisModule_CreateStringFromString(NULL, username);
targ[3] = RedisModule_CreateStringFromString(NULL, password); targ[3] = RedisModule_CreateStringFromString(NULL, password);
if (pthread_create(&tid, NULL, AuthBlockThreadMain, targ) != 0) { if (pthread_create(&tid, NULL, AuthBlockThreadMain, targ) != 0) {
RedisModule_AbortBlock(bc); RedisModule_AbortBlock(bc);
}
return REDISMODULE_AUTH_HANDLED;
}
int moduleAuth(RedisModuleCtx *ctx, RedisModuleString *username, RedisModuleString *password, RedisModuleString **err) {
const char *user = RedisModule_StringPtrLen(username, NULL);
const char *pwd = RedisModule_StringPtrLen(password, NULL);
int nokey;
struct redisAcl *acl = (struct redisAcl *)RedisModule_DictGet(userDict, username, &nokey);
if (!nokey) {
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "user=%s, password=", acl->username, acl->password);
}
if (!nokey && acl->password && !strcmp(pwd, acl->password)) {
RedisModuleUser *moduleUser = createUser(ctx, user);
uint64_t client_id;
int authResult = RedisModule_AuthenticateClientWithUser(
ctx, moduleUser, NULL, NULL, &client_id);
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "auth success user=%s, %lu", user, client_id);
if (authResult == REDISMODULE_ERR) {
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "user not exits user=%s", user);
} }
return REDISMODULE_AUTH_HANDLED; return REDISMODULE_AUTH_HANDLED;
} else {
const char *err_msg = "Auth denied by Misc Module.";
*err = RedisModule_CreateString(ctx, err_msg, strlen(err_msg));
return REDISMODULE_AUTH_HANDLED;
}
return REDISMODULE_AUTH_NOT_HANDLED;
} }
void cronLoopCallBack(RedisModuleCtx *ctx, RedisModuleEvent *e, uint64_t sub, void *data) { int moduleAuth(RedisModuleCtx *ctx, RedisModuleString *username,
REDISMODULE_NOT_USED(e); RedisModuleString *password, RedisModuleString **err) {
RedisModuleCronLoop *ei = data; const char *user = RedisModule_StringPtrLen(username, NULL);
REDISMODULE_NOT_USED(ei); const char *pwd = RedisModule_StringPtrLen(password, NULL);
REDISMODULE_NOT_USED(sub); struct redisAcl *acl = (struct redisAcl *)RedisModule_DictGetC(userDict, user, strlen(user), NULL);
if (time < MAX_TIME) { if (!acl) {
times++; const char *err_msg = "Auth denied by Misc Module.";
return; *err = RedisModule_CreateString(ctx, err_msg, strlen(err_msg));
} return REDISMODULE_AUTH_HANDLED;
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "cron event"); }
times = 0; const char *userInModule = RedisModule_StringPtrLen(acl->username, NULL);
const char *userInPass = RedisModule_StringPtrLen(acl->password, NULL);
if (!strcmp(pwd, userInPass)) {
RedisModuleUser *moduleUser = createUser(ctx, userInModule);
uint64_t client_id;
RedisModule_AuthenticateClientWithUser(ctx, moduleUser, NULL, NULL, &client_id);
return REDISMODULE_AUTH_HANDLED;
} else {
const char *err_msg = "Auth denied by Misc Module.";
*err = RedisModule_CreateString(ctx, err_msg, strlen(err_msg));
return REDISMODULE_AUTH_HANDLED;
}
return REDISMODULE_AUTH_NOT_HANDLED;
} }
int initUsers(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) { void cronLoopCallBack(RedisModuleCtx *ctx, RedisModuleEvent *e, uint64_t sub,
REDISMODULE_NOT_USED(ctx); void *data) {
REDISMODULE_NOT_USED(argv); REDISMODULE_NOT_USED(e);
