From 87ab4e74db717493d0eba921beef215b8915024f Mon Sep 17 00:00:00 2001
From: Farukh Khan <farukhkhan21@gmail.com>
Date: Thu, 16 Nov 2023 20:19:50 +0800
Subject: [PATCH 1/3] create emqx creds for host on pull if not found

* create emqx creds for host on pull if not found.
---
 controllers/hosts.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/controllers/hosts.go b/controllers/hosts.go
index 4e3cf0726..b5b2381b4 100644
--- a/controllers/hosts.go
+++ b/controllers/hosts.go
@@ -122,6 +122,17 @@ func pull(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Create EMQX creds if not found
+	if servercfg.GetBrokerType() == servercfg.EmqxBrokerType {
+		if err := mq.CreateEmqxUser(hostID, host.HostPass, false); err != nil {
+			slog.Error("failed to create host credentials for EMQX: ", err.Error())
+		} else {
+			if err := mq.CreateHostACL(hostID, servercfg.GetServerInfo().Server); err != nil {
+				slog.Error("failed to add host ACL rules to EMQX: ", err.Error())
+			}
+		}
+	}
+
 	serverConf.TrafficKey = key
 	response := models.HostPull{
 		Host:            *host,

From f3a13ad1b774c85b8ae506ea7f3e251483da1183 Mon Sep 17 00:00:00 2001
From: Farukh Khan <farukhkhan21@gmail.com>
Date: Tue, 21 Nov 2023 18:37:13 +0800
Subject: [PATCH 2/3] emqx creds creation changed to host authenticate function

* emqx creds creation changed to host authenticate function.
---
 controllers/hosts.go | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/controllers/hosts.go b/controllers/hosts.go
index b5b2381b4..0046f9edb 100644
--- a/controllers/hosts.go
+++ b/controllers/hosts.go
@@ -122,17 +122,6 @@ func pull(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// Create EMQX creds if not found
-	if servercfg.GetBrokerType() == servercfg.EmqxBrokerType {
-		if err := mq.CreateEmqxUser(hostID, host.HostPass, false); err != nil {
-			slog.Error("failed to create host credentials for EMQX: ", err.Error())
-		} else {
-			if err := mq.CreateHostACL(hostID, servercfg.GetServerInfo().Server); err != nil {
-				slog.Error("failed to add host ACL rules to EMQX: ", err.Error())
-			}
-		}
-	}
-
 	serverConf.TrafficKey = key
 	response := models.HostPull{
 		Host:            *host,
@@ -489,6 +478,18 @@ func authenticateHost(response http.ResponseWriter, request *http.Request) {
 		logic.ReturnErrorResponse(response, request, errorResponse)
 		return
 	}
+
+	// Create EMQX creds if not found
+	if servercfg.GetBrokerType() == servercfg.EmqxBrokerType {
+		if err := mq.CreateEmqxUser(host.ID.String(), host.HostPass, false); err != nil {
+			slog.Error("failed to create host credentials for EMQX: ", err.Error())
+		} else {
+			if err := mq.CreateHostACL(host.ID.String(), servercfg.GetServerInfo().Server); err != nil {
+				slog.Error("failed to add host ACL rules to EMQX: ", err.Error())
+			}
+		}
+	}
+
 	response.WriteHeader(http.StatusOK)
 	response.Header().Set("Content-Type", "application/json")
 	response.Write(successJSONResponse)

From 607e7e19d0704d66b25fefeaedda913540d2af62 Mon Sep 17 00:00:00 2001
From: Farukh Khan <farukhkhan21@gmail.com>
Date: Wed, 22 Nov 2023 19:37:22 +0800
Subject: [PATCH 3/3] added node acls update

* added node acls update.
---
 controllers/hosts.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/controllers/hosts.go b/controllers/hosts.go
index 0046f9edb..5b3466a7e 100644
--- a/controllers/hosts.go
+++ b/controllers/hosts.go
@@ -479,7 +479,7 @@ func authenticateHost(response http.ResponseWriter, request *http.Request) {
 		return
 	}
 
-	// Create EMQX creds if not found
+	// Create EMQX creds and ACLs if not found
 	if servercfg.GetBrokerType() == servercfg.EmqxBrokerType {
 		if err := mq.CreateEmqxUser(host.ID.String(), host.HostPass, false); err != nil {
 			slog.Error("failed to create host credentials for EMQX: ", err.Error())
@@ -487,6 +487,15 @@ func authenticateHost(response http.ResponseWriter, request *http.Request) {
 			if err := mq.CreateHostACL(host.ID.String(), servercfg.GetServerInfo().Server); err != nil {
 				slog.Error("failed to add host ACL rules to EMQX: ", err.Error())
 			}
+			for _, nodeID := range host.Nodes {
+				if node, err := logic.GetNodeByID(nodeID); err == nil {
+					if err = mq.AppendNodeUpdateACL(host.ID.String(), node.Network, node.ID.String(), servercfg.GetServer()); err != nil {
+						slog.Error("failed to add ACLs for EMQX node", "error", err)
+					}
+				} else {
+					slog.Error("failed to get node", "nodeid", nodeID, "error", err)
+				}
+			}
 		}
 	}