{"id":31710149,"url":"https://github.com/emqx/emqx-auth-pgsql","last_synced_at":"2025-10-09T00:11:19.246Z","repository":{"id":36267809,"uuid":"40572255","full_name":"emqx/emqx-auth-pgsql","owner":"emqx","description":"EMQX PostgreSQL Authentication Plugin","archived":false,"fork":false,"pushed_at":"2023-12-27T07:38:17.000Z","size":441,"stargazers_count":35,"open_issues_count":15,"forks_count":31,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-09-29T22:58:33.344Z","etag":null,"topics":["authentication","emqx","emqx-plugin","postgresql"],"latest_commit_sha":null,"homepage":"https://www.emqx.io","language":"Erlang","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/emqx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-08-12T00:48:44.000Z","updated_at":"2025-01-24T05:47:28.000Z","dependencies_parsed_at":"2024-06-19T05:30:32.967Z","dependency_job_id":null,"html_url":"https://github.com/emqx/emqx-auth-pgsql","commit_stats":null,"previous_names":[],"tags_count":234,"template":false,"template_full_name":null,"purl":"pkg:github/emqx/emqx-auth-pgsql","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emqx%2Femqx-auth-pgsql","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emqx%2Femqx-auth-pgsql/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emqx%2Femqx-auth-pgsql/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emqx%2Femqx-auth-pgsql/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/emqx","download_url":"https://codeload.github.com/emqx/emqx-auth-pgsql/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emqx%2Femqx-auth-pgsql/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000745,"owners_count":26082879,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","emqx","emqx-plugin","postgresql"],"created_at":"2025-10-09T00:10:25.523Z","updated_at":"2025-10-09T00:11:19.238Z","avatar_url":"https://github.com/emqx.png","language":"Erlang","funding_links":[],"categories":[],"sub_categories":[],"readme":"emqx_auth_pgsql\n===============\n\nAuthentication/ACL with PostgreSQL Database.\n\nBuild Plugin\n------------\n\nmake \u0026\u0026 make tests\n\nConfiguration\n-------------\n\nFile: etc/emqx_auth_pgsql.conf\n\n```\n## PostgreSQL server address.\n##\n## Value: Port | IP:Port\n##\n## Examples: 5432, 127.0.0.1:5432, localhost:5432\nauth.pgsql.server = 127.0.0.1:5432\n\n## PostgreSQL pool size.\n##\n## Value: Number\nauth.pgsql.pool = 8\n\n## PostgreSQL username.\n##\n## Value: String\nauth.pgsql.username = root\n\n## PostgreSQL password.\n##\n## Value: String\n## auth.pgsql.password =\n\n## PostgreSQL database.\n##\n## Value: String\nauth.pgsql.database = mqtt\n\n## PostgreSQL database encoding.\n##\n## Value: String\nauth.pgsql.encoding = utf8\n\n## Whether to enable SSL connection.\n##\n## Value: true | false\nauth.pgsql.ssl = false\n\n## SSL keyfile.\n##\n## Value: File\n## auth.pgsql.ssl_opts.keyfile =\n\n## SSL certfile.\n##\n## Value: File\n## auth.pgsql.ssl_opts.certfile =\n\n## SSL cacertfile.\n##\n## Value: File\n## auth.pgsql.ssl_opts.cacertfile =\n\n## Authentication query.\n##\n## Value: SQL\n##\n## Variables:\n##  - %u: username\n##  - %c: clientid\n##\nauth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1\n\n## Password hash.\n##\n## Value: plain | md5 | sha | sha256 | bcrypt\nauth.pgsql.password_hash = sha256\n\n## sha256 with salt prefix\n## auth.pgsql.password_hash = salt,sha256\n\n## sha256 with salt suffix\n## auth.pgsql.password_hash = sha256,salt\n\n## bcrypt with salt prefix\n## auth.pgsql.password_hash = salt,bcrypt\n\n## pbkdf2 with macfun iterations dklen\n## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512\n## auth.pgsql.password_hash = pbkdf2,sha256,1000,20\n\n## Superuser query.\n##\n## Value: SQL\n##\n## Variables:\n##  - %u: username\n##  - %c: clientid\nauth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1\n\n## ACL query. Comment this query, the ACL will be disabled.\n##\n## Value: SQL\n##\n## Variables:\n##  - %a: ipaddress\n##  - %u: username\n##  - %c: clientid\nauth.pgsql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'\n```\n\nLoad Plugin\n-----------\n\n./bin/emqx_ctl plugins load emqx_auth_pgsql\n\nAuth Table\n----------\n\nNotice: This is a demo table. You could authenticate with any user table.\n\n```sql\nCREATE TABLE mqtt_user (\n  id SERIAL primary key,\n  is_superuser boolean,\n  username character varying(100),\n  password character varying(100),\n  salt character varying(40)\n)\n```\n\nACL Table\n---------\n\n```sql\nCREATE TABLE mqtt_acl (\n  id SERIAL primary key,\n  allow integer,\n  ipaddr character varying(60),\n  username character varying(100),\n  clientid character varying(100),\n  access  integer,\n  topic character varying(100)\n)\n\nINSERT INTO mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)\nVALUES\n\t(1,1,NULL,'$all',NULL,2,'#'),\n\t(2,0,NULL,'$all',NULL,1,'$SYS/#'),\n\t(3,0,NULL,'$all',NULL,1,'eq #'),\n\t(5,1,'127.0.0.1',NULL,NULL,2,'$SYS/#'),\n\t(6,1,'127.0.0.1',NULL,NULL,2,'#'),\n\t(7,1,NULL,'dashboard',NULL,1,'$SYS/#');\n```\n**allow:** Client's permission to access a topic. '0' means that the client does not have permission to access the topic, '1' means that the client have permission to access the topic.\n\n**ipaddr:** Client IP address. For all ip addresses it can be '$all' or 'NULL'. \n\n**username:** Client username. For all users it can be '$all' or 'NULL'. \n\n**clientid:** Client id. For all client ids it can be '$all' or 'NULL'. \n\t\n**access:** Operations that the client can perform. '1' means that the client can subscribe to a topic, '2' means that the client can publish to a topic, '3' means that the client can subscribe and can publish to a topic.\n\n**topic:** Topic name. Topic wildcards are supported. \n\n**Notice that only one value allowed for ipaddr, username and clientid fields.**\n\nLicense\n-------\n\nApache License Version 2.0\n\nAuthor\n------\n\nEMQX Team.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femqx%2Femqx-auth-pgsql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Femqx%2Femqx-auth-pgsql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femqx%2Femqx-auth-pgsql/lists"}