diff --git a/go.mod b/go.mod index a877def0..25330218 100644 --- a/go.mod +++ b/go.mod @@ -1,7 +1,8 @@ module github.com/nats-io/nats-server/v2 require ( - github.com/nats-io/jwt v0.2.16 + github.com/golang/protobuf v1.3.2 // indirect + github.com/nats-io/jwt v0.3.0 github.com/nats-io/nats.go v1.8.1 github.com/nats-io/nkeys v0.1.0 github.com/nats-io/nuid v1.0.1 diff --git a/go.sum b/go.sum index 293ce94c..15cb39be 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ -github.com/nats-io/jwt v0.2.16 h1:7lZ34jS9YAnW3gg/CITJuxjZnSI69kx/rgQAW4ro7G8= -github.com/nats-io/jwt v0.2.16/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= +github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/nats-io/jwt v0.3.0 h1:xdnzwFETV++jNc4W1mw//qFyJGb2ABOombmZJQS4+Qo= +github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/nats.go v1.8.1 h1:6lF/f1/NN6kzUDBz6pyvQDEXO39jqXcWRLu/tKjtOUQ= github.com/nats-io/nats.go v1.8.1/go.mod h1:BrFz9vVn0fU3AcH9Vn4Kd7W0NpJ651tD5omQ3M8LwxM= github.com/nats-io/nkeys v0.0.2/go.mod h1:dab7URMsZm6Z/jp9Z5UGa87Uutgc2mVpXLC4B7TDb/4= diff --git a/vendor/github.com/nats-io/jwt/creds_utils.go b/vendor/github.com/nats-io/jwt/creds_utils.go index 75fcab6d..debc2bc7 100644 --- a/vendor/github.com/nats-io/jwt/creds_utils.go +++ b/vendor/github.com/nats-io/jwt/creds_utils.go @@ -132,8 +132,6 @@ func FormatUserConfig(jwtString string, seed []byte) ([]byte, error) { // ParseDecoratedJWT takes a creds file and returns the JWT portion. func ParseDecoratedJWT(contents []byte) (string, error) { - defer wipeSlice(contents) - items := userConfigRE.FindAllSubmatch(contents, -1) if len(items) == 0 { return string(contents), nil @@ -150,7 +148,6 @@ func ParseDecoratedJWT(contents []byte) (string, error) { // key pair from it. func ParseDecoratedNKey(contents []byte) (nkeys.KeyPair, error) { var seed []byte - defer wipeSlice(contents) items := userConfigRE.FindAllSubmatch(contents, -1) if len(items) > 1 { @@ -201,10 +198,3 @@ func ParseDecoratedUserNKey(contents []byte) (nkeys.KeyPair, error) { } return kp, nil } - -// Just wipe slice with 'x', for clearing contents of nkey seed file. -func wipeSlice(buf []byte) { - for i := range buf { - buf[i] = 'x' - } -} diff --git a/vendor/github.com/nats-io/jwt/exports.go b/vendor/github.com/nats-io/jwt/exports.go index 58d7e52e..c0993365 100644 --- a/vendor/github.com/nats-io/jwt/exports.go +++ b/vendor/github.com/nats-io/jwt/exports.go @@ -59,6 +59,16 @@ type ServiceLatency struct { Results Subject `json:"results"` } +func (sl *ServiceLatency) Validate(vr *ValidationResults) { + if sl.Sampling < 1 || sl.Sampling > 100 { + vr.AddError("sampling percentage needs to be between 1-100") + } + sl.Results.Validate(vr) + if sl.Results.HasWildCards() { + vr.AddError("results subject can not contain wildcards") + } +} + // Export represents a single export type Export struct { Name string `json:"name,omitempty"` @@ -111,13 +121,7 @@ func (e *Export) Validate(vr *ValidationResults) { if !e.IsService() { vr.AddError("latency tracking only permitted for services") } - if e.Latency.Sampling < 1 || e.Latency.Sampling > 100 { - vr.AddError("sampling percentage needs to be between 1-100") - } - if e.Latency.Results.HasWildCards() { - vr.AddError("results subject can not contain wildcards") - } - e.Latency.Results.Validate(vr) + e.Latency.Validate(vr) } e.Subject.Validate(vr) } diff --git a/vendor/github.com/nats-io/jwt/header.go b/vendor/github.com/nats-io/jwt/header.go index 73d1b055..468f30f7 100644 --- a/vendor/github.com/nats-io/jwt/header.go +++ b/vendor/github.com/nats-io/jwt/header.go @@ -23,7 +23,7 @@ import ( const ( // Version is semantic version. - Version = "0.2.16" + Version = "0.3.0" // TokenTypeJwt is the JWT token type supported JWT tokens // encoded and decoded by this library diff --git a/vendor/github.com/nats-io/jwt/imports.go b/vendor/github.com/nats-io/jwt/imports.go index b41f7000..8a0f0c98 100644 --- a/vendor/github.com/nats-io/jwt/imports.go +++ b/vendor/github.com/nats-io/jwt/imports.go @@ -120,7 +120,14 @@ type Imports []*Import // Validate checks if an import is valid for the wrapping account func (i *Imports) Validate(acctPubKey string, vr *ValidationResults) { + toSet := make(map[Subject]bool, len(*i)) for _, v := range *i { + if v.Type == Service { + if _, ok := toSet[v.To]; ok { + vr.AddError("Duplicate To subjects for %q", v.To) + } + toSet[v.To] = true + } v.Validate(acctPubKey, vr) } } diff --git a/vendor/github.com/nats-io/jwt/operator_claims.go b/vendor/github.com/nats-io/jwt/operator_claims.go index 1383b7ad..6a99597b 100644 --- a/vendor/github.com/nats-io/jwt/operator_claims.go +++ b/vendor/github.com/nats-io/jwt/operator_claims.go @@ -26,9 +26,19 @@ import ( // Operator specific claims type Operator struct { - Identities []Identity `json:"identity,omitempty"` - SigningKeys StringList `json:"signing_keys,omitempty"` - AccountServerURL string `json:"account_server_url,omitempty"` + // Slice of real identies (like websites) that can be used to identify the operator. + Identities []Identity `json:"identity,omitempty"` + // Slice of other operator NKeys that can be used to sign on behalf of the main + // operator identity. + SigningKeys StringList `json:"signing_keys,omitempty"` + // AccountServerURL is a partial URL like "https://host.domain.org:/jwt/v1" + // tools will use the prefix and build queries by appending /accounts/ + // or /operator to the path provided. Note this assumes that the account server + // can handle requests in a nats-account-server compatible way. See + // https://github.com/nats-io/nats-account-server. + AccountServerURL string `json:"account_server_url,omitempty"` + // A list of NATS urls (tls://host:port) where tools can connect to the server + // using proper credentials. OperatorServiceURLs StringList `json:"operator_service_urls,omitempty"` } diff --git a/vendor/modules.txt b/vendor/modules.txt index 8d2e79cc..058c0672 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,4 @@ -# github.com/nats-io/jwt v0.2.16 +# github.com/nats-io/jwt v0.3.0 github.com/nats-io/jwt # github.com/nats-io/nats.go v1.8.1 github.com/nats-io/nats.go