service

package

v0.0.0-...-147f0cf Latest Latest Go to latest Published: Oct 27, 2023 License: MIT Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hiveot/hub

Documentation ¶

Index ¶

Constants
type NatsMsgServer
- func NewNatsMsgServer(cfg *natsmsgserver.NatsServerConfig, ...) *NatsMsgServer

Constants ¶

View Source

const EventsIntakeStreamName = "$events"

EventsIntakeStreamName all group streams use this stream as their source

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type NatsMsgServer ¶

type NatsMsgServer struct {
	Config   *natsmsgserver.NatsServerConfig
	NatsOpts server.Options
	// contains filtered or unexported fields
}

NatsMsgServer runs an embedded NATS server using nkeys for authentication. this implements the IMsgServer interface See also the callouthook addon for adding JWT token support using nats callouts.

func NewNatsMsgServer ¶

func NewNatsMsgServer(
	cfg *natsmsgserver.NatsServerConfig, rolePermissions map[string][]msgserver.RolePermission) *NatsMsgServer

NewNatsMsgServer creates a new instance of the Hub NATS server for NKey authn.

func (*NatsMsgServer) ApplyAuth ¶

func (srv *NatsMsgServer) ApplyAuth(clients []msgserver.ClientAuthInfo) error

ApplyAuth reconfigures the server for authentication and authorization. For each client this applies the permissions associated with the client type and role.

Role permissions can be changed with 'SetRolePermissions'.
Service permissions can be set with 'SetServicePermissions'

func (*NatsMsgServer) ConnectInProc ¶

func (srv *NatsMsgServer) ConnectInProc(serviceID string) (*hubclient.HubClient, error)

ConnectInProc establishes a connection to the server for core services. This connects in-process using the service key. Intended for the core services to connect to the server.

serviceID of the connecting service

func (*NatsMsgServer) ConnectInProcNC ¶

func (srv *NatsMsgServer) ConnectInProcNC(serviceID string, clientKP nkeys.KeyPair) (*nats.Conn, error)

ConnectInProcNC establishes a nats connection to the server for core services. This connects in-process using the service key. Intended for the core services to connect to the server.

serviceID of the connecting service
clientKey is optional alternate key or nil to use the built-in core service ID

func (*NatsMsgServer) Core ¶

func (srv *NatsMsgServer) Core() string

func (*NatsMsgServer) CreateJWTToken ¶

func (srv *NatsMsgServer) CreateJWTToken(authInfo msgserver.ClientAuthInfo) (newToken string, err error)

CreateJWTToken returns a new user jwt token signed by the issuer account.

Note1 in server mode the issuer account must be the same account as that of the callout client. i.e.: callout cannot issue a token for a different account. Note2 in callout the generated JWT must contain the on-the-fly generated public key for some reason, not he user's public key

clientID is the user's login/connect ID which is added as the token ID
pubKey is the users's public key which goes into the subject field of the jwt token, use "" for client on record

func (*NatsMsgServer) CreateKeyPair ¶

func (srv *NatsMsgServer) CreateKeyPair() (string, string)

CreateKeyPair creates a serialized private and public key pair NOTE: intended for testing. Might be deprecated in the future.

func (*NatsMsgServer) CreateToken ¶

func (srv *NatsMsgServer) CreateToken(authInfo msgserver.ClientAuthInfo) (token string, err error)

CreateToken create a new authentication token for a client In NKey mode this returns the public key. In Callout mode this returns a JWT token with permissions.

func (*NatsMsgServer) GetClientAuth ¶

func (srv *NatsMsgServer) GetClientAuth(clientID string) (msgserver.ClientAuthInfo, error)

GetClientAuth returns the client auth info for the given ID

func (*NatsMsgServer) GetServerURLs ¶

func (srv *NatsMsgServer) GetServerURLs() (tlsURL string, wssURL string, udsURL string)

GetServerURLs is the URL used to connect to this server. This is set on Start

func (*NatsMsgServer) MakeJWTPermissions ¶

func (srv *NatsMsgServer) MakeJWTPermissions(clientInfo msgserver.ClientAuthInfo) jwt.Permissions

MakeJWTPermissions constructs a permissions object for use in a JWT token. Nats calllout doesn't use the nats server permissions so convert it to JWT perm.

func (*NatsMsgServer) MakePermissions ¶

func (srv *NatsMsgServer) MakePermissions(clientInfo msgserver.ClientAuthInfo) *server.Permissions

MakePermissions constructs a permissions object for a client

Clients that are sources (device,service) receive hard-coded permissions, while users (user,service) permissions are based on their role.

func (*NatsMsgServer) SetRolePermissions ¶

func (srv *NatsMsgServer) SetRolePermissions(
	rolePerms map[string][]msgserver.RolePermission)

SetRolePermissions sets a custom map of user role->[]permissions

func (*NatsMsgServer) SetServicePermissions ¶

func (srv *NatsMsgServer) SetServicePermissions(
	serviceID string, capability string, roles []string)

SetServicePermissions adds the service permissions to the roles

func (*NatsMsgServer) Start ¶

func (srv *NatsMsgServer) Start() (err error)

Start the NATS server with the given configuration and create an event ingress stream

Config.Setup must have been called first.

func (*NatsMsgServer) Stop ¶

func (srv *NatsMsgServer) Stop()

Stop the server

func (*NatsMsgServer) ValidateJWTToken ¶

func (srv *NatsMsgServer) ValidateJWTToken(
	clientID string, tokenString string, signedNonce string, nonce string) error

ValidateJWTToken verifies a NATS JWT token

verify if jwtToken is a valid token
validate the token isn't expired
verify the user's public key's nonce based signature this can only be signed when the user has its private key
verify the issuer is the signing/account key.

Verifying the signedNonce is optional. Use "" to ignore.

func (*NatsMsgServer) ValidateNKey ¶

func (srv *NatsMsgServer) ValidateNKey(
	clientID string, pubKey string, signedNonce string, nonce string) (err error)

ValidateNKey checks if the given nkey and nounce belongs the clientID and is valid. Intended for use by callout to verify nkey with nonce.

Verifying the signedNonce is optional. Use "" to ignore.

func (*NatsMsgServer) ValidatePassword ¶

func (srv *NatsMsgServer) ValidatePassword(loginID string, password string) error

ValidatePassword checks if the given password matches the user

func (*NatsMsgServer) ValidateToken ¶

func (srv *NatsMsgServer) ValidateToken(
	clientID string, token string, signedNonce string, nonce string) (err error)

ValidateToken checks if the given token belongs the clientID and is valid. When keys is used this returns success When nkeys is not used this validates the JWT token

Verifying the signedNonce is optional. Use "" to ignore.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL