Documentation
¶
Index ¶
- Constants
- type NatsMsgServer
- func (srv *NatsMsgServer) ApplyAuth(clients []msgserver.ClientAuthInfo) error
- func (srv *NatsMsgServer) ConnectInProc(serviceID string) (*hubclient.HubClient, error)
- func (srv *NatsMsgServer) ConnectInProcNC(serviceID string, clientKP nkeys.KeyPair) (*nats.Conn, error)
- func (srv *NatsMsgServer) Core() string
- func (srv *NatsMsgServer) CreateJWTToken(authInfo msgserver.ClientAuthInfo) (newToken string, err error)
- func (srv *NatsMsgServer) CreateKeyPair() (string, string)
- func (srv *NatsMsgServer) CreateToken(authInfo msgserver.ClientAuthInfo) (token string, err error)
- func (srv *NatsMsgServer) GetClientAuth(clientID string) (msgserver.ClientAuthInfo, error)
- func (srv *NatsMsgServer) GetServerURLs() (tlsURL string, wssURL string, udsURL string)
- func (srv *NatsMsgServer) MakeJWTPermissions(clientInfo msgserver.ClientAuthInfo) jwt.Permissions
- func (srv *NatsMsgServer) MakePermissions(clientInfo msgserver.ClientAuthInfo) *server.Permissions
- func (srv *NatsMsgServer) SetRolePermissions(rolePerms map[string][]msgserver.RolePermission)
- func (srv *NatsMsgServer) SetServicePermissions(serviceID string, capability string, roles []string)
- func (srv *NatsMsgServer) Start() (err error)
- func (srv *NatsMsgServer) Stop()
- func (srv *NatsMsgServer) ValidateJWTToken(clientID string, tokenString string, signedNonce string, nonce string) error
- func (srv *NatsMsgServer) ValidateNKey(clientID string, pubKey string, signedNonce string, nonce string) (err error)
- func (srv *NatsMsgServer) ValidatePassword(loginID string, password string) error
- func (srv *NatsMsgServer) ValidateToken(clientID string, token string, signedNonce string, nonce string) (err error)
Constants ¶
const EventsIntakeStreamName = "$events"
EventsIntakeStreamName all group streams use this stream as their source
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type NatsMsgServer ¶
type NatsMsgServer struct {
Config *natsmsgserver.NatsServerConfig
NatsOpts server.Options
// contains filtered or unexported fields
}
NatsMsgServer runs an embedded NATS server using nkeys for authentication. this implements the IMsgServer interface See also the callouthook addon for adding JWT token support using nats callouts.
func NewNatsMsgServer ¶
func NewNatsMsgServer( cfg *natsmsgserver.NatsServerConfig, rolePermissions map[string][]msgserver.RolePermission) *NatsMsgServer
NewNatsMsgServer creates a new instance of the Hub NATS server for NKey authn.
func (*NatsMsgServer) ApplyAuth ¶
func (srv *NatsMsgServer) ApplyAuth(clients []msgserver.ClientAuthInfo) error
ApplyAuth reconfigures the server for authentication and authorization. For each client this applies the permissions associated with the client type and role.
Role permissions can be changed with 'SetRolePermissions'. Service permissions can be set with 'SetServicePermissions'
func (*NatsMsgServer) ConnectInProc ¶
func (srv *NatsMsgServer) ConnectInProc(serviceID string) (*hubclient.HubClient, error)
ConnectInProc establishes a connection to the server for core services. This connects in-process using the service key. Intended for the core services to connect to the server.
serviceID of the connecting service
func (*NatsMsgServer) ConnectInProcNC ¶
func (srv *NatsMsgServer) ConnectInProcNC(serviceID string, clientKP nkeys.KeyPair) (*nats.Conn, error)
ConnectInProcNC establishes a nats connection to the server for core services. This connects in-process using the service key. Intended for the core services to connect to the server.
serviceID of the connecting service clientKey is optional alternate key or nil to use the built-in core service ID
func (*NatsMsgServer) Core ¶
func (srv *NatsMsgServer) Core() string
func (*NatsMsgServer) CreateJWTToken ¶
func (srv *NatsMsgServer) CreateJWTToken(authInfo msgserver.ClientAuthInfo) (newToken string, err error)
CreateJWTToken returns a new user jwt token signed by the issuer account.
