file

command
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 14, 2026 License: MIT Imports: 10 Imported by: 0

README

File backend example

A comqtt broker with comqttauth wired in coexist mode against an on-disk YAML ledger. No external infrastructure required.

Run

go run ./examples/file

The example creates ./ledger.yml on first run, seeds two users and two regex rules, then listens for MQTT connections on :1883. Re-running uses the existing ledger (seeding is idempotent via the regex_seeded flag).

Environment

Variable Default Notes
COMQTTAUTH_FILE_PATH ./ledger.yml YAML ledger path.
COMQTTAUTH_LISTEN :1883 TCP listen address.

Seeded credentials and rules

  • alice / wonderland — allowed to publish on telemetry/${username}/# (i.e. telemetry/alice/...).
  • bob / builder — denied publish on forbidden/#.
  • No-rule-match topics are allowed by default (see hook.go for the AND-chain contract).

Exercise

# allowed by alice's allow rule
mosquitto_pub -h 127.0.0.1 -p 1883 -u alice -P wonderland -t telemetry/alice/temp -m hi

# blocked by bob's deny rule (broker drops the publish silently)
mosquitto_pub -h 127.0.0.1 -p 1883 -u bob -P builder -t forbidden/secret -m boom

# connection rejected: no such user
mosquitto_pub -h 127.0.0.1 -p 1883 -u eve -P bad -t any/topic -m nope

Caveats

  • Plaintext passwords. Upstream mqtt/hooks/auth.Hook compares passwords as plaintext, so this example uses HashType: HashNone. For bcrypt-hashed storage with the same wire format, use the redis, mysql, or postgres examples — their upstream plugins go through pa.CompareHash.
  • Snapshot-at-init. The upstream auth hook reads the ledger once at startup and does not reload. Users added later are visible only to comqttauth's regex hook (which reloads on every check), not to the upstream connection-auth path. Restart the broker after PutUser to refresh upstream.

Documentation

Overview

File backend example: comqtt broker + comqttauth, both reading the same on-disk YAML ledger. Connection auth is performed by comqtt's upstream mqtt/hooks/auth.Hook (plaintext password comparison); regex ACL is performed by comqttauth.Hook.

Run: 

go run ./examples/file
# or with a custom path:
COMQTTAUTH_FILE_PATH=/tmp/ledger.yml go run ./examples/file

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.