From fcd215b18e8a218a1acfc1131fb88ba6370df5bf Mon Sep 17 00:00:00 2001 From: Waldemar Quevedo Date: Sun, 14 Mar 2021 23:01:37 -0700 Subject: [PATCH] go mod: vendoring and testing deps Signed-off-by: Waldemar Quevedo --- go.mod | 1 - go.sum | 47 - go_test.mod | 15 + .../nats-io/nats.go/go.sum => go_test.sum | 32 +- vendor/github.com/nats-io/jwt/.gitignore | 18 + vendor/github.com/nats-io/jwt/.travis.yml | 38 + .../nats-io/{nats.go => jwt}/LICENSE | 0 vendor/github.com/nats-io/jwt/Makefile | 31 + vendor/github.com/nats-io/jwt/README.md | 54 + vendor/github.com/nats-io/jwt/ReleaseNotes.md | 5 + .../github.com/nats-io/jwt/account_claims.go | 233 + .../nats-io/jwt/activation_claims.go | 166 + vendor/github.com/nats-io/jwt/claims.go | 305 ++ .../github.com/nats-io/jwt/cluster_claims.go | 98 + vendor/github.com/nats-io/jwt/creds_utils.go | 218 + vendor/github.com/nats-io/jwt/exports.go | 245 + vendor/github.com/nats-io/jwt/genericlaims.go | 73 + vendor/github.com/nats-io/jwt/go.mod | 5 + vendor/github.com/nats-io/jwt/go.sum | 9 + vendor/github.com/nats-io/jwt/header.go | 74 + vendor/github.com/nats-io/jwt/imports.go | 159 + .../github.com/nats-io/jwt/operator_claims.go | 211 + .../github.com/nats-io/jwt/revocation_list.go | 59 + .../github.com/nats-io/jwt/server_claims.go | 94 + vendor/github.com/nats-io/jwt/types.go | 334 ++ vendor/github.com/nats-io/jwt/user_claims.go | 106 + vendor/github.com/nats-io/jwt/validation.go | 118 + vendor/github.com/nats-io/nats.go/.gitignore | 42 - vendor/github.com/nats-io/nats.go/.travis.yml | 20 - .../nats-io/nats.go/CODE-OF-CONDUCT.md | 3 - .../github.com/nats-io/nats.go/GOVERNANCE.md | 3 - .../github.com/nats-io/nats.go/MAINTAINERS.md | 8 - vendor/github.com/nats-io/nats.go/README.md | 431 -- vendor/github.com/nats-io/nats.go/TODO.md | 26 - vendor/github.com/nats-io/nats.go/context.go | 243 - .../nats-io/nats.go/dependencies.md | 13 - vendor/github.com/nats-io/nats.go/enc.go | 269 - .../nats.go/encoders/builtin/default_enc.go | 117 - .../nats.go/encoders/builtin/gob_enc.go | 45 - .../nats.go/encoders/builtin/json_enc.go | 56 - vendor/github.com/nats-io/nats.go/go.mod | 11 - vendor/github.com/nats-io/nats.go/js.go | 1346 ----- vendor/github.com/nats-io/nats.go/jsm.go | 700 --- vendor/github.com/nats-io/nats.go/nats.go | 4680 ----------------- vendor/github.com/nats-io/nats.go/netchan.go | 111 - vendor/github.com/nats-io/nats.go/parser.go | 552 -- vendor/github.com/nats-io/nats.go/timer.go | 56 - vendor/github.com/nats-io/nats.go/util/tls.go | 27 - .../nats-io/nats.go/util/tls_go17.go | 49 - vendor/modules.txt | 7 +- 50 files changed, 2690 insertions(+), 8873 deletions(-) create mode 100644 go_test.mod rename vendor/github.com/nats-io/nats.go/go.sum => go_test.sum (75%) create mode 100644 vendor/github.com/nats-io/jwt/.gitignore create mode 100644 vendor/github.com/nats-io/jwt/.travis.yml rename vendor/github.com/nats-io/{nats.go => jwt}/LICENSE (100%) create mode 100644 vendor/github.com/nats-io/jwt/Makefile create mode 100644 vendor/github.com/nats-io/jwt/README.md create mode 100644 vendor/github.com/nats-io/jwt/ReleaseNotes.md create mode 100644 vendor/github.com/nats-io/jwt/account_claims.go create mode 100644 vendor/github.com/nats-io/jwt/activation_claims.go create mode 100644 vendor/github.com/nats-io/jwt/claims.go create mode 100644 vendor/github.com/nats-io/jwt/cluster_claims.go create mode 100644 vendor/github.com/nats-io/jwt/creds_utils.go create mode 100644 vendor/github.com/nats-io/jwt/exports.go create mode 100644 vendor/github.com/nats-io/jwt/genericlaims.go create mode 100644 vendor/github.com/nats-io/jwt/go.mod create mode 100644 vendor/github.com/nats-io/jwt/go.sum create mode 100644 vendor/github.com/nats-io/jwt/header.go create mode 100644 vendor/github.com/nats-io/jwt/imports.go create mode 100644 vendor/github.com/nats-io/jwt/operator_claims.go create mode 100644 vendor/github.com/nats-io/jwt/revocation_list.go create mode 100644 vendor/github.com/nats-io/jwt/server_claims.go create mode 100644 vendor/github.com/nats-io/jwt/types.go create mode 100644 vendor/github.com/nats-io/jwt/user_claims.go create mode 100644 vendor/github.com/nats-io/jwt/validation.go delete mode 100644 vendor/github.com/nats-io/nats.go/.gitignore delete mode 100644 vendor/github.com/nats-io/nats.go/.travis.yml delete mode 100644 vendor/github.com/nats-io/nats.go/CODE-OF-CONDUCT.md delete mode 100644 vendor/github.com/nats-io/nats.go/GOVERNANCE.md delete mode 100644 vendor/github.com/nats-io/nats.go/MAINTAINERS.md delete mode 100644 vendor/github.com/nats-io/nats.go/README.md delete mode 100644 vendor/github.com/nats-io/nats.go/TODO.md delete mode 100644 vendor/github.com/nats-io/nats.go/context.go delete mode 100644 vendor/github.com/nats-io/nats.go/dependencies.md delete mode 100644 vendor/github.com/nats-io/nats.go/enc.go delete mode 100644 vendor/github.com/nats-io/nats.go/encoders/builtin/default_enc.go delete mode 100644 vendor/github.com/nats-io/nats.go/encoders/builtin/gob_enc.go delete mode 100644 vendor/github.com/nats-io/nats.go/encoders/builtin/json_enc.go delete mode 100644 vendor/github.com/nats-io/nats.go/go.mod delete mode 100644 vendor/github.com/nats-io/nats.go/js.go delete mode 100644 vendor/github.com/nats-io/nats.go/jsm.go delete mode 100644 vendor/github.com/nats-io/nats.go/nats.go delete mode 100644 vendor/github.com/nats-io/nats.go/netchan.go delete mode 100644 vendor/github.com/nats-io/nats.go/parser.go delete mode 100644 vendor/github.com/nats-io/nats.go/timer.go delete mode 100644 vendor/github.com/nats-io/nats.go/util/tls.go delete mode 100644 vendor/github.com/nats-io/nats.go/util/tls_go17.go diff --git a/go.mod b/go.mod index 9e895d1a..0faba5f4 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,6 @@ require ( github.com/klauspost/compress v1.11.12 github.com/minio/highwayhash v1.0.1 github.com/nats-io/jwt/v2 v2.0.1 - github.com/nats-io/nats.go v1.10.1-0.20210228004050-ed743748acac github.com/nats-io/nkeys v0.3.0 github.com/nats-io/nuid v1.0.1 golang.org/x/crypto v0.0.0-20210314154223-e6e6c4f2bb5b diff --git a/go.sum b/go.sum index 01c9c865..f3906b27 100644 --- a/go.sum +++ b/go.sum @@ -1,55 +1,18 @@ -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.12 h1:famVnQVu7QwryBN4jNseQdUKES71ZAOnB6UQQJPZvqk= github.com/klauspost/compress v1.11.12/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/minio/highwayhash v1.0.0/go.mod h1:xQboMTeM9nY9v/LlAOxFctujiv5+Aq2hR5dxBpaMbdc= github.com/minio/highwayhash v1.0.1 h1:dZ6IIu8Z14VlC0VpfKofAhCy74wu/Qb5gcn52yWoz/0= github.com/minio/highwayhash v1.0.1/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY= -github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= -github.com/nats-io/jwt v0.3.3-0.20200519195258-f2bf5ce574c7/go.mod h1:n3cvmLfBfnpV4JJRN7lRYCyZnw48ksGsbThGXEk4w9M= -github.com/nats-io/jwt v1.1.0/go.mod h1:n3cvmLfBfnpV4JJRN7lRYCyZnw48ksGsbThGXEk4w9M= github.com/nats-io/jwt v1.2.2 h1:w3GMTO969dFg+UOKTmmyuu7IGdusK+7Ytlt//OYH/uU= github.com/nats-io/jwt v1.2.2/go.mod h1:/xX356yQA6LuXI9xWW7mZNpxgF2mBmGecH+Fj34sP5Q= -github.com/nats-io/jwt/v2 v2.0.0-20200916203241-1f8ce17dff02/go.mod h1:vs+ZEjP+XKy8szkBmQwCB7RjYdIlMaPsFPs4VdS4bTQ= -github.com/nats-io/jwt/v2 v2.0.0-20201015190852-e11ce317263c/go.mod h1:vs+ZEjP+XKy8szkBmQwCB7RjYdIlMaPsFPs4VdS4bTQ= -github.com/nats-io/jwt/v2 v2.0.0-20210125223648-1c24d462becc/go.mod h1:PuO5FToRL31ecdFqVjc794vK0Bj0CwzveQEDvkb7MoQ= -github.com/nats-io/jwt/v2 v2.0.0-20210208203759-ff814ca5f813/go.mod h1:PuO5FToRL31ecdFqVjc794vK0Bj0CwzveQEDvkb7MoQ= github.com/nats-io/jwt/v2 v2.0.1 h1:SycklijeduR742i/1Y3nRhURYM7imDzZZ3+tuAQqhQA= github.com/nats-io/jwt/v2 v2.0.1/go.mod h1:VRP+deawSXyhNjXmxPCHskrR6Mq50BqpEI5SEcNiGlY= -github.com/nats-io/nats-server/v2 v2.1.8-0.20200524125952-51ebd92a9093/go.mod h1:rQnBf2Rv4P9adtAs/Ti6LfFmVtFG6HLhl/H7cVshcJU= -github.com/nats-io/nats-server/v2 v2.1.8-0.20200601203034-f8d6dd992b71/go.mod h1:Nan/1L5Sa1JRW+Thm4HNYcIDcVRFc5zK9OpSZeI2kk4= -github.com/nats-io/nats-server/v2 v2.1.8-0.20200929001935-7f44d075f7ad/go.mod h1:TkHpUIDETmTI7mrHN40D1pzxfzHZuGmtMbtb83TGVQw= -github.com/nats-io/nats-server/v2 v2.1.8-0.20201129161730-ebe63db3e3ed/go.mod h1:XD0zHR/jTXdZvWaQfS5mQgsXj6x12kMjKLyAk/cOGgY= -github.com/nats-io/nats-server/v2 v2.1.8-0.20210205154825-f7ab27f7dad4/go.mod h1:kauGd7hB5517KeSqspW2U1Mz/jhPbTrE8eOXzUPk1m0= -github.com/nats-io/nats-server/v2 v2.1.8-0.20210227190344-51550e242af8/go.mod h1:/QQ/dpqFavkNhVnjvMILSQ3cj5hlmhB66adlgNbjuoA= -github.com/nats-io/nats.go v1.10.0/go.mod h1:AjGArbfyR50+afOUotNX2Xs5SYHf+CoOa5HH1eEl2HE= -github.com/nats-io/nats.go v1.10.1-0.20200531124210-96f2130e4d55/go.mod h1:ARiFsjW9DVxk48WJbO3OSZ2DG8fjkMi7ecLmXoY/n9I= -github.com/nats-io/nats.go v1.10.1-0.20200606002146-fc6fed82929a/go.mod h1:8eAIv96Mo9QW6Or40jUHejS7e4VwZ3VRYD6Sf0BTDp4= -github.com/nats-io/nats.go v1.10.1-0.20201021145452-94be476ad6e0/go.mod h1:VU2zERjp8xmF+Lw2NH4u2t5qWZxwc7jB3+7HVMWQXPI= -github.com/nats-io/nats.go v1.10.1-0.20210127212649-5b4924938a9a/go.mod h1:Sa3kLIonafChP5IF0b55i9uvGR10I3hPETFbi4+9kOI= -github.com/nats-io/nats.go v1.10.1-0.20210211000709-75ded9c77585/go.mod h1:uBWnCKg9luW1g7hgzPxUjHFRI40EuTSX7RCzgnc74Jk= -github.com/nats-io/nats.go v1.10.1-0.20210228004050-ed743748acac h1:/cF7DEtxQBcwRDhpFZ3J0XU4TFpJa9KQF/xDirRNNI0= -github.com/nats-io/nats.go v1.10.1-0.20210228004050-ed743748acac/go.mod h1:hxFvLNbNmT6UppX5B5Tr/r3g+XSwGjJzFn6mxPNJEHc= -github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= -github.com/nats-io/nkeys v0.1.4/go.mod h1:XdZpAbhgyyODYqjTawOnIOI7VlbKSarI9Gfy1tqEu/s= github.com/nats-io/nkeys v0.2.0/go.mod h1:XdZpAbhgyyODYqjTawOnIOI7VlbKSarI9Gfy1tqEu/s= github.com/nats-io/nkeys v0.3.0 h1:cgM5tL53EvYRU+2YLXIK0G2mJtK12Ft9oeooSZMA2G8= github.com/nats-io/nkeys v0.3.0/go.mod h1:gvUNGjVcM2IPr5rCsRsC6Wb3Hr2CQAm08dsxtV6A5y4= github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210314154223-e6e6c4f2bb5b h1:wSOdpTq0/eI46Ez/LkDwIsAKA71YP2SRKBODiRWM0as= golang.org/x/crypto v0.0.0-20210314154223-e6e6c4f2bb5b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -57,8 +20,6 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/sys v0.0.0-20190130150945-aca44879d564/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -67,11 +28,3 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 h1:NusfzzA6yGQ+ua51ck7E3omNUX/JuqbFSaRGqU8CcLI= golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= diff --git a/go_test.mod b/go_test.mod new file mode 100644 index 00000000..9e895d1a --- /dev/null +++ b/go_test.mod @@ -0,0 +1,15 @@ +module github.com/nats-io/nats-server/v2 + +go 1.16 + +require ( + github.com/klauspost/compress v1.11.12 + github.com/minio/highwayhash v1.0.1 + github.com/nats-io/jwt/v2 v2.0.1 + github.com/nats-io/nats.go v1.10.1-0.20210228004050-ed743748acac + github.com/nats-io/nkeys v0.3.0 + github.com/nats-io/nuid v1.0.1 + golang.org/x/crypto v0.0.0-20210314154223-e6e6c4f2bb5b + golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 + golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 +) diff --git a/vendor/github.com/nats-io/nats.go/go.sum b/go_test.sum similarity index 75% rename from vendor/github.com/nats-io/nats.go/go.sum rename to go_test.sum index a2f355de..01c9c865 100644 --- a/vendor/github.com/nats-io/nats.go/go.sum +++ b/go_test.sum @@ -7,29 +7,29 @@ github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/klauspost/compress v1.11.7 h1:0hzRabrMN4tSTvMfnL3SCv1ZGeAP23ynzodBgaHeMeg= github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= -github.com/minio/highwayhash v1.0.0 h1:iMSDhgUILCr0TNm8LWlSjF8N0ZIj2qbO8WHp6Q/J2BA= +github.com/klauspost/compress v1.11.12 h1:famVnQVu7QwryBN4jNseQdUKES71ZAOnB6UQQJPZvqk= +github.com/klauspost/compress v1.11.12/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/minio/highwayhash v1.0.0/go.mod h1:xQboMTeM9nY9v/LlAOxFctujiv5+Aq2hR5dxBpaMbdc= +github.com/minio/highwayhash v1.0.1 h1:dZ6IIu8Z14VlC0VpfKofAhCy74wu/Qb5gcn52yWoz/0= +github.com/minio/highwayhash v1.0.1/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= github.com/nats-io/jwt v0.3.3-0.20200519195258-f2bf5ce574c7/go.mod h1:n3cvmLfBfnpV4JJRN7lRYCyZnw48ksGsbThGXEk4w9M= -github.com/nats-io/jwt v1.1.0 h1:+vOlgtM0ZsF46GbmUoadq0/2rChNS45gtxHEa3H1gqM= github.com/nats-io/jwt v1.1.0/go.mod h1:n3cvmLfBfnpV4JJRN7lRYCyZnw48ksGsbThGXEk4w9M= +github.com/nats-io/jwt v1.2.2 h1:w3GMTO969dFg+UOKTmmyuu7IGdusK+7Ytlt//OYH/uU= +github.com/nats-io/jwt v1.2.2/go.mod h1:/xX356yQA6LuXI9xWW7mZNpxgF2mBmGecH+Fj34sP5Q= github.com/nats-io/jwt/v2 v2.0.0-20200916203241-1f8ce17dff02/go.mod h1:vs+ZEjP+XKy8szkBmQwCB7RjYdIlMaPsFPs4VdS4bTQ= github.com/nats-io/jwt/v2 v2.0.0-20201015190852-e11ce317263c/go.mod h1:vs+ZEjP+XKy8szkBmQwCB7RjYdIlMaPsFPs4VdS4bTQ= -github.com/nats-io/jwt/v2 v2.0.0-20210125223648-1c24d462becc h1:pu+s4XC+bYnI0iD2vDtOl83zjCYUau/q6c83pEvsGZc= github.com/nats-io/jwt/v2 v2.0.0-20210125223648-1c24d462becc/go.mod h1:PuO5FToRL31ecdFqVjc794vK0Bj0CwzveQEDvkb7MoQ= -github.com/nats-io/jwt/v2 v2.0.0-20210208203759-ff814ca5f813 h1:km4lLzT86NyJRhO++VqfP/vn5cbfm+E05i2bGdqDbrY= github.com/nats-io/jwt/v2 v2.0.0-20210208203759-ff814ca5f813/go.mod h1:PuO5FToRL31ecdFqVjc794vK0Bj0CwzveQEDvkb7MoQ= +github.com/nats-io/jwt/v2 v2.0.1 h1:SycklijeduR742i/1Y3nRhURYM7imDzZZ3+tuAQqhQA= +github.com/nats-io/jwt/v2 v2.0.1/go.mod h1:VRP+deawSXyhNjXmxPCHskrR6Mq50BqpEI5SEcNiGlY= github.com/nats-io/nats-server/v2 v2.1.8-0.20200524125952-51ebd92a9093/go.mod h1:rQnBf2Rv4P9adtAs/Ti6LfFmVtFG6HLhl/H7cVshcJU= github.com/nats-io/nats-server/v2 v2.1.8-0.20200601203034-f8d6dd992b71/go.mod h1:Nan/1L5Sa1JRW+Thm4HNYcIDcVRFc5zK9OpSZeI2kk4= github.com/nats-io/nats-server/v2 v2.1.8-0.20200929001935-7f44d075f7ad/go.mod h1:TkHpUIDETmTI7mrHN40D1pzxfzHZuGmtMbtb83TGVQw= github.com/nats-io/nats-server/v2 v2.1.8-0.20201129161730-ebe63db3e3ed/go.mod h1:XD0zHR/jTXdZvWaQfS5mQgsXj6x12kMjKLyAk/cOGgY= -github.com/nats-io/nats-server/v2 v2.1.8-0.20210205154825-f7ab27f7dad4 h1:GStuc0W1rK45FSlpt3+7UTLzmRys2/6WSDuJFyzZ6Xg= github.com/nats-io/nats-server/v2 v2.1.8-0.20210205154825-f7ab27f7dad4/go.mod h1:kauGd7hB5517KeSqspW2U1Mz/jhPbTrE8eOXzUPk1m0= -github.com/nats-io/nats-server/v2 v2.1.8-0.20210227190344-51550e242af8 h1:jPZZofsCevE2oJl3YexVw3drWOFdo8H4AWMb/1WcVoc= github.com/nats-io/nats-server/v2 v2.1.8-0.20210227190344-51550e242af8/go.mod h1:/QQ/dpqFavkNhVnjvMILSQ3cj5hlmhB66adlgNbjuoA= github.com/nats-io/nats.go v1.10.0/go.mod h1:AjGArbfyR50+afOUotNX2Xs5SYHf+CoOa5HH1eEl2HE= github.com/nats-io/nats.go v1.10.1-0.20200531124210-96f2130e4d55/go.mod h1:ARiFsjW9DVxk48WJbO3OSZ2DG8fjkMi7ecLmXoY/n9I= @@ -37,28 +37,36 @@ github.com/nats-io/nats.go v1.10.1-0.20200606002146-fc6fed82929a/go.mod h1:8eAIv github.com/nats-io/nats.go v1.10.1-0.20201021145452-94be476ad6e0/go.mod h1:VU2zERjp8xmF+Lw2NH4u2t5qWZxwc7jB3+7HVMWQXPI= github.com/nats-io/nats.go v1.10.1-0.20210127212649-5b4924938a9a/go.mod h1:Sa3kLIonafChP5IF0b55i9uvGR10I3hPETFbi4+9kOI= github.com/nats-io/nats.go v1.10.1-0.20210211000709-75ded9c77585/go.mod h1:uBWnCKg9luW1g7hgzPxUjHFRI40EuTSX7RCzgnc74Jk= +github.com/nats-io/nats.go v1.10.1-0.20210228004050-ed743748acac h1:/cF7DEtxQBcwRDhpFZ3J0XU4TFpJa9KQF/xDirRNNI0= +github.com/nats-io/nats.go v1.10.1-0.20210228004050-ed743748acac/go.mod h1:hxFvLNbNmT6UppX5B5Tr/r3g+XSwGjJzFn6mxPNJEHc= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.4/go.mod h1:XdZpAbhgyyODYqjTawOnIOI7VlbKSarI9Gfy1tqEu/s= -github.com/nats-io/nkeys v0.2.0 h1:WXKF7diOaPU9cJdLD7nuzwasQy9vT1tBqzXZZf3AMJM= github.com/nats-io/nkeys v0.2.0/go.mod h1:XdZpAbhgyyODYqjTawOnIOI7VlbKSarI9Gfy1tqEu/s= +github.com/nats-io/nkeys v0.3.0 h1:cgM5tL53EvYRU+2YLXIK0G2mJtK12Ft9oeooSZMA2G8= +github.com/nats-io/nkeys v0.3.0/go.mod h1:gvUNGjVcM2IPr5rCsRsC6Wb3Hr2CQAm08dsxtV6A5y4= github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E= golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210314154223-e6e6c4f2bb5b h1:wSOdpTq0/eI46Ez/LkDwIsAKA71YP2SRKBODiRWM0as= +golang.org/x/crypto v0.0.0-20210314154223-e6e6c4f2bb5b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/sys v0.0.0-20190130150945-aca44879d564/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 h1:NusfzzA6yGQ+ua51ck7E3omNUX/JuqbFSaRGqU8CcLI= golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= diff --git a/vendor/github.com/nats-io/jwt/.gitignore b/vendor/github.com/nats-io/jwt/.gitignore new file mode 100644 index 00000000..a34877a1 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/.gitignore @@ -0,0 +1,18 @@ +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib + +# Test binary, build with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# IDE Files +.vscode +.idea/ + +coverage.out \ No newline at end of file diff --git a/vendor/github.com/nats-io/jwt/.travis.yml b/vendor/github.com/nats-io/jwt/.travis.yml new file mode 100644 index 00000000..9b9dd9ca --- /dev/null +++ b/vendor/github.com/nats-io/jwt/.travis.yml @@ -0,0 +1,38 @@ +os: + - linux + - windows +language: go +go: + - 1.13.x + - 1.14.x +git: + depth: false +env: + - V= + - V=v2 +install: + - go get -t ./... + - go get -u honnef.co/go/tools/cmd/staticcheck + - go get -u github.com/client9/misspell/cmd/misspell + - go get github.com/mattn/goveralls + - go get github.com/wadey/gocovmerge +before_script: + - cd $TRAVIS_BUILD_DIR/${V} + - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then EXCLUDE_VENDOR=$(go list ./... | grep -v "/vendor/") && $(exit $(go fmt $EXCLUDE_VENDOR | wc -l)) && go vet $EXCLUDE_VENDOR; fi + - go vet ./... + - misspell -error -locale US . + - staticcheck ./... +script: + - mkdir cov + - go test -v -race -covermode=atomic -coverprofile=./cov/coverage.out -coverpkg=github.com/nats-io/jwt . + - gocovmerge ./cov/*.out > coverage.out + +deploy: +- provider: script + skip_cleanup: true + script: $HOME/gopath/bin/goveralls -coverprofile=coverage.out -service travis-ci + on: + condition: ${V} = "" && $TRAVIS_OS_NAME = linux && $TRAVIS_GO_VERSION =~ ^1.14 + + + diff --git a/vendor/github.com/nats-io/nats.go/LICENSE b/vendor/github.com/nats-io/jwt/LICENSE similarity index 100% rename from vendor/github.com/nats-io/nats.go/LICENSE rename to vendor/github.com/nats-io/jwt/LICENSE diff --git a/vendor/github.com/nats-io/jwt/Makefile b/vendor/github.com/nats-io/jwt/Makefile new file mode 100644 index 00000000..465dfe48 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/Makefile @@ -0,0 +1,31 @@ +.PHONY: test cover + +build: + go build + +test: + gofmt -s -w *.go + goimports -w *.go + go vet ./... + go test -v + go test -v --race + staticcheck ./... + + cd v2/ + gofmt -s -w *.go + goimports -w *.go + go vet ./... + go test -v + go test -v --race + staticcheck ./... + +fmt: + gofmt -w -s *.go + go mod tidy + cd v2/ + gofmt -w -s *.go + go mod tidy + +cover: + go test -v -covermode=count -coverprofile=coverage.out + go tool cover -html=coverage.out diff --git a/vendor/github.com/nats-io/jwt/README.md b/vendor/github.com/nats-io/jwt/README.md new file mode 100644 index 00000000..94043988 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/README.md @@ -0,0 +1,54 @@ +# JWT +A [JWT](https://jwt.io/) implementation that uses [nkeys](https://github.com/nats-io/nkeys) to digitally sign JWT tokens. +Nkeys use [Ed25519](https://ed25519.cr.yp.to/) to provide authentication of JWT claims. + + +[![License Apache 2](https://img.shields.io/badge/License-Apache2-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0) +[![ReportCard](http://goreportcard.com/badge/nats-io/jwt)](http://goreportcard.com/report/nats-io/jwt) +[![Build Status](https://travis-ci.com/nats-io/jwt.svg?branch=master)](https://travis-ci.com/github/nats-io/jwt) +[![GoDoc](http://godoc.org/github.com/nats-io/jwt?status.png)](http://godoc.org/github.com/nats-io/jwt) +[![Coverage Status](https://coveralls.io/repos/github/nats-io/jwt/badge.svg?branch=master&t=NmEFup)](https://coveralls.io/github/nats-io/jwt?branch=master) + +```go +// Need a private key to sign the claim, nkeys makes it easy to create +kp, err := nkeys.CreateAccount() +if err != nil { + t.Fatal("unable to create account key", err) +} + +pk, err := kp.PublicKey() +if err != nil { + t.Fatal("error getting public key", err) +} + +// create a new claim +claims := NewAccountClaims(pk) +claims.Expires = time.Now().Add(time.Duration(time.Hour)).Unix() + + +// add details by modifying claims.Account + +// serialize the claim to a JWT token +token, err := claims.Encode(kp) +if err != nil { + t.Fatal("error encoding token", err) +} + +// on the receiving side, decode the token +c, err := DecodeAccountClaims(token) +if err != nil { + t.Fatal(err) +} + +// if the token was decoded, it means that it +// validated and it wasn't tampered. the remaining and +// required test is to insure the issuer is trusted +pk, err := kp.PublicKey() +if err != nil { + t.Fatalf("unable to read public key: %v", err) +} + +if c.Issuer != pk { + t.Fatalf("the public key is not trusted") +} +``` \ No newline at end of file diff --git a/vendor/github.com/nats-io/jwt/ReleaseNotes.md b/vendor/github.com/nats-io/jwt/ReleaseNotes.md new file mode 100644 index 00000000..500965ea --- /dev/null +++ b/vendor/github.com/nats-io/jwt/ReleaseNotes.md @@ -0,0 +1,5 @@ +# Release Notes + +## 0.3.0 + +* Removed revocation claims in favor of timestamp-based revocation maps in account and export claims. diff --git a/vendor/github.com/nats-io/jwt/account_claims.go b/vendor/github.com/nats-io/jwt/account_claims.go new file mode 100644 index 00000000..e688538b --- /dev/null +++ b/vendor/github.com/nats-io/jwt/account_claims.go @@ -0,0 +1,233 @@ +/* + * Copyright 2018-2020 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "errors" + "sort" + "time" + + "github.com/nats-io/nkeys" +) + +// NoLimit is used to indicate a limit field is unlimited in value. +const NoLimit = -1 + +// OperatorLimits are used to limit access by an account +type OperatorLimits struct { + Subs int64 `json:"subs,omitempty"` // Max number of subscriptions + Conn int64 `json:"conn,omitempty"` // Max number of active connections + LeafNodeConn int64 `json:"leaf,omitempty"` // Max number of active leaf node connections + Imports int64 `json:"imports,omitempty"` // Max number of imports + Exports int64 `json:"exports,omitempty"` // Max number of exports + Data int64 `json:"data,omitempty"` // Max number of bytes + Payload int64 `json:"payload,omitempty"` // Max message payload + WildcardExports bool `json:"wildcards,omitempty"` // Are wildcards allowed in exports +} + +// IsEmpty returns true if all of the limits are 0/false. +func (o *OperatorLimits) IsEmpty() bool { + return *o == OperatorLimits{} +} + +// IsUnlimited returns true if all limits are +func (o *OperatorLimits) IsUnlimited() bool { + return *o == OperatorLimits{NoLimit, NoLimit, NoLimit, NoLimit, NoLimit, NoLimit, NoLimit, true} +} + +// Validate checks that the operator limits contain valid values +func (o *OperatorLimits) Validate(vr *ValidationResults) { + // negative values mean unlimited, so all numbers are valid +} + +// Account holds account specific claims data +type Account struct { + Imports Imports `json:"imports,omitempty"` + Exports Exports `json:"exports,omitempty"` + Identities []Identity `json:"identity,omitempty"` + Limits OperatorLimits `json:"limits,omitempty"` + SigningKeys StringList `json:"signing_keys,omitempty"` + Revocations RevocationList `json:"revocations,omitempty"` +} + +// Validate checks if the account is valid, based on the wrapper +func (a *Account) Validate(acct *AccountClaims, vr *ValidationResults) { + a.Imports.Validate(acct.Subject, vr) + a.Exports.Validate(vr) + a.Limits.Validate(vr) + + for _, i := range a.Identities { + i.Validate(vr) + } + + if !a.Limits.IsEmpty() && a.Limits.Imports >= 0 && int64(len(a.Imports)) > a.Limits.Imports { + vr.AddError("the account contains more imports than allowed by the operator") + } + + // Check Imports and Exports for limit violations. + if a.Limits.Imports != NoLimit { + if int64(len(a.Imports)) > a.Limits.Imports { + vr.AddError("the account contains more imports than allowed by the operator") + } + } + if a.Limits.Exports != NoLimit { + if int64(len(a.Exports)) > a.Limits.Exports { + vr.AddError("the account contains more exports than allowed by the operator") + } + // Check for wildcard restrictions + if !a.Limits.WildcardExports { + for _, ex := range a.Exports { + if ex.Subject.HasWildCards() { + vr.AddError("the account contains wildcard exports that are not allowed by the operator") + } + } + } + } + + for _, k := range a.SigningKeys { + if !nkeys.IsValidPublicAccountKey(k) { + vr.AddError("%s is not an account public key", k) + } + } +} + +// AccountClaims defines the body of an account JWT +type AccountClaims struct { + ClaimsData + Account `json:"nats,omitempty"` +} + +// NewAccountClaims creates a new account JWT +func NewAccountClaims(subject string) *AccountClaims { + if subject == "" { + return nil + } + c := &AccountClaims{} + // Set to unlimited to start. We do it this way so we get compiler + // errors if we add to the OperatorLimits. + c.Limits = OperatorLimits{NoLimit, NoLimit, NoLimit, NoLimit, NoLimit, NoLimit, NoLimit, true} + c.Subject = subject + return c +} + +// Encode converts account claims into a JWT string +func (a *AccountClaims) Encode(pair nkeys.KeyPair) (string, error) { + if !nkeys.IsValidPublicAccountKey(a.Subject) { + return "", errors.New("expected subject to be account public key") + } + sort.Sort(a.Exports) + sort.Sort(a.Imports) + a.ClaimsData.Type = AccountClaim + return a.ClaimsData.Encode(pair, a) +} + +// DecodeAccountClaims decodes account claims from a JWT string +func DecodeAccountClaims(token string) (*AccountClaims, error) { + v := AccountClaims{} + if err := Decode(token, &v); err != nil { + return nil, err + } + return &v, nil +} + +func (a *AccountClaims) String() string { + return a.ClaimsData.String(a) +} + +// Payload pulls the accounts specific payload out of the claims +func (a *AccountClaims) Payload() interface{} { + return &a.Account +} + +// Validate checks the accounts contents +func (a *AccountClaims) Validate(vr *ValidationResults) { + a.ClaimsData.Validate(vr) + a.Account.Validate(a, vr) + + if nkeys.IsValidPublicAccountKey(a.ClaimsData.Issuer) { + if len(a.Identities) > 0 { + vr.AddWarning("self-signed account JWTs shouldn't contain identity proofs") + } + if !a.Limits.IsEmpty() { + vr.AddWarning("self-signed account JWTs shouldn't contain operator limits") + } + } +} + +// ExpectedPrefixes defines the types that can encode an account jwt, account and operator +func (a *AccountClaims) ExpectedPrefixes() []nkeys.PrefixByte { + return []nkeys.PrefixByte{nkeys.PrefixByteAccount, nkeys.PrefixByteOperator} +} + +// Claims returns the accounts claims data +func (a *AccountClaims) Claims() *ClaimsData { + return &a.ClaimsData +} + +// DidSign checks the claims against the account's public key and its signing keys +func (a *AccountClaims) DidSign(op Claims) bool { + if op != nil { + issuer := op.Claims().Issuer + if issuer == a.Subject { + return true + } + return a.SigningKeys.Contains(issuer) + } + return false +} + +// Revoke enters a revocation by publickey using time.Now(). +func (a *AccountClaims) Revoke(pubKey string) { + a.RevokeAt(pubKey, time.Now()) +} + +// RevokeAt enters a revocation by public key and timestamp into this account +// This will revoke all jwt issued for pubKey, prior to timestamp +// If there is already a revocation for this public key that is newer, it is kept. +func (a *AccountClaims) RevokeAt(pubKey string, timestamp time.Time) { + if a.Revocations == nil { + a.Revocations = RevocationList{} + } + + a.Revocations.Revoke(pubKey, timestamp) +} + +// ClearRevocation removes any revocation for the public key +func (a *AccountClaims) ClearRevocation(pubKey string) { + a.Revocations.ClearRevocation(pubKey) +} + +// IsRevokedAt checks if the public key is in the revoked list with a timestamp later than the one passed in. +// Generally this method is called with the subject and issue time of the jwt to be tested. +// DO NOT pass time.Now(), it will not produce a stable/expected response. +// The value is expected to be a public key or "*" (means all public keys) +func (a *AccountClaims) IsRevokedAt(pubKey string, timestamp time.Time) bool { + return a.Revocations.IsRevoked(pubKey, timestamp) +} + +// IsRevoked does not perform a valid check. Use IsRevokedAt instead. +func (a *AccountClaims) IsRevoked(_ string) bool { + return true +} + +// IsClaimRevoked checks if the account revoked the claim passed in. +// Invalid claims (nil, no Subject or IssuedAt) will return true. +func (a *AccountClaims) IsClaimRevoked(claim *UserClaims) bool { + if claim == nil || claim.IssuedAt == 0 || claim.Subject == "" { + return true + } + return a.Revocations.IsRevoked(claim.Subject, time.Unix(claim.IssuedAt, 0)) +} diff --git a/vendor/github.com/nats-io/jwt/activation_claims.go b/vendor/github.com/nats-io/jwt/activation_claims.go new file mode 100644 index 00000000..99228a75 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/activation_claims.go @@ -0,0 +1,166 @@ +/* + * Copyright 2018 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "crypto/sha256" + "encoding/base32" + "errors" + "fmt" + "strings" + + "github.com/nats-io/nkeys" +) + +// Activation defines the custom parts of an activation claim +type Activation struct { + ImportSubject Subject `json:"subject,omitempty"` + ImportType ExportType `json:"type,omitempty"` + Limits +} + +// IsService returns true if an Activation is for a service +func (a *Activation) IsService() bool { + return a.ImportType == Service +} + +// IsStream returns true if an Activation is for a stream +func (a *Activation) IsStream() bool { + return a.ImportType == Stream +} + +// Validate checks the exports and limits in an activation JWT +func (a *Activation) Validate(vr *ValidationResults) { + if !a.IsService() && !a.IsStream() { + vr.AddError("invalid export type: %q", a.ImportType) + } + + if a.IsService() { + if a.ImportSubject.HasWildCards() { + vr.AddError("services cannot have wildcard subject: %q", a.ImportSubject) + } + } + + a.ImportSubject.Validate(vr) + a.Limits.Validate(vr) +} + +// ActivationClaims holds the data specific to an activation JWT +type ActivationClaims struct { + ClaimsData + Activation `json:"nats,omitempty"` + // IssuerAccount stores the public key for the account the issuer represents. + // When set, the claim was issued by a signing key. + IssuerAccount string `json:"issuer_account,omitempty"` +} + +// NewActivationClaims creates a new activation claim with the provided sub +func NewActivationClaims(subject string) *ActivationClaims { + if subject == "" { + return nil + } + ac := &ActivationClaims{} + ac.Subject = subject + return ac +} + +// Encode turns an activation claim into a JWT strimg +func (a *ActivationClaims) Encode(pair nkeys.KeyPair) (string, error) { + if !nkeys.IsValidPublicAccountKey(a.ClaimsData.Subject) { + return "", errors.New("expected subject to be an account") + } + a.ClaimsData.Type = ActivationClaim + return a.ClaimsData.Encode(pair, a) +} + +// DecodeActivationClaims tries to create an activation claim from a JWT string +func DecodeActivationClaims(token string) (*ActivationClaims, error) { + v := ActivationClaims{} + if err := Decode(token, &v); err != nil { + return nil, err + } + return &v, nil +} + +// Payload returns the activation specific part of the JWT +func (a *ActivationClaims) Payload() interface{} { + return a.Activation +} + +// Validate checks the claims +func (a *ActivationClaims) Validate(vr *ValidationResults) { + a.ClaimsData.Validate(vr) + a.Activation.Validate(vr) + if a.IssuerAccount != "" && !nkeys.IsValidPublicAccountKey(a.IssuerAccount) { + vr.AddError("account_id is not an account public key") + } +} + +// ExpectedPrefixes defines the types that can sign an activation jwt, account and oeprator +func (a *ActivationClaims) ExpectedPrefixes() []nkeys.PrefixByte { + return []nkeys.PrefixByte{nkeys.PrefixByteAccount, nkeys.PrefixByteOperator} +} + +// Claims returns the generic part of the JWT +func (a *ActivationClaims) Claims() *ClaimsData { + return &a.ClaimsData +} + +func (a *ActivationClaims) String() string { + return a.ClaimsData.String(a) +} + +// HashID returns a hash of the claims that can be used to identify it. +// The hash is calculated by creating a string with +// issuerPubKey.subjectPubKey. and constructing the sha-256 hash and base32 encoding that. +// is the exported subject, minus any wildcards, so foo.* becomes foo. +// the one special case is that if the export start with "*" or is ">" the "_" +func (a *ActivationClaims) HashID() (string, error) { + + if a.Issuer == "" || a.Subject == "" || a.ImportSubject == "" { + return "", fmt.Errorf("not enough data in the activaion claims to create a hash") + } + + subject := cleanSubject(string(a.ImportSubject)) + base := fmt.Sprintf("%s.%s.%s", a.Issuer, a.Subject, subject) + h := sha256.New() + h.Write([]byte(base)) + sha := h.Sum(nil) + hash := base32.StdEncoding.EncodeToString(sha) + + return hash, nil +} + +func cleanSubject(subject string) string { + split := strings.Split(subject, ".") + cleaned := "" + + for i, tok := range split { + if tok == "*" || tok == ">" { + if i == 0 { + cleaned = "_" + break + } + + cleaned = strings.Join(split[:i], ".") + break + } + } + if cleaned == "" { + cleaned = subject + } + return cleaned +} diff --git a/vendor/github.com/nats-io/jwt/claims.go b/vendor/github.com/nats-io/jwt/claims.go new file mode 100644 index 00000000..3179c914 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/claims.go @@ -0,0 +1,305 @@ +/* + * Copyright 2018-2019 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "crypto/sha512" + "encoding/base32" + "encoding/base64" + "encoding/json" + "errors" + "fmt" + "strings" + "time" + + "github.com/nats-io/nkeys" +) + +// ClaimType is used to indicate the type of JWT being stored in a Claim +type ClaimType string + +const ( + // AccountClaim is the type of an Account JWT + AccountClaim = "account" + //ActivationClaim is the type of an activation JWT + ActivationClaim = "activation" + //UserClaim is the type of an user JWT + UserClaim = "user" + //OperatorClaim is the type of an operator JWT + OperatorClaim = "operator" + + //ServerClaim is the type of an server JWT + // Deprecated: ServerClaim is not supported + ServerClaim = "server" + // ClusterClaim is the type of an cluster JWT + // Deprecated: ClusterClaim is not supported + ClusterClaim = "cluster" +) + +// Claims is a JWT claims +type Claims interface { + Claims() *ClaimsData + Encode(kp nkeys.KeyPair) (string, error) + ExpectedPrefixes() []nkeys.PrefixByte + Payload() interface{} + String() string + Validate(vr *ValidationResults) + Verify(payload string, sig []byte) bool +} + +// ClaimsData is the base struct for all claims +type ClaimsData struct { + Audience string `json:"aud,omitempty"` + Expires int64 `json:"exp,omitempty"` + ID string `json:"jti,omitempty"` + IssuedAt int64 `json:"iat,omitempty"` + Issuer string `json:"iss,omitempty"` + Name string `json:"name,omitempty"` + NotBefore int64 `json:"nbf,omitempty"` + Subject string `json:"sub,omitempty"` + Tags TagList `json:"tags,omitempty"` + Type ClaimType `json:"type,omitempty"` +} + +// Prefix holds the prefix byte for an NKey +type Prefix struct { + nkeys.PrefixByte +} + +func encodeToString(d []byte) string { + return base64.RawURLEncoding.EncodeToString(d) +} + +func decodeString(s string) ([]byte, error) { + return base64.RawURLEncoding.DecodeString(s) +} + +func serialize(v interface{}) (string, error) { + j, err := json.Marshal(v) + if err != nil { + return "", err + } + return encodeToString(j), nil +} + +func (c *ClaimsData) doEncode(header *Header, kp nkeys.KeyPair, claim Claims) (string, error) { + if header == nil { + return "", errors.New("header is required") + } + + if kp == nil { + return "", errors.New("keypair is required") + } + + if c.Subject == "" { + return "", errors.New("subject is not set") + } + + h, err := serialize(header) + if err != nil { + return "", err + } + + issuerBytes, err := kp.PublicKey() + if err != nil { + return "", err + } + + prefixes := claim.ExpectedPrefixes() + if prefixes != nil { + ok := false + for _, p := range prefixes { + switch p { + case nkeys.PrefixByteAccount: + if nkeys.IsValidPublicAccountKey(issuerBytes) { + ok = true + } + case nkeys.PrefixByteOperator: + if nkeys.IsValidPublicOperatorKey(issuerBytes) { + ok = true + } + case nkeys.PrefixByteServer: + if nkeys.IsValidPublicServerKey(issuerBytes) { + ok = true + } + case nkeys.PrefixByteCluster: + if nkeys.IsValidPublicClusterKey(issuerBytes) { + ok = true + } + case nkeys.PrefixByteUser: + if nkeys.IsValidPublicUserKey(issuerBytes) { + ok = true + } + } + } + if !ok { + return "", fmt.Errorf("unable to validate expected prefixes - %v", prefixes) + } + } + + c.Issuer = string(issuerBytes) + c.IssuedAt = time.Now().UTC().Unix() + + c.ID, err = c.hash() + if err != nil { + return "", err + } + + payload, err := serialize(claim) + if err != nil { + return "", err + } + + sig, err := kp.Sign([]byte(payload)) + if err != nil { + return "", err + } + eSig := encodeToString(sig) + return fmt.Sprintf("%s.%s.%s", h, payload, eSig), nil +} + +func (c *ClaimsData) hash() (string, error) { + j, err := json.Marshal(c) + if err != nil { + return "", err + } + h := sha512.New512_256() + h.Write(j) + return base32.StdEncoding.WithPadding(base32.NoPadding).EncodeToString(h.Sum(nil)), nil +} + +// Encode encodes a claim into a JWT token. The claim is signed with the +// provided nkey's private key +func (c *ClaimsData) Encode(kp nkeys.KeyPair, payload Claims) (string, error) { + return c.doEncode(&Header{TokenTypeJwt, AlgorithmNkey}, kp, payload) +} + +// Returns a JSON representation of the claim +func (c *ClaimsData) String(claim interface{}) string { + j, err := json.MarshalIndent(claim, "", " ") + if err != nil { + return "" + } + return string(j) +} + +func parseClaims(s string, target Claims) error { + h, err := decodeString(s) + if err != nil { + return err + } + return json.Unmarshal(h, &target) +} + +// Verify verifies that the encoded payload was signed by the +// provided public key. Verify is called automatically with +// the claims portion of the token and the public key in the claim. +// Client code need to insure that the public key in the +// claim is trusted. +func (c *ClaimsData) Verify(payload string, sig []byte) bool { + // decode the public key + kp, err := nkeys.FromPublicKey(c.Issuer) + if err != nil { + return false + } + if err := kp.Verify([]byte(payload), sig); err != nil { + return false + } + return true +} + +// Validate checks a claim to make sure it is valid. Validity checks +// include expiration and not before constraints. +func (c *ClaimsData) Validate(vr *ValidationResults) { + now := time.Now().UTC().Unix() + if c.Expires > 0 && now > c.Expires { + vr.AddTimeCheck("claim is expired") + } + + if c.NotBefore > 0 && c.NotBefore > now { + vr.AddTimeCheck("claim is not yet valid") + } +} + +// IsSelfSigned returns true if the claims issuer is the subject +func (c *ClaimsData) IsSelfSigned() bool { + return c.Issuer == c.Subject +} + +// Decode takes a JWT string decodes it and validates it +// and return the embedded Claims. If the token header +// doesn't match the expected algorithm, or the claim is +// not valid or verification fails an error is returned. +func Decode(token string, target Claims) error { + // must have 3 chunks + chunks := strings.Split(token, ".") + if len(chunks) != 3 { + return errors.New("expected 3 chunks") + } + + _, err := parseHeaders(chunks[0]) + if err != nil { + return err + } + + if err := parseClaims(chunks[1], target); err != nil { + return err + } + + sig, err := decodeString(chunks[2]) + if err != nil { + return err + } + + if !target.Verify(chunks[1], sig) { + return errors.New("claim failed signature verification") + } + + prefixes := target.ExpectedPrefixes() + if prefixes != nil { + ok := false + issuer := target.Claims().Issuer + for _, p := range prefixes { + switch p { + case nkeys.PrefixByteAccount: + if nkeys.IsValidPublicAccountKey(issuer) { + ok = true + } + case nkeys.PrefixByteOperator: + if nkeys.IsValidPublicOperatorKey(issuer) { + ok = true + } + case nkeys.PrefixByteServer: + if nkeys.IsValidPublicServerKey(issuer) { + ok = true + } + case nkeys.PrefixByteCluster: + if nkeys.IsValidPublicClusterKey(issuer) { + ok = true + } + case nkeys.PrefixByteUser: + if nkeys.IsValidPublicUserKey(issuer) { + ok = true + } + } + } + if !ok { + return fmt.Errorf("unable to validate expected prefixes - %v", prefixes) + } + } + + return nil +} diff --git a/vendor/github.com/nats-io/jwt/cluster_claims.go b/vendor/github.com/nats-io/jwt/cluster_claims.go new file mode 100644 index 00000000..7924dfaa --- /dev/null +++ b/vendor/github.com/nats-io/jwt/cluster_claims.go @@ -0,0 +1,98 @@ +/* + * Copyright 2018-2020 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "errors" + + "github.com/nats-io/nkeys" +) + +// Cluster stores the cluster specific elements of a cluster JWT +// Deprecated: ClusterClaims are not supported +type Cluster struct { + Trust []string `json:"identity,omitempty"` + Accounts []string `json:"accts,omitempty"` + AccountURL string `json:"accturl,omitempty"` + OperatorURL string `json:"opurl,omitempty"` +} + +// Validate checks the cluster and permissions for a cluster JWT +func (c *Cluster) Validate(vr *ValidationResults) { + // fixme validate cluster data +} + +// ClusterClaims defines the data in a cluster JWT +// Deprecated: ClusterClaims are not supported +type ClusterClaims struct { + ClaimsData + Cluster `json:"nats,omitempty"` +} + +// NewClusterClaims creates a new cluster JWT with the specified subject/public key +// Deprecated: ClusterClaims are not supported +func NewClusterClaims(subject string) *ClusterClaims { + if subject == "" { + return nil + } + c := &ClusterClaims{} + c.Subject = subject + return c +} + +// Encode tries to turn the cluster claims into a JWT string +func (c *ClusterClaims) Encode(pair nkeys.KeyPair) (string, error) { + if !nkeys.IsValidPublicClusterKey(c.Subject) { + return "", errors.New("expected subject to be a cluster public key") + } + c.ClaimsData.Type = ClusterClaim + return c.ClaimsData.Encode(pair, c) +} + +// DecodeClusterClaims tries to parse cluster claims from a JWT string +// Deprecated: ClusterClaims are not supported +func DecodeClusterClaims(token string) (*ClusterClaims, error) { + v := ClusterClaims{} + if err := Decode(token, &v); err != nil { + return nil, err + } + return &v, nil +} + +func (c *ClusterClaims) String() string { + return c.ClaimsData.String(c) +} + +// Payload returns the cluster specific data +func (c *ClusterClaims) Payload() interface{} { + return &c.Cluster +} + +// Validate checks the generic and cluster data in the cluster claims +func (c *ClusterClaims) Validate(vr *ValidationResults) { + c.ClaimsData.Validate(vr) + c.Cluster.Validate(vr) +} + +// ExpectedPrefixes defines the types that can encode a cluster JWT, operator or cluster +func (c *ClusterClaims) ExpectedPrefixes() []nkeys.PrefixByte { + return []nkeys.PrefixByte{nkeys.PrefixByteOperator, nkeys.PrefixByteCluster} +} + +// Claims returns the generic data +func (c *ClusterClaims) Claims() *ClaimsData { + return &c.ClaimsData +} diff --git a/vendor/github.com/nats-io/jwt/creds_utils.go b/vendor/github.com/nats-io/jwt/creds_utils.go new file mode 100644 index 00000000..f704b554 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/creds_utils.go @@ -0,0 +1,218 @@ +/* + * Copyright 2019-2020 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "bytes" + "errors" + "fmt" + "regexp" + "strings" + + "github.com/nats-io/nkeys" +) + +// DecorateJWT returns a decorated JWT that describes the kind of JWT +func DecorateJWT(jwtString string) ([]byte, error) { + gc, err := DecodeGeneric(jwtString) + if err != nil { + return nil, err + } + return formatJwt(string(gc.Type), jwtString) +} + +func formatJwt(kind string, jwtString string) ([]byte, error) { + templ := `-----BEGIN NATS %s JWT----- +%s +------END NATS %s JWT------ + +` + w := bytes.NewBuffer(nil) + kind = strings.ToUpper(kind) + _, err := fmt.Fprintf(w, templ, kind, jwtString, kind) + if err != nil { + return nil, err + } + return w.Bytes(), nil +} + +// DecorateSeed takes a seed and returns a string that wraps +// the seed in the form: +// ************************* IMPORTANT ************************* +// NKEY Seed printed below can be used sign and prove identity. +// NKEYs are sensitive and should be treated as secrets. +// +// -----BEGIN USER NKEY SEED----- +// SUAIO3FHUX5PNV2LQIIP7TZ3N4L7TX3W53MQGEIVYFIGA635OZCKEYHFLM +// ------END USER NKEY SEED------ +func DecorateSeed(seed []byte) ([]byte, error) { + w := bytes.NewBuffer(nil) + ts := bytes.TrimSpace(seed) + pre := string(ts[0:2]) + kind := "" + switch pre { + case "SU": + kind = "USER" + case "SA": + kind = "ACCOUNT" + case "SO": + kind = "OPERATOR" + default: + return nil, errors.New("seed is not an operator, account or user seed") + } + header := `************************* IMPORTANT ************************* +NKEY Seed printed below can be used to sign and prove identity. +NKEYs are sensitive and should be treated as secrets. + +-----BEGIN %s NKEY SEED----- +` + _, err := fmt.Fprintf(w, header, kind) + if err != nil { + return nil, err + } + w.Write(ts) + + footer := ` +------END %s NKEY SEED------ + +************************************************************* +` + _, err = fmt.Fprintf(w, footer, kind) + if err != nil { + return nil, err + } + return w.Bytes(), nil +} + +var userConfigRE = regexp.MustCompile(`\s*(?:(?:[-]{3,}[^\n]*[-]{3,}\n)(.+)(?:\n\s*[-]{3,}[^\n]*[-]{3,}\n))`) + +// An user config file looks like this: +// -----BEGIN NATS USER JWT----- +// eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5... +// ------END NATS USER JWT------ +// +// ************************* IMPORTANT ************************* +// NKEY Seed printed below can be used sign and prove identity. +// NKEYs are sensitive and should be treated as secrets. +// +// -----BEGIN USER NKEY SEED----- +// SUAIO3FHUX5PNV2LQIIP7TZ3N4L7TX3W53MQGEIVYFIGA635OZCKEYHFLM +// ------END USER NKEY SEED------ + +// FormatUserConfig returns a decorated file with a decorated JWT and decorated seed +func FormatUserConfig(jwtString string, seed []byte) ([]byte, error) { + gc, err := DecodeGeneric(jwtString) + if err != nil { + return nil, err + } + if gc.Type != UserClaim { + return nil, fmt.Errorf("%q cannot be serialized as a user config", string(gc.Type)) + } + + w := bytes.NewBuffer(nil) + + jd, err := formatJwt(string(gc.Type), jwtString) + if err != nil { + return nil, err + } + _, err = w.Write(jd) + if err != nil { + return nil, err + } + if !bytes.HasPrefix(bytes.TrimSpace(seed), []byte("SU")) { + return nil, fmt.Errorf("nkey seed is not an user seed") + } + + d, err := DecorateSeed(seed) + if err != nil { + return nil, err + } + _, err = w.Write(d) + if err != nil { + return nil, err + } + + return w.Bytes(), nil +} + +// ParseDecoratedJWT takes a creds file and returns the JWT portion. +func ParseDecoratedJWT(contents []byte) (string, error) { + items := userConfigRE.FindAllSubmatch(contents, -1) + if len(items) == 0 { + return string(contents), nil + } + // First result should be the user JWT. + // We copy here so that if the file contained a seed file too we wipe appropriately. + raw := items[0][1] + tmp := make([]byte, len(raw)) + copy(tmp, raw) + return string(tmp), nil +} + +// ParseDecoratedNKey takes a creds file, finds the NKey portion and creates a +// key pair from it. +func ParseDecoratedNKey(contents []byte) (nkeys.KeyPair, error) { + var seed []byte + + items := userConfigRE.FindAllSubmatch(contents, -1) + if len(items) > 1 { + seed = items[1][1] + } else { + lines := bytes.Split(contents, []byte("\n")) + for _, line := range lines { + if bytes.HasPrefix(bytes.TrimSpace(line), []byte("SO")) || + bytes.HasPrefix(bytes.TrimSpace(line), []byte("SA")) || + bytes.HasPrefix(bytes.TrimSpace(line), []byte("SU")) { + seed = line + break + } + } + } + if seed == nil { + return nil, errors.New("no nkey seed found") + } + if !bytes.HasPrefix(seed, []byte("SO")) && + !bytes.HasPrefix(seed, []byte("SA")) && + !bytes.HasPrefix(seed, []byte("SU")) { + return nil, errors.New("doesn't contain a seed nkey") + } + kp, err := nkeys.FromSeed(seed) + if err != nil { + return nil, err + } + return kp, nil +} + +// ParseDecoratedUserNKey takes a creds file, finds the NKey portion and creates a +// key pair from it. Similar to ParseDecoratedNKey but fails for non-user keys. +func ParseDecoratedUserNKey(contents []byte) (nkeys.KeyPair, error) { + nk, err := ParseDecoratedNKey(contents) + if err != nil { + return nil, err + } + seed, err := nk.Seed() + if err != nil { + return nil, err + } + if !bytes.HasPrefix(seed, []byte("SU")) { + return nil, errors.New("doesn't contain an user seed nkey") + } + kp, err := nkeys.FromSeed(seed) + if err != nil { + return nil, err + } + return kp, nil +} diff --git a/vendor/github.com/nats-io/jwt/exports.go b/vendor/github.com/nats-io/jwt/exports.go new file mode 100644 index 00000000..ff706c37 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/exports.go @@ -0,0 +1,245 @@ +/* + * Copyright 2018-2019 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "fmt" + "time" +) + +// ResponseType is used to store an export response type +type ResponseType string + +const ( + // ResponseTypeSingleton is used for a service that sends a single response only + ResponseTypeSingleton = "Singleton" + + // ResponseTypeStream is used for a service that will send multiple responses + ResponseTypeStream = "Stream" + + // ResponseTypeChunked is used for a service that sends a single response in chunks (so not quite a stream) + ResponseTypeChunked = "Chunked" +) + +// ServiceLatency is used when observing and exported service for +// latency measurements. +// Sampling 1-100, represents sampling rate, defaults to 100. +// Results is the subject where the latency metrics are published. +// A metric will be defined by the nats-server's ServiceLatency. Time durations +// are in nanoseconds. +// see https://github.com/nats-io/nats-server/blob/master/server/accounts.go#L524 +// e.g. +// { +// "app": "dlc22", +// "start": "2019-09-16T21:46:23.636869585-07:00", +// "svc": 219732, +// "nats": { +// "req": 320415, +// "resp": 228268, +// "sys": 0 +// }, +// "total": 768415 +// } +// +type ServiceLatency struct { + Sampling int `json:"sampling,omitempty"` + Results Subject `json:"results"` +} + +func (sl *ServiceLatency) Validate(vr *ValidationResults) { + if sl.Sampling < 1 || sl.Sampling > 100 { + vr.AddError("sampling percentage needs to be between 1-100") + } + sl.Results.Validate(vr) + if sl.Results.HasWildCards() { + vr.AddError("results subject can not contain wildcards") + } +} + +// Export represents a single export +type Export struct { + Name string `json:"name,omitempty"` + Subject Subject `json:"subject,omitempty"` + Type ExportType `json:"type,omitempty"` + TokenReq bool `json:"token_req,omitempty"` + Revocations RevocationList `json:"revocations,omitempty"` + ResponseType ResponseType `json:"response_type,omitempty"` + Latency *ServiceLatency `json:"service_latency,omitempty"` + AccountTokenPosition uint `json:"account_token_position,omitempty"` +} + +// IsService returns true if an export is for a service +func (e *Export) IsService() bool { + return e.Type == Service +} + +// IsStream returns true if an export is for a stream +func (e *Export) IsStream() bool { + return e.Type == Stream +} + +// IsSingleResponse returns true if an export has a single response +// or no resopnse type is set, also checks that the type is service +func (e *Export) IsSingleResponse() bool { + return e.Type == Service && (e.ResponseType == ResponseTypeSingleton || e.ResponseType == "") +} + +// IsChunkedResponse returns true if an export has a chunked response +func (e *Export) IsChunkedResponse() bool { + return e.Type == Service && e.ResponseType == ResponseTypeChunked +} + +// IsStreamResponse returns true if an export has a chunked response +func (e *Export) IsStreamResponse() bool { + return e.Type == Service && e.ResponseType == ResponseTypeStream +} + +// Validate appends validation issues to the passed in results list +func (e *Export) Validate(vr *ValidationResults) { + if e == nil { + vr.AddError("null export is not allowed") + return + } + if !e.IsService() && !e.IsStream() { + vr.AddError("invalid export type: %q", e.Type) + } + if e.IsService() && !e.IsSingleResponse() && !e.IsChunkedResponse() && !e.IsStreamResponse() { + vr.AddError("invalid response type for service: %q", e.ResponseType) + } + if e.IsStream() && e.ResponseType != "" { + vr.AddError("invalid response type for stream: %q", e.ResponseType) + } + if e.Latency != nil { + if !e.IsService() { + vr.AddError("latency tracking only permitted for services") + } + e.Latency.Validate(vr) + } + e.Subject.Validate(vr) +} + +// Revoke enters a revocation by publickey using time.Now(). +func (e *Export) Revoke(pubKey string) { + e.RevokeAt(pubKey, time.Now()) +} + +// RevokeAt enters a revocation by publickey and timestamp into this export +// If there is already a revocation for this public key that is newer, it is kept. +func (e *Export) RevokeAt(pubKey string, timestamp time.Time) { + if e.Revocations == nil { + e.Revocations = RevocationList{} + } + + e.Revocations.Revoke(pubKey, timestamp) +} + +// ClearRevocation removes any revocation for the public key +func (e *Export) ClearRevocation(pubKey string) { + e.Revocations.ClearRevocation(pubKey) +} + +// IsRevokedAt checks if the public key is in the revoked list with a timestamp later than the one passed in. +// Generally this method is called with the subject and issue time of the jwt to be tested. +// DO NOT pass time.Now(), it will not produce a stable/expected response. +func (e *Export) IsRevokedAt(pubKey string, timestamp time.Time) bool { + return e.Revocations.IsRevoked(pubKey, timestamp) +} + +// IsRevoked does not perform a valid check. Use IsRevokedAt instead. +func (e *Export) IsRevoked(_ string) bool { + return true +} + +// Exports is a slice of exports +type Exports []*Export + +// Add appends exports to the list +func (e *Exports) Add(i ...*Export) { + *e = append(*e, i...) +} + +func isContainedIn(kind ExportType, subjects []Subject, vr *ValidationResults) { + m := make(map[string]string) + for i, ns := range subjects { + for j, s := range subjects { + if i == j { + continue + } + if ns.IsContainedIn(s) { + str := string(s) + _, ok := m[str] + if !ok { + m[str] = string(ns) + } + } + } + } + + if len(m) != 0 { + for k, v := range m { + var vi ValidationIssue + vi.Blocking = true + vi.Description = fmt.Sprintf("%s export subject %q already exports %q", kind, k, v) + vr.Add(&vi) + } + } +} + +// Validate calls validate on all of the exports +func (e *Exports) Validate(vr *ValidationResults) error { + var serviceSubjects []Subject + var streamSubjects []Subject + + for _, v := range *e { + if v == nil { + vr.AddError("null export is not allowed") + continue + } + if v.IsService() { + serviceSubjects = append(serviceSubjects, v.Subject) + } else { + streamSubjects = append(streamSubjects, v.Subject) + } + v.Validate(vr) + } + + isContainedIn(Service, serviceSubjects, vr) + isContainedIn(Stream, streamSubjects, vr) + + return nil +} + +// HasExportContainingSubject checks if the export list has an export with the provided subject +func (e *Exports) HasExportContainingSubject(subject Subject) bool { + for _, s := range *e { + if subject.IsContainedIn(s.Subject) { + return true + } + } + return false +} + +func (e Exports) Len() int { + return len(e) +} + +func (e Exports) Swap(i, j int) { + e[i], e[j] = e[j], e[i] +} + +func (e Exports) Less(i, j int) bool { + return e[i].Subject < e[j].Subject +} diff --git a/vendor/github.com/nats-io/jwt/genericlaims.go b/vendor/github.com/nats-io/jwt/genericlaims.go new file mode 100644 index 00000000..94cd86e0 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/genericlaims.go @@ -0,0 +1,73 @@ +/* + * Copyright 2018 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import "github.com/nats-io/nkeys" + +// GenericClaims can be used to read a JWT as a map for any non-generic fields +type GenericClaims struct { + ClaimsData + Data map[string]interface{} `json:"nats,omitempty"` +} + +// NewGenericClaims creates a map-based Claims +func NewGenericClaims(subject string) *GenericClaims { + if subject == "" { + return nil + } + c := GenericClaims{} + c.Subject = subject + c.Data = make(map[string]interface{}) + return &c +} + +// DecodeGeneric takes a JWT string and decodes it into a ClaimsData and map +func DecodeGeneric(token string) (*GenericClaims, error) { + v := GenericClaims{} + if err := Decode(token, &v); err != nil { + return nil, err + } + return &v, nil +} + +// Claims returns the standard part of the generic claim +func (gc *GenericClaims) Claims() *ClaimsData { + return &gc.ClaimsData +} + +// Payload returns the custom part of the claims data +func (gc *GenericClaims) Payload() interface{} { + return &gc.Data +} + +// Encode takes a generic claims and creates a JWT string +func (gc *GenericClaims) Encode(pair nkeys.KeyPair) (string, error) { + return gc.ClaimsData.Encode(pair, gc) +} + +// Validate checks the generic part of the claims data +func (gc *GenericClaims) Validate(vr *ValidationResults) { + gc.ClaimsData.Validate(vr) +} + +func (gc *GenericClaims) String() string { + return gc.ClaimsData.String(gc) +} + +// ExpectedPrefixes returns the types allowed to encode a generic JWT, which is nil for all +func (gc *GenericClaims) ExpectedPrefixes() []nkeys.PrefixByte { + return nil +} diff --git a/vendor/github.com/nats-io/jwt/go.mod b/vendor/github.com/nats-io/jwt/go.mod new file mode 100644 index 00000000..99666c59 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/go.mod @@ -0,0 +1,5 @@ +module github.com/nats-io/jwt + +require github.com/nats-io/nkeys v0.2.0 + +go 1.14 diff --git a/vendor/github.com/nats-io/jwt/go.sum b/vendor/github.com/nats-io/jwt/go.sum new file mode 100644 index 00000000..05ef1fb0 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/go.sum @@ -0,0 +1,9 @@ +github.com/nats-io/nkeys v0.2.0 h1:WXKF7diOaPU9cJdLD7nuzwasQy9vT1tBqzXZZf3AMJM= +github.com/nats-io/nkeys v0.2.0/go.mod h1:XdZpAbhgyyODYqjTawOnIOI7VlbKSarI9Gfy1tqEu/s= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM= +golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/vendor/github.com/nats-io/jwt/header.go b/vendor/github.com/nats-io/jwt/header.go new file mode 100644 index 00000000..d9b3e68f --- /dev/null +++ b/vendor/github.com/nats-io/jwt/header.go @@ -0,0 +1,74 @@ +/* + * Copyright 2018-2019 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "encoding/json" + "fmt" + "strings" +) + +const ( + // Version is semantic version. + Version = "1.2.2" + + // TokenTypeJwt is the JWT token type supported JWT tokens + // encoded and decoded by this library + TokenTypeJwt = "jwt" + + // AlgorithmNkey is the algorithm supported by JWT tokens + // encoded and decoded by this library + AlgorithmNkey = "ed25519" +) + +// Header is a JWT Jose Header +type Header struct { + Type string `json:"typ"` + Algorithm string `json:"alg"` +} + +// Parses a header JWT token +func parseHeaders(s string) (*Header, error) { + h, err := decodeString(s) + if err != nil { + return nil, err + } + header := Header{} + if err := json.Unmarshal(h, &header); err != nil { + return nil, err + } + + if err := header.Valid(); err != nil { + return nil, err + } + return &header, nil +} + +// Valid validates the Header. It returns nil if the Header is +// a JWT header, and the algorithm used is the NKEY algorithm. +func (h *Header) Valid() error { + if TokenTypeJwt != strings.ToLower(h.Type) { + return fmt.Errorf("not supported type %q", h.Type) + } + + if alg := strings.ToLower(h.Algorithm); alg != AlgorithmNkey { + if alg == "ed25519-nkey" { + return fmt.Errorf("more recent jwt version") + } + return fmt.Errorf("unexpected %q algorithm", h.Algorithm) + } + return nil +} diff --git a/vendor/github.com/nats-io/jwt/imports.go b/vendor/github.com/nats-io/jwt/imports.go new file mode 100644 index 00000000..4f6cfb16 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/imports.go @@ -0,0 +1,159 @@ +/* + * Copyright 2018-2019 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "io/ioutil" + "net/http" + "net/url" + "time" +) + +// Import describes a mapping from another account into this one +type Import struct { + Name string `json:"name,omitempty"` + // Subject field in an import is always from the perspective of the + // initial publisher - in the case of a stream it is the account owning + // the stream (the exporter), and in the case of a service it is the + // account making the request (the importer). + Subject Subject `json:"subject,omitempty"` + Account string `json:"account,omitempty"` + Token string `json:"token,omitempty"` + // To field in an import is always from the perspective of the subscriber + // in the case of a stream it is the client of the stream (the importer), + // from the perspective of a service, it is the subscription waiting for + // requests (the exporter). If the field is empty, it will default to the + // value in the Subject field. + To Subject `json:"to,omitempty"` + Type ExportType `json:"type,omitempty"` +} + +// IsService returns true if the import is of type service +func (i *Import) IsService() bool { + return i.Type == Service +} + +// IsStream returns true if the import is of type stream +func (i *Import) IsStream() bool { + return i.Type == Stream +} + +// Validate checks if an import is valid for the wrapping account +func (i *Import) Validate(actPubKey string, vr *ValidationResults) { + if i == nil { + vr.AddError("null import is not allowed") + return + } + if !i.IsService() && !i.IsStream() { + vr.AddError("invalid import type: %q", i.Type) + } + + if i.Account == "" { + vr.AddWarning("account to import from is not specified") + } + + i.Subject.Validate(vr) + + if i.IsService() && i.Subject.HasWildCards() { + vr.AddError("services cannot have wildcard subject: %q", i.Subject) + } + if i.IsStream() && i.To.HasWildCards() { + vr.AddError("streams cannot have wildcard to subject: %q", i.Subject) + } + + var act *ActivationClaims + + if i.Token != "" { + // Check to see if its an embedded JWT or a URL. + if url, err := url.Parse(i.Token); err == nil && url.Scheme != "" { + c := &http.Client{Timeout: 5 * time.Second} + resp, err := c.Get(url.String()) + if err != nil { + vr.AddWarning("import %s contains an unreachable token URL %q", i.Subject, i.Token) + } + + if resp != nil { + defer resp.Body.Close() + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + vr.AddWarning("import %s contains an unreadable token URL %q", i.Subject, i.Token) + } else { + act, err = DecodeActivationClaims(string(body)) + if err != nil { + vr.AddWarning("import %s contains a url %q with an invalid activation token", i.Subject, i.Token) + } + } + } + } else { + var err error + act, err = DecodeActivationClaims(i.Token) + if err != nil { + vr.AddWarning("import %q contains an invalid activation token", i.Subject) + } + } + } + + if act != nil { + if act.Issuer != i.Account { + vr.AddWarning("activation token doesn't match account for import %q", i.Subject) + } + + if act.ClaimsData.Subject != actPubKey { + vr.AddWarning("activation token doesn't match account it is being included in, %q", i.Subject) + } + } else { + vr.AddWarning("no activation provided for import %s", i.Subject) + } + +} + +// Imports is a list of import structs +type Imports []*Import + +// Validate checks if an import is valid for the wrapping account +func (i *Imports) Validate(acctPubKey string, vr *ValidationResults) { + toSet := make(map[Subject]bool, len(*i)) + for _, v := range *i { + if v == nil { + vr.AddError("null import is not allowed") + continue + } + if v.Type == Service { + if _, ok := toSet[v.To]; ok { + vr.AddError("Duplicate To subjects for %q", v.To) + } + toSet[v.To] = true + } + v.Validate(acctPubKey, vr) + } +} + +// Add is a simple way to add imports +func (i *Imports) Add(a ...*Import) { + *i = append(*i, a...) +} + +func (i Imports) Len() int { + return len(i) +} + +func (i Imports) Swap(j, k int) { + i[j], i[k] = i[k], i[j] +} + +func (i Imports) Less(j, k int) bool { + return i[j].Subject < i[k].Subject +} diff --git a/vendor/github.com/nats-io/jwt/operator_claims.go b/vendor/github.com/nats-io/jwt/operator_claims.go new file mode 100644 index 00000000..299b7b9d --- /dev/null +++ b/vendor/github.com/nats-io/jwt/operator_claims.go @@ -0,0 +1,211 @@ +/* + * Copyright 2018 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "errors" + "fmt" + "net/url" + "strings" + + "github.com/nats-io/nkeys" +) + +// Operator specific claims +type Operator struct { + // Slice of real identities (like websites) that can be used to identify the operator. + Identities []Identity `json:"identity,omitempty"` + // Slice of other operator NKeys that can be used to sign on behalf of the main + // operator identity. + SigningKeys StringList `json:"signing_keys,omitempty"` + // AccountServerURL is a partial URL like "https://host.domain.org:/jwt/v1" + // tools will use the prefix and build queries by appending /accounts/ + // or /operator to the path provided. Note this assumes that the account server + // can handle requests in a nats-account-server compatible way. See + // https://github.com/nats-io/nats-account-server. + AccountServerURL string `json:"account_server_url,omitempty"` + // A list of NATS urls (tls://host:port) where tools can connect to the server + // using proper credentials. + OperatorServiceURLs StringList `json:"operator_service_urls,omitempty"` + // Identity of the system account + SystemAccount string `json:"system_account,omitempty"` +} + +// Validate checks the validity of the operators contents +func (o *Operator) Validate(vr *ValidationResults) { + if err := o.validateAccountServerURL(); err != nil { + vr.AddError(err.Error()) + } + + for _, v := range o.validateOperatorServiceURLs() { + if v != nil { + vr.AddError(v.Error()) + } + } + + for _, i := range o.Identities { + i.Validate(vr) + } + + for _, k := range o.SigningKeys { + if !nkeys.IsValidPublicOperatorKey(k) { + vr.AddError("%s is not an operator public key", k) + } + } + if o.SystemAccount != "" { + if !nkeys.IsValidPublicAccountKey(o.SystemAccount) { + vr.AddError("%s is not an account public key", o.SystemAccount) + } + } +} + +func (o *Operator) validateAccountServerURL() error { + if o.AccountServerURL != "" { + // We don't care what kind of URL it is so long as it parses + // and has a protocol. The account server may impose additional + // constraints on the type of URLs that it is able to notify to + u, err := url.Parse(o.AccountServerURL) + if err != nil { + return fmt.Errorf("error parsing account server url: %v", err) + } + if u.Scheme == "" { + return fmt.Errorf("account server url %q requires a protocol", o.AccountServerURL) + } + } + return nil +} + +// ValidateOperatorServiceURL returns an error if the URL is not a valid NATS or TLS url. +func ValidateOperatorServiceURL(v string) error { + // should be possible for the service url to not be expressed + if v == "" { + return nil + } + u, err := url.Parse(v) + if err != nil { + return fmt.Errorf("error parsing operator service url %q: %v", v, err) + } + + if u.User != nil { + return fmt.Errorf("operator service url %q - credentials are not supported", v) + } + + if u.Path != "" { + return fmt.Errorf("operator service url %q - paths are not supported", v) + } + + lcs := strings.ToLower(u.Scheme) + switch lcs { + case "nats": + return nil + case "tls": + return nil + default: + return fmt.Errorf("operator service url %q - protocol not supported (only 'nats' or 'tls' only)", v) + } +} + +func (o *Operator) validateOperatorServiceURLs() []error { + var errs []error + for _, v := range o.OperatorServiceURLs { + if v != "" { + if err := ValidateOperatorServiceURL(v); err != nil { + errs = append(errs, err) + } + } + } + return errs +} + +// OperatorClaims define the data for an operator JWT +type OperatorClaims struct { + ClaimsData + Operator `json:"nats,omitempty"` +} + +// NewOperatorClaims creates a new operator claim with the specified subject, which should be an operator public key +func NewOperatorClaims(subject string) *OperatorClaims { + if subject == "" { + return nil + } + c := &OperatorClaims{} + c.Subject = subject + return c +} + +// DidSign checks the claims against the operator's public key and its signing keys +func (oc *OperatorClaims) DidSign(op Claims) bool { + if op == nil { + return false + } + issuer := op.Claims().Issuer + if issuer == oc.Subject { + return true + } + return oc.SigningKeys.Contains(issuer) +} + +// Deprecated: AddSigningKey, use claim.SigningKeys.Add() +func (oc *OperatorClaims) AddSigningKey(pk string) { + oc.SigningKeys.Add(pk) +} + +// Encode the claims into a JWT string +func (oc *OperatorClaims) Encode(pair nkeys.KeyPair) (string, error) { + if !nkeys.IsValidPublicOperatorKey(oc.Subject) { + return "", errors.New("expected subject to be an operator public key") + } + err := oc.validateAccountServerURL() + if err != nil { + return "", err + } + oc.ClaimsData.Type = OperatorClaim + return oc.ClaimsData.Encode(pair, oc) +} + +// DecodeOperatorClaims tries to create an operator claims from a JWt string +func DecodeOperatorClaims(token string) (*OperatorClaims, error) { + v := OperatorClaims{} + if err := Decode(token, &v); err != nil { + return nil, err + } + return &v, nil +} + +func (oc *OperatorClaims) String() string { + return oc.ClaimsData.String(oc) +} + +// Payload returns the operator specific data for an operator JWT +func (oc *OperatorClaims) Payload() interface{} { + return &oc.Operator +} + +// Validate the contents of the claims +func (oc *OperatorClaims) Validate(vr *ValidationResults) { + oc.ClaimsData.Validate(vr) + oc.Operator.Validate(vr) +} + +// ExpectedPrefixes defines the nkey types that can sign operator claims, operator +func (oc *OperatorClaims) ExpectedPrefixes() []nkeys.PrefixByte { + return []nkeys.PrefixByte{nkeys.PrefixByteOperator} +} + +// Claims returns the generic claims data +func (oc *OperatorClaims) Claims() *ClaimsData { + return &oc.ClaimsData +} diff --git a/vendor/github.com/nats-io/jwt/revocation_list.go b/vendor/github.com/nats-io/jwt/revocation_list.go new file mode 100644 index 00000000..5840061b --- /dev/null +++ b/vendor/github.com/nats-io/jwt/revocation_list.go @@ -0,0 +1,59 @@ +/* + * Copyright 2020 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "time" +) + +const All = "*" + +// RevocationList is used to store a mapping of public keys to unix timestamps +type RevocationList map[string]int64 + +// Revoke enters a revocation by publickey and timestamp into this export +// If there is already a revocation for this public key that is newer, it is kept. +func (r RevocationList) Revoke(pubKey string, timestamp time.Time) { + newTS := timestamp.Unix() + if ts, ok := r[pubKey]; ok && ts > newTS { + return + } + + r[pubKey] = newTS +} + +// ClearRevocation removes any revocation for the public key +func (r RevocationList) ClearRevocation(pubKey string) { + delete(r, pubKey) +} + +// IsRevoked checks if the public key is in the revoked list with a timestamp later than +// the one passed in. Generally this method is called with an issue time but other time's can +// be used for testing. +func (r RevocationList) IsRevoked(pubKey string, timestamp time.Time) bool { + if r.allRevoked(timestamp) { + return true + } + ts, ok := r[pubKey] + return ok && ts >= timestamp.Unix() +} + +// allRevoked returns true if All is set and the timestamp is later or same as the +// one passed. This is called by IsRevoked. +func (r RevocationList) allRevoked(timestamp time.Time) bool { + ts, ok := r[All] + return ok && ts >= timestamp.Unix() +} diff --git a/vendor/github.com/nats-io/jwt/server_claims.go b/vendor/github.com/nats-io/jwt/server_claims.go new file mode 100644 index 00000000..587aef99 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/server_claims.go @@ -0,0 +1,94 @@ +/* + * Copyright 2018-2020 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "errors" + + "github.com/nats-io/nkeys" +) + +// Deprecated: ServerClaims are not supported +type Server struct { + Permissions + Cluster string `json:"cluster,omitempty"` +} + +// Validate checks the cluster and permissions for a server JWT +func (s *Server) Validate(vr *ValidationResults) { + if s.Cluster == "" { + vr.AddError("servers can't contain an empty cluster") + } +} + +// Deprecated: ServerClaims are not supported +type ServerClaims struct { + ClaimsData + Server `json:"nats,omitempty"` +} + +// Deprecated: ServerClaims are not supported +func NewServerClaims(subject string) *ServerClaims { + if subject == "" { + return nil + } + c := &ServerClaims{} + c.Subject = subject + return c +} + +// Encode tries to turn the server claims into a JWT string +func (s *ServerClaims) Encode(pair nkeys.KeyPair) (string, error) { + if !nkeys.IsValidPublicServerKey(s.Subject) { + return "", errors.New("expected subject to be a server public key") + } + s.ClaimsData.Type = ServerClaim + return s.ClaimsData.Encode(pair, s) +} + +// Deprecated: ServerClaims are not supported +func DecodeServerClaims(token string) (*ServerClaims, error) { + v := ServerClaims{} + if err := Decode(token, &v); err != nil { + return nil, err + } + return &v, nil +} + +func (s *ServerClaims) String() string { + return s.ClaimsData.String(s) +} + +// Payload returns the server specific data +func (s *ServerClaims) Payload() interface{} { + return &s.Server +} + +// Validate checks the generic and server data in the server claims +func (s *ServerClaims) Validate(vr *ValidationResults) { + s.ClaimsData.Validate(vr) + s.Server.Validate(vr) +} + +// ExpectedPrefixes defines the types that can encode a server JWT, operator or cluster +func (s *ServerClaims) ExpectedPrefixes() []nkeys.PrefixByte { + return []nkeys.PrefixByte{nkeys.PrefixByteOperator, nkeys.PrefixByteCluster} +} + +// Claims returns the generic data +func (s *ServerClaims) Claims() *ClaimsData { + return &s.ClaimsData +} diff --git a/vendor/github.com/nats-io/jwt/types.go b/vendor/github.com/nats-io/jwt/types.go new file mode 100644 index 00000000..a1f09fd9 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/types.go @@ -0,0 +1,334 @@ +/* + * Copyright 2018-2019 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "encoding/json" + "fmt" + "net" + "strings" + "time" +) + +// ExportType defines the type of import/export. +type ExportType int + +const ( + // Unknown is used if we don't know the type + Unknown ExportType = iota + // Stream defines the type field value for a stream "stream" + Stream + // Service defines the type field value for a service "service" + Service +) + +func (t ExportType) String() string { + switch t { + case Stream: + return "stream" + case Service: + return "service" + } + return "unknown" +} + +// MarshalJSON marshals the enum as a quoted json string +func (t *ExportType) MarshalJSON() ([]byte, error) { + switch *t { + case Stream: + return []byte("\"stream\""), nil + case Service: + return []byte("\"service\""), nil + } + return nil, fmt.Errorf("unknown export type") +} + +// UnmarshalJSON unmashals a quoted json string to the enum value +func (t *ExportType) UnmarshalJSON(b []byte) error { + var j string + err := json.Unmarshal(b, &j) + if err != nil { + return err + } + switch j { + case "stream": + *t = Stream + return nil + case "service": + *t = Service + return nil + } + return fmt.Errorf("unknown export type") +} + +// Subject is a string that represents a NATS subject +type Subject string + +// Validate checks that a subject string is valid, ie not empty and without spaces +func (s Subject) Validate(vr *ValidationResults) { + v := string(s) + if v == "" { + vr.AddError("subject cannot be empty") + } + if strings.Contains(v, " ") { + vr.AddError("subject %q cannot have spaces", v) + } +} + +// HasWildCards is used to check if a subject contains a > or * +func (s Subject) HasWildCards() bool { + v := string(s) + return strings.HasSuffix(v, ".>") || + strings.Contains(v, ".*.") || + strings.HasSuffix(v, ".*") || + strings.HasPrefix(v, "*.") || + v == "*" || + v == ">" +} + +// IsContainedIn does a simple test to see if the subject is contained in another subject +func (s Subject) IsContainedIn(other Subject) bool { + otherArray := strings.Split(string(other), ".") + myArray := strings.Split(string(s), ".") + + if len(myArray) > len(otherArray) && otherArray[len(otherArray)-1] != ">" { + return false + } + + if len(myArray) < len(otherArray) { + return false + } + + for ind, tok := range otherArray { + myTok := myArray[ind] + + if ind == len(otherArray)-1 && tok == ">" { + return true + } + + if tok != myTok && tok != "*" { + return false + } + } + + return true +} + +// NamedSubject is the combination of a subject and a name for it +type NamedSubject struct { + Name string `json:"name,omitempty"` + Subject Subject `json:"subject,omitempty"` +} + +// Validate checks the subject +func (ns *NamedSubject) Validate(vr *ValidationResults) { + ns.Subject.Validate(vr) +} + +// TimeRange is used to represent a start and end time +type TimeRange struct { + Start string `json:"start,omitempty"` + End string `json:"end,omitempty"` +} + +// Validate checks the values in a time range struct +func (tr *TimeRange) Validate(vr *ValidationResults) { + format := "15:04:05" + + if tr.Start == "" { + vr.AddError("time ranges start must contain a start") + } else { + _, err := time.Parse(format, tr.Start) + if err != nil { + vr.AddError("start in time range is invalid %q", tr.Start) + } + } + + if tr.End == "" { + vr.AddError("time ranges end must contain an end") + } else { + _, err := time.Parse(format, tr.End) + if err != nil { + vr.AddError("end in time range is invalid %q", tr.End) + } + } +} + +// Limits are used to control acccess for users and importing accounts +// Src is a comma separated list of CIDR specifications +type Limits struct { + Max int64 `json:"max,omitempty"` + Payload int64 `json:"payload,omitempty"` + Src string `json:"src,omitempty"` + Times []TimeRange `json:"times,omitempty"` +} + +// Validate checks the values in a limit struct +func (l *Limits) Validate(vr *ValidationResults) { + if l.Max < 0 { + vr.AddError("limits cannot contain a negative maximum, %d", l.Max) + } + if l.Payload < 0 { + vr.AddError("limits cannot contain a negative payload, %d", l.Payload) + } + + if l.Src != "" { + elements := strings.Split(l.Src, ",") + + for _, cidr := range elements { + cidr = strings.TrimSpace(cidr) + _, ipNet, err := net.ParseCIDR(cidr) + if err != nil || ipNet == nil { + vr.AddError("invalid cidr %q in user src limits", cidr) + } + } + } + + if l.Times != nil && len(l.Times) > 0 { + for _, t := range l.Times { + t.Validate(vr) + } + } +} + +// Permission defines allow/deny subjects +type Permission struct { + Allow StringList `json:"allow,omitempty"` + Deny StringList `json:"deny,omitempty"` +} + +// Validate the allow, deny elements of a permission +func (p *Permission) Validate(vr *ValidationResults) { + for _, subj := range p.Allow { + Subject(subj).Validate(vr) + } + for _, subj := range p.Deny { + Subject(subj).Validate(vr) + } +} + +// ResponsePermission can be used to allow responses to any reply subject +// that is received on a valid subscription. +type ResponsePermission struct { + MaxMsgs int `json:"max"` + Expires time.Duration `json:"ttl"` +} + +// Validate the response permission. +func (p *ResponsePermission) Validate(vr *ValidationResults) { + // Any values can be valid for now. +} + +// Permissions are used to restrict subject access, either on a user or for everyone on a server by default +type Permissions struct { + Pub Permission `json:"pub,omitempty"` + Sub Permission `json:"sub,omitempty"` + Resp *ResponsePermission `json:"resp,omitempty"` +} + +// Validate the pub and sub fields in the permissions list +func (p *Permissions) Validate(vr *ValidationResults) { + p.Pub.Validate(vr) + p.Sub.Validate(vr) + if p.Resp != nil { + p.Resp.Validate(vr) + } +} + +// StringList is a wrapper for an array of strings +type StringList []string + +// Contains returns true if the list contains the string +func (u *StringList) Contains(p string) bool { + for _, t := range *u { + if t == p { + return true + } + } + return false +} + +// Add appends 1 or more strings to a list +func (u *StringList) Add(p ...string) { + for _, v := range p { + if !u.Contains(v) && v != "" { + *u = append(*u, v) + } + } +} + +// Remove removes 1 or more strings from a list +func (u *StringList) Remove(p ...string) { + for _, v := range p { + for i, t := range *u { + if t == v { + a := *u + *u = append(a[:i], a[i+1:]...) + break + } + } + } +} + +// TagList is a unique array of lower case strings +// All tag list methods lower case the strings in the arguments +type TagList []string + +// Contains returns true if the list contains the tags +func (u *TagList) Contains(p string) bool { + p = strings.ToLower(p) + for _, t := range *u { + if t == p { + return true + } + } + return false +} + +// Add appends 1 or more tags to a list +func (u *TagList) Add(p ...string) { + for _, v := range p { + v = strings.ToLower(v) + if !u.Contains(v) && v != "" { + *u = append(*u, v) + } + } +} + +// Remove removes 1 or more tags from a list +func (u *TagList) Remove(p ...string) { + for _, v := range p { + v = strings.ToLower(v) + for i, t := range *u { + if t == v { + a := *u + *u = append(a[:i], a[i+1:]...) + break + } + } + } +} + +// Identity is used to associate an account or operator with a real entity +type Identity struct { + ID string `json:"id,omitempty"` + Proof string `json:"proof,omitempty"` +} + +// Validate checks the values in an Identity +func (u *Identity) Validate(vr *ValidationResults) { + //Fixme identity validation +} diff --git a/vendor/github.com/nats-io/jwt/user_claims.go b/vendor/github.com/nats-io/jwt/user_claims.go new file mode 100644 index 00000000..78fe6a95 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/user_claims.go @@ -0,0 +1,106 @@ +/* + * Copyright 2018-2019 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "errors" + + "github.com/nats-io/nkeys" +) + +// User defines the user specific data in a user JWT +type User struct { + Permissions + Limits + BearerToken bool `json:"bearer_token,omitempty"` +} + +// Validate checks the permissions and limits in a User jwt +func (u *User) Validate(vr *ValidationResults) { + u.Permissions.Validate(vr) + u.Limits.Validate(vr) + // When BearerToken is true server will ignore any nonce-signing verification +} + +// UserClaims defines a user JWT +type UserClaims struct { + ClaimsData + User `json:"nats,omitempty"` + // IssuerAccount stores the public key for the account the issuer represents. + // When set, the claim was issued by a signing key. + IssuerAccount string `json:"issuer_account,omitempty"` +} + +// NewUserClaims creates a user JWT with the specific subject/public key +func NewUserClaims(subject string) *UserClaims { + if subject == "" { + return nil + } + c := &UserClaims{} + c.Subject = subject + return c +} + +// Encode tries to turn the user claims into a JWT string +func (u *UserClaims) Encode(pair nkeys.KeyPair) (string, error) { + if !nkeys.IsValidPublicUserKey(u.Subject) { + return "", errors.New("expected subject to be user public key") + } + u.ClaimsData.Type = UserClaim + return u.ClaimsData.Encode(pair, u) +} + +// DecodeUserClaims tries to parse a user claims from a JWT string +func DecodeUserClaims(token string) (*UserClaims, error) { + v := UserClaims{} + if err := Decode(token, &v); err != nil { + return nil, err + } + return &v, nil +} + +// Validate checks the generic and specific parts of the user jwt +func (u *UserClaims) Validate(vr *ValidationResults) { + u.ClaimsData.Validate(vr) + u.User.Validate(vr) + if u.IssuerAccount != "" && !nkeys.IsValidPublicAccountKey(u.IssuerAccount) { + vr.AddError("account_id is not an account public key") + } +} + +// ExpectedPrefixes defines the types that can encode a user JWT, account +func (u *UserClaims) ExpectedPrefixes() []nkeys.PrefixByte { + return []nkeys.PrefixByte{nkeys.PrefixByteAccount} +} + +// Claims returns the generic data from a user jwt +func (u *UserClaims) Claims() *ClaimsData { + return &u.ClaimsData +} + +// Payload returns the user specific data from a user JWT +func (u *UserClaims) Payload() interface{} { + return &u.User +} + +func (u *UserClaims) String() string { + return u.ClaimsData.String(u) +} + +// IsBearerToken returns true if nonce-signing requirements should be skipped +func (u *UserClaims) IsBearerToken() bool { + return u.BearerToken +} diff --git a/vendor/github.com/nats-io/jwt/validation.go b/vendor/github.com/nats-io/jwt/validation.go new file mode 100644 index 00000000..b4af33e4 --- /dev/null +++ b/vendor/github.com/nats-io/jwt/validation.go @@ -0,0 +1,118 @@ +/* + * Copyright 2018 The NATS Authors + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package jwt + +import ( + "errors" + "fmt" +) + +// ValidationIssue represents an issue during JWT validation, it may or may not be a blocking error +type ValidationIssue struct { + Description string + Blocking bool + TimeCheck bool +} + +func (ve *ValidationIssue) Error() string { + return ve.Description +} + +// ValidationResults is a list of ValidationIssue pointers +type ValidationResults struct { + Issues []*ValidationIssue +} + +// CreateValidationResults creates an empty list of validation issues +func CreateValidationResults() *ValidationResults { + issues := []*ValidationIssue{} + return &ValidationResults{ + Issues: issues, + } +} + +//Add appends an issue to the list +func (v *ValidationResults) Add(vi *ValidationIssue) { + v.Issues = append(v.Issues, vi) +} + +// AddError creates a new validation error and adds it to the list +func (v *ValidationResults) AddError(format string, args ...interface{}) { + v.Add(&ValidationIssue{ + Description: fmt.Sprintf(format, args...), + Blocking: true, + TimeCheck: false, + }) +} + +// AddTimeCheck creates a new validation issue related to a time check and adds it to the list +func (v *ValidationResults) AddTimeCheck(format string, args ...interface{}) { + v.Add(&ValidationIssue{ + Description: fmt.Sprintf(format, args...), + Blocking: false, + TimeCheck: true, + }) +} + +// AddWarning creates a new validation warning and adds it to the list +func (v *ValidationResults) AddWarning(format string, args ...interface{}) { + v.Add(&ValidationIssue{ + Description: fmt.Sprintf(format, args...), + Blocking: false, + TimeCheck: false, + }) +} + +// IsBlocking returns true if the list contains a blocking error +func (v *ValidationResults) IsBlocking(includeTimeChecks bool) bool { + for _, i := range v.Issues { + if i.Blocking { + return true + } + + if includeTimeChecks && i.TimeCheck { + return true + } + } + return false +} + +// IsEmpty returns true if the list is empty +func (v *ValidationResults) IsEmpty() bool { + return len(v.Issues) == 0 +} + +// Errors returns only blocking issues as errors +func (v *ValidationResults) Errors() []error { + var errs []error + for _, v := range v.Issues { + if v.Blocking { + errs = append(errs, errors.New(v.Description)) + } + } + return errs +} + +// Warnings returns only non blocking issues as strings +func (v *ValidationResults) Warnings() []string { + var errs []string + for _, v := range v.Issues { + if !v.Blocking { + errs = append(errs, v.Description) + } + } + return errs +} diff --git a/vendor/github.com/nats-io/nats.go/.gitignore b/vendor/github.com/nats-io/nats.go/.gitignore deleted file mode 100644 index a9977fce..00000000 --- a/vendor/github.com/nats-io/nats.go/.gitignore +++ /dev/null @@ -1,42 +0,0 @@ -# Compiled Object files, Static and Dynamic libs (Shared Objects) -*.o -*.a -*.so - -# Folders -_obj -_test - -# Architecture specific extensions/prefixes -*.[568vq] -[568vq].out - -*.cgo1.go -*.cgo2.c -_cgo_defun.c -_cgo_gotypes.go -_cgo_export.* - -_testmain.go - -*.exe - -# Emacs -*~ -\#*\# -.\#* - -# vi/vim -.??*.swp - -# Mac -.DS_Store - -# Eclipse -.project -.settings/ - -# bin - -# Goland -.idea \ No newline at end of file diff --git a/vendor/github.com/nats-io/nats.go/.travis.yml b/vendor/github.com/nats-io/nats.go/.travis.yml deleted file mode 100644 index f16a2c1b..00000000 --- a/vendor/github.com/nats-io/nats.go/.travis.yml +++ /dev/null @@ -1,20 +0,0 @@ -language: go -go: -- 1.15.x -- 1.14.x -go_import_path: github.com/nats-io/nats.go -install: -- go get -t ./... -- go get github.com/mattn/goveralls -- go get github.com/wadey/gocovmerge -- go get -u honnef.co/go/tools/cmd/staticcheck -- go get -u github.com/client9/misspell/cmd/misspell -before_script: -- $(exit $(go fmt ./... | wc -l)) -- go vet ./... -- find . -type f -name "*.go" | xargs misspell -error -locale US -- staticcheck ./... -script: -- go test -i -race ./... -- go test -v -run=TestNoRace -p=1 ./... -- if [[ "$TRAVIS_GO_VERSION" =~ 1.15 ]]; then ./scripts/cov.sh TRAVIS; else go test -race -v -p=1 ./... --failfast; fi diff --git a/vendor/github.com/nats-io/nats.go/CODE-OF-CONDUCT.md b/vendor/github.com/nats-io/nats.go/CODE-OF-CONDUCT.md deleted file mode 100644 index b850d49e..00000000 --- a/vendor/github.com/nats-io/nats.go/CODE-OF-CONDUCT.md +++ /dev/null @@ -1,3 +0,0 @@ -## Community Code of Conduct - -NATS follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). diff --git a/vendor/github.com/nats-io/nats.go/GOVERNANCE.md b/vendor/github.com/nats-io/nats.go/GOVERNANCE.md deleted file mode 100644 index 1d5a7be3..00000000 --- a/vendor/github.com/nats-io/nats.go/GOVERNANCE.md +++ /dev/null @@ -1,3 +0,0 @@ -# NATS Go Client Governance - -NATS Go Client (go-nats) is part of the NATS project and is subject to the [NATS Governance](https://github.com/nats-io/nats-general/blob/master/GOVERNANCE.md). \ No newline at end of file diff --git a/vendor/github.com/nats-io/nats.go/MAINTAINERS.md b/vendor/github.com/nats-io/nats.go/MAINTAINERS.md deleted file mode 100644 index 23214655..00000000 --- a/vendor/github.com/nats-io/nats.go/MAINTAINERS.md +++ /dev/null @@ -1,8 +0,0 @@ -# Maintainers - -Maintainership is on a per project basis. - -### Maintainers - - Derek Collison [@derekcollison](https://github.com/derekcollison) - - Ivan Kozlovic [@kozlovic](https://github.com/kozlovic) - - Waldemar Quevedo [@wallyqs](https://github.com/wallyqs) diff --git a/vendor/github.com/nats-io/nats.go/README.md b/vendor/github.com/nats-io/nats.go/README.md deleted file mode 100644 index 17746568..00000000 --- a/vendor/github.com/nats-io/nats.go/README.md +++ /dev/null @@ -1,431 +0,0 @@ -# NATS - Go Client -A [Go](http://golang.org) client for the [NATS messaging system](https://nats.io). - -[![License Apache 2](https://img.shields.io/badge/License-Apache2-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0) -[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fnats-io%2Fgo-nats.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fnats-io%2Fgo-nats?ref=badge_shield) -[![Go Report Card](https://goreportcard.com/badge/github.com/nats-io/nats.go)](https://goreportcard.com/report/github.com/nats-io/nats.go) [![Build Status](https://travis-ci.com/nats-io/nats.go.svg?branch=master)](http://travis-ci.com/nats-io/nats.go) [![GoDoc](https://img.shields.io/badge/GoDoc-reference-007d9c)](https://pkg.go.dev/github.com/nats-io/nats.go) - [![Coverage Status](https://coveralls.io/repos/nats-io/nats.go/badge.svg?branch=master)](https://coveralls.io/r/nats-io/nats.go?branch=master) - -## Installation - -```bash -# Go client -go get github.com/nats-io/nats.go/ - -# Server -go get github.com/nats-io/nats-server -``` - -When using or transitioning to Go modules support: - -```bash -# Go client latest or explicit version -go get github.com/nats-io/nats.go/@latest -go get github.com/nats-io/nats.go/@v1.10.0 - -# For latest NATS Server, add /v2 at the end -go get github.com/nats-io/nats-server/v2 - -# NATS Server v1 is installed otherwise -# go get github.com/nats-io/nats-server -``` - -## Basic Usage - -```go -import nats "github.com/nats-io/nats.go" - -// Connect to a server -nc, _ := nats.Connect(nats.DefaultURL) - -// Simple Publisher -nc.Publish("foo", []byte("Hello World")) - -// Simple Async Subscriber -nc.Subscribe("foo", func(m *nats.Msg) { - fmt.Printf("Received a message: %s\n", string(m.Data)) -}) - -// Responding to a request message -nc.Subscribe("request", func(m *nats.Msg) { - m.Respond([]byte("answer is 42")) -}) - -// Simple Sync Subscriber -sub, err := nc.SubscribeSync("foo") -m, err := sub.NextMsg(timeout) - -// Channel Subscriber -ch := make(chan *nats.Msg, 64) -sub, err := nc.ChanSubscribe("foo", ch) -msg := <- ch - -// Unsubscribe -sub.Unsubscribe() - -// Drain -sub.Drain() - -// Requests -msg, err := nc.Request("help", []byte("help me"), 10*time.Millisecond) - -// Replies -nc.Subscribe("help", func(m *nats.Msg) { - nc.Publish(m.Reply, []byte("I can help!")) -}) - -// Drain connection (Preferred for responders) -// Close() not needed if this is called. -nc.Drain() - -// Close connection -nc.Close() -``` - -## Encoded Connections - -```go - -nc, _ := nats.Connect(nats.DefaultURL) -c, _ := nats.NewEncodedConn(nc, nats.JSON_ENCODER) -defer c.Close() - -// Simple Publisher -c.Publish("foo", "Hello World") - -// Simple Async Subscriber -c.Subscribe("foo", func(s string) { - fmt.Printf("Received a message: %s\n", s) -}) - -// EncodedConn can Publish any raw Go type using the registered Encoder -type person struct { - Name string - Address string - Age int -} - -// Go type Subscriber -c.Subscribe("hello", func(p *person) { - fmt.Printf("Received a person: %+v\n", p) -}) - -me := &person{Name: "derek", Age: 22, Address: "140 New Montgomery Street, San Francisco, CA"} - -// Go type Publisher -c.Publish("hello", me) - -// Unsubscribe -sub, err := c.Subscribe("foo", nil) -// ... -sub.Unsubscribe() - -// Requests -var response string -err = c.Request("help", "help me", &response, 10*time.Millisecond) -if err != nil { - fmt.Printf("Request failed: %v\n", err) -} - -// Replying -c.Subscribe("help", func(subj, reply string, msg string) { - c.Publish(reply, "I can help!") -}) - -// Close connection -c.Close(); -``` - -## New Authentication (Nkeys and User Credentials) -This requires server with version >= 2.0.0 - -NATS servers have a new security and authentication mechanism to authenticate with user credentials and Nkeys. -The simplest form is to use the helper method UserCredentials(credsFilepath). -```go -nc, err := nats.Connect(url, nats.UserCredentials("user.creds")) -``` - -The helper methods creates two callback handlers to present the user JWT and sign the nonce challenge from the server. -The core client library never has direct access to your private key and simply performs the callback for signing the server challenge. -The helper will load and wipe and erase memory it uses for each connect or reconnect. - -The helper also can take two entries, one for the JWT and one for the NKey seed file. -```go -nc, err := nats.Connect(url, nats.UserCredentials("user.jwt", "user.nk")) -``` - -You can also set the callback handlers directly and manage challenge signing directly. -```go -nc, err := nats.Connect(url, nats.UserJWT(jwtCB, sigCB)) -``` - -Bare Nkeys are also supported. The nkey seed should be in a read only file, e.g. seed.txt -```bash -> cat seed.txt -# This is my seed nkey! -SUAGMJH5XLGZKQQWAWKRZJIGMOU4HPFUYLXJMXOO5NLFEO2OOQJ5LPRDPM -``` - -This is a helper function which will load and decode and do the proper signing for the server nonce. -It will clear memory in between invocations. -You can choose to use the low level option and provide the public key and a signature callback on your own. - -```go -opt, err := nats.NkeyOptionFromSeed("seed.txt") -nc, err := nats.Connect(serverUrl, opt) - -// Direct -nc, err := nats.Connect(serverUrl, nats.Nkey(pubNkey, sigCB)) -``` - -## TLS - -```go -// tls as a scheme will enable secure connections by default. This will also verify the server name. -nc, err := nats.Connect("tls://nats.demo.io:4443") - -// If you are using a self-signed certificate, you need to have a tls.Config with RootCAs setup. -// We provide a helper method to make this case easier. -nc, err = nats.Connect("tls://localhost:4443", nats.RootCAs("./configs/certs/ca.pem")) - -// If the server requires client certificate, there is an helper function for that too: -cert := nats.ClientCert("./configs/certs/client-cert.pem", "./configs/certs/client-key.pem") -nc, err = nats.Connect("tls://localhost:4443", cert) - -// You can also supply a complete tls.Config - -certFile := "./configs/certs/client-cert.pem" -keyFile := "./configs/certs/client-key.pem" -cert, err := tls.LoadX509KeyPair(certFile, keyFile) -if err != nil { - t.Fatalf("error parsing X509 certificate/key pair: %v", err) -} - -config := &tls.Config{ - ServerName: opts.Host, - Certificates: []tls.Certificate{cert}, - RootCAs: pool, - MinVersion: tls.VersionTLS12, -} - -nc, err = nats.Connect("nats://localhost:4443", nats.Secure(config)) -if err != nil { - t.Fatalf("Got an error on Connect with Secure Options: %+v\n", err) -} - -``` - -## Using Go Channels (netchan) - -```go -nc, _ := nats.Connect(nats.DefaultURL) -ec, _ := nats.NewEncodedConn(nc, nats.JSON_ENCODER) -defer ec.Close() - -type person struct { - Name string - Address string - Age int -} - -recvCh := make(chan *person) -ec.BindRecvChan("hello", recvCh) - -sendCh := make(chan *person) -ec.BindSendChan("hello", sendCh) - -me := &person{Name: "derek", Age: 22, Address: "140 New Montgomery Street"} - -// Send via Go channels -sendCh <- me - -// Receive via Go channels -who := <- recvCh -``` - -## Wildcard Subscriptions - -```go - -// "*" matches any token, at any level of the subject. -nc.Subscribe("foo.*.baz", func(m *Msg) { - fmt.Printf("Msg received on [%s] : %s\n", m.Subject, string(m.Data)); -}) - -nc.Subscribe("foo.bar.*", func(m *Msg) { - fmt.Printf("Msg received on [%s] : %s\n", m.Subject, string(m.Data)); -}) - -// ">" matches any length of the tail of a subject, and can only be the last token -// E.g. 'foo.>' will match 'foo.bar', 'foo.bar.baz', 'foo.foo.bar.bax.22' -nc.Subscribe("foo.>", func(m *Msg) { - fmt.Printf("Msg received on [%s] : %s\n", m.Subject, string(m.Data)); -}) - -// Matches all of the above -nc.Publish("foo.bar.baz", []byte("Hello World")) - -``` - -## Queue Groups - -```go -// All subscriptions with the same queue name will form a queue group. -// Each message will be delivered to only one subscriber per queue group, -// using queuing semantics. You can have as many queue groups as you wish. -// Normal subscribers will continue to work as expected. - -nc.QueueSubscribe("foo", "job_workers", func(_ *Msg) { - received += 1; -}) - -``` - -## Advanced Usage - -```go - -// Normally, the library will return an error when trying to connect and -// there is no server running. The RetryOnFailedConnect option will set -// the connection in reconnecting state if it failed to connect right away. -nc, err := nats.Connect(nats.DefaultURL, - nats.RetryOnFailedConnect(true), - nats.MaxReconnects(10), - nats.ReconnectWait(time.Second), - nats.ReconnectHandler(func(_ *nats.Conn) { - // Note that this will be invoked for the first asynchronous connect. - })) -if err != nil { - // Should not return an error even if it can't connect, but you still - // need to check in case there are some configuration errors. -} - -// Flush connection to server, returns when all messages have been processed. -nc.Flush() -fmt.Println("All clear!") - -// FlushTimeout specifies a timeout value as well. -err := nc.FlushTimeout(1*time.Second) -if err != nil { - fmt.Println("All clear!") -} else { - fmt.Println("Flushed timed out!") -} - -// Auto-unsubscribe after MAX_WANTED messages received -const MAX_WANTED = 10 -sub, err := nc.Subscribe("foo") -sub.AutoUnsubscribe(MAX_WANTED) - -// Multiple connections -nc1 := nats.Connect("nats://host1:4222") -nc2 := nats.Connect("nats://host2:4222") - -nc1.Subscribe("foo", func(m *Msg) { - fmt.Printf("Received a message: %s\n", string(m.Data)) -}) - -nc2.Publish("foo", []byte("Hello World!")); - -``` - -## Clustered Usage - -```go - -var servers = "nats://localhost:1222, nats://localhost:1223, nats://localhost:1224" - -nc, err := nats.Connect(servers) - -// Optionally set ReconnectWait and MaxReconnect attempts. -// This example means 10 seconds total per backend. -nc, err = nats.Connect(servers, nats.MaxReconnects(5), nats.ReconnectWait(2 * time.Second)) - -// You can also add some jitter for the reconnection. -// This call will add up to 500 milliseconds for non TLS connections and 2 seconds for TLS connections. -// If not specified, the library defaults to 100 milliseconds and 1 second, respectively. -nc, err = nats.Connect(servers, nats.ReconnectJitter(500*time.Millisecond, 2*time.Second)) - -// You can also specify a custom reconnect delay handler. If set, the library will invoke it when it has tried -// all URLs in its list. The value returned will be used as the total sleep time, so add your own jitter. -// The library will pass the number of times it went through the whole list. -nc, err = nats.Connect(servers, nats.CustomReconnectDelay(func(attempts int) time.Duration { - return someBackoffFunction(attempts) -})) - -// Optionally disable randomization of the server pool -nc, err = nats.Connect(servers, nats.DontRandomize()) - -// Setup callbacks to be notified on disconnects, reconnects and connection closed. -nc, err = nats.Connect(servers, - nats.DisconnectErrHandler(func(nc *nats.Conn, err error) { - fmt.Printf("Got disconnected! Reason: %q\n", err) - }), - nats.ReconnectHandler(func(nc *nats.Conn) { - fmt.Printf("Got reconnected to %v!\n", nc.ConnectedUrl()) - }), - nats.ClosedHandler(func(nc *nats.Conn) { - fmt.Printf("Connection closed. Reason: %q\n", nc.LastError()) - }) -) - -// When connecting to a mesh of servers with auto-discovery capabilities, -// you may need to provide a username/password or token in order to connect -// to any server in that mesh when authentication is required. -// Instead of providing the credentials in the initial URL, you will use -// new option setters: -nc, err = nats.Connect("nats://localhost:4222", nats.UserInfo("foo", "bar")) - -// For token based authentication: -nc, err = nats.Connect("nats://localhost:4222", nats.Token("S3cretT0ken")) - -// You can even pass the two at the same time in case one of the server -// in the mesh requires token instead of user name and password. -nc, err = nats.Connect("nats://localhost:4222", - nats.UserInfo("foo", "bar"), - nats.Token("S3cretT0ken")) - -// Note that if credentials are specified in the initial URLs, they take -// precedence on the credentials specified through the options. -// For instance, in the connect call below, the client library will use -// the user "my" and password "pwd" to connect to localhost:4222, however, -// it will use username "foo" and password "bar" when (re)connecting to -// a different server URL that it got as part of the auto-discovery. -nc, err = nats.Connect("nats://my:pwd@localhost:4222", nats.UserInfo("foo", "bar")) - -``` - -## Context support (+Go 1.7) - -```go -ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second) -defer cancel() - -nc, err := nats.Connect(nats.DefaultURL) - -// Request with context -msg, err := nc.RequestWithContext(ctx, "foo", []byte("bar")) - -// Synchronous subscriber with context -sub, err := nc.SubscribeSync("foo") -msg, err := sub.NextMsgWithContext(ctx) - -// Encoded Request with context -c, err := nats.NewEncodedConn(nc, nats.JSON_ENCODER) -type request struct { - Message string `json:"message"` -} -type response struct { - Code int `json:"code"` -} -req := &request{Message: "Hello"} -resp := &response{} -err := c.RequestWithContext(ctx, "foo", req, resp) -``` - -## License - -Unless otherwise noted, the NATS source files are distributed -under the Apache Version 2.0 license found in the LICENSE file. - -[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fnats-io%2Fgo-nats.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fnats-io%2Fgo-nats?ref=badge_large) diff --git a/vendor/github.com/nats-io/nats.go/TODO.md b/vendor/github.com/nats-io/nats.go/TODO.md deleted file mode 100644 index 213aaeca..00000000 --- a/vendor/github.com/nats-io/nats.go/TODO.md +++ /dev/null @@ -1,26 +0,0 @@ - -- [ ] Better constructors, options handling -- [ ] Functions for callback settings after connection created. -- [ ] Better options for subscriptions. Slow Consumer state settable, Go routines vs Inline. -- [ ] Move off of channels for subscribers, use syncPool linkedLists, etc with highwater. -- [ ] Test for valid subjects on publish and subscribe? -- [ ] SyncSubscriber and Next for EncodedConn -- [ ] Fast Publisher? -- [ ] pooling for structs used? leaky bucket? -- [ ] Timeout 0 should work as no timeout -- [x] Ping timer -- [x] Name in Connect for gnatsd -- [x] Asynchronous error handling -- [x] Parser rewrite -- [x] Reconnect -- [x] Hide Lock -- [x] Easier encoder interface -- [x] QueueSubscribeSync -- [x] Make nats specific errors prefixed with 'nats:' -- [x] API test for closed connection -- [x] TLS/SSL -- [x] Stats collection -- [x] Disconnect detection -- [x] Optimized Publish (coalescing) -- [x] Do Examples via Go style -- [x] Standardized Errors diff --git a/vendor/github.com/nats-io/nats.go/context.go b/vendor/github.com/nats-io/nats.go/context.go deleted file mode 100644 index 666a483a..00000000 --- a/vendor/github.com/nats-io/nats.go/context.go +++ /dev/null @@ -1,243 +0,0 @@ -// Copyright 2016-2018 The NATS Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package nats - -import ( - "context" - "reflect" -) - -// RequestMsgWithContext takes a context, a subject and payload -// in bytes and request expecting a single response. -func (nc *Conn) RequestMsgWithContext(ctx context.Context, msg *Msg) (*Msg, error) { - var hdr []byte - var err error - - if len(msg.Header) > 0 { - if !nc.info.Headers { - return nil, ErrHeadersNotSupported - } - - hdr, err = msg.headerBytes() - if err != nil { - return nil, err - } - } - - return nc.requestWithContext(ctx, msg.Subject, hdr, msg.Data) -} - -// RequestWithContext takes a context, a subject and payload -// in bytes and request expecting a single response. -func (nc *Conn) RequestWithContext(ctx context.Context, subj string, data []byte) (*Msg, error) { - return nc.requestWithContext(ctx, subj, nil, data) -} - -func (nc *Conn) requestWithContext(ctx context.Context, subj string, hdr, data []byte) (*Msg, error) { - if ctx == nil { - return nil, ErrInvalidContext - } - if nc == nil { - return nil, ErrInvalidConnection - } - // Check whether the context is done already before making - // the request. - if ctx.Err() != nil { - return nil, ctx.Err() - } - - var m *Msg - var err error - - // If user wants the old style. - if nc.useOldRequestStyle() { - m, err = nc.oldRequestWithContext(ctx, subj, hdr, data) - } else { - mch, token, err := nc.createNewRequestAndSend(subj, hdr, data) - if err != nil { - return nil, err - } - - var ok bool - - select { - case m, ok = <-mch: - if !ok { - return nil, ErrConnectionClosed - } - case <-ctx.Done(): - nc.mu.Lock() - delete(nc.respMap, token) - nc.mu.Unlock() - return nil, ctx.Err() - } - } - // Check for no responder status. - if err == nil && len(m.Data) == 0 && m.Header.Get(statusHdr) == noResponders { - m, err = nil, ErrNoResponders - } - return m, err -} - -// oldRequestWithContext utilizes inbox and subscription per request. -func (nc *Conn) oldRequestWithContext(ctx context.Context, subj string, hdr, data []byte) (*Msg, error) { - inbox := NewInbox() - ch := make(chan *Msg, RequestChanLen) - - s, err := nc.subscribe(inbox, _EMPTY_, nil, ch, true, nil) - if err != nil { - return nil, err - } - s.AutoUnsubscribe(1) - defer s.Unsubscribe() - - err = nc.publish(subj, inbox, hdr, data) - if err != nil { - return nil, err - } - - return s.NextMsgWithContext(ctx) -} - -// NextMsgWithContext takes a context and returns the next message -// available to a synchronous subscriber, blocking until it is delivered -// or context gets canceled. -func (s *Subscription) NextMsgWithContext(ctx context.Context) (*Msg, error) { - if ctx == nil { - return nil, ErrInvalidContext - } - if s == nil { - return nil, ErrBadSubscription - } - if ctx.Err() != nil { - return nil, ctx.Err() - } - - s.mu.Lock() - err := s.validateNextMsgState() - if err != nil { - s.mu.Unlock() - return nil, err - } - - // snapshot - mch := s.mch - s.mu.Unlock() - - var ok bool - var msg *Msg - - // If something is available right away, let's optimize that case. - select { - case msg, ok = <-mch: - if !ok { - return nil, s.getNextMsgErr() - } - if err := s.processNextMsgDelivered(msg); err != nil { - return nil, err - } else { - return msg, nil - } - default: - } - - select { - case msg, ok = <-mch: - if !ok { - return nil, s.getNextMsgErr() - } - if err := s.processNextMsgDelivered(msg); err != nil { - return nil, err - } - case <-ctx.Done(): - return nil, ctx.Err() - } - - return msg, nil -} - -// FlushWithContext will allow a context to control the duration -// of a Flush() call. This context should be non-nil and should -// have a deadline set. We will return an error if none is present. -func (nc *Conn) FlushWithContext(ctx context.Context) error { - if nc == nil { - return ErrInvalidConnection - } - if ctx == nil { - return ErrInvalidContext - } - _, ok := ctx.Deadline() - if !ok { - return ErrNoDeadlineContext - } - - nc.mu.Lock() - if nc.isClosed() { - nc.mu.Unlock() - return ErrConnectionClosed - } - // Create a buffered channel to prevent chan send to block - // in processPong() - ch := make(chan struct{}, 1) - nc.sendPing(ch) - nc.mu.Unlock() - - var err error - - select { - case _, ok := <-ch: - if !ok { - err = ErrConnectionClosed - } else { - close(ch) - } - case <-ctx.Done(): - err = ctx.Err() - } - - if err != nil { - nc.removeFlushEntry(ch) - } - - return err -} - -// RequestWithContext will create an Inbox and perform a Request -// using the provided cancellation context with the Inbox reply -// for the data v. A response will be decoded into the vPtrResponse. -func (c *EncodedConn) RequestWithContext(ctx context.Context, subject string, v interface{}, vPtr interface{}) error { - if ctx == nil { - return ErrInvalidContext - } - - b, err := c.Enc.Encode(subject, v) - if err != nil { - return err - } - m, err := c.Conn.RequestWithContext(ctx, subject, b) - if err != nil { - return err - } - if reflect.TypeOf(vPtr) == emptyMsgType { - mPtr := vPtr.