CreatBot/CreatBotMoonraker
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

添加MQTT消息鉴权

Browse Source
This commit is contained in:
老五 2025-07-02 15:34:03 +08:00
parent 7aeeb07a56
commit f60db3b002
2 changed files with 39 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
moonraker/components/authorization.py
View File

@ -182,6 +182,7 @@ class Authorization:
self.trusted_ips: List[IPAddr] = [] self.trusted_ips: List[IPAddr] = []
self.trusted_ranges: List[IPNetwork] = [] self.trusted_ranges: List[IPNetwork] = []
self.trusted_domains: List[str] = [] self.trusted_domains: List[str] = []
self.trusted_mqtt_clients: List[str] = [] # MQTT client id
for val in config.getlist('trusted_clients', []): for val in config.getlist('trusted_clients', []):
# Check IP address # Check IP address
try: try:
@ -719,6 +720,22 @@ class Authorization:
return self.users[API_USER] return self.users[API_USER]
raise self.server.error("Invalid API Key", 401) raise self.server.error("Invalid API Key", 401)
def validate_mqtt(self, uuid: str, data: Dict) -> bool:
username: str = data.get("username")
password: str = data.get("password")
if username != SUPER_USER:
return False
user_info = self.users[username]
salt = bytes.fromhex(user_info.salt)
hashed_pass = hashlib.pbkdf2_hmac(
'sha256', password.encode(), salt, HASH_ITER).hex()
if (valid := hashed_pass == user_info.password):
self.trusted_mqtt_clients.append(uuid)
return valid
def check_mqtt(self, uuid: str) -> bool:
return uuid in self.trusted_mqtt_clients
def _load_private_key(self, secret: str) -> Signer: def _load_private_key(self, secret: str) -> Signer:
try: try:
key = Signer(bytes.fromhex(secret)) key = Signer(bytes.fromhex(secret))

32
moonraker/components/mqtt.py
View File

@ -43,8 +43,10 @@ if TYPE_CHECKING:
from ..eventloop import FlexTimer from ..eventloop import FlexTimer
from .klippy_apis import KlippyAPI from .klippy_apis import KlippyAPI
from .machine import Machine from .machine import Machine
from .authorization import Authorization
FlexCallback = Callable[[bytes], Optional[Coroutine]] FlexCallback = Callable[[bytes], Optional[Coroutine]]
RPCCallback = Callable[..., Coroutine] RPCCallback = Callable[..., Coroutine]
AuthComp = Optional[Authorization]
PAHO_MQTT_VERSION = tuple([int(p) for p in paho.mqtt.__version__.split(".")]) PAHO_MQTT_VERSION = tuple([int(p) for p in paho.mqtt.__version__.split(".")])
DUP_API_REQ_CODE = -10000 DUP_API_REQ_CODE = -10000
@ -844,23 +846,33 @@ class MQTTClient(APITransport):
response = request.copy() response = request.copy()
if msgVer == 3: # msg version is 3 or 3.0 if msgVer == 3: # msg version is 3 or 3.0
msgIMEI = request.get("imei") msgIMEI = request.get("imei")
msgUUID = request.get("uuid")
msgCmd = request.get("cmd") msgCmd = request.get("cmd")
msgData = request.get("data") msgData = request.get("data")
response["data"] = "" response["data"] = ""
if msgIMEI == self.client_id: if msgIMEI == self.client_id:
if msgCmd == 'API': auth: AuthComp = self.server.lookup_component('authorization', None)
rpc: JsonRPC = self.server.lookup_component("jsonrpc") if auth is None or auth.check_mqtt(msgUUID) or msgCmd == 'PWD':
result = await rpc.dispatch(jsonw.dumps(msgData), self) if msgCmd == 'PWD':
response["data"] = jsonw.loads(result) if auth is not None:
elif msgCmd == 'SDP': response['data'] = 'OK' if auth.validate_mqtt(msgUUID, msgData) else 'INCORRECT'
webrtc_bridge = self.server.lookup_component("webrtc_bridge", None) else:
if webrtc_bridge: response['data'] = 'IGNORE'
response["data"] = await webrtc_bridge.handle_sdp(msgData, topic) elif msgCmd == 'API':
rpc: JsonRPC = self.server.lookup_component("jsonrpc")
result = await rpc.dispatch(jsonw.dumps(msgData), self)
response["data"] = jsonw.loads(result)
elif msgCmd == 'SDP':
webrtc_bridge = self.server.lookup_component("webrtc_bridge", None)
if webrtc_bridge:
response["data"] = await webrtc_bridge.handle_sdp(msgData, topic)
else:
response["data"] = {"type": "error", "message": "WebRTC Bridge component not available"}
else: else:
response["data"] = {"type": "error", "message": "WebRTC Bridge component not available"} response["data"] = f"error: Unknown MQTT message cmd: {msgCmd}"
else: else:
response["data"] = f"error: Unknown MQTT message cmd: {msgCmd}" response['data'] = f"error: MQTT UserID [{msgUUID}] needs authentication"
else: else:
response["data"] = f"error: MQTT client_id [{msgIMEI}] does not match" response["data"] = f"error: MQTT client_id [{msgIMEI}] does not match"
else: else: