From 547b4033612c1a44d0929fb228a1f674a8019631 Mon Sep 17 00:00:00 2001
From: Jonas Leder <jonas@jonasled.de>
Date: Sun, 26 Jan 2025 11:40:46 +0100
Subject: [PATCH] implement authentication for embedded MQTT server

---
 mqttserver/main.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/mqttserver/main.go b/mqttserver/main.go
index c7ff0e2..f83948b 100644
--- a/mqttserver/main.go
+++ b/mqttserver/main.go
@@ -12,7 +12,21 @@ import (
 func Start() {
 	server := mqtt.New(nil)
 
-	_ = server.AddHook(new(auth.AllowHook), nil)
+	if os.Getenv("MQTT_USERNAME") == "" {
+		_ = server.AddHook(new(auth.AllowHook), nil)
+	} else {
+		_ = server.AddHook(new(auth.Hook), &auth.Options{
+			Ledger: &auth.Ledger{
+				Auth: auth.AuthRules{
+					{
+						Username: auth.RString(os.Getenv("MQTT_USERNAME")),
+						Password: auth.RString(os.Getenv("MQTT_PASSWORD")),
+						Allow:    true,
+					},
+				},
+			},
+		})
+	}
 
 	if os.Getenv("MQTT_LISTEN") == "" {
 		log.Log.Fatal("please set MQTT_LISTEN")
-- 
GitLab