feat(m2m): authorization backend

Signed-off-by: Thierry Bugier <[email protected]>

Author: btry

inc/mosquittoauth.class.php

@@ -57,8 +57,37 @@ public function authenticate($input) {
    }
 
    public function authorize($input) {
+      $mqttUser = new PluginFlyvemdmMqttUser();
+      if (!$mqttUser->getByUser($input['username'])) {
+         return 403;
+      }
+      if ($mqttUser->getField('enabled') == '0') {
+         return 403;
+      }
 
+      $mqttUserId = $mqttUser->getID();
+      $acc = (int) $input['acc'];
+      $requestedTopic = explode('/', $input['topic']);
+      $mqttAcl = new PluginFlyvemdmMqttAcl();
+      $rows = $mqttAcl->find("`plugin_flyvemdm_mqttusers_id`='$mqttUserId'
+         AND `access_level` & $acc");
+      foreach ($rows as $row) {
+         $topic =  explode('/', $row['topic']);
+         foreach ($topic as $index => $pathItem) {
+            if ($pathItem === '#' && $index === count($topic) - 1) {
+               return 200;
+            }
+            if ($pathItem === '+') {
+               // This path item matches a joker
+               continue;
+            }
+            if ($pathItem !== $requestedTopic[$index]) {
+               // This topic does not match, try the next one
+               break;
+            }
+         }
+      }
 
-      return 404;
+      return 403;
    }
 }