From f31c40408c656c6832c1c8e86c409f81c923bb4e Mon Sep 17 00:00:00 2001
From: Abhishek Kondur <abhi281342@gmail.com>
Date: Wed, 28 Sep 2022 21:05:27 +0530
Subject: [PATCH] get password from secret file

---
 compose/docker-compose.yml    | 11 +++++------
 docker/mosquitto.conf         |  2 ++
 netclient/functions/daemon.go | 18 ++++++++++++++----
 3 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml
index 9c8bc524..57a28d92 100644
--- a/compose/docker-compose.yml
+++ b/compose/docker-compose.yml
@@ -122,14 +122,13 @@ services:
       - "8883"
     labels:
       - traefik.enable=true
-      - traefik.tcp.routers.mqtts.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`)
-      - traefik.tcp.routers.mqtts.tls.passthrough=true
-      - traefik.tcp.services.mqtts-svc.loadbalancer.server.port=8883
-      - traefik.tcp.routers.mqtts.service=mqtts-svc
-      - traefik.tcp.routers.mqtts.entrypoints=websecure
+      - traefik.tcp.routers.mqtt.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`)
+      - traefik.tcp.routers.mqtt.tls.certresolver=http
+      - traefik.tcp.services.mqtt.loadbalancer.server.port=8883
+      - traefik.tcp.routers.mqtt.entrypoints=websecure
 volumes:
   traefik_certs: {}
   sqldata: {}
   dnsconfig: {}
   mosquitto_data: {}
-  mosquitto_logs: {}
\ No newline at end of file
+  mosquitto_logs: {}
diff --git a/docker/mosquitto.conf b/docker/mosquitto.conf
index 9131666b..924314e6 100644
--- a/docker/mosquitto.conf
+++ b/docker/mosquitto.conf
@@ -1,8 +1,10 @@
 per_listener_settings false
 listener 8883
 allow_anonymous false
+
 listener 1883
 allow_anonymous false
+
 plugin /usr/lib/mosquitto_dynamic_security.so
 plugin_opt_config_file /mosquitto/data/dynamic-security.json
 
diff --git a/netclient/functions/daemon.go b/netclient/functions/daemon.go
index d8661768..95faf0de 100644
--- a/netclient/functions/daemon.go
+++ b/netclient/functions/daemon.go
@@ -237,8 +237,14 @@ func setupMQTTSingleton(cfg *config.ClientConfig) error {
 	opts := mqtt.NewClientOptions()
 	server := cfg.Server.Server
 	port := cfg.Server.MQPort
-	opts.AddBroker("tcp://" + server + ":" + port)
-	mqclient = mqtt.NewClient(opts)
+	pass, err := os.ReadFile(ncutils.GetNetclientPathSpecific() + "secret-" + cfg.Network)
+	if err != nil {
+		return fmt.Errorf("could not read secrets file %w", err)
+	}
+	opts.AddBroker("mqtts://" + server + ":" + port)
+	opts.SetUsername(cfg.Node.ID)
+	opts.SetPassword(string(pass))
+	mqclient := mqtt.NewClient(opts)
 	var connecterr error
 	opts.SetClientID(ncutils.MakeRandomString(23))
 	if token := mqclient.Connect(); !token.WaitTimeout(30*time.Second) || token.Error() != nil {
@@ -258,9 +264,13 @@ func setupMQTT(cfg *config.ClientConfig) error {
 	opts := mqtt.NewClientOptions()
 	server := cfg.Server.Server
 	port := cfg.Server.MQPort
-	opts.AddBroker(fmt.Sprintf("tcp://%s:%s", server, port))
+	pass, err := os.ReadFile(ncutils.GetNetclientPathSpecific() + "secret-" + cfg.Network)
+	if err != nil {
+		return fmt.Errorf("could not read secrets file %w", err)
+	}
+	opts.AddBroker(fmt.Sprintf("mqtts://%s:%s", server, port))
 	opts.SetUsername(cfg.Node.ID)
-	opts.SetPassword(cfg.Node.Password)
+	opts.SetPassword(string(pass))
 	opts.SetClientID(ncutils.MakeRandomString(23))
 	opts.SetDefaultPublishHandler(All)
 	opts.SetAutoReconnect(true)