代码
注册 登录
简体中文
简体中文 English
openoker
/
MeshCentral
1
0
收藏 0
文件 工单管理 0 Wiki
目录树: f33768fe32
分支列表 标签列表

mqttbroker.js 8.7 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155 
  1. /**
    2. 

  2. * @description MQTT broker reference implementation based on AEDES
    3. 

  3. * @author Joko Banu Sastriawan, Ylian Saint-Hilaire
    4. 

  4. * @copyright Intel Corporation 2018-2022
    5. 

  5. * @license Apache-2.0
    6. 

  6. * @version v0.0.1
    7. 

  7. */
    8. 

  8. 

  9. module.exports.CreateMQTTBroker = function (parent, db, args) {
    10. 

  10. 

  11.     var obj = {}
    12. 

  12.     obj.parent = parent;
    13. 

  13.     obj.db = db;
    14. 

  14.     obj.args = args;
    15. 

  15.     obj.connections = {}; // NodesID --> client array
    16. 

  16.     const aedes = require('aedes')();
    17. 

  17.     obj.handle = aedes.handle;
    18. 

  18.     const allowedSubscriptionTopics = ['presence', 'console', 'powerAction'];
    19. 

  19.     const denyError = new Error('denied');
    20. 

  20.     var authError = new Error('Auth error')
    21. 

  21.     authError.returnCode = 1
    22. 

  22. 

  23.     // Generate a username and password for MQTT login
    24. 

  24.     obj.generateLogin = function (meshid, nodeid) {
    25. 

  25.         const meshidsplit = meshid.split('/'), nodeidsplit = nodeid.split('/');
    26. 

  26.         const xmeshid = meshidsplit[2], xnodeid = nodeidsplit[2], xdomainid = meshidsplit[1];
    27. 

  27.         const username = 'MCAuth1:' + xnodeid + ':' + xmeshid + ':' + xdomainid;
    28. 

  28.         const nonce = Buffer.from(parent.crypto.randomBytes(9), 'binary').toString('base64');
    29. 

  29.         return { meshid: meshid, nodeid: nodeid, user: username, pass: parent.config.settings.mqtt.auth.keyid + ':' + nonce + ':' + parent.crypto.createHash('sha384').update(username + ':' + nonce + ':' + parent.config.settings.mqtt.auth.key).digest("base64") };
    30. 

  30.     }
    31. 

  31. 

  32.     // Connection Authentication
    33. 

  33.     aedes.authenticate = function (client, username, password, callback) {
    34. 

  34.         obj.parent.debug('mqtt', "Authentication User:" + username + ", Pass:" + password.toString() + ", ClientID:" + client.id + ", " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip));
    35. 

  35. 

  36.         // Parse the username and password
    37. 

  37.         var usersplit = username.split(':');
    38. 

  38.         var passsplit = password.toString().split(':');
    39. 

  39.         if ((usersplit.length !== 4) || (passsplit.length !== 3)) { obj.parent.debug('mqtt', "Invalid user/pass format, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; }
    40. 

  40.         if (usersplit[0] !== 'MCAuth1') { obj.parent.debug('mqtt', "Invalid auth method, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; }
    41. 

  41. 

  42.         // Check authentication
    43. 

  43.         if (passsplit[0] !== parent.config.settings.mqtt.auth.keyid) { obj.parent.debug('mqtt', "Invalid auth keyid, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; }
    44. 

  44.         if (parent.crypto.createHash('sha384').update(username + ':' + passsplit[1] + ':' + parent.config.settings.mqtt.auth.key).digest("base64") !== passsplit[2]) { obj.parent.debug("mqtt", "Invalid password, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(authError, null); return; }
    45. 

  45. 

  46.         // Setup the identifiers
    47. 

  47.         const xnodeid = usersplit[1];
    48. 

  48.         var xmeshid = usersplit[2];
    49. 

  49.         const xdomainid = usersplit[3];
    50. 

  50. 

  51.         // Check the domain
    52. 

  52.         if ((typeof client.conn.xdomain == 'object') && (xdomainid != client.conn.xdomain.id)) { obj.parent.debug('mqtt', "Invalid domain connection, " + client.conn.xtransport + "://" + cleanRemoteAddr(client.conn.xip)); callback(null, false); return; }
    53. 

  53. 

  54.         // Convert meshid from HEX to Base64 if needed
    55. 

  55.         if (xmeshid.length === 96) { xmeshid = Buffer.from(xmeshid, 'hex').toString('base64'); }
    56. 

  56.         if ((xmeshid.length !== 64) || (xnodeid.length != 64)) { callback(authError, null); return; }
    57. 

  57. 

  58.         // Set the client nodeid and meshid
    59. 

  59.         client.xdbNodeKey = 'node/' + xdomainid + '/' + xnodeid;
    60. 

  60.         client.xdbMeshKey = 'mesh/' + xdomainid + '/' + xmeshid;
    61. 

  61.         client.xdomainid = xdomainid;
    62. 

  62. 

  63.         // Check if this node exists in the database
    64. 

  64.         db.Get(client.xdbNodeKey, function (err, nodes) {
    65. 

  65.             if ((nodes == null) || (nodes.length != 1)) { callback(authError, null); return; } // Node does not exist
    66. 

  66. 

  67.             // If this device now has a different meshid, fix it here.
    68. 

  68.             client.xdbMeshKey = nodes[0].meshid;
    69. 

  69. 

  70.             if (obj.connections[client.xdbNodeKey] == null) {
    71. 

  71.                 obj.connections[client.xdbNodeKey] = [client];
    72. 

  72.                 parent.SetConnectivityState(client.xdbMeshKey, client.xdbNodeKey, Date.now(), 16, 7, null, { name: nodes[0].name }); // Indicate this node has a MQTT connection, 7 = Present state
    73. 