REDISMODULE_NOT_USED(argc); RedisModuleCronLoop *ei = data;
if (userDict == NULL) { REDISMODULE_NOT_USED(ei);
userDict = RedisModule_CreateDict(ctx); REDISMODULE_NOT_USED(sub);
} if (time < MAX_TIME) {
struct redisAcl *acl = RedisModule_Calloc(1, sizeof(struct redisAcl)); times++;
acl->username = "foo"; return;
acl->password = "block_allow"; }
RedisModuleString *key = RedisModule_CreateString(ctx, acl->username, strlen(acl->username)); RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "cron event");
int result = RedisModule_DictSet(userDict, key, &acl); times = 0;
if (result == REDISMODULE_OK) {
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "user add success, username=%s", acl->username);
}
return REDISMODULE_OK;
} }
int RedisModule_OnLoad(RedisModuleCtx *ctx, RedisModuleString **argv, int argc) { int initUsers(RedisModuleCtx *ctx, const char *user, const char *passwd) {
REDISMODULE_NOT_USED(argv); REDISMODULE_NOT_USED(ctx);
REDISMODULE_NOT_USED(argc); if (userDict == NULL) {
if (RedisModule_Init(ctx, "redis-auth", 1, REDISMODULE_APIVER_1) == REDISMODULE_ERR) { userDict = RedisModule_CreateDict(ctx);
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "init redis-auth failed"); }
return REDISMODULE_ERR; struct redisAcl *acl;
} acl = RedisModule_Alloc(sizeof(*acl));
memset(acl, 0, sizeof(*acl));
RedisModule_RegisterAuthCallback(ctx, moduleBlockAuth); acl->username = RedisModule_CreateString(ctx, user, strlen(user));
RedisModule_RegisterAuthCallback(ctx, moduleAuth); acl->password = RedisModule_CreateString(ctx, passwd, strlen(passwd));
int result = RedisModule_DictSetC(userDict, user, strlen(user), acl);
initUsers(ctx, argv, argc); if (result == REDISMODULE_OK) {
char *userModule = RedisModule_StringPtrLen(acl->username, NULL);
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "init redis-auth success!"); char *passwdModule = RedisModule_StringPtrLen(acl->password, NULL);
return REDISMODULE_OK; RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "user add success, username=%s, password=%s", userModule, passwdModule);
}
return REDISMODULE_OK;
}
int RedisModule_OnLoad(RedisModuleCtx *ctx, RedisModuleString **argv,
int argc) {
REDISMODULE_NOT_USED(argv);
REDISMODULE_NOT_USED(argc);
if (RedisModule_Init(ctx, "redis-auth", 1, REDISMODULE_APIVER_1) == REDISMODULE_ERR) {
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "init redis-auth failed");
return REDISMODULE_ERR;
}
RedisModule_RegisterAuthCallback(ctx, moduleBlockAuth);
RedisModule_RegisterAuthCallback(ctx, moduleAuth);
initUsers(ctx, "foo", "block_allow");
RedisModule_Log(ctx, LOG_LEVEL_NOTICE, "init redis-auth success!");
return REDISMODULE_OK;
} }

View File

@ -11,8 +11,8 @@
#define UNUSED(V) ((void) V) #define UNUSED(V) ((void) V)
struct redisAcl { struct redisAcl {
char *username; RedisModuleString *username;
char *password; RedisModuleString *password;
} redisAcl; } redisAcl;
@ -30,8 +30,6 @@ int moduleAuth(RedisModuleCtx *ctx, RedisModuleString *username, RedisModuleStri
void cronLoopCallBack(RedisModuleCtx *ctx, RedisModuleEvent *e, uint64_t sub, void *data); void cronLoopCallBack(RedisModuleCtx *ctx, RedisModuleEvent *e, uint64_t sub, void *data);
int initUsers(RedisModuleCtx *ctx, RedisModuleString **argv, int argc);
#endif // REDISAUTH_H #endif // REDISAUTH_H