diff --git a/server/auth.go b/server/auth.go index a15f1b7c..d9856d60 100644 --- a/server/auth.go +++ b/server/auth.go @@ -536,17 +536,13 @@ func (s *Server) isLeafNodeAuthorized(c *client) bool { // Grab under lock but process after. var ( - opts *Options - juc *jwt.UserClaims - acc *Account - err error + juc *jwt.UserClaims + acc *Account + err error ) s.mu.Lock() - // Grab options - opts = s.opts - // Check if we have trustedKeys defined in the server. If so we require a user jwt. if s.trustedKeys != nil { if c.opts.JWT == "" { @@ -617,7 +613,6 @@ func (s *Server) isLeafNodeAuthorized(c *client) bool { // Generate a connect event if we have a system account. // FIXME(dlc) - Make one for leafnodes if we track active connections. - //s.accountConnectEvent(c) // Check if we need to set an auth timer if the user jwt expires. c.checkExpiration(juc.Claims()) @@ -625,10 +620,11 @@ func (s *Server) isLeafNodeAuthorized(c *client) bool { } // Snapshot server options. + opts := s.getOpts() + if opts.LeafNode.Username == "" { return true } - if opts.LeafNode.Username != c.opts.Username { return false } diff --git a/server/opts.go b/server/opts.go index 343218be..3e052726 100644 --- a/server/opts.go +++ b/server/opts.go @@ -925,7 +925,7 @@ func parseGateway(v interface{}, o *Options, errors *[]error, warnings *[]error) return nil } -// parseCluster will parse the cluster config. +// parseLeafNodes will parse the leaf node config. func parseLeafNodes(v interface{}, opts *Options, errors *[]error, warnings *[]error) error { tk, v := unwrapValue(v) cm, ok := v.(map[string]interface{}) diff --git a/server/server.go b/server/server.go index 46d44993..2e862b9c 100644 --- a/server/server.go +++ b/server/server.go @@ -710,6 +710,7 @@ func (s *Server) registerAccount(acc *Account) { // already created (global account), so use locking and // make sure we create only if needed. acc.mu.Lock() + // TODO(dlc)- Double check that we need this for GWs. if acc.rm == nil && s.opts != nil && s.shouldTrackSubscriptions() { acc.rm = make(map[string]int32) }