Note1 in server mode the issuer account must be the same account as that of the callout client. i.e.: callout cannot issue a token for a different account. Note2 in callout the generated JWT must contain the on-the-fly generated public key for some reason, not he user's public key
clientID is the user's login/connect ID which is added as the token ID pubKey is the users's public key which goes into the subject field of the jwt token, use "" for client on record
func (*NatsMsgServer) CreateKeyPair ¶
func (srv *NatsMsgServer) CreateKeyPair() (string, string)
CreateKeyPair creates a serialized private and public key pair NOTE: intended for testing. Might be deprecated in the future.
func (*NatsMsgServer) CreateToken ¶
func (srv *NatsMsgServer) CreateToken(authInfo msgserver.ClientAuthInfo) (token string, err error)
CreateToken create a new authentication token for a client In NKey mode this returns the public key. In Callout mode this returns a JWT token with permissions.
func (*NatsMsgServer) GetClientAuth ¶
func (srv *NatsMsgServer) GetClientAuth(clientID string) (msgserver.ClientAuthInfo, error)
GetClientAuth returns the client auth info for the given ID
func (*NatsMsgServer) GetServerURLs ¶
func (srv *NatsMsgServer) GetServerURLs() (tlsURL string, wssURL string, udsURL string)
GetServerURLs is the URL used to connect to this server. This is set on Start
func (*NatsMsgServer) MakeJWTPermissions ¶
func (srv *NatsMsgServer) MakeJWTPermissions(clientInfo msgserver.ClientAuthInfo) jwt.Permissions
MakeJWTPermissions constructs a permissions object for use in a JWT token. Nats calllout doesn't use the nats server permissions so convert it to JWT perm.
func (*NatsMsgServer) MakePermissions ¶
func (srv *NatsMsgServer) MakePermissions(clientInfo msgserver.ClientAuthInfo) *server.Permissions
MakePermissions constructs a permissions object for a client
Clients that are sources (device,service) receive hard-coded permissions, while users (user,service) permissions are based on their role.
func (*NatsMsgServer) SetRolePermissions ¶
func (srv *NatsMsgServer) SetRolePermissions( rolePerms map[string][]msgserver.RolePermission)
SetRolePermissions sets a custom map of user role->[]permissions
func (*NatsMsgServer) SetServicePermissions ¶
func (srv *NatsMsgServer) SetServicePermissions( serviceID string, capability string, roles []string)
SetServicePermissions adds the service permissions to the roles
func (*NatsMsgServer) Start ¶
func (srv *NatsMsgServer) Start() (err error)
Start the NATS server with the given configuration and create an event ingress stream
Config.Setup must have been called first.
func (*NatsMsgServer) ValidateJWTToken ¶
func (srv *NatsMsgServer) ValidateJWTToken( clientID string, tokenString string, signedNonce string, nonce string) error
ValidateJWTToken verifies a NATS JWT token
- verify if jwtToken is a valid token
- validate the token isn't expired
- verify the user's public key's nonce based signature this can only be signed when the user has its private key
- verify the issuer is the signing/account key.
Verifying the signedNonce is optional. Use "" to ignore.
func (*NatsMsgServer) ValidateNKey ¶
func (srv *NatsMsgServer) ValidateNKey( clientID string, pubKey string, signedNonce string, nonce string) (err error)
ValidateNKey checks if the given nkey and nounce belongs the clientID and is valid. Intended for use by callout to verify nkey with nonce.
Verifying the signedNonce is optional. Use "" to ignore.
func (*NatsMsgServer) ValidatePassword ¶
func (srv *NatsMsgServer) ValidatePassword(loginID string, password string) error
ValidatePassword checks if the given password matches the user
func (*NatsMsgServer) ValidateToken ¶
func (srv *NatsMsgServer) ValidateToken( clientID string, token string, signedNonce string, nonce string) (err error)
ValidateToken checks if the given token belongs the clientID and is valid. When keys is used this returns success When nkeys is not used this validates the JWT token
Verifying the signedNonce is optional. Use "" to ignore.
Source Files