(*Msg) - *mPtr = *m - } else { - err := c.Enc.Decode(m.Subject, m.Data, vPtr) - if err != nil { - return err - } - } - - return nil -} diff --git a/vendor/github.com/nats-io/nats.go/dependencies.md b/vendor/github.com/nats-io/nats.go/dependencies.md deleted file mode 100644 index cc986b27..00000000 --- a/vendor/github.com/nats-io/nats.go/dependencies.md +++ /dev/null @@ -1,13 +0,0 @@ -# External Dependencies - -This file lists the dependencies used in this repository. - -| Dependency | License | -|-|-| -| Go | BSD 3-Clause "New" or "Revised" License | -| github.com/nats-io/nats.go | Apache License 2.0 | -| github.com/golang/protobuf v1.4.2 | BSD 3-Clause "New" or "Revised" License | -| github.com/nats-io/nats-server/v2 v2.1.8-0.20201115145023-f61fa8529a0f | Apache License 2.0 | -| github.com/nats-io/nkeys v0.2.0 | Apache License 2.0 | -| github.com/nats-io/nuid v1.0.1 | Apache License 2.0 | -| google.golang.org/protobuf v1.23.0 | BSD 3-Clause License | diff --git a/vendor/github.com/nats-io/nats.go/enc.go b/vendor/github.com/nats-io/nats.go/enc.go deleted file mode 100644 index 181ef5aa..00000000 --- a/vendor/github.com/nats-io/nats.go/enc.go +++ /dev/null @@ -1,269 +0,0 @@ -// Copyright 2012-2019 The NATS Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package nats - -import ( - "errors" - "fmt" - "reflect" - "sync" - "time" - - // Default Encoders - "github.com/nats-io/nats.go/encoders/builtin" -) - -// Encoder interface is for all register encoders -type Encoder interface { - Encode(subject string, v interface{}) ([]byte, error) - Decode(subject string, data []byte, vPtr interface{}) error -} - -var encMap map[string]Encoder -var encLock sync.Mutex - -// Indexed names into the Registered Encoders. -const ( - JSON_ENCODER = "json" - GOB_ENCODER = "gob" - DEFAULT_ENCODER = "default" -) - -func init() { - encMap = make(map[string]Encoder) - // Register json, gob and default encoder - RegisterEncoder(JSON_ENCODER, &builtin.JsonEncoder{}) - RegisterEncoder(GOB_ENCODER, &builtin.GobEncoder{}) - RegisterEncoder(DEFAULT_ENCODER, &builtin.DefaultEncoder{}) -} - -// EncodedConn are the preferred way to interface with NATS. They wrap a bare connection to -// a nats server and have an extendable encoder system that will encode and decode messages -// from raw Go types. -type EncodedConn struct { - Conn *Conn - Enc Encoder -} - -// NewEncodedConn will wrap an existing Connection and utilize the appropriate registered -// encoder. -func NewEncodedConn(c *Conn, encType string) (*EncodedConn, error) { - if c == nil { - return nil, errors.New("nats: Nil Connection") - } - if c.IsClosed() { - return nil, ErrConnectionClosed - } - ec := &EncodedConn{Conn: c, Enc: EncoderForType(encType)} - if ec.Enc == nil { - return nil, fmt.Errorf("no encoder registered for '%s'", encType) - } - return ec, nil -} - -// RegisterEncoder will register the encType with the given Encoder. Useful for customization. -func RegisterEncoder(encType string, enc Encoder) { - encLock.Lock() - defer encLock.Unlock() - encMap[encType] = enc -} - -// EncoderForType will return the registered Encoder for the encType. -func EncoderForType(encType string) Encoder { - encLock.Lock() - defer encLock.Unlock() - return encMap[encType] -} - -// Publish publishes the data argument to the given subject. The data argument -// will be encoded using the associated encoder. -func (c *EncodedConn) Publish(subject string, v interface{}) error { - b, err := c.Enc.Encode(subject, v) - if err != nil { - return err - } - return c.Conn.publish(subject, _EMPTY_, nil, b) -} - -// PublishRequest will perform a Publish() expecting a response on the -// reply subject. Use Request() for automatically waiting for a response -// inline. -func (c *EncodedConn) PublishRequest(subject, reply string, v interface{}) error { - b, err := c.Enc.Encode(subject, v) - if err != nil { - return err - } - return c.Conn.publish(subject, reply, nil, b) -} - -// Request will create an Inbox and perform a Request() call -// with the Inbox reply for the data v. A response will be -// decoded into the vPtr Response. -func (c *EncodedConn) Request(subject string, v interface{}, vPtr interface{}, timeout time.Duration) error { - b, err := c.Enc.Encode(subject, v) - if err != nil { - return err - } - m, err := c.Conn.Request(subject, b, timeout) - if err != nil { - return err - } - if reflect.TypeOf(vPtr) == emptyMsgType { - mPtr := vPtr.(*Msg) - *mPtr = *m - } else { - err = c.Enc.Decode(m.Subject, m.Data, vPtr) - } - return err -} - -// Handler is a specific callback used for Subscribe. It is generalized to -// an interface{}, but we will discover its format and arguments at runtime -// and perform the correct callback, including de-marshaling encoded data -// back into the appropriate struct based on the signature of the Handler. -// -// Handlers are expected to have one of four signatures. -// -// type person struct { -// Name string `json:"name,omitempty"` -// Age uint `json:"age,omitempty"` -// } -// -// handler := func(m *Msg) -// handler := func(p *person) -// handler := func(subject string, o *obj) -// handler := func(subject, reply string, o *obj) -// -// These forms allow a callback to request a raw Msg ptr, where the processing -// of the message from the wire is untouched. Process a JSON representation -// and demarshal it into the given struct, e.g. person. -// There are also variants where the callback wants either the subject, or the -// subject and the reply subject. -type Handler interface{} - -// Dissect the cb Handler's signature -func argInfo(cb Handler) (reflect.Type, int) { - cbType := reflect.TypeOf(cb) - if cbType.Kind() != reflect.Func { - panic("nats: Handler needs to be a func") - } - numArgs := cbType.NumIn() - if numArgs == 0 { - return nil, numArgs - } - return cbType.In(numArgs - 1), numArgs -} - -var emptyMsgType = reflect.TypeOf(&Msg{}) - -// Subscribe will create a subscription on the given subject and process incoming -// messages using the specified Handler. The Handler should be a func that matches -// a signature from the description of Handler from above. -func (c *EncodedConn) Subscribe(subject string, cb Handler) (*Subscription, error) { - return c.subscribe(subject, _EMPTY_, cb) -} - -// QueueSubscribe will create a queue subscription on the given subject and process -// incoming messages using the specified Handler. The Handler should be a func that -// matches a signature from the description of Handler from above. -func (c *EncodedConn) QueueSubscribe(subject, queue string, cb Handler) (*Subscription, error) { - return c.subscribe(subject, queue, cb) -} - -// Internal implementation that all public functions will use. -func (c *EncodedConn) subscribe(subject, queue string, cb Handler) (*Subscription, error) { - if cb == nil { - return nil, errors.New("nats: Handler required for EncodedConn Subscription") - } - argType, numArgs := argInfo(cb) - if argType == nil { - return nil, errors.New("nats: Handler requires at least one argument") - } - - cbValue := reflect.ValueOf(cb) - wantsRaw := (argType == emptyMsgType) - - natsCB := func(m *Msg) { - var oV []reflect.Value - if wantsRaw { - oV = []reflect.Value{reflect.ValueOf(m)} - } else { - var oPtr reflect.Value - if argType.Kind() != reflect.Ptr { - oPtr = reflect.New(argType) - } else { - oPtr = reflect.New(argType.Elem()) - } - if err := c.Enc.Decode(m.Subject, m.Data, oPtr.Interface()); err != nil { - if c.Conn.Opts.AsyncErrorCB != nil { - c.Conn.ach.push(func() { - c.Conn.Opts.AsyncErrorCB(c.Conn, m.Sub, errors.New("nats: Got an error trying to unmarshal: "+err.Error())) - }) - } - return - } - if argType.Kind() != reflect.Ptr { - oPtr = reflect.Indirect(oPtr) - } - - // Callback Arity - switch numArgs { - case 1: - oV = []reflect.Value{oPtr} - case 2: - subV := reflect.ValueOf(m.Subject) - oV = []reflect.Value{subV, oPtr} - case 3: - subV := reflect.ValueOf(m.Subject) - replyV := reflect.ValueOf(m.Reply) - oV = []reflect.Value{subV, replyV, oPtr} - } - - } - cbValue.Call(oV) - } - - return c.Conn.subscribe(subject, queue, natsCB, nil, false, nil) -} - -// FlushTimeout allows a Flush operation to have an associated timeout. -func (c *EncodedConn) FlushTimeout(timeout time.Duration) (err error) { - return c.Conn.FlushTimeout(timeout) -} - -// Flush will perform a round trip to the server and return when it -// receives the internal reply. -func (c *EncodedConn) Flush() error { - return c.Conn.Flush() -} - -// Close will close the connection to the server. This call will release -// all blocking calls, such as Flush(), etc. -func (c *EncodedConn) Close() { - c.Conn.Close() -} - -// Drain will put a connection into a drain state. All subscriptions will -// immediately be put into a drain state. Upon completion, the publishers -// will be drained and can not publish any additional messages. Upon draining -// of the publishers, the connection will be closed. Use the ClosedCB() -// option to know when the connection has moved from draining to closed. -func (c *EncodedConn) Drain() error { - return c.Conn.Drain() -} - -// LastError reports the last error encountered via the Connection. -func (c *EncodedConn) LastError() error { - return c.Conn.err -} diff --git a/vendor/github.com/nats-io/nats.go/encoders/builtin/default_enc.go b/vendor/github.com/nats-io/nats.go/encoders/builtin/default_enc.go deleted file mode 100644 index 46d918ee..00000000 --- a/vendor/github.com/nats-io/nats.go/encoders/builtin/default_enc.go +++ /dev/null @@ -1,117 +0,0 @@ -// Copyright 2012-2018 The NATS Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package builtin - -import ( - "bytes" - "fmt" - "reflect" - "strconv" - "unsafe" -) - -// DefaultEncoder implementation for EncodedConn. -// This encoder will leave []byte and string untouched, but will attempt to -// turn numbers into appropriate strings that can be decoded. It will also -// propely encoded and decode bools. If will encode a struct, but if you want -// to properly handle structures you should use JsonEncoder. -type DefaultEncoder struct { - // Empty -} - -var trueB = []byte("true") -var falseB = []byte("false") -var nilB = []byte("") - -// Encode -func (je *DefaultEncoder) Encode(subject string, v interface{}) ([]byte, error) { - switch arg := v.(type) { - case string: - bytes := *(*[]byte)(unsafe.Pointer(&arg)) - return bytes, nil - case []byte: - return arg, nil - case bool: - if arg { - return trueB, nil - } else { - return falseB, nil - } - case nil: - return nilB, nil - default: - var buf bytes.Buffer - fmt.Fprintf(&buf, "%+v", arg) - return buf.Bytes(), nil - } -} - -// Decode -func (je *DefaultEncoder) Decode(subject string, data []byte, vPtr interface{}) error { - // Figure out what it's pointing to... - sData := *(*string)(unsafe.Pointer(&data)) - switch arg := vPtr.(type) { - case *string: - *arg = sData - return nil - case *[]byte: - *arg = data - return nil - case *int: - n, err := strconv.ParseInt(sData, 10, 64) - if err != nil { - return err - } - *arg = int(n) - return nil - case *int32: - n, err := strconv.ParseInt(sData, 10, 64) - if err != nil { - return err - } - *arg = int32(n) - return nil - case *int64: - n, err := strconv.ParseInt(sData, 10, 64) - if err != nil { - return err - } - *arg = int64(n) - return nil - case *float32: - n, err := strconv.ParseFloat(sData, 32) - if err != nil { - return err - } - *arg = float32(n) - return nil - case *float64: - n, err := strconv.ParseFloat(sData, 64) - if err != nil { - return err - } - *arg = float64(n) - return nil - case *bool: - b, err := strconv.ParseBool(sData) - if err != nil { - return err - } - *arg = b - return nil - default: - vt := reflect.TypeOf(arg).Elem() - return fmt.Errorf("nats: Default Encoder can't decode to type %s", vt) - } -} diff --git a/vendor/github.com/nats-io/nats.go/encoders/builtin/gob_enc.go b/vendor/github.com/nats-io/nats.go/encoders/builtin/gob_enc.go deleted file mode 100644 index 632bcbd3..00000000 --- a/vendor/github.com/nats-io/nats.go/encoders/builtin/gob_enc.go +++ /dev/null @@ -1,45 +0,0 @@ -// Copyright 2013-2018 The NATS Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package builtin - -import ( - "bytes" - "encoding/gob" -) - -// GobEncoder is a Go specific GOB Encoder implementation for EncodedConn. -// This encoder will use the builtin encoding/gob to Marshal -// and Unmarshal most types, including structs. -type GobEncoder struct { - // Empty -} - -// FIXME(dlc) - This could probably be more efficient. - -// Encode -func (ge *GobEncoder) Encode(subject string, v interface{}) ([]byte, error) { - b := new(bytes.Buffer) - enc := gob.NewEncoder(b) - if err := enc.Encode(v); err != nil { - return nil, err - } - return b.Bytes(), nil -} - -// Decode -func (ge *GobEncoder) Decode(subject string, data []byte, vPtr interface{}) (err error) { - dec := gob.NewDecoder(bytes.NewBuffer(data)) - err = dec.Decode(vPtr) - return -} diff --git a/vendor/github.com/nats-io/nats.go/encoders/builtin/json_enc.go b/vendor/github.com/nats-io/nats.go/encoders/builtin/json_enc.go deleted file mode 100644 index c9670f31..00000000 --- a/vendor/github.com/nats-io/nats.go/encoders/builtin/json_enc.go +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2012-2018 The NATS Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package builtin - -import ( - "encoding/json" - "strings" -) - -// JsonEncoder is a JSON Encoder implementation for EncodedConn. -// This encoder will use the builtin encoding/json to Marshal -// and Unmarshal most types, including structs. -type JsonEncoder struct { - // Empty -} - -// Encode -func (je *JsonEncoder) Encode(subject string, v interface{}) ([]byte, error) { - b, err := json.Marshal(v) - if err != nil { - return nil, err - } - return b, nil -} - -// Decode -func (je *JsonEncoder) Decode(subject string, data []byte, vPtr interface{}) (err error) { - switch arg := vPtr.(type) { - case *string: - // If they want a string and it is a JSON string, strip quotes - // This allows someone to send a struct but receive as a plain string - // This cast should be efficient for Go 1.3 and beyond. - str := string(data) - if strings.HasPrefix(str, `"`) && strings.HasSuffix(str, `"`) { - *arg = str[1 : len(str)-1] - } else { - *arg = str - } - case *[]byte: - *arg = data - default: - err = json.Unmarshal(data, arg) - } - return -} diff --git a/vendor/github.com/nats-io/nats.go/go.mod b/vendor/github.com/nats-io/nats.go/go.mod deleted file mode 100644 index b60123e7..00000000 --- a/vendor/github.com/nats-io/nats.go/go.mod +++ /dev/null @@ -1,11 +0,0 @@ -module github.com/nats-io/nats.go - -go 1.15 - -require ( - github.com/golang/protobuf v1.4.2 - github.com/nats-io/nats-server/v2 v2.1.8-0.20210227190344-51550e242af8 - github.com/nats-io/nkeys v0.2.0 - github.com/nats-io/nuid v1.0.1 - google.golang.org/protobuf v1.23.0 -) diff --git a/vendor/github.com/nats-io/nats.go/js.go b/vendor/github.com/nats-io/nats.go/js.go deleted file mode 100644 index 429959d9..00000000 --- a/vendor/github.com/nats-io/nats.go/js.go +++ /dev/null @@ -1,1346 +0,0 @@ -// Copyright 2020 The NATS Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package nats - -import ( - "bytes" - "context" - "encoding/json" - "errors" - "fmt" - "net/http" - "strconv" - "strings" - "sync/atomic" - "time" -) - -// Request API subjects for JetStream. -const ( - // defaultAPIPrefix is the default prefix for the JetStream API. - defaultAPIPrefix = "$JS.API." - - // apiAccountInfo is for obtaining general information about JetStream. - apiAccountInfo = "INFO" - - // apiConsumerCreateT is used to create consumers. - apiConsumerCreateT = "CONSUMER.CREATE.%s" - - // apiDurableCreateT is used to create durable consumers. - apiDurableCreateT = "CONSUMER.DURABLE.CREATE.%s.%s" - - // apiConsumerInfoT is used to create consumers. - apiConsumerInfoT = "CONSUMER.INFO.%s.%s" - - // apiRequestNextT is the prefix for the request next message(s) for a consumer in worker/pull mode. - apiRequestNextT = "CONSUMER.MSG.NEXT.%s.%s" - - // apiDeleteConsumerT is used to delete consumers. - apiConsumerDeleteT = "CONSUMER.DELETE.%s.%s" - - // apiConsumerListT is used to return all detailed consumer information - apiConsumerListT = "CONSUMER.LIST.%s" - - // apiStreams can lookup a stream by subject. - apiStreams = "STREAM.NAMES" - - // apiStreamCreateT is the endpoint to create new streams. - apiStreamCreateT = "STREAM.CREATE.%s" - - // apiStreamInfoT is the endpoint to get information on a stream. - apiStreamInfoT = "STREAM.INFO.%s" - - // apiStreamUpdate is the endpoint to update existing streams. - apiStreamUpdateT = "STREAM.UPDATE.%s" - - // apiStreamDeleteT is the endpoint to delete streams. - apiStreamDeleteT = "STREAM.DELETE.%s" - - // apiPurgeStreamT is the endpoint to purge streams. - apiStreamPurgeT = "STREAM.PURGE.%s" - - // apiStreamListT is the endpoint that will return all detailed stream information - apiStreamList = "STREAM.LIST" - - // apiMsgGetT is the endpoint to get a message. - apiMsgGetT = "STREAM.MSG.GET.%s" - - // apiMsgDeleteT is the endpoint to remove a message. - apiMsgDeleteT = "STREAM.MSG.DELETE.%s" -) - -// JetStream is the public interface for JetStream. -type JetStream interface { - // Publish publishes a message to JetStream. - Publish(subj string, data []byte, opts ...PubOpt) (*PubAck, error) - - // Publish publishes a Msg to JetStream. - PublishMsg(m *Msg, opts ...PubOpt) (*PubAck, error) - - // Subscribe creates an async Subscription for JetStream. - Subscribe(subj string, cb MsgHandler, opts ...SubOpt) (*Subscription, error) - - // SubscribeSync creates a Subscription that can be used to process messages synchronously. - SubscribeSync(subj string, opts ...SubOpt) (*Subscription, error) - - // ChanSubscribe creates channel based Subscription. - ChanSubscribe(subj string, ch chan *Msg, opts ...SubOpt) (*Subscription, error) - - // QueueSubscribe creates a Subscription with a queue group. - QueueSubscribe(subj, queue string, cb MsgHandler, opts ...SubOpt) (*Subscription, error) - - // QueueSubscribeSync creates a Subscription with a queue group that can be used to process messages synchronously. - QueueSubscribeSync(subj, queue string, opts ...SubOpt) (*Subscription, error) -} - -// JetStreamContext is the public interface for JetStream. -type JetStreamContext interface { - JetStream - JetStreamManager -} - -// js is an internal struct from a JetStreamContext. -type js struct { - nc *Conn - // For importing JetStream from other accounts. - pre string - // Amount of time to wait for API requests. - wait time.Duration - // Signals only direct access and no API access. - direct bool -} - -const defaultRequestWait = 5 * time.Second - -// JetStream returns a JetStream context for pub/sub interactions. -func (nc *Conn) JetStream(opts ...JSOpt) (JetStreamContext, error) { - js := &js{nc: nc, pre: defaultAPIPrefix, wait: defaultRequestWait} - - for _, opt := range opts { - if err := opt.configureJSContext(js); err != nil { - return nil, err - } - } - - if js.direct { - return js, nil - } - - if _, err := js.AccountInfo(); err != nil { - if err == ErrNoResponders { - err = ErrJetStreamNotEnabled - } - return nil, err - } - - return js, nil -} - -// JSOpt configures a JetStream context. -type JSOpt interface { - configureJSContext(opts *js) error -} - -// jsOptFn configures an option for the JetStream context. -type jsOptFn func(opts *js) error - -func (opt jsOptFn) configureJSContext(opts *js) error { - return opt(opts) -} - -// APIPrefix changes the default prefix used for the JetStream API. -func APIPrefix(pre string) JSOpt { - return jsOptFn(func(js *js) error { - js.pre = pre - if !strings.HasSuffix(js.pre, ".") { - js.pre = js.pre + "." - } - return nil - }) -} - -// DirectOnly makes a JetStream context avoid using the JetStream API altogether. -func DirectOnly() JSOpt { - return jsOptFn(func(js *js) error { - js.direct = true - return nil - }) -} - -func (js *js) apiSubj(subj string) string { - if js.pre == _EMPTY_ { - return subj - } - var b strings.Builder - b.WriteString(js.pre) - b.WriteString(subj) - return b.String() -} - -// PubOpt configures options for publishing JetStream messages. -type PubOpt interface { - configurePublish(opts *pubOpts) error -} - -// pubOptFn is a function option used to configure JetStream Publish. -type pubOptFn func(opts *pubOpts) error - -func (opt pubOptFn) configurePublish(opts *pubOpts) error { - return opt(opts) -} - -type pubOpts struct { - ctx context.Context - ttl time.Duration - id string - lid string // Expected last msgId - str string // Expected stream name - seq uint64 // Expected last sequence -} - -// pubAckResponse is the ack response from the JetStream API when of publishing a message. -type pubAckResponse struct { - apiResponse - *PubAck -} - -// PubAck is an ack received after successfully publishing a message. -type PubAck struct { - Stream string `json:"stream"` - Sequence uint64 `json:"seq"` - Duplicate bool `json:"duplicate,omitempty"` -} - -// Headers for published messages. -const ( - MsgIdHdr = "Nats-Msg-Id" - ExpectedStreamHdr = "Nats-Expected-Stream" - ExpectedLastSeqHdr = "Nats-Expected-Last-Sequence" - ExpectedLastMsgIdHdr = "Nats-Expected-Last-Msg-Id" -) - -// PublishMsg publishes a Msg to a stream from JetStream. -func (js *js) PublishMsg(m *Msg, opts ...PubOpt) (*PubAck, error) { - var o pubOpts - if len(opts) > 0 { - if m.Header == nil { - m.Header = http.Header{} - } - for _, opt := range opts { - if err := opt.configurePublish(&o); err != nil { - return nil, err - } - } - } - // Check for option collisions. Right now just timeout and context. - if o.ctx != nil && o.ttl != 0 { - return nil, ErrContextAndTimeout - } - if o.ttl == 0 && o.ctx == nil { - o.ttl = js.wait - } - - if o.id != _EMPTY_ { - m.Header.Set(MsgIdHdr, o.id) - } - if o.lid != _EMPTY_ { - m.Header.Set(ExpectedLastMsgIdHdr, o.lid) - } - if o.str != _EMPTY_ { - m.Header.Set(ExpectedStreamHdr, o.str) - } - if o.seq > 0 { - m.Header.Set(ExpectedLastSeqHdr, strconv.FormatUint(o.seq, 10)) - } - - var resp *Msg - var err error - - if o.ttl > 0 { - resp, err = js.nc.RequestMsg(m, time.Duration(o.ttl)) - } else { - resp, err = js.nc.RequestMsgWithContext(o.ctx, m) - } - - if err != nil { - if err == ErrNoResponders { - err = ErrNoStreamResponse - } - return nil, err - } - var pa pubAckResponse - if err := json.Unmarshal(resp.Data, &pa); err != nil { - return nil, ErrInvalidJSAck - } - if pa.Error != nil { - return nil, errors.New(pa.Error.Description) - } - if pa.PubAck == nil || pa.PubAck.Stream == _EMPTY_ { - return nil, ErrInvalidJSAck - } - return pa.PubAck, nil -} - -// Publish publishes a message to a stream from JetStream. -func (js *js) Publish(subj string, data []byte, opts ...PubOpt) (*PubAck, error) { - return js.PublishMsg(&Msg{Subject: subj, Data: data}, opts...) -} - -// MsgId sets the message ID used for de-duplication. -func MsgId(id string) PubOpt { - return pubOptFn(func(opts *pubOpts) error { - opts.id = id - return nil - }) -} - -// ExpectStream sets the expected stream to respond from the publish. -func ExpectStream(stream string) PubOpt { - return pubOptFn(func(opts *pubOpts) error { - opts.str = stream - return nil - }) -} - -// ExpectLastSequence sets the expected sequence in the response from the publish. -func ExpectLastSequence(seq uint64) PubOpt { - return pubOptFn(func(opts *pubOpts) error { - opts.seq = seq - return nil - }) -} - -// ExpectLastSequence sets the expected sequence in the response from the publish. -func ExpectLastMsgId(id string) PubOpt { - return pubOptFn(func(opts *pubOpts) error { - opts.lid = id - return nil - }) -} - -// MaxWait sets the maximum amount of time we will wait for a response. -type MaxWait time.Duration - -func (ttl MaxWait) configurePublish(opts *pubOpts) error { - opts.ttl = time.Duration(ttl) - return nil -} - -func (ttl MaxWait) configureJSContext(js *js) error { - js.wait = time.Duration(ttl) - return nil -} - -// ContextOpt is an option used to set a context.Context. -type ContextOpt struct { - context.Context -} - -func (ctx ContextOpt) configurePublish(opts *pubOpts) error { - opts.ctx = ctx - return nil -} - -// Context returns an option that can be used to configure a context. -func Context(ctx context.Context) ContextOpt { - return ContextOpt{ctx} -} - -// Subscribe - -// ConsumerConfig is the configuration of a JetStream consumer. -type ConsumerConfig struct { - Durable string `json:"durable_name,omitempty"` - DeliverSubject string `json:"deliver_subject,omitempty"` - DeliverPolicy DeliverPolicy `json:"deliver_policy"` - OptStartSeq uint64 `json:"opt_start_seq,omitempty"` - OptStartTime *time.Time `json:"opt_start_time,omitempty"` - AckPolicy AckPolicy `json:"ack_policy"` - AckWait time.Duration `json:"ack_wait,omitempty"` - MaxDeliver int `json:"max_deliver,omitempty"` - FilterSubject string `json:"filter_subject,omitempty"` - ReplayPolicy ReplayPolicy `json:"replay_policy"` - RateLimit uint64 `json:"rate_limit_bps,omitempty"` // Bits per sec - SampleFrequency string `json:"sample_freq,omitempty"` - MaxWaiting int `json:"max_waiting,omitempty"` - MaxAckPending int `json:"max_ack_pending,omitempty"` -} - -// ConsumerInfo is the info from a JetStream consumer. -type ConsumerInfo struct { - Stream string `json:"stream_name"` - Name string `json:"name"` - Created time.Time `json:"created"` - Config ConsumerConfig `json:"config"` - Delivered SequencePair `json:"delivered"` - AckFloor SequencePair `json:"ack_floor"` - NumAckPending int `json:"num_ack_pending"` - NumRedelivered int `json:"num_redelivered"` - NumWaiting int `json:"num_waiting"` - NumPending uint64 `json:"num_pending"` - Cluster *ClusterInfo `json:"cluster,omitempty"` -} - -// SequencePair includes the consumer and stream sequence info from a JetStream consumer. -type SequencePair struct { - Consumer uint64 `json:"consumer_seq"` - Stream uint64 `json:"stream_seq"` -} - -// nextRequest is for getting next messages for pull based consumers from JetStream. -type nextRequest struct { - Expires *time.Time `json:"expires,omitempty"` - Batch int `json:"batch,omitempty"` - NoWait bool `json:"no_wait,omitempty"` -} - -// jsSub includes JetStream subscription info. -type jsSub struct { - js *js - consumer string - stream string - deliver string - pull int - durable bool - attached bool -} - -func (jsi *jsSub) unsubscribe(drainMode bool) error { - if drainMode && (jsi.durable || jsi.attached) { - // Skip deleting consumer for durables/attached - // consumers when using drain mode. - return nil - } - - // Skip if in direct mode as well. - js := jsi.js - if js.direct { - return nil - } - - return js.DeleteConsumer(jsi.stream, jsi.consumer) -} - -// SubOpt configures options for subscribing to JetStream consumers. -type SubOpt interface { - configureSubscribe(opts *subOpts) error -} - -// subOptFn is a function option used to configure a JetStream Subscribe. -type subOptFn func(opts *subOpts) error - -func (opt subOptFn) configureSubscribe(opts *subOpts) error { - return opt(opts) -} - -// Subscribe will create a subscription to the appropriate stream and consumer. -func (js *js) Subscribe(subj string, cb MsgHandler, opts ...SubOpt) (*Subscription, error) { - return js.subscribe(subj, _EMPTY_, cb, nil, opts) -} - -// SubscribeSync will create a sync subscription to the appropriate stream and consumer. -func (js *js) SubscribeSync(subj string, opts ...SubOpt) (*Subscription, error) { - mch := make(chan *Msg, js.nc.Opts.SubChanLen) - return js.subscribe(subj, _EMPTY_, nil, mch, opts) -} - -// QueueSubscribe will create a subscription to the appropriate stream and consumer with queue semantics. -func (js *js) QueueSubscribe(subj, queue string, cb MsgHandler, opts ...SubOpt) (*Subscription, error) { - return js.subscribe(subj, queue, cb, nil, opts) -} - -// QueueSubscribeSync will create a sync subscription to the appropriate stream and consumer with queue semantics. -func (js *js) QueueSubscribeSync(subj, queue string, opts ...SubOpt) (*Subscription, error) { - mch := make(chan *Msg, js.nc.Opts.SubChanLen) - return js.subscribe(subj, queue, nil, mch, opts) -} - -// Subscribe will create a subscription to the appropriate stream and consumer. -func (js *js) ChanSubscribe(subj string, ch chan *Msg, opts ...SubOpt) (*Subscription, error) { - return js.subscribe(subj, _EMPTY_, nil, ch, opts) -} - -func (js *js) subscribe(subj, queue string, cb MsgHandler, ch chan *Msg, opts []SubOpt) (*Subscription, error) { - cfg := ConsumerConfig{AckPolicy: ackPolicyNotSet} - o := subOpts{cfg: &cfg} - if len(opts) > 0 { - for _, opt := range opts { - if err := opt.configureSubscribe(&o); err != nil { - return nil, err - } - } - } - - isPullMode := o.pull > 0 - if cb != nil && isPullMode { - return nil, ErrPullModeNotAllowed - } - - var ( - err error - shouldCreate bool - ccfg *ConsumerConfig - deliver string - attached bool - stream = o.stream - consumer = o.consumer - requiresAPI = (stream == _EMPTY_ && consumer == _EMPTY_) && o.cfg.DeliverSubject == _EMPTY_ - ) - - if js.direct && requiresAPI { - return nil, ErrDirectModeRequired - } - - if js.direct { - if o.cfg.DeliverSubject != _EMPTY_ { - deliver = o.cfg.DeliverSubject - } else { - deliver = NewInbox() - } - } else { - // Find the stream mapped to the subject. - stream, err = js.lookupStreamBySubject(subj) - if err != nil { - return nil, err - } - - // With an explicit durable name, then can lookup - // the consumer to which it should be attaching to. - var info *ConsumerInfo - consumer = o.cfg.Durable - if consumer != _EMPTY_ { - // Only create in case there is no consumer already. - info, err = js.ConsumerInfo(stream, consumer) - if err != nil && err.Error() != `consumer not found` { - return nil, err - } - } - - if info != nil { - // Attach using the found consumer config. - ccfg = &info.Config - attached = true - - // Make sure this new subject matches or is a subset. - if ccfg.FilterSubject != _EMPTY_ && subj != ccfg.FilterSubject { - return nil, ErrSubjectMismatch - } - - if ccfg.DeliverSubject != _EMPTY_ { - deliver = ccfg.DeliverSubject - } else { - deliver = NewInbox() - } - } else { - shouldCreate = true - deliver = NewInbox() - if !isPullMode { - cfg.DeliverSubject = deliver - } - // Do filtering always, server will clear as needed. - cfg.FilterSubject = subj - } - } - - var sub *Subscription - - // Check if we are manual ack. - if cb != nil && !o.mack { - ocb := cb - cb = func(m *Msg) { ocb(m); m.Ack() } - } - sub, err = js.nc.subscribe(deliver, queue, cb, ch, cb == nil, &jsSub{js: js}) - if err != nil { - return nil, err - } - - // If we are creating or updating let's process that request. - if shouldCreate { - // If not set default to ack explicit. - if cfg.AckPolicy == ackPolicyNotSet { - cfg.AckPolicy = AckExplicitPolicy - } - // If we have acks at all and the MaxAckPending is not set go ahead - // and set to the internal max. - // TODO(dlc) - We should be able to update this if client updates PendingLimits. - if cfg.MaxAckPending == 0 && cfg.AckPolicy != AckNonePolicy { - maxMsgs, _, _ := sub.PendingLimits() - cfg.MaxAckPending = maxMsgs - } - - req := &createConsumerRequest{ - Stream: stream, - Config: &cfg, - } - - j, err := json.Marshal(req) - if err != nil { - return nil, err - } - - var ccSubj string - isDurable := cfg.Durable != _EMPTY_ - if isDurable { - ccSubj = fmt.Sprintf(apiDurableCreateT, stream, cfg.Durable) - } else { - ccSubj = fmt.Sprintf(apiConsumerCreateT, stream) - } - - resp, err := js.nc.Request(js.apiSubj(ccSubj), j, js.wait) - if err != nil { - if err == ErrNoResponders { - err = ErrJetStreamNotEnabled - } - sub.Unsubscribe() - return nil, err - } - - var info consumerResponse - err = json.Unmarshal(resp.Data, &info) - if err != nil { - sub.Unsubscribe() - return nil, err - } - if info.Error != nil { - sub.Unsubscribe() - return nil, errors.New(info.Error.Description) - } - - // Hold onto these for later. - sub.jsi.stream = info.Stream - sub.jsi.consumer = info.Name - sub.jsi.deliver = info.Config.DeliverSubject - sub.jsi.durable = isDurable - } else { - sub.jsi.stream = stream - sub.jsi.consumer = consumer - if js.direct { - sub.jsi.deliver = o.cfg.DeliverSubject - } else { - sub.jsi.deliver = ccfg.DeliverSubject - } - } - sub.jsi.attached = attached - - // If we are pull based go ahead and fire off the first request to populate. - if isPullMode { - sub.jsi.pull = o.pull - sub.Poll() - } - - return sub, nil -} - -type streamRequest struct { - Subject string `json:"subject,omitempty"` -} - -type streamNamesResponse struct { - apiResponse - apiPaged - Streams []string `json:"streams"` -} - -func (js *js) lookupStreamBySubject(subj string) (string, error) { - var slr streamNamesResponse - req := &streamRequest{subj} - j, err := json.Marshal(req) - if err != nil { - return _EMPTY_, err - } - resp, err := js.nc.Request(js.apiSubj(apiStreams), j, js.wait) - if err != nil { - if err == ErrNoResponders { - err = ErrJetStreamNotEnabled - } - return _EMPTY_, err - } - if err := json.Unmarshal(resp.Data, &slr); err != nil { - return _EMPTY_, err - } - if slr.Error != nil || len(slr.Streams) != 1 { - return _EMPTY_, ErrNoMatchingStream - } - return slr.Streams[0], nil -} - -type subOpts struct { - // For attaching. - stream, consumer string - // For pull based consumers, batch size for pull - pull int - // For manual ack - mack bool - // For creating or updating. - cfg *ConsumerConfig -} - -// Durable defines the consumer name for JetStream durable subscribers. -func Durable(name string) SubOpt { - return subOptFn(func(opts *subOpts) error { - if strings.Contains(name, ".") { - return ErrInvalidDurableName - } - - opts.cfg.Durable = name - return nil - }) -} - -// Pull defines the batch size of messages that will be received -// when using pull based JetStream consumers. -func Pull(batchSize int) SubOpt { - return subOptFn(func(opts *subOpts) error { - if batchSize == 0 { - return errors.New("nats: batch size of 0 not valid") - } - opts.pull = batchSize - return nil - }) -} - -func PullDirect(stream, consumer string, batchSize int) SubOpt { - return subOptFn(func(opts *subOpts) error { - if batchSize == 0 { - return errors.New("nats: batch size of 0 not valid") - } - opts.stream = stream - opts.consumer = consumer - opts.pull = batchSize - return nil - }) -} - -// ManualAck disables auto ack functionality for async subscriptions. -func ManualAck() SubOpt { - return subOptFn(func(opts *subOpts) error { - opts.mack = true - return nil - }) -} - -// DeliverAll will configure a Consumer to receive all the -// messages from a Stream. -func DeliverAll() SubOpt { - return subOptFn(func(opts *subOpts) error { - opts.cfg.DeliverPolicy = DeliverAllPolicy - return nil - }) -} - -// DeliverLast configures a Consumer to receive messages -// starting with the latest one. -func DeliverLast() SubOpt { - return subOptFn(func(opts *subOpts) error { - opts.cfg.DeliverPolicy = DeliverLastPolicy - return nil - }) -} - -// DeliverNew configures a Consumer to receive messages -// published after the subscription. -func DeliverNew() SubOpt { - return subOptFn(func(opts *subOpts) error { - opts.cfg.DeliverPolicy = DeliverNewPolicy - return nil - }) -} - -// StartSequence configures a Consumer to receive -// messages from a start sequence. -func StartSequence(seq uint64) SubOpt { - return subOptFn(func(opts *subOpts) error { - opts.cfg.DeliverPolicy = DeliverByStartSequencePolicy - opts.cfg.OptStartSeq = seq - return nil - }) -} - -// StartTime configures a Consumer to receive -// messages from a start time. -func StartTime(startTime time.Time) SubOpt { - return subOptFn(func(opts *subOpts) error { - opts.cfg.DeliverPolicy = DeliverByStartTimePolicy - opts.cfg.OptStartTime = &startTime - return nil - }) -} - -func AckNone() SubOpt { - return subOptFn(func(opts *subOpts) error { - opts.cfg.AckPolicy = AckNonePolicy - return nil - }) -} - -func AckAll() SubOpt { - return subOptFn(func(opts *subOpts) error { - opts.cfg.AckPolicy = AckAllPolicy - return nil - }) -} - -func AckExplicit() SubOpt { - return subOptFn(func(opts *subOpts) error { - opts.cfg.AckPolicy = AckExplicitPolicy - return nil - }) -} - -func (sub *Subscription) ConsumerInfo() (*ConsumerInfo, error) { - sub.mu.Lock() - // TODO(dlc) - Better way to mark especially if we attach. - if sub.jsi.consumer == _EMPTY_ { - sub.mu.Unlock() - return nil, ErrTypeSubscription - } - - // Consumer info lookup should fail if in direct mode. - js := sub.jsi.js - if js.direct { - sub.mu.Unlock() - return nil, ErrDirectModeRequired - } - - stream, consumer := sub.jsi.stream, sub.jsi.consumer - sub.mu.Unlock() - - return js.getConsumerInfo(stream, consumer) -} - -func (sub *Subscription) Poll() error { - sub.mu.Lock() - if sub.jsi == nil || sub.jsi.deliver != _EMPTY_ || sub.jsi.pull == 0 { - sub.mu.Unlock() - return ErrTypeSubscription - } - batch := sub.jsi.pull - nc, reply := sub.conn, sub.Subject - stream, consumer := sub.jsi.stream, sub.jsi.consumer - js := sub.jsi.js - sub.mu.Unlock() - - req, _ := json.Marshal(&nextRequest{Batch: batch}) - reqNext := js.apiSubj(fmt.Sprintf(apiRequestNextT, stream, consumer)) - return nc.PublishRequest(reqNext, reply, req) -} - -func (js *js) getConsumerInfo(stream, consumer string) (*ConsumerInfo, error) { - ccInfoSubj := fmt.Sprintf(apiConsumerInfoT, stream, consumer) - resp, err := js.nc.Request(js.apiSubj(ccInfoSubj), nil, js.wait) - if err != nil { - if err == ErrNoResponders { - err = ErrJetStreamNotEnabled - } - return nil, err - } - - var info consumerResponse - if err := json.Unmarshal(resp.Data, &info); err != nil { - return nil, err - } - if info.Error != nil { - return nil, errors.New(info.Error.Description) - } - return info.ConsumerInfo, nil -} - -func (m *Msg) checkReply() (*js, bool, error) { - if m == nil || m.Sub == nil { - return nil, false, ErrMsgNotBound - } - if m.Reply == "" { - return nil, false, ErrMsgNoReply - } - sub := m.Sub - sub.mu.Lock() - if sub.jsi == nil { - sub.mu.Unlock() - - // Not using a JS context. - return nil, false, nil - } - js := sub.jsi.js - isPullMode := sub.jsi.pull > 0 - sub.mu.Unlock() - - return js, isPullMode, nil -} - -// ackReply handles all acks. Will do the right thing for pull and sync mode. -// It ensures that an ack is only sent a single time, regardless of -// how many times it is being called to avoid duplicated acks. -func (m *Msg) ackReply(ackType []byte, sync bool, opts ...PubOpt) error { - var o pubOpts - for _, opt := range opts { - if err := opt.configurePublish(&o); err != nil { - return err - } - } - js, isPullMode, err := m.checkReply() - if err != nil { - return err - } - - // Skip if already acked. - if atomic.LoadUint32(&m.ackd) == 1 { - return ErrInvalidJSAck - } - - m.Sub.mu.Lock() - nc := m.Sub.conn - m.Sub.mu.Unlock() - - ctx := o.ctx - wait := defaultRequestWait - if o.ttl > 0 { - wait = o.ttl - } else if js != nil { - wait = js.wait - } - - if isPullMode { - if bytes.Equal(ackType, AckAck) { - err = nc.PublishRequest(m.Reply, m.Sub.Subject, AckNext) - } else if bytes.Equal(ackType, AckNak) || bytes.Equal(ackType, AckTerm) { - err = nc.PublishRequest(m.Reply, m.Sub.Subject, []byte("+NXT {\"batch\":1}")) - } - if sync && err == nil { - if ctx != nil { - _, err = nc.RequestWithContext(ctx, m.Reply, nil) - } else { - _, err = nc.Request(m.Reply, nil, wait) - } - } - } else if sync { - if ctx != nil { - _, err = nc.RequestWithContext(ctx, m.Reply, ackType) - } else { - _, err = nc.Request(m.Reply, ackType, wait) - } - } else { - err = nc.Publish(m.Reply, ackType) - } - - // Mark that the message has been acked unless it is AckProgress - // which can be sent many times. - if err == nil && !bytes.Equal(ackType, AckProgress) { - atomic.StoreUint32(&m.ackd, 1) - } - - return err -} - -// Acks for messages - -// Ack a message, this will do the right thing with pull based consumers. -func (m *Msg) Ack() error { - return m.ackReply(AckAck, false) -} - -// Ack a message and wait for a response from the server. -func (m *Msg) AckSync(opts ...PubOpt) error { - return m.ackReply(AckAck, true, opts...) -} - -// Nak this message, indicating we can not process. -func (m *Msg) Nak() error { - return m.ackReply(AckNak, false) -} - -// Term this message from ever being delivered regardless of MaxDeliverCount. -func (m *Msg) Term() error { - return m.ackReply(AckTerm, false) -} - -// InProgress indicates that this message is being worked on -// and reset the redelivery timer in the server. -func (m *Msg) InProgress() error { - return m.ackReply(AckProgress, false) -} - -// MsgMetadata is the JetStream metadata associated with received messages. -type MsgMetaData struct { - Consumer uint64 - Stream uint64 - Delivered uint64 - Pending uint64 - Timestamp time.Time -} - -// MetaData retrieves the metadata from a JetStream message. -func (m *Msg) MetaData() (*MsgMetaData, error) { - if _, _, err := m.checkReply(); err != nil { - return nil, err - } - - const expectedTokens = 9 - const btsep = '.' - - tsa := [expectedTokens]string{} - start, tokens := 0, tsa[:0] - subject := m.Reply - for i := 0; i < len(subject); i++ { - if subject[i] == btsep { - tokens = append(tokens, subject[start:i]) - start = i + 1 - } - } - tokens = append(tokens, subject[start:]) - if len(tokens) != expectedTokens || tokens[0] != "$JS" || tokens[1] != "ACK" { - return nil, ErrNotJSMessage - } - - meta := &MsgMetaData{ - Delivered: uint64(parseNum(tokens[4])), - Stream: uint64(parseNum(tokens[5])), - Consumer: uint64(parseNum(tokens[6])), - Timestamp: time.Unix(0, parseNum(tokens[7])), - Pending: uint64(parseNum(tokens[8])), - } - - return meta, nil -} - -// Quick parser for positive numbers in ack reply encoding. -func parseNum(d string) (n int64) { - if len(d) == 0 { - return -1 - } - - // Ascii numbers 0-9 - const ( - asciiZero = 48 - asciiNine = 57 - ) - - for _, dec := range d { - if dec < asciiZero || dec > asciiNine { - return -1 - } - n = n*10 + (int64(dec) - asciiZero) - } - return n -} - -// AckPolicy determines how the consumer should acknowledge delivered messages. -type AckPolicy int - -const ( - // AckNonePolicy requires no acks for delivered messages. - AckNonePolicy AckPolicy = iota - - // AckAllPolicy when acking a sequence number, this implicitly acks all sequences below this one as well. - AckAllPolicy - - // AckExplicit requires ack or nack for all messages. - AckExplicitPolicy - - // For setting - ackPolicyNotSet = 99 -) - -func jsonString(s string) string { - return "\"" + s + "\"" -} - -func (p *AckPolicy) UnmarshalJSON(data []byte) error { - switch string(data) { - case jsonString("none"): - *p = AckNonePolicy - case jsonString("all"): - *p = AckAllPolicy - case jsonString("explicit"): - *p = AckExplicitPolicy - default: - return fmt.Errorf("can not unmarshal %q", data) - } - - return nil -} - -func (p AckPolicy) MarshalJSON() ([]byte, error) { - switch p { - case AckNonePolicy: - return json.Marshal("none") - case AckAllPolicy: - return json.Marshal("all") - case AckExplicitPolicy: - return json.Marshal("explicit") - default: - return nil, fmt.Errorf("unknown acknowlegement policy %v", p) - } -} - -func (p AckPolicy) String() string { - switch p { - case AckNonePolicy: - return "AckNone" - case AckAllPolicy: - return "AckAll" - case AckExplicitPolicy: - return "AckExplicit" - case ackPolicyNotSet: - return "Not Initialized" - default: - return "Unknown AckPolicy" - } -} - -type ReplayPolicy int - -const ( - ReplayInstant ReplayPolicy = iota - ReplayOriginal -) - -func (p *ReplayPolicy) UnmarshalJSON(data []byte) error { - switch string(data) { - case jsonString("instant"): - *p = ReplayInstant - case jsonString("original"): - *p = ReplayOriginal - default: - return fmt.Errorf("can not unmarshal %q", data) - } - - return nil -} - -func (p ReplayPolicy) MarshalJSON() ([]byte, error) { - switch p { - case ReplayOriginal: - return json.Marshal("original") - case ReplayInstant: - return json.Marshal("instant") - default: - return nil, fmt.Errorf("unknown replay policy %v", p) - } -} - -var ( - AckAck = []byte("+ACK") - AckNak = []byte("-NAK") - AckProgress = []byte("+WPI") - AckNext = []byte("+NXT") - AckTerm = []byte("+TERM") -) - -// DeliverPolicy determines how the consumer should select the first message to deliver. -type DeliverPolicy int - -const ( - // DeliverAllPolicy will be the default so can be omitted from the request. - DeliverAllPolicy DeliverPolicy = iota - - // DeliverLastPolicy will start the consumer with the last sequence received. - DeliverLastPolicy - - // DeliverNewPolicy will only deliver new messages that are sent - // after the consumer is created. - DeliverNewPolicy - - // DeliverByStartSequencePolicy will look for a defined starting sequence to start. - DeliverByStartSequencePolicy - - // StartTime will select the first messsage with a timestamp >= to StartTime. - DeliverByStartTimePolicy -) - -func (p *DeliverPolicy) UnmarshalJSON(data []byte) error { - switch string(data) { - case jsonString("all"), jsonString("undefined"): - *p = DeliverAllPolicy - case jsonString("last"): - *p = DeliverLastPolicy - case jsonString("new"): - *p = DeliverNewPolicy - case jsonString("by_start_sequence"): - *p = DeliverByStartSequencePolicy - case jsonString("by_start_time"): - *p = DeliverByStartTimePolicy - } - - return nil -} - -func (p DeliverPolicy) MarshalJSON() ([]byte, error) { - switch p { - case DeliverAllPolicy: - return json.Marshal("all") - case DeliverLastPolicy: - return json.Marshal("last") - case DeliverNewPolicy: - return json.Marshal("new") - case DeliverByStartSequencePolicy: - return json.Marshal("by_start_sequence") - case DeliverByStartTimePolicy: - return json.Marshal("by_start_time") - default: - return nil, fmt.Errorf("unknown deliver policy %v", p) - } -} - -// RetentionPolicy determines how messages in a set are retained. -type RetentionPolicy int - -const ( - // LimitsPolicy (default) means that messages are retained until any given limit is reached. - // This could be one of MaxMsgs, MaxBytes, or MaxAge. - LimitsPolicy RetentionPolicy = iota - // InterestPolicy specifies that when all known observables have acknowledged a message it can be removed. - InterestPolicy - // WorkQueuePolicy specifies that when the first worker or subscriber acknowledges the message it can be removed. - WorkQueuePolicy -) - -// DiscardPolicy determines how we proceed when limits of messages or bytes are hit. The default, DiscardOld will -// remove older messages. DiscardNew will fail to store the new message. -type DiscardPolicy int - -const ( - // DiscardOld will remove older messages to return to the limits. - DiscardOld = iota - //DiscardNew will error on a StoreMsg call - DiscardNew -) - -const ( - limitsPolicyString = "limits" - interestPolicyString = "interest" - workQueuePolicyString = "workqueue" -) - -func (rp RetentionPolicy) String() string { - switch rp { - case LimitsPolicy: - return "Limits" - case InterestPolicy: - return "Interest" - case WorkQueuePolicy: - return "WorkQueue" - default: - return "Unknown Retention Policy" - } -} - -func (rp RetentionPolicy) MarshalJSON() ([]byte, error) { - switch rp { - case LimitsPolicy: - return json.Marshal(limitsPolicyString) - case InterestPolicy: - return json.Marshal(interestPolicyString) - case WorkQueuePolicy: - return json.Marshal(workQueuePolicyString) - default: - return nil, fmt.Errorf("can not marshal %v", rp) - } -} - -func (rp *RetentionPolicy) UnmarshalJSON(data []byte) error { - switch string(data) { - case jsonString(limitsPolicyString): - *rp = LimitsPolicy - case jsonString(interestPolicyString): - *rp = InterestPolicy - case jsonString(workQueuePolicyString): - *rp = WorkQueuePolicy - default: - return fmt.Errorf("can not unmarshal %q", data) - } - return nil -} - -func (dp DiscardPolicy) String() string { - switch dp { - case DiscardOld: - return "DiscardOld" - case DiscardNew: - return "DiscardNew" - default: - return "Unknown Discard Policy" - } -} - -func (dp DiscardPolicy) MarshalJSON() ([]byte, error) { - switch dp { - case DiscardOld: - return json.Marshal("old") - case DiscardNew: - return json.Marshal("new") - default: - return nil, fmt.Errorf("can not marshal %v", dp) - } -} - -func (dp *DiscardPolicy) UnmarshalJSON(data []byte) error { - switch strings.ToLower(string(data)) { - case jsonString("old"): - *dp = DiscardOld - case jsonString("new"): - *dp = DiscardNew - default: - return fmt.Errorf("can not unmarshal %q", data) - } - return nil -} - -// StorageType determines how messages are stored for retention. -type StorageType int - -const ( - // FileStorage specifies on disk storage. It's the default. - FileStorage StorageType = iota - // MemoryStorage specifies in memory only. - MemoryStorage -) - -const ( - memoryStorageString = "memory" - fileStorageString = "file" -) - -func (st StorageType) String() string { - switch st { - case MemoryStorage: - return strings.Title(memoryStorageString) - case FileStorage: - return strings.Title(fileStorageString) - default: - return "Unknown Storage Type" - } -} - -func (st StorageType) MarshalJSON() ([]byte, error) { - switch st { - case MemoryStorage: - return json.Marshal(memoryStorageString) - case FileStorage: - return json.Marshal(fileStorageString) - default: - return nil, fmt.Errorf("can not marshal %v", st) - } -} - -func (st *StorageType) UnmarshalJSON(data []byte) error { - switch string(data) { - case jsonString(memoryStorageString): - *st = MemoryStorage - case jsonString(fileStorageString): - *st = FileStorage - default: - return fmt.Errorf("can not unmarshal %q", data) - } - return nil -} diff --git a/vendor/github.com/nats-io/nats.go/jsm.go b/vendor/github.com/nats-io/nats.go/jsm.go deleted file mode 100644 index fb7851e4..00000000 --- a/vendor/github.com/nats-io/nats.go/jsm.go +++ /dev/null @@ -1,700 +0,0 @@ -// Copyright 2021 The NATS Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package nats - -import ( - "encoding/json" - "errors" - "fmt" - "net/http" - "strings" - "time" -) - -// JetStreamManager is the public interface for managing JetStream streams & consumers. -type JetStreamManager interface { - // AddStream creates a stream. - AddStream(cfg *StreamConfig) (*StreamInfo, error) - - // UpdateStream updates a stream. - UpdateStream(cfg *StreamConfig) (*StreamInfo, error) - - // DeleteStream deletes a stream. - DeleteStream(name string) error - - // StreamInfo retrieves information from a stream. - StreamInfo(stream string) (*StreamInfo, error) - - // Purge stream messages. - PurgeStream(name string) error - - // NewStreamLister is used to return pages of StreamInfo objects. - NewStreamLister() *StreamLister - - // GetMsg retrieves a raw stream message stored in JetStream by sequence number. - GetMsg(name string, seq uint64) (*RawStreamMsg, error) - - // DeleteMsg erases a message from a stream. - DeleteMsg(name string, seq uint64) error - - // AddConsumer adds a consumer to a stream. - AddConsumer(stream string, cfg *ConsumerConfig) (*ConsumerInfo, error) - - // DeleteConsumer deletes a consumer. - DeleteConsumer(stream, consumer string) error - - // ConsumerInfo retrieves consumer information. - ConsumerInfo(stream, name string) (*ConsumerInfo, error) - - // NewConsumerLister is used to return pages of ConsumerInfo objects. - NewConsumerLister(stream string) *ConsumerLister - - // AccountInfo retrieves info about the JetStream usage from an account. - AccountInfo() (*AccountInfo, error) -} - -// StreamConfig will determine the properties for a stream. -// There are sensible defaults for most. If no subjects are -// given the name will be used as the only subject. -type StreamConfig struct { - Name string `json:"name"` - Subjects []string `json:"subjects,omitempty"` - Retention RetentionPolicy `json:"retention"` - MaxConsumers int `json:"max_consumers"` - MaxMsgs int64 `json:"max_msgs"` - MaxBytes int64 `json:"max_bytes"` - Discard DiscardPolicy `json:"discard"` - MaxAge time.Duration `json:"max_age"` - MaxMsgSize int32 `json:"max_msg_size,omitempty"` - Storage StorageType `json:"storage"` - Replicas int `json:"num_replicas"` - NoAck bool `json:"no_ack,omitempty"` - Template string `json:"template_owner,omitempty"` - Duplicates time.Duration `json:"duplicate_window,omitempty"` - Placement *Placement `json:"placement,omitempty"` - Mirror *StreamSource `json:"mirror,omitempty"` - Sources []*StreamSource `json:"sources,omitempty"` -} - -// Placement is used to guide placement of streams in clustered JetStream. -type Placement struct { - Cluster string `json:"cluster"` - Tags []string `json:"tags,omitempty"` -} - -// StreamSource dictates how streams can source from other streams. -type StreamSource struct { - Name string `json:"name"` - OptStartSeq uint64 `json:"opt_start_seq,omitempty"` - OptStartTime *time.Time `json:"opt_start_time,omitempty"` - FilterSubject string `json:"filter_subject,omitempty"` -} - -// apiError is included in all API responses if there was an error. -type apiError struct { - Code int `json:"code"` - Description string `json:"description,omitempty"` -} - -// apiResponse is a standard response from the JetStream JSON API -type apiResponse struct { - Type string `json:"type"` - Error *apiError `json:"error,omitempty"` -} - -// apiPaged includes variables used to create paged responses from the JSON API -type apiPaged struct { - Total int `json:"total"` - Offset int `json:"offset"` - Limit int `json:"limit"` -} - -// apiPagedRequest includes parameters allowing specific pages to be requested -// from APIs responding with apiPaged. -type apiPagedRequest struct { - Offset int `json:"offset"` -} - -// AccountInfo contains info about the JetStream usage from the current account. -type AccountInfo struct { - Memory uint64 `json:"memory"` - Store uint64 `json:"storage"` - Streams int `json:"streams"` - Consumers int `json:"consumers"` - API APIStats `json:"api"` - Limits AccountLimits `json:"limits"` -} - -// APIStats reports on API calls to JetStream for this account. -type APIStats struct { - Total uint64 `json:"total"` - Errors uint64 `json:"errors"` -} - -// AccountLimits includes the JetStream limits of the current account. -type AccountLimits struct { - MaxMemory int64 `json:"max_memory"` - MaxStore int64 `json:"max_storage"` - MaxStreams int `json:"max_streams"` - MaxConsumers int `json:"max_consumers"` -} - -type accountInfoResponse struct { - apiResponse - AccountInfo -} - -// AccountInfo retrieves info about the JetStream usage from the current account. -func (js *js) AccountInfo() (*AccountInfo, error) { - resp, err := js.nc.Request(js.apiSubj(apiAccountInfo), nil, js.wait) - if err != nil { - return nil, err - } - var info accountInfoResponse - if err := json.Unmarshal(resp.Data, &info); err != nil { - return nil, err - } - if info.Error != nil { - var err error - if strings.Contains(info.Error.Description, "not enabled for") { - err = ErrJetStreamNotEnabled - } else { - err = errors.New(info.Error.Description) - } - return nil, err - } - - return &info.AccountInfo, nil -} - -type createConsumerRequest struct { - Stream string `json:"stream_name"` - Config *ConsumerConfig `json:"config"` -} - -type consumerResponse struct { - apiResponse - *ConsumerInfo -} - -// AddConsumer will add a JetStream consumer. -func (js *js) AddConsumer(stream string, cfg *ConsumerConfig) (*ConsumerInfo, error) { - if stream == _EMPTY_ { - return nil, ErrStreamNameRequired - } - req, err := json.Marshal(&createConsumerRequest{Stream: stream, Config: cfg}) - if err != nil { - return nil, err - } - - var ccSubj string - if cfg != nil && cfg.Durable != _EMPTY_ { - if strings.Contains(cfg.Durable, ".") { - return nil, ErrInvalidDurableName - } - ccSubj = fmt.Sprintf(apiDurableCreateT, stream, cfg.Durable) - } else { - ccSubj = fmt.Sprintf(apiConsumerCreateT, stream) - } - - resp, err := js.nc.Request(js.apiSubj(ccSubj), req, js.wait) - if err != nil { - if err == ErrNoResponders { - err = ErrJetStreamNotEnabled - } - return nil, err - } - var info consumerResponse - err = json.Unmarshal(resp.Data, &info) - if err != nil { - return nil, err - } - if info.Error != nil { - return nil, errors.New(info.Error.Description) - } - return info.ConsumerInfo, nil -} - -// consumerDeleteResponse is the response for a Consumer delete request. -type consumerDeleteResponse struct { - apiResponse - Success bool `json:"success,omitempty"` -} - -// DeleteConsumer deletes a Consumer. -func (js *js) DeleteConsumer(stream, consumer string) error { - if stream == _EMPTY_ { - return ErrStreamNameRequired - } - - dcSubj := js.apiSubj(fmt.Sprintf(apiConsumerDeleteT, stream, consumer)) - r, err := js.nc.Request(dcSubj, nil, js.wait) - if err != nil { - return err - } - var resp consumerDeleteResponse - if err := json.Unmarshal(r.Data, &resp); err != nil { - return err - } - if resp.Error != nil { - return errors.New(resp.Error.Description) - } - return nil -} - -// ConsumerInfo returns information about a Consumer. -func (js *js) ConsumerInfo(stream, consumer string) (*ConsumerInfo, error) { - return js.getConsumerInfo(stream, consumer) -} - -// ConsumerLister fetches pages of ConsumerInfo objects. This object is not -// safe to use for multiple threads. -type ConsumerLister struct { - stream string - js *js - - err error - offset