fix version

.gitlab-ci.yml

@@ -22,7 +22,6 @@ build:
                   - opt/
                   - etc/
                   - generated-version.txt
-                  - version.txt
         script:
                 - apt update
                 - apt install -y gcc g++ libssl-dev uuid-dev libcjson-dev xsltproc docbook docbook-xsl libmariadb-dev libpq-dev libwebsockets-dev
@@ -47,7 +46,6 @@ build:
                 - cp pw $BUILD_DIR/opt/bin
                 - popd
                 - VERSION=`cat VERSION`
-                - echo -n "$VERSION" > version.txt
                 - REFCNT=`git rev-list --all --count`
                 - echo -n "$VERSION.$REFCNT.$CI_COMMIT_REF_NAME" > generated-version.txt 
 
@@ -61,16 +59,12 @@ dockerize:
         dependencies:
                 - build
         script:
-                - GENERATED_VERSION=`cat generated-version.txt`
+                - VERSION=`cat generated-version.txt`
-                - VERSION=`cat version.txt`
+                - docker build --tag $IMAGE_NAME:latest --tag $IMAGE_NAME:$VERSION --tag $HUB_IMAGE_NAME:latest --tag $HUB_IMAGE_NAME:$VERSION .
-                - echo docker build --tag $IMAGE_NAME:latest --tag $IMAGE_NAME:$VERSION --tag $IMAGE_NAME:$GENERATED_VERSION --tag $HUB_IMAGE_NAME:latest --tag $HUB_IMAGE_NAME:$VERSION --tag $HUB_IMAGE_NAME:$GENERATED_VERSION .
-                - docker build --tag $IMAGE_NAME:latest --tag $IMAGE_NAME:$VERSION --tag $IMAGE_NAME:$GENERATED_VERSION --tag $HUB_IMAGE_NAME:latest --tag $HUB_IMAGE_NAME:$VERSION --tag $HUB_IMAGE_NAME:$GENERATED_VERSION .
                 - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
                 - docker push $IMAGE_NAME:latest
                 - docker push $IMAGE_NAME:$VERSION
-                - docker push $IMAGE_NAME:$GENERATED_VERSION
                 - docker login -u $DOCKER_HUB_LOGIN -p $DOCKER_HUB_PASSWORD
                 - docker push $HUB_IMAGE_NAME:latest
                 - docker push $HUB_IMAGE_NAME:$VERSION
-                - docker push $HUB_IMAGE_NAME:$GENERATED_VERSION
 

.gitmodules

@@ -3,4 +3,4 @@
 	url = https://github.com/eclipse/mosquitto.git
 [submodule "parts/mosquitto-go-auth"]
 	path = parts/mosquitto-go-auth
-	url = https://github.com/iegomez/mosquitto-go-auth.git
+	url = https://github.com/wollud1969/mosquitto-go-auth.git

Dockerfile

@@ -10,7 +10,7 @@ ARG MOSQ_GID="1883"
 
 RUN \
   apt update && \
-  apt install -y mariadb-client libpq5 openssl libwebsockets-dev certbot bash cron supervisor vim-tiny procps net-tools && \
+  apt install -y mariadb-client openssl libwebsockets-dev certbot bash cron supervisor vim-tiny procps net-tools && \
   update-alternatives --set editor /usr/bin/vim.tiny && \
   update-alternatives --set vi /usr/bin/vim.tiny && \
   groupadd -r -g $MOSQ_GID $MOSQ_USER && \

VERSION

@@ -1 +1 @@
-2.0.15-2.0.0-01
+2.0.15-1.9.1-05-debug

create-schema-postgres.sql

@@ -1,35 +0,0 @@
-CREATE TABLE public.users_t (
-    id SERIAL NOT NULL,
-    username VARCHAR(25) NOT NULL,
-    pw VARCHAR(512) NOT NULL,
-    super INTEGER DEFAULT 0 NOT NULL,
-    CONSTRAINT users_t_pk PRIMARY KEY (id),
-    CONSTRAINT users_t_uk_username UNIQUE (username)
-);
-
-CREATE TABLE public.acls_t (
-    id SERIAL NOT NULL,
-    "user" INTEGER NOT NULL,
-    topic VARCHAR(512) NOT NULL,
-    rw INTEGER DEFAULT 5 NOT NULL,
-    CONSTRAINT acls_t_pk PRIMARY KEY (id),
-    CONSTRAINT acls_t_fk_user FOREIGN KEY ("user") REFERENCES users_t(id)
-);
-
-CREATE OR REPLACE VIEW users AS
-    SELECT users_t.username,
-           users_t.pw,
-           users_t.super
-      FROM users_t;
-
-CREATE OR REPLACE VIEW acls AS
-    SELECT a.topic,
-           a.rw,
-           u.username
-      FROM users_t u,
-           acls_t a
-      WHERE a."user" = u.id;
-
-CREATE USER mosquittoauth;
-GRANT SELECT ON users, acls TO mosquittoauth;
-

readme.md

@@ -127,7 +127,7 @@ The required schema in the database is
 	    topic VARCHAR(256) NOT NULL,
 	    rw INTEGER(1) NOT NULL DEFAULT 1,	-- 1 is read, 2 is write, 3 is readwrite, 4 is subscribe
 	    PRIMARY KEY (id),
-	    CONSTRAINT `fk_users_user`
+	    CONSTRAINT `fk_book_author`
 	      FOREIGN KEY (user) REFERENCES users_t (id)
 	      ON DELETE CASCADE
 	      ON UPDATE CASCADE
@@ -145,10 +145,6 @@ The password is generated using the `pw` tool provided by mosquitto-go-auth, whi
 
 For further information consult the readme and the examples in the mosquitto-go-auth project (https://github.com/iegomez/mosquitto-go-auth or https://github.com/wollud1969/mosquitto-go-auth).
 
-For MariaDB and PostgreSQL there are prepared table create statements in the repository,
-
-For PostgresSQL there is a prepared Python tool in the directory `tools` available to added users into the database.
-
 
 ## Preparing configuration and certificates
 

tools/.gitignore

@@ -1 +0,0 @@
-.venv/

tools/addmosquser.py

@@ -0,0 +1,57 @@
+#!/usr/bin/python
+
+import mariadb
+from pbkdf2 import crypt
+import argparse
+import os
+
+
+
+parser = argparse.ArgumentParser(description='addmosquser')
+parser.add_argument('--user', '-u',
+                    help='Login', 
+                    required=True)
+parser.add_argument('--password', '-p',
+                    help='Password', 
+                    required=True)
+
+args = parser.parse_args()
+user = args.user
+password = args.password
+application = args.application
+
+
+DB_USER = os.environ["DB_USER"]
+DB_PASS = os.environ["DB_PASS"]
+DB_HOST = os.environ["DB_HOST"]
+DB_NAME = os.environ["DB_NAME"]
+
+pwhash = crypt(password, iterations=100000)
+
+conn = None
+cur = None
+try:
+    conn = mariadb.connect(user = DB_USER, password = DB_PASS,
+                            host = DB_HOST, database = DB_NAME)
+    conn.autocommit = False
+
+    cur = conn.cursor()
+    cur.execute("""
+INSERT INTO users (login, pwhash)
+  VALUES(?, ?)
+""", [user, pwhash])
+    cur.execute("""
+INSERT INTO  user_applications_mapping (application, user)
+  VALUES(
+      (SELECT id FROM applications WHERE name = ?),
+      (SELECT id FROM users WHERE login = ?)
+  )
+""", [application, user])
+    conn.commit()
+finally:
+    if cur:
+        cur.close()
+    if conn:
+        conn.rollback()
+        conn.close()
+

tools/genpw.py

@@ -1,89 +0,0 @@
-
-from pbkdf2 import PBKDF2
-from hashlib import sha512
-from base64 import b64encode
-import argparse
-import secrets
-import string
-import psycopg2
-
-
-parser = argparse.ArgumentParser(description='genpw')
-parser.add_argument('--length', '-l',
-                    help='Length of auto-generated password', 
-                    default='24',
-                    required=False)
-parser.add_argument('--password', '-p',
-                    help='Password', 
-                    required=False)
-parser.add_argument('--username', '-u',
-                    help='Username',
-                    required=False)
-parser.add_argument('--topic', '-t',
-                    help='Initially granted topic',
-                    required=False)
-parser.add_argument('--acl', '-a',
-                    help='ACL value for topic, Bit0=read, Bit1=write, Bit2=subscribe',
-                    required=False)
-parser.add_argument('--printonly', '-o',
-                    help='Just print the password hash, do not write to database',
-                    action='store_true')
-
-args = parser.parse_args()
-length = args.length
-password = args.password
-
-print_only = args.printonly
-
-alphabet = string.ascii_letters + string.digits
-iterations = 100000
-
-if (not password):
-    if (not length):
-        raise Exception("Either length or password must be given")
-    password = ''.join(secrets.choice(alphabet) for i in range(int(length)))
-
-salt = secrets.token_bytes(16)
-hash = b64encode(PBKDF2(password, salt, iterations=iterations, digestmodule=sha512).read(64)).decode()
-
-salt_b64 = b64encode(salt).decode()
-
-pw = f"PBKDF2$sha512${iterations}${salt_b64}${hash}"
-print(f"{password=}")
-print(f"hash={pw}")
-
-if not print_only:
-    login = args.username
-    if (not login):
-        raise Exception("For writing to database a username must be given")
-    topic = args.topic
-    acl = args.acl
-
-    conn = psycopg2.connect()
-    conn.autocommit = False
-
-    try:
-        with conn:
-            with conn.cursor() as cur:
-                cur.execute("""
-                            insert into users_t (username, pw) 
-                                values(%(username)s, %(pw)s) 
-                                on conflict on constraint users_t_uk_username 
-                                    do update set pw = %(pw)s
-                                returning id 
-                            """,
-                            { 'username': login, 'pw': pw })
-                res = cur.fetchone()
-                if res is None:
-                    raise Exception("Unable to add user to database")
-                id = res[0]
-                print("User added to database")
-            if (topic and acl):
-                acl = int(acl)
-                with conn.cursor() as cur:
-                    cur.execute('insert into acls_t ("user", topic, rw) values(%(user)s, %(topic)s, %(rw)s)',
-                                { 'user': id, 'topic': topic, 'rw': acl })
-                    print("ACL added to database")
-    finally:
-        if conn:
-            conn.close()

tools/requirements.txt

@@ -1,2 +0,0 @@
-pbkdf2==1.3
-psycopg2==2.9.5