auth_plugin /mosquitto/go-auth.so
auth_opt_backends files, postgres, jwt
auth_opt_check_prefix false
allow_anonymous false

auth_opt_log_level debug
auth_opt_password_path /etc/mosquitto/passwords
auth_opt_acl_path /etc/mosquitto/acls
auth_opt_cache true
auth_opt_cache_reset true

auth_opt_pg_host postgresql
auth_opt_pg_dbname chirpstack_as
auth_opt_pg_user chirpstack_as
auth_opt_pg_password chirpstack_as
#auth_opt_pg_userquery select mqtt_key_hash from gateway where name = $1 limit 1
#auth_opt_pg_aclquery select distinct 'gateway/' || encode(mac, 'hex') || '/+' from gateway where name = $1 and $2 = $2

auth_opt_pg_userquery select password_hash from "user" where username = $1 and is_active = true limit 1
auth_opt_pg_superquery select count(*) from "user" where username = $1 and is_admin = true
auth_opt_pg_aclquery select distinct 'application/' || a.id || '/#' from "user" u inner join organization_user ou on ou.user_id = u.id inner join organization o on o.id = ou.organization_id inner join application a on a.organization_id = o.id where u.username = $1 and $2 = $2

auth_opt_jwt_remote false
auth_opt_jwt_secret verysecret
#auth_opt_jwt_db chirpstack_as
auth_opt_jwt_userquery select count(*) from "user" where username = $1 and is_active = true limit 1
#auth_opt_jwt_superquery select count(*) from "user" where username = $1 and is_admin = true
#auth_opt_jwt_aclquery select distinct 'application/' || a.id || '/#' from "user" u inner join organization_user ou on ou.user_id = u.id inner join organization o on o.id = ou.organization_id inner join application a on a.organization_id = o.id where u.username = $1 and $2 = $2
auth_opt_jwt_userfield Username