Comments (11)
@mrhb6006 , I have approved the PR. But @mochi-co is needed for final approve and merge. He is very busy lately, so I'm not able to offer an ETA.
In the meantime, you can vendor this module and make modification locally.
from server.
@thedevop I'm not sure what the best way to accomodate this would be. It would be possible for @mrhb6006 to create a new Auth hook and track the ACL changes in the new hook, but the packaged hook is fairly simple and doesn't account for this sort of persistent checking.
Perhaps the ACL hook could maintain a map of client ids and subscriptions and check against that, to 'lock in' the ACL status.
from server.
@mrhb6006 , you're correct, the write parameter should be set to true. Would you like to create a PR?
from server.
@mrhb6006 , you're correct, the write parameter should be set to true. Would you like to create a PR?
tnx
Done
#357
from server.
how long do you think my pull request will take to merge? i need it in my project and my project doesn't work correctly now
it is a bad bug
#357
from server.
I maybe wrong, but I'm not 100% sure this assumption is correct.
publishToClient
is used to write out packets to subscribers - in this case the ACL check should be for the subscribed client to read from the topic they are subscribed to (some ACL configurations allow a user to write to a topic but not read from it, such as when issuing sensitive user information that other nodes shouldn't be able to see).
The ACL check for sending messages to a topic is handled in processPublish:
if !cl.Net.Inline && !s.hooks.OnACLCheck(cl, pk.TopicName, true) {
Incidentally there is an additional ACL read check that occurs in processSubscribe to prevent users without read access from subscribing to specific topics.
@mrhb6006 could you describe the exact problem you are seeing? And perhaps provide an example of your ACL configuration? This way we may be able to narrow down the cause.
from server.
@mrhb6006 , my bad. @mochi-co is correct. The ACL check in publishToClient is the subscriber and not the publisher.
from server.
publishToClient in this case called at subscription loop , therefore the client is subscribed to that topic before and acl check before! why does it check again ACL for subscribe?
in my case, when someone subscribe to a topic after a while, he may not be allowed to subscribe to that particular topic, but my service will continue to publish for him for some time . (free subscription)
And after some time, a crown unsubscribes the user
from server.
That's an interesting use case, so in your situation, although the permission can change for the duration of the connection, but you want that permission to be locked in at the time of subscription.
@mochi-co , this seems to be in conflict with issue #286, any thoughts?
from server.
@mochi-co I agree with you. I think that this is fairly unique circumstance and should be accommodated in the custom hook implementation itself and not by the server itself.
from server.
ok , tnx a lot .
from server.
Related Issues (20)
- After enabled badger, the vlog file up to 700M one day and 4GB one week HOT 9
- Race condition when running the redis example HOT 4
- 遍历Clients时如何判断当前Client是否为Disconected状态 HOT 3
- 作者您好,请帮忙关注一下这个问题 HOT 3
- Hi, what is the simplest way to make messages can be restored when server cut off? HOT 5
- [badgerdb] vlog growing unbounded - consider adding GC and exposing options HOT 6
- The badge still getting vlog file keep growing infirnity HOT 7
- How to send topics posted by specific users only to specific subscribed users? HOT 11
- Does peddle perssistant released? HOT 5
- MQTTX cannot use Topic Alias. MQTT5.0 主题别名发送卡住,无法发布主题别名的消息 HOT 2
- How to use the new pessistent hook? HOT 1
- Reload auth fIle on the run HOT 2
- InlineClient模式下服务端订阅问题,inline subscribers do not receive messages HOT 5
- Merge 2 version of storm HOT 4
- Add Support for Disconnect With Will Message Reason Code
- Logging Level is not Configurable Via File Configuration
- Persistence storage did not work with SetCleanSession(false) HOT 3
- Don't allow inheriting session unless username matches HOT 5
- MessageExpiry Hook HOT 1
- OnConnectAuthenticate cannot specify an error code (like Client Identifier not valid)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from server.