  73.             } else {
    74. 

  74.                 obj.connections[client.xdbNodeKey].push(client);
    75. 

  75.             }
    76. 

  76. 

  77.             client.conn.parent = client;
    78. 

  78.             client.conn.on('end', function () {
    79. 

  79.                 // client is "this.parent"
    80. 

  80.                 obj.parent.debug('mqtt', "Connection closed, " + this.parent.conn.xtransport + '://' + cleanRemoteAddr(this.parent.conn.xip));
    81. 

  81. 

  82.                 // Remove this client from the connections list
    83. 

  83.                 if ((this.parent.xdbNodeKey != null) && (obj.connections[this.parent.xdbNodeKey] != null)) {
    84. 

  84.                     var clients = obj.connections[this.parent.xdbNodeKey], i = clients.indexOf(client);
    85. 

  85.                     if (i >= 0) {
    86. 

  86.                         if (clients.length == 1) {
    87. 

  87.                             delete obj.connections[this.parent.xdbNodeKey];
    88. 

  88.                             parent.ClearConnectivityState(this.parent.xdbMeshKey, this.parent.xdbNodeKey, 16, null, { name: nodes[0].name }); // Remove the MQTT connection for this node
    89. 

  89.                         } else { clients.splice(i, 1); }
    90. 

  90.                     }
    91. 

  91.                 }
    92. 

  92. 

  93.                 this.parent.close();
    94. 

  94.             });
    95. 

  95.             callback(null, true);
    96. 

  96.         });
    97. 

  97.     }
    98. 

  98. 

  99.     // Check if a client can publish a packet
    100. 

  100.     aedes.authorizeSubscribe = function (client, sub, callback) {
    101. 

  101.         // Subscription control
    102. 

  102.         obj.parent.debug('mqtt', "AuthorizeSubscribe \"" + sub.topic + '", ' + client.conn.xtransport + '://' + cleanRemoteAddr(client.conn.xip));
    103. 

  103.         if (allowedSubscriptionTopics.indexOf(sub.topic) === -1) { sub = null; } // If not a supported subscription, deny it.
    104. 

  104.         callback(null, sub); // We authorize supported topics, but will not allow agents to publish anything to other agents.
    105. 

  105.     }
    106. 

  106. 

  107.     // Check if a client can publish a packet
    108. 

  108.     aedes.authorizePublish = function (client, packet, callback) {
    109. 

  109.         // Handle a published message
    110. 

  110.         obj.parent.debug('mqtt', "AuthorizePublish, " + client.conn.xtransport + '://' + cleanRemoteAddr(client.conn.xip));
    111. 

  111.         handleMessage(client.xdbNodeKey, client.xdbMeshKey, client.xdomainid, packet.topic, packet.payload);
    112. 

  112.         // We don't accept that any client message be published, so don't call the callback.
    113. 

  113.     }
    114. 

  114. 

  115.     // Publish a message to a specific nodeid & topic, also send this to peer servers.
    116. 

  116.     obj.publish = function (nodeid, topic, message) {
    117. 

  117.         // Publish this message on peer servers.
    118. 

  118.         if (parent.multiServer != null) { parent.multiServer.DispatchMessage(JSON.stringify({ action: 'mqtt', nodeid: nodeid, topic: topic, message: message })); }
    119. 

  119.         obj.publishNoPeers(nodeid, topic, message);
    120. 

  120.     }
    121. 

  121. 

  122.     // Publish a message to a specific nodeid & topic, don't send to peer servers.
    123. 

  123.     obj.publishNoPeers = function (nodeid, topic, message) {
    124. 

  124.         // Look for any MQTT connections to send this to
    125. 

  125.         var clients = obj.connections[nodeid];
    126. 

  126.         if (clients == null) return;
    127. 

  127.         if (typeof message == 'string') { message = Buffer.from(message); }
    128. 

  128.         for (var i in clients) {
    129. 

  129.             // Only publish to client that subscribe to the topic
    130. 

  130.             if (clients[i].subscriptions[topic] != null) {
    131. 

  131.                 clients[i].publish({ cmd: 'publish', qos: 0, topic: topic, payload: message, retain: false }, function () { });
    132. 

  132.             }
    133. 

  133.         }
    134. 

  134.     }
    135. 

  135. 

  136.     // Handle messages coming from clients
    137. 

  137.     function handleMessage(nodeid, meshid, domainid, topic, message) {
    138. 

  138.         // Handle messages here
    139. 

  139.         if (topic == 'console') { parent.webserver.routeAgentCommand({ action: 'msg', type: 'console', value: message.toString(), source: 'MQTT' }, domainid, nodeid, meshid); return; } // Handle console messages
    140. 

  140. 

  141.         //console.log('handleMessage', nodeid, topic, message.toString());
    142. 

  142.         //obj.publish(nodeid, 'echoTopic', "Echo: " + message.toString());
    143. 

  143.     }
    144. 

  144. 

  145.     // Clean a IPv6 address that encodes a IPv4 address
    146. 

  146.     function cleanRemoteAddr(addr) { if (typeof addr != 'string') { return null; } if (addr.indexOf('::ffff:') == 0) { return addr.substring(7); } else { return addr; } }
    147. 

  147. 

  148.     // Change a node to a new meshid
    149. 

  149.     obj.changeDeviceMesh = function(nodeid, newMeshId) {
    150. 

  150.         var nodes = obj.connections[nodeid];
    151. 

  151.         if (nodes != null) { for (var i in nodes) { nodes[i].xdbMeshKey = newMeshId; } }
    152. 

  152.     }
    153. 

  153. 

  154.     return obj;
    155. 

  155. }
    156.