[Integration] Plugin Mosquitto Go Auth

Based on MQTT authentication & authorization ChirpStack guide (https://www.chirpstack.io/guides/mqtt-authentication/) and using iegomez's image (here is their GitHub: https://github.com/iegomez/mosquitto-go-auth)

configuration/mosquitto/acls

@@ -0,0 +1,16 @@
+user chirpstack_gw
+topic write gateway/+/event/+
+topic read gateway/+/command/+
+
+user chirpstack_ns
+topic read gateway/+/event/+
+topic write gateway/+/command/+
+
+user chirpstack_as
+topic write application/+/device/+/rx
+topic write application/+/device/+/join
+topic write application/+/device/+/ack
+topic write application/+/device/+/error
+topic read application/+/device/+/tx
+topic write application/+/device/+/status
+topic write application/+/device/+/location

configuration/mosquitto/mosquitto.conf

@@ -0,0 +1,29 @@
+auth_plugin /mosquitto/go-auth.so
+auth_opt_backends files, postgres, jwt
+auth_opt_check_prefix false
+allow_anonymous false
+
+auth_opt_log_level debug
+auth_opt_password_path /etc/mosquitto/passwords
+auth_opt_acl_path /etc/mosquitto/acls
+auth_opt_cache true
+auth_opt_cache_reset true
+
+auth_opt_pg_host postgresql
+auth_opt_pg_dbname chirpstack_as
+auth_opt_pg_user chirpstack_as
+auth_opt_pg_password chirpstack_as
+#auth_opt_pg_userquery select mqtt_key_hash from gateway where name = $1 limit 1
+#auth_opt_pg_aclquery select distinct 'gateway/' || encode(mac, 'hex') || '/+' from gateway where name = $1 and $2 = $2
+
+auth_opt_pg_userquery select password_hash from "user" where username = $1 and is_active = true limit 1
+auth_opt_pg_superquery select count(*) from "user" where username = $1 and is_admin = true
+auth_opt_pg_aclquery select distinct 'application/' || a.id || '/#' from "user" u inner join organization_user ou on ou.user_id = u.id inner join organization o on o.id = ou.organization_id inner join application a on a.organization_id = o.id where u.username = $1 and $2 = $2
+
+auth_opt_jwt_remote false
+auth_opt_jwt_secret verysecret
+#auth_opt_jwt_db chirpstack_as
+auth_opt_jwt_userquery select count(*) from "user" where username = $1 and is_active = true limit 1
+#auth_opt_jwt_superquery select count(*) from "user" where username = $1 and is_admin = true
+#auth_opt_jwt_aclquery select distinct 'application/' || a.id || '/#' from "user" u inner join organization_user ou on ou.user_id = u.id inner join organization o on o.id = ou.organization_id inner join application a on a.organization_id = o.id where u.username = $1 and $2 = $2
+auth_opt_jwt_userfield Username

configuration/mosquitto/passwords

@@ -0,0 +1,8 @@
+# Hash version of "chirpstack_gw", obtained with pw utility
+chirpstack_gw:PBKDF2$sha512$100000$Y7Yvp81tQYz5VAUsUw21Sw==$lt3sPQ8z77Rw6GvcBZ7+GFXuE31oI2aJHxiuoVfdjzGBs5OKFmDb0CqM8filkrkQrUUhu79IQw1mWUfAETpqqQ==
+
+# Hash version of "chirpstack_ns", obtained with pw utility
+chirpstack_ns:PBKDF2$sha512$100000$h8cP1J0jJYEfj3EYYIwWcw==$ZYfxrClxzp7NrXbEPoyfX7qMvBoSA9d9WKYfrQzTBB2+Atr9AU8L7NmVLQyNdC1ZfFGHdjRZqaEHH21l4PX9Ow==
+
+# Hash version of "chirpstack_as", obtained with pw utility
+chirpstack_as:PBKDF2$sha512$100000$G4JVSnlEvjtq3zXDg7jTug==$8lh1NbmgoPeNqXc8j1IN9uCkEnJIWUVW06nXhr6ve6o0okoXEiiM3UpIjalBfYuVlBGHVjNUX2tK0tVNzWImKA==

docker-compose.yml

@@ -39,9 +39,11 @@ services:
       - redisdata:/data
 
   mosquitto:
-    image: eclipse-mosquitto
+    image: iegomez/mosquitto-go-auth:0.5.0
     ports:
       - 1883:1883
+    volumes:
+      - ./configuration/mosquitto:/etc/mosquitto 
 
 volumes:
   postgresqldata: