## NOTE:
## This config file overrides data/configs/cluster.hocon,
## and is merged with environment variables which start with 'EMQX_' prefix.
##
## Config changes made from EMQX dashboard UI, management HTTP API, or CLI
## are stored in data/configs/cluster.hocon.
## To avoid confusion, please do not store the same configs in both files.
##
## See https://www.emqx.io/docs/en/latest/configuration/configuration.html for more details.
## Configuration full example can be found in etc/examples

node {
  name = "emqx@127.0.0.1"
  cookie = "emqxsecretcookie"
  data_dir = "data"
}

cluster {
  name = emqxcl
  discovery_strategy = manual
}

## EMQX provides support for two primary log handlers: `file` and `console`, with an additional `audit` handler specifically designed to always direct logs to files.
## The system's default log handling behavior can be configured via the environment variable `EMQX_DEFAULT_LOG_HANDLER`, which accepts the following settings:
##
##   - `file`: Directs log output exclusively to files.
##   - `console`: Channels log output solely to the console.
##
## It's noteworthy that `EMQX_DEFAULT_LOG_HANDLER` is set to `file` when EMQX is initiated via systemd `emqx.service` file.
## In scenarios outside systemd initiation, `console` serves as the default log handler.

## Read more about configs here: https://www.emqx.io/docs/en/latest/configuration/logs.html

log {
    # file {
    #     level = warning
    # }
    # console {
    #     level = warning
    # }
}
dashboard {
    listeners {
        http {
            ## Comment out 'bind' (or set bind=0) to disable listener.
            bind = 18083
        }
        https {
            ## Uncomment to enable
            # bind = 18084
            ssl_options {
                certfile = "${EMQX_ETC_DIR}/certs/cert.pem"
                keyfile = "${EMQX_ETC_DIR}/certs/key.pem"
            }
        }
    }
}

# 必须禁止匿名访问，是开启认证的必备步骤
allow_anonymous = false

# 启用http协议的认证方式
authentication = [
 {
    # 后端类型：http 服务
    backend = "http"
    enable = true
    mechanism = "password_based"

    # ----- 请求配置 -----
    # 请求方法：POST 或 GET（推荐 POST，更安全）
    method = "post"
    # 你的认证服务 URL（请替换为实际地址）
    url = "http://dj-multictrl-api:8080/api/mqtt/auth"

    # 请求头
    headers {
      "Content-Type" = "application/json"
      "Accept" = "application/json"
    }
    
    # 请求体模板（支持占位符）
    body {
      username = "${username}"
      password = "${password}"
    }
    
    # ----- 性能与超时 -----
    request_timeout = "5s"      # HTTP 请求超时时间
    pool_size = 8               # 连接池大小
    
    # ----- 认证结果判断 -----
    # 服务端需返回 JSON 格式，包含 result 字段：
    # {"result": "allow"}   → 允许连接
    # {"result": "deny"}    → 拒绝连接
    # {"result": "ignore"}  → 忽略，继续后续认证链
    # 如果返回 HTTP 4xx/5xx 状态码，视为 ignore
  }
]