Skip to content

Mqtt#135

Open
corrancho wants to merge 6 commits into
espressif:masterfrom
corrancho:mqtt
Open

Mqtt#135
corrancho wants to merge 6 commits into
espressif:masterfrom
corrancho:mqtt

Conversation

@corrancho

Copy link
Copy Markdown

Description

Related

Testing


Checklist

Before submitting a Pull Request, please ensure the following:

  • 🚨 This PR does not introduce breaking changes.
  • All CI checks (GH Actions) pass.
  • Documentation is updated as needed.
  • Tests are updated or added as necessary.
  • Code is well-commented, especially in complex areas.
  • Git history is clean — commits are squashed to the minimum necessary.

Wrap the ESP-IDF esp-mqtt client in a new lua_module_mqtt component, add the APP_CLAW_LUA_MODULE_MQTT Kconfig option and app_claw registration, enable it in the edge_agent defaults, and document the module in the EN/ZH lua-modules reference.
Store broker URL, username, password, and client id in settings_store
(NVS) and expose them through a dedicated MqttPage in the web config UI,
following the per-subsystem page pattern.

The values flow app_config -> app_claw_config -> the Lua mqtt module via
lua_module_mqtt_set_defaults(), so scripts can call mqtt.new() with no
arguments to reuse the configured broker, or override per call.
@CLAassistant

CLAassistant commented Jun 26, 2026

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

Add MQTT JWT authentication (for brokers like EMQX) and protect the MQTT
settings behind a developer-mode switch, in the edge_agent app only
(mcp_server_point has no MQTT config).

JWT auth:
- New persisted field mqtt_jwt across the config chain: app_config
  struct/defaults/NVS field, app_claw config struct, config API field,
  and the frontend AppConfig + mqtt group. The lua_module_mqtt module is
  not touched.
- JWT gets its own 1024-byte buffer (APP_CONFIG_MQTT_JWT_LEN /
  APP_CLAW_MQTT_JWT_LEN) instead of reusing the 320-byte string length —
  EMQX JWTs with claims easily exceed 320 and would otherwise truncate.
- Auth selection lives where the broker defaults are seeded
  (app_lua_register_mqtt): when mqtt_jwt is set it is passed in the
  password slot and takes priority; otherwise the plain password is used,
  so username/password auth is unchanged when no JWT is configured.
- Frontend: a separate "JWT Token" password field on the MQTT page.

Developer mode (mirrors FilesPage):
- A dev-mode toggle that starts OFF and asks for confirmation when
  enabled. While OFF the MQTT fields are read-only and Save is disabled;
  enabling it unlocks editing and the destructive action.
- A "Clear credentials" button, enabled only in dev mode (with a confirm
  and a guard), wipes all MQTT credentials (uri, username, password, jwt)
  to empty in NVS.
- New i18n keys (en + zh-cn) for the JWT field, dev mode, and clearing.

Verified on hardware: a 441-char JWT persists intact (would truncate at
320), and clearing empties all four MQTT fields.
Add a "Test connection" button that probes the stored MQTT broker
credentials on demand. There is no persistent app-level MQTT connection
to read, so this is a one-shot probe, not a live monitor.

- New endpoint POST /api/mqtt/probe (in http_server_config_api.c): loads
  the saved config, spins up a throwaway esp-mqtt client using the same
  JWT-or-password auth logic as the runtime, waits up to 4s for it to
  connect or error, and reports {connected: bool}. An empty broker URL
  returns {connected:false, reason:"not configured"}. The probe client is
  always stopped and destroyed (success, failure or timeout) — no leaked
  connections. network.timeout_ms is bounded so an unreachable broker
  fails fast instead of blocking teardown. Adds the mqtt component to the
  http_server REQUIRES. lua_module_mqtt is not touched.
- Frontend: a read-only "Test connection" button (works without dev mode)
  and a badge showing only the LAST test result, not live status — grey
  "Not tested", green "Last test: OK", red "Last test: failed". New i18n
  keys in en + zh-cn.

Verified on hardware: valid creds connect, a wrong password and an
unreachable broker both report failed (the latter without hanging), and
an empty URL reports not configured.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants