Is there a way to do authorization decisions in repsecxt to the payload of a message?

[raphaelahrens]

I wanted to write a plugin for RabbitMQ which can make authorizations decisions in with a label which is part of the payload of the message.
The idea was to check an incoming message for an exchange and set the label of the exchange to the label of the highest message.

I first though that by writing an AutZ-Plugin this should be simple, just unpack the payload in the check_*_access functions and get the label.

But to my surprise the Payload/Msg is not part of the AuthzContext .
I then looked into other ways to intercept the handling of the messages to get the payload and found Channel interceptors, but they only work for AMQP and not MQTT, since the MQTT plugin does not call the channel_interceptor.

Looking into the code of the MQTT-Plugin I don't see why it was not possible to include the Msg into the AuthZContext

rabbitmq-server/deps/rabbitmq_mqtt/src/rabbit_mqtt_processor.erl

Lines 1527 to 1534 in 9b33e01

	publish_to_queues_with_checks(
	Msg = #mqtt_msg{topic = Topic,
	retain = Retain},
	State = #state{cfg = #cfg{exchange = Exchange,
	retainer_pid = RPid},
	auth_state = #auth_state{user = User,
	authz_ctx = AuthzCtx}}) ->
	case check_resource_access(User, Exchange, write, AuthzCtx) of

Is there a reason for this decision?
Is there a another way than the channel interceptors to access the payload?

Other reason for doing checks on the payload

• length restrictions
• signatures checks

[michaelklishin]

There is no. RabbitMQ treats message payload as an opaque sequence of bytes. With the exception of dead lettering, the message time stamp and node stamp plugins, RabbitMQ does not mess with messages. Even then it does not touch the payload.

Authorization steps happen in the context of a protocol operation but message bodies are not present or involved at those moments.