diff --git a/go.mod b/go.mod index 37e824dd..a6ec3675 100644 --- a/go.mod +++ b/go.mod @@ -1,7 +1,9 @@ module github.com/nats-io/nats-server/v2 +go 1.14 + require ( - github.com/nats-io/jwt v0.3.2 + github.com/nats-io/jwt v0.3.3-0.20200518170137-30f114e718e5 github.com/nats-io/nats.go v1.10.0 github.com/nats-io/nkeys v0.1.4 github.com/nats-io/nuid v1.0.1 diff --git a/go.sum b/go.sum index 00112e77..027a6da4 100644 --- a/go.sum +++ b/go.sum @@ -10,6 +10,8 @@ github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/nats-io/jwt v0.3.2 h1:+RB5hMpXUUA2dfxuhBTEkMOrYmM+gKIZYS1KjSostMI= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= +github.com/nats-io/jwt v0.3.3-0.20200518170137-30f114e718e5 h1:40V9gdHmRGIdq9noIWniB/nUugi/YF8+mdbkYEBBc5A= +github.com/nats-io/jwt v0.3.3-0.20200518170137-30f114e718e5/go.mod h1:n3cvmLfBfnpV4JJRN7lRYCyZnw48ksGsbThGXEk4w9M= github.com/nats-io/nats.go v1.10.0 h1:L8qnKaofSfNFbXg0C5F71LdjPRnmQwSsA4ukmkt1TvY= github.com/nats-io/nats.go v1.10.0/go.mod h1:AjGArbfyR50+afOUotNX2Xs5SYHf+CoOa5HH1eEl2HE= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= diff --git a/vendor/github.com/nats-io/jwt/creds_utils.go b/vendor/github.com/nats-io/jwt/creds_utils.go index bb913dc1..265057f1 100644 --- a/vendor/github.com/nats-io/jwt/creds_utils.go +++ b/vendor/github.com/nats-io/jwt/creds_utils.go @@ -82,7 +82,7 @@ NKEYs are sensitive and should be treated as secrets. return w.Bytes(), nil } -var userConfigRE = regexp.MustCompile(`\s*(?:(?:[-]{3,}[^\n]*[-]{3,}\n)(.+)(?:\n\s*[-]{3,}[^\n]*[-]{3,}\n))`) +var userConfigRE = regexp.MustCompile(`\s*(?:(?:[-]{3,}.*[-]{3,}\r?\n)([\w\-.=]+)(?:\r?\n[-]{3,}.*[-]{3,}\r?\n))`) // An user config file looks like this: // -----BEGIN NATS USER JWT----- diff --git a/vendor/github.com/nats-io/jwt/go.mod b/vendor/github.com/nats-io/jwt/go.mod index a780dde9..eebea6c2 100644 --- a/vendor/github.com/nats-io/jwt/go.mod +++ b/vendor/github.com/nats-io/jwt/go.mod @@ -1,3 +1,5 @@ module github.com/nats-io/jwt -require github.com/nats-io/nkeys v0.1.3 +require github.com/nats-io/nkeys v0.1.4 + +go 1.13 diff --git a/vendor/github.com/nats-io/jwt/go.sum b/vendor/github.com/nats-io/jwt/go.sum index 9baf67f5..5e6e47e0 100644 --- a/vendor/github.com/nats-io/jwt/go.sum +++ b/vendor/github.com/nats-io/jwt/go.sum @@ -1,8 +1,8 @@ -github.com/nats-io/nkeys v0.1.3 h1:6JrEfig+HzTH85yxzhSVbjHRJv9cn0p6n3IngIcM5/k= -github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= +github.com/nats-io/nkeys v0.1.4 h1:aEsHIssIk6ETN5m2/MD8Y4B2X7FfXrBAUdkyRvbVYzA= +github.com/nats-io/nkeys v0.1.4/go.mod h1:XdZpAbhgyyODYqjTawOnIOI7VlbKSarI9Gfy1tqEu/s= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM= +golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/vendor/github.com/nats-io/jwt/operator_claims.go b/vendor/github.com/nats-io/jwt/operator_claims.go index 6a99597b..3c4d4a17 100644 --- a/vendor/github.com/nats-io/jwt/operator_claims.go +++ b/vendor/github.com/nats-io/jwt/operator_claims.go @@ -40,6 +40,8 @@ type Operator struct { // A list of NATS urls (tls://host:port) where tools can connect to the server // using proper credentials. OperatorServiceURLs StringList `json:"operator_service_urls,omitempty"` + // Identity of the system account + SystemAccount string `json:"system_account,omitempty"` } // Validate checks the validity of the operators contents @@ -63,6 +65,12 @@ func (o *Operator) Validate(vr *ValidationResults) { vr.AddError("%s is not an operator public key", k) } } + + if o.SystemAccount != "" { + if !nkeys.IsValidPublicAccountKey(o.SystemAccount) { + vr.AddError("%s is not an account public key", o.SystemAccount) + } + } } func (o *Operator) validateAccountServerURL() error { diff --git a/vendor/github.com/nats-io/jwt/types.go b/vendor/github.com/nats-io/jwt/types.go index a1f09fd9..e729c7eb 100644 --- a/vendor/github.com/nats-io/jwt/types.go +++ b/vendor/github.com/nats-io/jwt/types.go @@ -241,8 +241,6 @@ type Permissions struct { // Validate the pub and sub fields in the permissions list func (p *Permissions) Validate(vr *ValidationResults) { - p.Pub.Validate(vr) - p.Sub.Validate(vr) if p.Resp != nil { p.Resp.Validate(vr) } diff --git a/vendor/github.com/nats-io/jwt/user_claims.go b/vendor/github.com/nats-io/jwt/user_claims.go index 0ec1da3f..78fe6a95 100644 --- a/vendor/github.com/nats-io/jwt/user_claims.go +++ b/vendor/github.com/nats-io/jwt/user_claims.go @@ -25,12 +25,14 @@ import ( type User struct { Permissions Limits + BearerToken bool `json:"bearer_token,omitempty"` } // Validate checks the permissions and limits in a User jwt func (u *User) Validate(vr *ValidationResults) { u.Permissions.Validate(vr) u.Limits.Validate(vr) + // When BearerToken is true server will ignore any nonce-signing verification } // UserClaims defines a user JWT @@ -97,3 +99,8 @@ func (u *UserClaims) Payload() interface{} { func (u *UserClaims) String() string { return u.ClaimsData.String(u) } + +// IsBearerToken returns true if nonce-signing requirements should be skipped +func (u *UserClaims) IsBearerToken() bool { + return u.BearerToken +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 249024a0..eb1e2181 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,6 +1,4 @@ -# github.com/golang/protobuf v1.3.5 -## explicit -# github.com/nats-io/jwt v0.3.2 +# github.com/nats-io/jwt v0.3.3-0.20200518170137-30f114e718e5 ## explicit github.com/nats-io/jwt # github.com/nats-io/nats.go v1.10.0 @@ -27,3 +25,5 @@ golang.org/x/sys/windows/registry golang.org/x/sys/windows/svc golang.org/x/sys/windows/svc/eventlog golang.org/x/sys/windows/svc/mgr +# google.golang.org/protobuf v1.22.0 +## explicit