MQTT Multi user

kumarmohan7 · 22 February 2020 20:41

Hi,

I am Mohankumar

How to Use MQTT Multiusers ,
Now Data Update in User ID 1,
I need to Publish Data depending on API Key & Node ID, Like HTTP.

Thanks
Mohankumar

TrystanLea · 27 February 2020 10:27

Hello @kumarmohan7 we have a development branch of emoncms for multi user MQTT here (recently updated):
GitHub - emoncms/emoncms at mqttauth

There’s an installation guide for mosquitto-auth-plug and mosquito.conf here:
emoncms/mqttauth.md at mqttauth · emoncms/emoncms · GitHub

Bear in mind that this is a development branch so not something we support as standard yet.

Charly86 · 13 August 2020 18:43

Great to be able to have multiusers

Just asking, what about an easier solution using as HTTP the existing user API key and post to topic something like that?

prefix/user_api_key/node/

or

prefix/api/user_api_key/node/

Charly86 · 19 August 2020 01:01

ok was quite and easy

just take the file emoncms_mqtt.php from branch mqttauth here
https://github.com/emoncms/emoncms/blob/mqttauth/scripts/services/emoncms_mqtt/emoncms_mqtt.p

Then change lines around 294 by

          if ($route_len>=2) {
            
                // Userid or API is first entry
                $userid = $route[0];

                // Looks like API format
                if (strlen($userid)==32) {
                    // get Userid from API Key
                    $userid = $user->get_id_from_apikey($userid);
                } else if (is_numeric($userid)) {
                    $userid = (int) $userid;
                }

                // Node id is second entry
                $nodeid = $route[1];

No need to install auth mosquitto plugins or touch mosquitto config file, just restart this php service your service, in my case it’s all running in a docker env so started by

docker exec -d emoncms_web_1 php /var/www/emoncms/scripts/services/emoncms_mqtt/emoncms_mqtt.php

That’s all you can publish with API Key, assuming MQTT base topic is emon
emon/user_write_api_key/nodeid
or userid
emon/user_id/nodeid

TrystanLea · 19 August 2020 10:25

Great @Charly86 but does this not allow all users to subscribe to content posted by other users? Perhaps this is not important in your application?

Charly86 · 19 August 2020 10:59

Good spot, this is absolutely correct, I did not digged into “subscription” because I don’t need it, but in this case the method I mention is a security flaw since anyone could subscribe to /emon/#
It’s not critical in my case but worth mentioning it.
The deal is that my mosquitto broker is used also for other stuff (not opened but 2/3 accounts depending on application) and activating user auth plugins may disturb other application except if we can activate it for a specific topic ie, mqtt auth form emon database only for topic /user/#

Another simple way would be to put mosquitto and mqtt auth in the docker image and listening on another port, may be the best way to isolate the broker avoiding incidence on existing hosted one.
need to think about it.