diff --git a/TODO.md b/TODO.md index 39f7089c..5c507fcf 100644 --- a/TODO.md +++ b/TODO.md @@ -1,6 +1,7 @@ # General +- [ ] Blacklist or ERR escalation to close connection for auth/permissions - [ ] Protocol updates, MAP, MPUB, etc - [ ] Multiple listen endpoints - [ ] Websocket / HTTP2 strategy diff --git a/server/client.go b/server/client.go index d8c8385a..7ef290a2 100644 --- a/server/client.go +++ b/server/client.go @@ -171,6 +171,7 @@ func (c *client) RegisterUser(user *User) { c.mu.Lock() defer c.mu.Unlock() + // Pre-allocate all to simplify checks later. c.perms = &permissions{} c.perms.sub = NewSublist() c.perms.pub = NewSublist() @@ -641,7 +642,7 @@ func (c *client) processSub(argo []byte) (err error) { } // Check permissions if applicable. - if c.perms != nil && c.perms.sub != nil { + if c.perms != nil { r := c.perms.sub.Match(string(sub.subject)) if len(r.psubs) == 0 { c.mu.Unlock() @@ -884,7 +885,7 @@ func (c *client) processMsg(msg []byte) { } // Check if published subject is allowed if we have permissions in place. - if c.perms != nil && c.perms.pub != nil { + if c.perms != nil { allowed, ok := c.perms.pcache[string(c.pa.subject)] if ok && !allowed { c.pubPermissionViolation(c.pa.subject) diff --git a/server/errors.go b/server/errors.go index c972ee4b..3354d3f3 100644 --- a/server/errors.go +++ b/server/errors.go @@ -17,6 +17,6 @@ var ( // ErrMaxPayload represents an error condition when the payload is too big. ErrMaxPayload = errors.New("Maximum Payload Exceeded") - // ErrReservedPublish represents an error condition when the payload is too big. + // ErrReservedPublishSubject represents an error condition when sending to a reserved subject, e.g. _SYS.> ErrReservedPublishSubject = errors.New("Reserved Internal Subject") ) diff --git a/server/opts.go b/server/opts.go index bef89cb8..56ff4327 100644 --- a/server/opts.go +++ b/server/opts.go @@ -78,7 +78,7 @@ type Options struct { TLSConfig *tls.Config `json:"-"` } -// Configuration file quthorization section. +// Configuration file authorization section. type authorization struct { // Singles user string @@ -442,7 +442,7 @@ func parseSubjects(v interface{}) ([]string, error) { for _, i := range v.([]interface{}) { subject, ok := i.(string) if !ok { - return nil, fmt.Errorf("Subject in permissions array can not be cast to string") + return nil, fmt.Errorf("Subject in permissions array cannot be cast to string") } subjects = append(subjects, subject) } diff --git a/server/opts_test.go b/server/opts_test.go index 96d74623..18adf2cf 100644 --- a/server/opts_test.go +++ b/server/opts_test.go @@ -399,7 +399,7 @@ func TestMultipleUsersConfig(t *testing.T) { } // Test highly depends on contents of the config file listed below. Any changes to that file -// may very weel break this test. +// may very well break this test. func TestAuthorizationConfig(t *testing.T) { opts, err := ProcessConfigFile("./configs/authorization.conf") if err != nil { diff --git a/test/client_auth_test.go b/test/client_auth_test.go index e784f429..bec4a875 100644 --- a/test/client_auth_test.go +++ b/test/client_auth_test.go @@ -44,7 +44,7 @@ func TestMultipleUserAuth(t *testing.T) { nc, err = nats.Connect(url) if err != nil { - t.Fatalf("Expected a succesful connect, got %v\n", err) + t.Fatalf("Expected a successful connect, got %v\n", err) } defer nc.Close() } diff --git a/test/configs/authorization.conf b/test/configs/authorization.conf index 3bbe15e0..7b87be44 100644 --- a/test/configs/authorization.conf +++ b/test/configs/authorization.conf @@ -34,7 +34,7 @@ authorization { # Just foo for testing PASS: $2a$10$UHR6GhotWhpLsKtVP0/i6.Nh9.fuY73cWjLoJjb2sKT8KISBcUW5q - # Users listed with persmissions. + # Users listed with permissions. users = [ {user: alice, password: $PASS, permissions: $ADMIN} {user: bob, password: $PASS, permissions: $REQUESTOR}