From 8ac5f955e097573fb02c4da78a12a7865089cf8c Mon Sep 17 00:00:00 2001 From: DjeAvd Date: Fri, 24 Apr 2026 09:17:46 +0100 Subject: [PATCH] feat(gateway): add MQTTS support with TLS and authentication MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add TLS support via mqtt.Client.tls_set() - Add username/password authentication - Password loaded from MQTT_PASSWORD environment variable - Username and TLS flag read from config.json Assisted-by: Claude:claude-sonnet-4-6 — guidance on paho-mqtt TLS API and environment variable pattern for secret management --- gateway/gateway.py | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/gateway/gateway.py b/gateway/gateway.py index 2633414..3d15534 100644 --- a/gateway/gateway.py +++ b/gateway/gateway.py @@ -19,10 +19,10 @@ class Gateway: """BLE advertising listener and MQTT publisher for Nordic Thingy:52 nodes.""" # Advertising payload keys as defined in the firmware specification - KEY_WINDOW = 0x01 + KEY_WINDOW = 0x01 KEY_HUMIDITY = 0x02 - KEY_TEMP = 0x03 - KEY_CO2 = 0x04 + KEY_TEMP = 0x03 + KEY_CO2 = 0x04 def __init__(self, config: dict): self.gateway_id = config["gateway_id"] @@ -39,6 +39,20 @@ class Gateway: self.mqttc = mqtt.Client( callback_api_version=mqtt.CallbackAPIVersion.VERSION2 ) + + # Authentication — username from config, password from environment variable + username = config["mqtt"].get("username") + password = os.environ.get("MQTT_PASSWORD") + if username: + self.mqttc.username_pw_set(username, password) + log.info(f"MQTT authentication configured for user: {username}") + + # TLS — enabled if specified in config + # Required for MQTTS connections (port 8883) + if config["mqtt"].get("tls", False): + self.mqttc.tls_set() + log.info("TLS enabled") + self.mqttc.connect(self.mqtt_broker, self.mqtt_port) self.mqttc.loop_start() log.info("MQTT client connected")