int - page []*ConsumerInfo - pageInfo *apiPaged -} - -// consumersRequest is the type used for Consumers requests. -type consumersRequest struct { - apiPagedRequest -} - -// consumerListResponse is the response for a Consumers List request. -type consumerListResponse struct { - apiResponse - apiPaged - Consumers []*ConsumerInfo `json:"consumers"` -} - -// Next fetches the next ConsumerInfo page. -func (c *ConsumerLister) Next() bool { - if c.err != nil { - return false - } - if c.stream == _EMPTY_ { - c.err = ErrStreamNameRequired - return false - } - if c.pageInfo != nil && c.offset >= c.pageInfo.Total { - return false - } - - req, err := json.Marshal(consumersRequest{ - apiPagedRequest: apiPagedRequest{Offset: c.offset}, - }) - if err != nil { - c.err = err - return false - } - clSubj := c.js.apiSubj(fmt.Sprintf(apiConsumerListT, c.stream)) - r, err := c.js.nc.Request(clSubj, req, c.js.wait) - if err != nil { - c.err = err - return false - } - var resp consumerListResponse - if err := json.Unmarshal(r.Data, &resp); err != nil { - c.err = err - return false - } - if resp.Error != nil { - c.err = errors.New(resp.Error.Description) - return false - } - - c.pageInfo = &resp.apiPaged - c.page = resp.Consumers - c.offset += len(c.page) - return true -} - -// Page returns the current ConsumerInfo page. -func (c *ConsumerLister) Page() []*ConsumerInfo { - return c.page -} - -// Err returns any errors found while fetching pages. -func (c *ConsumerLister) Err() error { - return c.err -} - -// NewConsumerLister is used to return pages of ConsumerInfo objects. -func (js *js) NewConsumerLister(stream string) *ConsumerLister { - return &ConsumerLister{stream: stream, js: js} -} - -// streamCreateResponse stream creation. -type streamCreateResponse struct { - apiResponse - *StreamInfo -} - -func (js *js) AddStream(cfg *StreamConfig) (*StreamInfo, error) { - if cfg == nil || cfg.Name == _EMPTY_ { - return nil, ErrStreamNameRequired - } - - req, err := json.Marshal(cfg) - if err != nil { - return nil, err - } - - csSubj := js.apiSubj(fmt.Sprintf(apiStreamCreateT, cfg.Name)) - r, err := js.nc.Request(csSubj, req, js.wait) - if err != nil { - return nil, err - } - var resp streamCreateResponse - if err := json.Unmarshal(r.Data, &resp); err != nil { - return nil, err - } - if resp.Error != nil { - return nil, errors.New(resp.Error.Description) - } - return resp.StreamInfo, nil -} - -type streamInfoResponse = streamCreateResponse - -func (js *js) StreamInfo(stream string) (*StreamInfo, error) { - csSubj := js.apiSubj(fmt.Sprintf(apiStreamInfoT, stream)) - r, err := js.nc.Request(csSubj, nil, js.wait) - if err != nil { - return nil, err - } - var resp streamInfoResponse - if err := json.Unmarshal(r.Data, &resp); err != nil { - return nil, err - } - if resp.Error != nil { - return nil, errors.New(resp.Error.Description) - } - return resp.StreamInfo, nil -} - -// StreamInfo shows config and current state for this stream. -type StreamInfo struct { - Config StreamConfig `json:"config"` - Created time.Time `json:"created"` - State StreamState `json:"state"` - Cluster *ClusterInfo `json:"cluster,omitempty"` - Mirror *StreamSourceInfo `json:"mirror,omitempty"` - Sources []*StreamSourceInfo `json:"sources,omitempty"` -} - -// StreamSourceInfo shows information about an upstream stream source. -type StreamSourceInfo struct { - Name string `json:"name"` - Lag uint64 `json:"lag"` - Active time.Duration `json:"active"` -} - -// StreamState is information about the given stream. -type StreamState struct { - Msgs uint64 `json:"messages"` - Bytes uint64 `json:"bytes"` - FirstSeq uint64 `json:"first_seq"` - FirstTime time.Time `json:"first_ts"` - LastSeq uint64 `json:"last_seq"` - LastTime time.Time `json:"last_ts"` - Consumers int `json:"consumer_count"` -} - -// ClusterInfo shows information about the underlying set of servers -// that make up the stream or consumer. -type ClusterInfo struct { - Name string `json:"name,omitempty"` - Leader string `json:"leader,omitempty"` - Replicas []*PeerInfo `json:"replicas,omitempty"` -} - -// PeerInfo shows information about all the peers in the cluster that -// are supporting the stream or consumer. -type PeerInfo struct { - Name string `json:"name"` - Current bool `json:"current"` - Offline bool `json:"offline,omitempty"` - Active time.Duration `json:"active"` - Lag uint64 `json:"lag,omitempty"` -} - -// UpdateStream updates a Stream. -func (js *js) UpdateStream(cfg *StreamConfig) (*StreamInfo, error) { - if cfg == nil || cfg.Name == _EMPTY_ { - return nil, ErrStreamNameRequired - } - - req, err := json.Marshal(cfg) - if err != nil { - return nil, err - } - - usSubj := js.apiSubj(fmt.Sprintf(apiStreamUpdateT, cfg.Name)) - r, err := js.nc.Request(usSubj, req, js.wait) - if err != nil { - return nil, err - } - var resp streamInfoResponse - if err := json.Unmarshal(r.Data, &resp); err != nil { - return nil, err - } - if resp.Error != nil { - return nil, errors.New(resp.Error.Description) - } - return resp.StreamInfo, nil -} - -// streamDeleteResponse is the response for a Stream delete request. -type streamDeleteResponse struct { - apiResponse - Success bool `json:"success,omitempty"` -} - -// DeleteStream deletes a Stream. -func (js *js) DeleteStream(name string) error { - if name == _EMPTY_ { - return ErrStreamNameRequired - } - - dsSubj := js.apiSubj(fmt.Sprintf(apiStreamDeleteT, name)) - r, err := js.nc.Request(dsSubj, nil, js.wait) - if err != nil { - return err - } - var resp streamDeleteResponse - if err := json.Unmarshal(r.Data, &resp); err != nil { - return err - } - if resp.Error != nil { - return errors.New(resp.Error.Description) - } - return nil -} - -type apiMsgGetRequest struct { - Seq uint64 `json:"seq"` -} - -// RawStreamMsg is a raw message stored in JetStream. -type RawStreamMsg struct { - Subject string - Sequence uint64 - Header http.Header - Data []byte - Time time.Time -} - -// storedMsg is a raw message stored in JetStream. -type storedMsg struct { - Subject string `json:"subject"` - Sequence uint64 `json:"seq"` - Header []byte `json:"hdrs,omitempty"` - Data []byte `json:"data,omitempty"` - Time time.Time `json:"time"` -} - -// apiMsgGetResponse is the response for a Stream get request. -type apiMsgGetResponse struct { - apiResponse - Message *storedMsg `json:"message,omitempty"` - Success bool `json:"success,omitempty"` -} - -// GetMsg retrieves a raw stream message stored in JetStream by sequence number. -func (js *js) GetMsg(name string, seq uint64) (*RawStreamMsg, error) { - if name == _EMPTY_ { - return nil, ErrStreamNameRequired - } - - req, err := json.Marshal(&apiMsgGetRequest{Seq: seq}) - if err != nil { - return nil, err - } - - dsSubj := js.apiSubj(fmt.Sprintf(apiMsgGetT, name)) - r, err := js.nc.Request(dsSubj, req, js.wait) - if err != nil { - return nil, err - } - - var resp apiMsgGetResponse - if err := json.Unmarshal(r.Data, &resp); err != nil { - return nil, err - } - if resp.Error != nil { - return nil, errors.New(resp.Error.Description) - } - - msg := resp.Message - - var hdr http.Header - if msg.Header != nil { - hdr, err = decodeHeadersMsg(msg.Header) - if err != nil { - return nil, err - } - } - - return &RawStreamMsg{ - Subject: msg.Subject, - Sequence: msg.Sequence, - Header: hdr, - Data: msg.Data, - Time: msg.Time, - }, nil -} - -type msgDeleteRequest struct { - Seq uint64 `json:"seq"` -} - -// msgDeleteResponse is the response for a Stream delete request. -type msgDeleteResponse struct { - apiResponse - Success bool `json:"success,omitempty"` -} - -// DeleteMsg deletes a message from a stream. -func (js *js) DeleteMsg(name string, seq uint64) error { - if name == _EMPTY_ { - return ErrStreamNameRequired - } - - req, err := json.Marshal(&msgDeleteRequest{Seq: seq}) - if err != nil { - return err - } - - dsSubj := js.apiSubj(fmt.Sprintf(apiMsgDeleteT, name)) - r, err := js.nc.Request(dsSubj, req, js.wait) - if err != nil { - return err - } - var resp msgDeleteResponse - if err := json.Unmarshal(r.Data, &resp); err != nil { - return err - } - if resp.Error != nil { - return errors.New(resp.Error.Description) - } - return nil -} - -type streamPurgeResponse struct { - apiResponse - Success bool `json:"success,omitempty"` - Purged uint64 `json:"purged"` -} - -// PurgeStream purges messages on a Stream. -func (js *js) PurgeStream(name string) error { - psSubj := js.apiSubj(fmt.Sprintf(apiStreamPurgeT, name)) - r, err := js.nc.Request(psSubj, nil, js.wait) - if err != nil { - return err - } - var resp streamPurgeResponse - if err := json.Unmarshal(r.Data, &resp); err != nil { - return err - } - if resp.Error != nil { - return errors.New(resp.Error.Description) - } - return nil -} - -// StreamLister fetches pages of StreamInfo objects. This object is not safe -// to use for multiple threads. -type StreamLister struct { - js *js - page []*StreamInfo - err error - - offset int - pageInfo *apiPaged -} - -// streamListResponse list of detailed stream information. -// A nil request is valid and means all streams. -type streamListResponse struct { - apiResponse - apiPaged - Streams []*StreamInfo `json:"streams"` -} - -// streamNamesRequest is used for Stream Name requests. -type streamNamesRequest struct { - apiPagedRequest - // These are filters that can be applied to the list. - Subject string `json:"subject,omitempty"` -} - -// Next fetches the next StreamInfo page. -func (s *StreamLister) Next() bool { - if s.err != nil { - return false - } - if s.pageInfo != nil && s.offset >= s.pageInfo.Total { - return false - } - - req, err := json.Marshal(streamNamesRequest{ - apiPagedRequest: apiPagedRequest{Offset: s.offset}, - }) - if err != nil { - s.err = err - return false - } - - slSubj := s.js.apiSubj(apiStreamList) - r, err := s.js.nc.Request(slSubj, req, s.js.wait) - if err != nil { - s.err = err - return false - } - var resp streamListResponse - if err := json.Unmarshal(r.Data, &resp); err != nil { - s.err = err - return false - } - if resp.Error != nil { - s.err = errors.New(resp.Error.Description) - return false - } - - s.pageInfo = &resp.apiPaged - s.page = resp.Streams - s.offset += len(s.page) - return true -} - -// Page returns the current StreamInfo page. -func (s *StreamLister) Page() []*StreamInfo { - return s.page -} - -// Err returns any errors found while fetching pages. -func (s *StreamLister) Err() error { - return s.err -} - -// NewStreamLister is used to return pages of StreamInfo objects. -func (js *js) NewStreamLister() *StreamLister { - return &StreamLister{js: js} -} diff --git a/vendor/github.com/nats-io/nats.go/nats.go b/vendor/github.com/nats-io/nats.go/nats.go deleted file mode 100644 index b19021a4..00000000 --- a/vendor/github.com/nats-io/nats.go/nats.go +++ /dev/null @@ -1,4680 +0,0 @@ -// Copyright 2012-2021 The NATS Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// A Go client for the NATS messaging system (https://nats.io). -package nats - -import ( - "bufio" - "bytes" - "crypto/tls" - "crypto/x509" - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "io" - "io/ioutil" - "math/rand" - "net" - "net/http" - "net/textproto" - "net/url" - "os" - "path/filepath" - "runtime" - "strconv" - "strings" - "sync" - "sync/atomic" - "time" - - "github.com/nats-io/nats.go/util" - "github.com/nats-io/nkeys" - "github.com/nats-io/nuid" -) - -// Default Constants -const ( - Version = "1.11.0" - DefaultURL = "nats://127.0.0.1:4222" - DefaultPort = 4222 - DefaultMaxReconnect = 60 - DefaultReconnectWait = 2 * time.Second - DefaultReconnectJitter = 100 * time.Millisecond - DefaultReconnectJitterTLS = time.Second - DefaultTimeout = 2 * time.Second - DefaultPingInterval = 2 * time.Minute - DefaultMaxPingOut = 2 - DefaultMaxChanLen = 64 * 1024 // 64k - DefaultReconnectBufSize = 8 * 1024 * 1024 // 8MB - RequestChanLen = 8 - DefaultDrainTimeout = 30 * time.Second - LangString = "go" -) - -const ( - // STALE_CONNECTION is for detection and proper handling of stale connections. - STALE_CONNECTION = "stale connection" - - // PERMISSIONS_ERR is for when nats server subject authorization has failed. - PERMISSIONS_ERR = "permissions violation" - - // AUTHORIZATION_ERR is for when nats server user authorization has failed. - AUTHORIZATION_ERR = "authorization violation" - - // AUTHENTICATION_EXPIRED_ERR is for when nats server user authorization has expired. - AUTHENTICATION_EXPIRED_ERR = "user authentication expired" -) - -// Errors -var ( - ErrConnectionClosed = errors.New("nats: connection closed") - ErrConnectionDraining = errors.New("nats: connection draining") - ErrDrainTimeout = errors.New("nats: draining connection timed out") - ErrConnectionReconnecting = errors.New("nats: connection reconnecting") - ErrSecureConnRequired = errors.New("nats: secure connection required") - ErrSecureConnWanted = errors.New("nats: secure connection not available") - ErrBadSubscription = errors.New("nats: invalid subscription") - ErrTypeSubscription = errors.New("nats: invalid subscription type") - ErrBadSubject = errors.New("nats: invalid subject") - ErrBadQueueName = errors.New("nats: invalid queue name") - ErrSlowConsumer = errors.New("nats: slow consumer, messages dropped") - ErrTimeout = errors.New("nats: timeout") - ErrBadTimeout = errors.New("nats: timeout invalid") - ErrAuthorization = errors.New("nats: authorization violation") - ErrAuthExpired = errors.New("nats: authentication expired") - ErrNoServers = errors.New("nats: no servers available for connection") - ErrJsonParse = errors.New("nats: connect message, json parse error") - ErrChanArg = errors.New("nats: argument needs to be a channel type") - ErrMaxPayload = errors.New("nats: maximum payload exceeded") - ErrMaxMessages = errors.New("nats: maximum messages delivered") - ErrSyncSubRequired = errors.New("nats: illegal call on an async subscription") - ErrMultipleTLSConfigs = errors.New("nats: multiple tls.Configs not allowed") - ErrNoInfoReceived = errors.New("nats: protocol exception, INFO not received") - ErrReconnectBufExceeded = errors.New("nats: outbound buffer limit exceeded") - ErrInvalidConnection = errors.New("nats: invalid connection") - ErrInvalidMsg = errors.New("nats: invalid message or message nil") - ErrInvalidArg = errors.New("nats: invalid argument") - ErrInvalidContext = errors.New("nats: invalid context") - ErrNoDeadlineContext = errors.New("nats: context requires a deadline") - ErrNoEchoNotSupported = errors.New("nats: no echo option not supported by this server") - ErrClientIDNotSupported = errors.New("nats: client ID not supported by this server") - ErrUserButNoSigCB = errors.New("nats: user callback defined without a signature handler") - ErrNkeyButNoSigCB = errors.New("nats: nkey defined without a signature handler") - ErrNoUserCB = errors.New("nats: user callback not defined") - ErrNkeyAndUser = errors.New("nats: user callback and nkey defined") - ErrNkeysNotSupported = errors.New("nats: nkeys not supported by the server") - ErrStaleConnection = errors.New("nats: " + STALE_CONNECTION) - ErrTokenAlreadySet = errors.New("nats: token and token handler both set") - ErrMsgNotBound = errors.New("nats: message is not bound to subscription/connection") - ErrMsgNoReply = errors.New("nats: message does not have a reply") - ErrClientIPNotSupported = errors.New("nats: client IP not supported by this server") - ErrDisconnected = errors.New("nats: server is disconnected") - ErrHeadersNotSupported = errors.New("nats: headers not supported by this server") - ErrBadHeaderMsg = errors.New("nats: message could not decode headers") - ErrNoResponders = errors.New("nats: no responders available for request") - ErrNoContextOrTimeout = errors.New("nats: no context or timeout given") - ErrDirectModeRequired = errors.New("nats: direct access requires direct pull or push") - ErrPullModeNotAllowed = errors.New("nats: pull based not supported") - ErrJetStreamNotEnabled = errors.New("nats: jetstream not enabled") - ErrJetStreamBadPre = errors.New("nats: jetstream api prefix not valid") - ErrNoStreamResponse = errors.New("nats: no response from stream") - ErrNotJSMessage = errors.New("nats: not a jetstream message") - ErrInvalidStreamName = errors.New("nats: invalid stream name") - ErrInvalidDurableName = errors.New("nats: invalid durable name") - ErrNoMatchingStream = errors.New("nats: no stream matches subject") - ErrSubjectMismatch = errors.New("nats: subject does not match consumer") - ErrContextAndTimeout = errors.New("nats: context and timeout can not both be set") - ErrInvalidJSAck = errors.New("nats: invalid jetstream publish response") - ErrMultiStreamUnsupported = errors.New("nats: multiple streams are not supported") - ErrStreamNameRequired = errors.New("nats: stream name is required") - ErrConsumerConfigRequired = errors.New("nats: consumer configuration is required") - ErrStreamSnapshotConfigRequired = errors.New("nats: stream snapshot configuration is required") - ErrDeliverSubjectRequired = errors.New("nats: deliver subject is required") -) - -func init() { - rand.Seed(time.Now().UnixNano()) -} - -// GetDefaultOptions returns default configuration options for the client. -func GetDefaultOptions() Options { - return Options{ - AllowReconnect: true, - MaxReconnect: DefaultMaxReconnect, - ReconnectWait: DefaultReconnectWait, - ReconnectJitter: DefaultReconnectJitter, - ReconnectJitterTLS: DefaultReconnectJitterTLS, - Timeout: DefaultTimeout, - PingInterval: DefaultPingInterval, - MaxPingsOut: DefaultMaxPingOut, - SubChanLen: DefaultMaxChanLen, - ReconnectBufSize: DefaultReconnectBufSize, - DrainTimeout: DefaultDrainTimeout, - } -} - -// DEPRECATED: Use GetDefaultOptions() instead. -// DefaultOptions is not safe for use by multiple clients. -// For details see #308. -var DefaultOptions = GetDefaultOptions() - -// Status represents the state of the connection. -type Status int - -const ( - DISCONNECTED = Status(iota) - CONNECTED - CLOSED - RECONNECTING - CONNECTING - DRAINING_SUBS - DRAINING_PUBS -) - -// ConnHandler is used for asynchronous events such as -// disconnected and closed connections. -type ConnHandler func(*Conn) - -// ConnErrHandler is used to process asynchronous events like -// disconnected connection with the error (if any). -type ConnErrHandler func(*Conn, error) - -// ErrHandler is used to process asynchronous errors encountered -// while processing inbound messages. -type ErrHandler func(*Conn, *Subscription, error) - -// UserJWTHandler is used to fetch and return the account signed -// JWT for this user. -type UserJWTHandler func() (string, error) - -// SignatureHandler is used to sign a nonce from the server while -// authenticating with nkeys. The user should sign the nonce and -// return the raw signature. The client will base64 encode this to -// send to the server. -type SignatureHandler func([]byte) ([]byte, error) - -// AuthTokenHandler is used to generate a new token. -type AuthTokenHandler func() string - -// ReconnectDelayHandler is used to get from the user the desired -// delay the library should pause before attempting to reconnect -// again. Note that this is invoked after the library tried the -// whole list of URLs and failed to reconnect. -type ReconnectDelayHandler func(attempts int) time.Duration - -// asyncCB is used to preserve order for async callbacks. -type asyncCB struct { - f func() - next *asyncCB -} - -type asyncCallbacksHandler struct { - mu sync.Mutex - cond *sync.Cond - head *asyncCB - tail *asyncCB -} - -// Option is a function on the options for a connection. -type Option func(*Options) error - -// CustomDialer can be used to specify any dialer, not necessarily -// a *net.Dialer. -type CustomDialer interface { - Dial(network, address string) (net.Conn, error) -} - -// Options can be used to create a customized connection. -type Options struct { - - // Url represents a single NATS server url to which the client - // will be connecting. If the Servers option is also set, it - // then becomes the first server in the Servers array. - Url string - - // Servers is a configured set of servers which this client - // will use when attempting to connect. - Servers []string - - // NoRandomize configures whether we will randomize the - // server pool. - NoRandomize bool - - // NoEcho configures whether the server will echo back messages - // that are sent on this connection if we also have matching subscriptions. - // Note this is supported on servers >= version 1.2. Proto 1 or greater. - NoEcho bool - - // Name is an optional name label which will be sent to the server - // on CONNECT to identify the client. - Name string - - // Verbose signals the server to send an OK ack for commands - // successfully processed by the server. - Verbose bool - - // Pedantic signals the server whether it should be doing further - // validation of subjects. - Pedantic bool - - // Secure enables TLS secure connections that skip server - // verification by default. NOT RECOMMENDED. - Secure bool - - // TLSConfig is a custom TLS configuration to use for secure - // transports. - TLSConfig *tls.Config - - // AllowReconnect enables reconnection logic to be used when we - // encounter a disconnect from the current server. - AllowReconnect bool - - // MaxReconnect sets the number of reconnect attempts that will be - // tried before giving up. If negative, then it will never give up - // trying to reconnect. - MaxReconnect int - - // ReconnectWait sets the time to backoff after attempting a reconnect - // to a server that we were already connected to previously. - ReconnectWait time.Duration - - // CustomReconnectDelayCB is invoked after the library tried every - // URL in the server list and failed to reconnect. It passes to the - // user the current number of attempts. This function returns the - // amount of time the library will sleep before attempting to reconnect - // again. It is strongly recommended that this value contains some - // jitter to prevent all connections to attempt reconnecting at the same time. - CustomReconnectDelayCB ReconnectDelayHandler - - // ReconnectJitter sets the upper bound for a random delay added to - // ReconnectWait during a reconnect when no TLS is used. - // Note that any jitter is capped with ReconnectJitterMax. - ReconnectJitter time.Duration - - // ReconnectJitterTLS sets the upper bound for a random delay added to - // ReconnectWait during a reconnect when TLS is used. - // Note that any jitter is capped with ReconnectJitterMax. - ReconnectJitterTLS time.Duration - - // Timeout sets the timeout for a Dial operation on a connection. - Timeout time.Duration - - // DrainTimeout sets the timeout for a Drain Operation to complete. - DrainTimeout time.Duration - - // FlusherTimeout is the maximum time to wait for write operations - // to the underlying connection to complete (including the flusher loop). - FlusherTimeout time.Duration - - // PingInterval is the period at which the client will be sending ping - // commands to the server, disabled if 0 or negative. - PingInterval time.Duration - - // MaxPingsOut is the maximum number of pending ping commands that can - // be awaiting a response before raising an ErrStaleConnection error. - MaxPingsOut int - - // ClosedCB sets the closed handler that is called when a client will - // no longer be connected. - ClosedCB ConnHandler - - // DisconnectedCB sets the disconnected handler that is called - // whenever the connection is disconnected. - // Will not be called if DisconnectedErrCB is set - // DEPRECATED. Use DisconnectedErrCB which passes error that caused - // the disconnect event. - DisconnectedCB ConnHandler - - // DisconnectedErrCB sets the disconnected error handler that is called - // whenever the connection is disconnected. - // Disconnected error could be nil, for instance when user explicitly closes the connection. - // DisconnectedCB will not be called if DisconnectedErrCB is set - DisconnectedErrCB ConnErrHandler - - // ReconnectedCB sets the reconnected handler called whenever - // the connection is successfully reconnected. - ReconnectedCB ConnHandler - - // DiscoveredServersCB sets the callback that is invoked whenever a new - // server has joined the cluster. - DiscoveredServersCB ConnHandler - - // AsyncErrorCB sets the async error handler (e.g. slow consumer errors) - AsyncErrorCB ErrHandler - - // ReconnectBufSize is the size of the backing bufio during reconnect. - // Once this has been exhausted publish operations will return an error. - ReconnectBufSize int - - // SubChanLen is the size of the buffered channel used between the socket - // Go routine and the message delivery for SyncSubscriptions. - // NOTE: This does not affect AsyncSubscriptions which are - // dictated by PendingLimits() - SubChanLen int - - // UserJWT sets the callback handler that will fetch a user's JWT. - UserJWT UserJWTHandler - - // Nkey sets the public nkey that will be used to authenticate - // when connecting to the server. UserJWT and Nkey are mutually exclusive - // and if defined, UserJWT will take precedence. - Nkey string - - // SignatureCB designates the function used to sign the nonce - // presented from the server. - SignatureCB SignatureHandler - - // User sets the username to be used when connecting to the server. - User string - - // Password sets the password to be used when connecting to a server. - Password string - - // Token sets the token to be used when connecting to a server. - Token string - - // TokenHandler designates the function used to generate the token to be used when connecting to a server. - TokenHandler AuthTokenHandler - - // Dialer allows a custom net.Dialer when forming connections. - // DEPRECATED: should use CustomDialer instead. - Dialer *net.Dialer - - // CustomDialer allows to specify a custom dialer (not necessarily - // a *net.Dialer). - CustomDialer CustomDialer - - // UseOldRequestStyle forces the old method of Requests that utilize - // a new Inbox and a new Subscription for each request. - UseOldRequestStyle bool - - // NoCallbacksAfterClientClose allows preventing the invocation of - // callbacks after Close() is called. Client won't receive notifications - // when Close is invoked by user code. Default is to invoke the callbacks. - NoCallbacksAfterClientClose bool - - // LameDuckModeHandler sets the callback to invoke when the server notifies - // the connection that it entered lame duck mode, that is, going to - // gradually disconnect all its connections before shuting down. This is - // often used in deployments when upgrading NATS Servers. - LameDuckModeHandler ConnHandler - - // RetryOnFailedConnect sets the connection in reconnecting state right - // away if it can't connect to a server in the initial set. The - // MaxReconnect and ReconnectWait options are used for this process, - // similarly to when an established connection is disconnected. - // If a ReconnectHandler is set, it will be invoked when the connection - // is established, and if a ClosedHandler is set, it will be invoked if - // it fails to connect (after exhausting the MaxReconnect attempts). - RetryOnFailedConnect bool -} - -const ( - // Scratch storage for assembling protocol headers - scratchSize = 512 - - // The size of the bufio reader/writer on top of the socket. - defaultBufSize = 32768 - - // The buffered size of the flush "kick" channel - flushChanSize = 1 - - // Default server pool size - srvPoolSize = 4 - - // NUID size - nuidSize = 22 - - // Default port used if none is specified in given URL(s) - defaultPortString = "4222" -) - -// A Conn represents a bare connection to a nats-server. -// It can send and receive []byte payloads. -// The connection is safe to use in multiple Go routines concurrently. -type Conn struct { - // Keep all members for which we use atomic at the beginning of the - // struct and make sure they are all 64bits (or use padding if necessary). - // atomic.* functions crash on 32bit machines if operand is not aligned - // at 64bit. See https://github.com/golang/go/issues/599 - Statistics - mu sync.RWMutex - // Opts holds the configuration of the Conn. - // Modifying the configuration of a running Conn is a race. - Opts Options - wg sync.WaitGroup - srvPool []*srv - current *srv - urls map[string]struct{} // Keep track of all known URLs (used by processInfo) - conn net.Conn - bw *bufio.Writer - pending *bytes.Buffer - fch chan struct{} - info serverInfo - ssid int64 - subsMu sync.RWMutex - subs map[int64]*Subscription - ach *asyncCallbacksHandler - pongs []chan struct{} - scratch [scratchSize]byte - status Status - initc bool // true if the connection is performing the initial connect - err error - ps *parseState - ptmr *time.Timer - pout int - ar bool // abort reconnect - rqch chan struct{} - - // New style response handler - respSub string // The wildcard subject - respScanf string // The scanf template to extract mux token - respMux *Subscription // A single response subscription - respMap map[string]chan *Msg // Request map for the response msg channels - respRand *rand.Rand // Used for generating suffix -} - -// Subscription represents interest in a given subject. -type Subscription struct { - mu sync.Mutex - sid int64 - - // Subject that represents this subscription. This can be different - // than the received subject inside a Msg if this is a wildcard. - Subject string - - // Optional queue group name. If present, all subscriptions with the - // same name will form a distributed queue, and each message will - // only be processed by one member of the group. - Queue string - - // For holding information about a JetStream consumer. - jsi *jsSub - - delivered uint64 - max uint64 - conn *Conn - mcb MsgHandler - mch chan *Msg - closed bool - sc bool - connClosed bool - - // Type of Subscription - typ SubscriptionType - - // Async linked list - pHead *Msg - pTail *Msg - pCond *sync.Cond - - // Pending stats, async subscriptions, high-speed etc. - pMsgs int - pBytes int - pMsgsMax int - pBytesMax int - pMsgsLimit int - pBytesLimit int - dropped int -} - -// Msg represents a message delivered by NATS. This structure is used -// by Subscribers and PublishMsg(). -type Msg struct { - Subject string - Reply string - Header http.Header - Data []byte - Sub *Subscription - next *Msg - barrier *barrierInfo - ackd uint32 -} - -func (m *Msg) headerBytes() ([]byte, error) { - var hdr []byte - if len(m.Header) == 0 { - return hdr, nil - } - - var b bytes.Buffer - _, err := b.WriteString(hdrLine) - if err != nil { - return nil, ErrBadHeaderMsg - } - - err = m.Header.Write(&b) - if err != nil { - return nil, ErrBadHeaderMsg - } - - _, err = b.WriteString(crlf) - if err != nil { - return nil, ErrBadHeaderMsg - } - - return b.Bytes(), nil -} - -type barrierInfo struct { - refs int64 - f func() -} - -// Tracks various stats received and sent on this connection, -// including counts for messages and bytes. -type Statistics struct { - InMsgs uint64 - OutMsgs uint64 - InBytes uint64 - OutBytes uint64 - Reconnects uint64 -} - -// Tracks individual backend servers. -type srv struct { - url *url.URL - didConnect bool - reconnects int - lastErr error - isImplicit bool - tlsName string -} - -// The INFO block received from the server. -type serverInfo struct { - ID string `json:"server_id"` - Name string `json:"server_name"` - Proto int `json:"proto"` - Host string `json:"host"` - Port int `json:"port"` - Headers bool `json:"headers"` - AuthRequired bool `json:"auth_required,omitempty"` - TLSRequired bool `json:"tls_required,omitempty"` - TLSAvailable bool `json:"tls_available,omitempty"` - MaxPayload int64 `json:"max_payload"` - CID uint64 `json:"client_id,omitempty"` - ClientIP string `json:"client_ip,omitempty"` - Nonce string `json:"nonce,omitempty"` - Cluster string `json:"cluster,omitempty"` - ConnectURLs []string `json:"connect_urls,omitempty"` - LameDuckMode bool `json:"ldm,omitempty"` -} - -const ( - // clientProtoZero is the original client protocol from 2009. - // http://nats.io/documentation/internals/nats-protocol/ - /* clientProtoZero */ _ = iota - // clientProtoInfo signals a client can receive more then the original INFO block. - // This can be used to update clients on other cluster members, etc. - clientProtoInfo -) - -type connectInfo struct { - Verbose bool `json:"verbose"` - Pedantic bool `json:"pedantic"` - UserJWT string `json:"jwt,omitempty"` - Nkey string `json:"nkey,omitempty"` - Signature string `json:"sig,omitempty"` - User string `json:"user,omitempty"` - Pass string `json:"pass,omitempty"` - Token string `json:"auth_token,omitempty"` - TLS bool `json:"tls_required"` - Name string `json:"name"` - Lang string `json:"lang"` - Version string `json:"version"` - Protocol int `json:"protocol"` - Echo bool `json:"echo"` - Headers bool `json:"headers"` - NoResponders bool `json:"no_responders"` -} - -// MsgHandler is a callback function that processes messages delivered to -// asynchronous subscribers. -type MsgHandler func(msg *Msg) - -// Connect will attempt to connect to the NATS system. -// The url can contain username/password semantics. e.g. nats://derek:pass@localhost:4222 -// Comma separated arrays are also supported, e.g. urlA, urlB. -// Options start with the defaults but can be overridden. -func Connect(url string, options ...Option) (*Conn, error) { - opts := GetDefaultOptions() - opts.Servers = processUrlString(url) - for _, opt := range options { - if opt != nil { - if err := opt(&opts); err != nil { - return nil, err - } - } - } - return opts.Connect() -} - -// Options that can be passed to Connect. - -// Name is an Option to set the client name. -func Name(name string) Option { - return func(o *Options) error { - o.Name = name - return nil - } -} - -// Secure is an Option to enable TLS secure connections that skip server verification by default. -// Pass a TLS Configuration for proper TLS. -// NOTE: This should NOT be used in a production setting. -func Secure(tls ...*tls.Config) Option { - return func(o *Options) error { - o.Secure = true - // Use of variadic just simplifies testing scenarios. We only take the first one. - if len(tls) > 1 { - return ErrMultipleTLSConfigs - } - if len(tls) == 1 { - o.TLSConfig = tls[0] - } - return nil - } -} - -// RootCAs is a helper option to provide the RootCAs pool from a list of filenames. -// If Secure is not already set this will set it as well. -func RootCAs(file ...string) Option { - return func(o *Options) error { - pool := x509.NewCertPool() - for _, f := range file { - rootPEM, err := ioutil.ReadFile(f) - if err != nil || rootPEM == nil { - return fmt.Errorf("nats: error loading or parsing rootCA file: %v", err) - } - ok := pool.AppendCertsFromPEM(rootPEM) - if !ok { - return fmt.Errorf("nats: failed to parse root certificate from %q", f) - } - } - if o.TLSConfig == nil { - o.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12} - } - o.TLSConfig.RootCAs = pool - o.Secure = true - return nil - } -} - -// ClientCert is a helper option to provide the client certificate from a file. -// If Secure is not already set this will set it as well. -func ClientCert(certFile, keyFile string) Option { - return func(o *Options) error { - cert, err := tls.LoadX509KeyPair(certFile, keyFile) - if err != nil { - return fmt.Errorf("nats: error loading client certificate: %v", err) - } - cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0]) - if err != nil { - return fmt.Errorf("nats: error parsing client certificate: %v", err) - } - if o.TLSConfig == nil { - o.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12} - } - o.TLSConfig.Certificates = []tls.Certificate{cert} - o.Secure = true - return nil - } -} - -// NoReconnect is an Option to turn off reconnect behavior. -func NoReconnect() Option { - return func(o *Options) error { - o.AllowReconnect = false - return nil - } -} - -// DontRandomize is an Option to turn off randomizing the server pool. -func DontRandomize() Option { - return func(o *Options) error { - o.NoRandomize = true - return nil - } -} - -// NoEcho is an Option to turn off messages echoing back from a server. -// Note this is supported on servers >= version 1.2. Proto 1 or greater. -func NoEcho() Option { - return func(o *Options) error { - o.NoEcho = true - return nil - } -} - -// ReconnectWait is an Option to set the wait time between reconnect attempts. -func ReconnectWait(t time.Duration) Option { - return func(o *Options) error { - o.ReconnectWait = t - return nil - } -} - -// MaxReconnects is an Option to set the maximum number of reconnect attempts. -func MaxReconnects(max int) Option { - return func(o *Options) error { - o.MaxReconnect = max - return nil - } -} - -// ReconnectJitter is an Option to set the upper bound of a random delay added ReconnectWait. -func ReconnectJitter(jitter, jitterForTLS time.Duration) Option { - return func(o *Options) error { - o.ReconnectJitter = jitter - o.ReconnectJitterTLS = jitterForTLS - return nil - } -} - -// CustomReconnectDelay is an Option to set the CustomReconnectDelayCB option. -// See CustomReconnectDelayCB Option for more details. -func CustomReconnectDelay(cb ReconnectDelayHandler) Option { - return func(o *Options) error { - o.CustomReconnectDelayCB = cb - return nil - } -} - -// PingInterval is an Option to set the period for client ping commands. -func PingInterval(t time.Duration) Option { - return func(o *Options) error { - o.PingInterval = t - return nil - } -} - -// MaxPingsOutstanding is an Option to set the maximum number of ping requests -// that can go un-answered by the server before closing the connection. -func MaxPingsOutstanding(max int) Option { - return func(o *Options) error { - o.MaxPingsOut = max - return nil - } -} - -// ReconnectBufSize sets the buffer size of messages kept while busy reconnecting. -func ReconnectBufSize(size int) Option { - return func(o *Options) error { - o.ReconnectBufSize = size - return nil - } -} - -// Timeout is an Option to set the timeout for Dial on a connection. -func Timeout(t time.Duration) Option { - return func(o *Options) error { - o.Timeout = t - return nil - } -} - -// FlusherTimeout is an Option to set the write (and flush) timeout on a connection. -func FlusherTimeout(t time.Duration) Option { - return func(o *Options) error { - o.FlusherTimeout = t - return nil - } -} - -// DrainTimeout is an Option to set the timeout for draining a connection. -func DrainTimeout(t time.Duration) Option { - return func(o *Options) error { - o.DrainTimeout = t - return nil - } -} - -// DisconnectErrHandler is an Option to set the disconnected error handler. -func DisconnectErrHandler(cb ConnErrHandler) Option { - return func(o *Options) error { - o.DisconnectedErrCB = cb - return nil - } -} - -// DisconnectHandler is an Option to set the disconnected handler. -// DEPRECATED: Use DisconnectErrHandler. -func DisconnectHandler(cb ConnHandler) Option { - return func(o *Options) error { - o.DisconnectedCB = cb - return nil - } -} - -// ReconnectHandler is an Option to set the reconnected handler. -func ReconnectHandler(cb ConnHandler) Option { - return func(o *Options) error { - o.ReconnectedCB = cb - return nil - } -} - -// ClosedHandler is an Option to set the closed handler. -func ClosedHandler(cb ConnHandler) Option { - return func(o *Options) error { - o.ClosedCB = cb - return nil - } -} - -// DiscoveredServersHandler is an Option to set the new servers handler. -func DiscoveredServersHandler(cb ConnHandler) Option { - return func(o *Options) error { - o.DiscoveredServersCB = cb - return nil - } -} - -// ErrorHandler is an Option to set the async error handler. -func ErrorHandler(cb ErrHandler) Option { - return func(o *Options) error { - o.AsyncErrorCB = cb - return nil - } -} - -// UserInfo is an Option to set the username and password to -// use when not included directly in the URLs. -func UserInfo(user, password string) Option { - return func(o *Options) error { - o.User = user - o.Password = password - return nil - } -} - -// Token is an Option to set the token to use -// when a token is not included directly in the URLs -// and when a token handler is not provided. -func Token(token string) Option { - return func(o *Options) error { - if o.TokenHandler != nil { - return ErrTokenAlreadySet - } - o.Token = token - return nil - } -} - -// TokenHandler is an Option to set the token handler to use -// when a token is not included directly in the URLs -// and when a token is not set. -func TokenHandler(cb AuthTokenHandler) Option { - return func(o *Options) error { - if o.Token != "" { - return ErrTokenAlreadySet - } - o.TokenHandler = cb - return nil - } -} - -// UserCredentials is a convenience function that takes a filename -// for a user's JWT and a filename for the user's private Nkey seed. -func UserCredentials(userOrChainedFile string, seedFiles ...string) Option { - userCB := func() (string, error) { - return userFromFile(userOrChainedFile) - } - var keyFile string - if len(seedFiles) > 0 { - keyFile = seedFiles[0] - } else { - keyFile = userOrChainedFile - } - sigCB := func(nonce []byte) ([]byte, error) { - return sigHandler(nonce, keyFile) - } - return UserJWT(userCB, sigCB) -} - -// UserJWT will set the callbacks to retrieve the user's JWT and -// the signature callback to sign the server nonce. This an the Nkey -// option are mutually exclusive. -func UserJWT(userCB UserJWTHandler, sigCB SignatureHandler) Option { - return func(o *Options) error { - if userCB == nil { - return ErrNoUserCB - } - if sigCB == nil { - return ErrUserButNoSigCB - } - o.UserJWT = userCB - o.SignatureCB = sigCB - return nil - } -} - -// Nkey will set the public Nkey and the signature callback to -// sign the server nonce. -func Nkey(pubKey string, sigCB SignatureHandler) Option { - return func(o *Options) error { - o.Nkey = pubKey - o.SignatureCB = sigCB - if pubKey != "" && sigCB == nil { - return ErrNkeyButNoSigCB - } - return nil - } -} - -// SyncQueueLen will set the maximum queue len for the internal -// channel used for SubscribeSync(). -func SyncQueueLen(max int) Option { - return func(o *Options) error { - o.SubChanLen = max - return nil - } -} - -// Dialer is an Option to set the dialer which will be used when -// attempting to establish a connection. -// DEPRECATED: Should use CustomDialer instead. -func Dialer(dialer *net.Dialer) Option { - return func(o *Options) error { - o.Dialer = dialer - return nil - } -} - -// SetCustomDialer is an Option to set a custom dialer which will be -// used when attempting to establish a connection. If both Dialer -// and CustomDialer are specified, CustomDialer takes precedence. -func SetCustomDialer(dialer CustomDialer) Option { - return func(o *Options) error { - o.CustomDialer = dialer - return nil - } -} - -// UseOldRequestStyle is an Option to force usage of the old Request style. -func UseOldRequestStyle() Option { - return func(o *Options) error { - o.UseOldRequestStyle = true - return nil - } -} - -// NoCallbacksAfterClientClose is an Option to disable callbacks when user code -// calls Close(). If close is initiated by any other condition, callbacks -// if any will be invoked. -func NoCallbacksAfterClientClose() Option { - return func(o *Options) error { - o.NoCallbacksAfterClientClose = true - return nil - } -} - -// LameDuckModeHandler sets the callback to invoke when the server notifies -// the connection that it entered lame duck mode, that is, going to -// gradually disconnect all its connections before shuting down. This is -// often used in deployments when upgrading NATS Servers. -func LameDuckModeHandler(cb ConnHandler) Option { - return func(o *Options) error { - o.LameDuckModeHandler = cb - return nil - } -} - -// RetryOnFailedConnect sets the connection in reconnecting state right away -// if it can't connect to a server in the initial set. -// See RetryOnFailedConnect option for more details. -func RetryOnFailedConnect(retry bool) Option { - return func(o *Options) error { - o.RetryOnFailedConnect = retry - return nil - } -} - -// Handler processing - -// SetDisconnectHandler will set the disconnect event handler. -// DEPRECATED: Use SetDisconnectErrHandler -func (nc *Conn) SetDisconnectHandler(dcb ConnHandler) { - if nc == nil { - return - } - nc.mu.Lock() - defer nc.mu.Unlock() - nc.Opts.DisconnectedCB = dcb -} - -// SetDisconnectErrHandler will set the disconnect event handler. -func (nc *Conn) SetDisconnectErrHandler(dcb ConnErrHandler) { - if nc == nil { - return - } - nc.mu.Lock() - defer nc.mu.Unlock() - nc.Opts.DisconnectedErrCB = dcb -} - -// SetReconnectHandler will set the reconnect event handler. -func (nc *Conn) SetReconnectHandler(rcb ConnHandler) { - if nc == nil { - return - } - nc.mu.Lock() - defer nc.mu.Unlock() - nc.Opts.ReconnectedCB = rcb -} - -// SetDiscoveredServersHandler will set the discovered servers handler. -func (nc *Conn) SetDiscoveredServersHandler(dscb ConnHandler) { - if nc == nil { - return - } - nc.mu.Lock() - defer nc.mu.Unlock() - nc.Opts.DiscoveredServersCB = dscb -} - -// SetClosedHandler will set the reconnect event handler. -func (nc *Conn) SetClosedHandler(cb ConnHandler) { - if nc == nil { - return - } - nc.mu.Lock() - defer nc.mu.Unlock() - nc.Opts.ClosedCB = cb -} - -// SetErrorHandler will set the async error handler. -func (nc *Conn) SetErrorHandler(cb ErrHandler) { - if nc == nil { - return - } - nc.mu.Lock() - defer nc.mu.Unlock() - nc.Opts.AsyncErrorCB = cb -} - -// Process the url string argument to Connect. -// Return an array of urls, even if only one. -func processUrlString(url string) []string { - urls := strings.Split(url, ",") - for i, s := range urls { - urls[i] = strings.TrimSpace(s) - } - return urls -} - -// Connect will attempt to connect to a NATS server with multiple options. -func (o Options) Connect() (*Conn, error) { - nc := &Conn{Opts: o} - - // Some default options processing. - if nc.Opts.MaxPingsOut == 0 { - nc.Opts.MaxPingsOut = DefaultMaxPingOut - } - // Allow old default for channel length to work correctly. - if nc.Opts.SubChanLen == 0 { - nc.Opts.SubChanLen = DefaultMaxChanLen - } - // Default ReconnectBufSize - if nc.Opts.ReconnectBufSize == 0 { - nc.Opts.ReconnectBufSize = DefaultReconnectBufSize - } - // Ensure that Timeout is not 0 - if nc.Opts.Timeout == 0 { - nc.Opts.Timeout = DefaultTimeout - } - - // Check first for user jwt callback being defined and nkey. - if nc.Opts.UserJWT != nil && nc.Opts.Nkey != "" { - return nil, ErrNkeyAndUser - } - - // Check if we have an nkey but no signature callback defined. - if nc.Opts.Nkey != "" && nc.Opts.SignatureCB == nil { - return nil, ErrNkeyButNoSigCB - } - - // Allow custom Dialer for connecting using DialTimeout by default - if nc.Opts.Dialer == nil { - nc.Opts.Dialer = &net.Dialer{ - Timeout: nc.Opts.Timeout, - } - } - - if err := nc.setupServerPool(); err != nil { - return nil, err - } - - // Create the async callback handler. - nc.ach = &asyncCallbacksHandler{} - nc.ach.cond = sync.NewCond(&nc.ach.mu) - - // Set a default error handler that will print to stderr. - if nc.Opts.AsyncErrorCB == nil { - nc.Opts.AsyncErrorCB = defaultErrHandler - } - - if err := nc.connect(); err != nil { - return nil, err - } - - // Spin up the async cb dispatcher on success - go nc.ach.asyncCBDispatcher() - - return nc, nil -} - -func defaultErrHandler(nc *Conn, sub *Subscription, err error) { - var cid uint64 - if nc != nil { - nc.mu.RLock() - cid = nc.info.CID - nc.mu.RUnlock() - } - var errStr string - if sub != nil { - errStr = fmt.Sprintf("%s on connection [%d] for subscription on %q\n", err.Error(), cid, sub.Subject) - } else { - errStr = fmt.Sprintf("%s on connection [%d]\n", err.Error(), cid) - } - os.Stderr.WriteString(errStr) -} - -const ( - _CRLF_ = "\r\n" - _EMPTY_ = "" - _SPC_ = " " - _PUB_P_ = "PUB " - _HPUB_P_ = "HPUB " -) - -const ( - _OK_OP_ = "+OK" - _ERR_OP_ = "-ERR" - _PONG_OP_ = "PONG" - _INFO_OP_ = "INFO" -) - -const ( - connectProto = "CONNECT %s" + _CRLF_ - pingProto = "PING" + _CRLF_ - pongProto = "PONG" + _CRLF_ - subProto = "SUB %s %s %d" + _CRLF_ - unsubProto = "UNSUB %d %s" + _CRLF_ - okProto = _OK_OP_ + _CRLF_ -) - -// Return the currently selected server -func (nc *Conn) currentServer() (int, *srv) { - for i, s := range nc.srvPool { - if s == nil { - continue - } - if s == nc.current { - return i, s - } - } - return -1, nil -} - -// Pop the current server and put onto the end of the list. Select head of list as long -// as number of reconnect attempts under MaxReconnect. -func (nc *Conn) selectNextServer() (*srv, error) { - i, s := nc.currentServer() - if i < 0 { - return nil, ErrNoServers - } - sp := nc.srvPool - num := len(sp) - copy(sp[i:num-1], sp[i+1:num]) - maxReconnect := nc.Opts.MaxReconnect - if maxReconnect < 0 || s.reconnects < maxReconnect { - nc.srvPool[num-1] = s - } else { - nc.srvPool = sp[0 : num-1] - } - if len(nc.srvPool) <= 0 { - nc.current = nil - return nil, ErrNoServers - } - nc.current = nc.srvPool[0] - return nc.srvPool[0], nil -} - -// Will assign the correct server to nc.current -func (nc *Conn) pickServer() error { - nc.current = nil - if len(nc.srvPool) <= 0 { - return ErrNoServers - } - - for _, s := range nc.srvPool { - if s != nil { - nc.current = s - return nil - } - } - return ErrNoServers -} - -const tlsScheme = "tls" - -// Create the server pool using the options given. -// We will place a Url option first, followed by any -// Server Options. We will randomize the server pool unless -// the NoRandomize flag is set. -func (nc *Conn) setupServerPool() error { - nc.srvPool = make([]*srv, 0, srvPoolSize) - nc.urls = make(map[string]struct{}, srvPoolSize) - - // Create srv objects from each url string in nc.Opts.Servers - // and add them to the pool. - for _, urlString := range nc.Opts.Servers { - if err := nc.addURLToPool(urlString, false, false); err != nil { - return err - } - } - - // Randomize if allowed to - if !nc.Opts.NoRandomize { - nc.shufflePool(0) - } - - // Normally, if this one is set, Options.Servers should not be, - // but we always allowed that, so continue to do so. - if nc.Opts.Url != _EMPTY_ { - // Add to the end of the array - if err := nc.addURLToPool(nc.Opts.Url, false, false); err != nil { - return err - } - // Then swap it with first to guarantee that Options.Url is tried first. - last := len(nc.srvPool) - 1 - if last > 0 { - nc.srvPool[0], nc.srvPool[last] = nc.srvPool[last], nc.srvPool[0] - } - } else if len(nc.srvPool) <= 0 { - // Place default URL if pool is empty. - if err := nc.addURLToPool(DefaultURL, false, false); err != nil { - return err - } - } - - // Check for Scheme hint to move to TLS mode. - for _, srv := range nc.srvPool { - if srv.url.Scheme == tlsScheme { - // FIXME(dlc), this is for all in the pool, should be case by case. - nc.Opts.Secure = true - if nc.Opts.TLSConfig == nil { - nc.Opts.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12} - } - } - } - - return nc.pickServer() -} - -// Helper function to return scheme -func (nc *Conn) connScheme() string { - if nc.Opts.Secure { - return tlsScheme - } - return "nats" -} - -// Return true iff u.Hostname() is an IP address. -func hostIsIP(u *url.URL) bool { - return net.ParseIP(u.Hostname()) != nil -} - -// addURLToPool adds an entry to the server pool -func (nc *Conn) addURLToPool(sURL string, implicit, saveTLSName bool) error { - if !strings.Contains(sURL, "://") { - sURL = fmt.Sprintf("%s://%s", nc.connScheme(), sURL) - } - var ( - u *url.URL - err error - ) - for i := 0; i < 2; i++ { - u, err = url.Parse(sURL) - if err != nil { - return err - } - if u.Port() != "" { - break - } - // In case given URL is of the form "localhost:", just add - // the port number at the end, otherwise, add ":4222". - if sURL[len(sURL)-1] != ':' { - sURL += ":" - } - sURL += defaultPortString - } - - var tlsName string - if implicit { - curl := nc.current.url - // Check to see if we do not have a url.User but current connected - // url does. If so copy over. - if u.User == nil && curl.User != nil { - u.User = curl.User - } - // We are checking to see if we have a secure connection and are - // adding an implicit server that just has an IP. If so we will remember - // the current hostname we are connected to. - if saveTLSName && hostIsIP(u) { - tlsName = curl.Hostname() - } - } - - s := &srv{url: u, isImplicit: implicit, tlsName: tlsName} - nc.srvPool = append(nc.srvPool, s) - nc.urls[u.Host] = struct{}{} - return nil -} - -// shufflePool swaps randomly elements in the server pool -// The `offset` value indicates that the shuffling should start at -// this offset and leave the elements from [0..offset) intact. -func (nc *Conn) shufflePool(offset int) { - if len(nc.srvPool) <= offset+1 { - return - } - source := rand.NewSource(time.Now().UnixNano()) - r := rand.New(source) - for i := offset; i < len(nc.srvPool); i++ { - j := offset + r.Intn(i+1-offset) - nc.srvPool[i], nc.srvPool[j] = nc.srvPool[j], nc.srvPool[i] - } -} - -func (nc *Conn) newBuffer() *bufio.Writer { - var w io.Writer = nc.conn - if nc.Opts.FlusherTimeout > 0 { - w = &timeoutWriter{conn: nc.conn, timeout: nc.Opts.FlusherTimeout} - } - return bufio.NewWriterSize(w, defaultBufSize) -} - -// createConn will connect to the server and wrap the appropriate -// bufio structures. It will do the right thing when an existing -// connection is in place. -func (nc *Conn) createConn() (err error) { - if nc.Opts.Timeout < 0 { - return ErrBadTimeout - } - if _, cur := nc.currentServer(); cur == nil { - return ErrNoServers - } - - // We will auto-expand host names if they resolve to multiple IPs - hosts := []string{} - u := nc.current.url - - if net.ParseIP(u.Hostname()) == nil { - addrs, _ := net.LookupHost(u.Hostname()) - for _, addr := range addrs { - hosts = append(hosts, net.JoinHostPort(addr, u.Port())) - } - } - // Fall back to what we were given. - if len(hosts) == 0 { - hosts = append(hosts, u.Host) - } - - // CustomDialer takes precedence. If not set, use Opts.Dialer which - // is set to a default *net.Dialer (in Connect()) if not explicitly - // set by the user. - dialer := nc.Opts.CustomDialer - if dialer == nil { - // We will copy and shorten the timeout if we have multiple hosts to try. - copyDialer := *nc.Opts.Dialer - copyDialer.Timeout = copyDialer.Timeout / time.Duration(len(hosts)) - dialer = ©Dialer - } - - if len(hosts) > 1 && !nc.Opts.NoRandomize { - rand.Shuffle(len(hosts), func(i, j int) { - hosts[i], hosts[j] = hosts[j], hosts[i] - }) - } - for _, host := range hosts { - nc.conn, err = dialer.Dial("tcp", host) - if err == nil { - break - } - } - if err != nil { - return err - } - - if nc.pending != nil && nc.bw != nil { - // Move to pending buffer. - nc.bw.Flush() - } - nc.bw = nc.newBuffer() - return nil -} - -// makeTLSConn will wrap an existing Conn using TLS -func (nc *Conn) makeTLSConn() error { - // Allow the user to configure their own tls.Config structure. - var tlsCopy *tls.Config - if nc.Opts.TLSConfig != nil { - tlsCopy = util.CloneTLSConfig(nc.Opts.TLSConfig) - } else { - tlsCopy = &tls.Config{} - } - // If its blank we will override it with the current host - if tlsCopy.ServerName == _EMPTY_ { - if nc.current.tlsName != _EMPTY_ { - tlsCopy.ServerName = nc.current.tlsName - } else { - h, _, _ := net.SplitHostPort(nc.current.url.Host) - tlsCopy.ServerName = h - } - } - nc.conn = tls.Client(nc.conn, tlsCopy) - conn := nc.conn.(*tls.Conn) - if err := conn.Handshake(); err != nil { - return err - } - nc.bw = nc.newBuffer() - return nil -} - -// waitForExits will wait for all socket watcher Go routines to -// be shutdown before proceeding. -func (nc *Conn) waitForExits() { - // Kick old flusher forcefully. - select { - case nc.fch <- struct{}{}: - default: - } - - // Wait for any previous go routines. - nc.wg.Wait() -} - -// ConnectedUrl reports the connected server's URL -func (nc *Conn) ConnectedUrl() string { - if nc == nil { - return _EMPTY_ - } - - nc.mu.RLock() - defer nc.mu.RUnlock() - - if nc.status != CONNECTED { - return _EMPTY_ - } - return nc.current.url.String() -} - -// ConnectedAddr returns the connected server's IP -func (nc *Conn) ConnectedAddr() string { - if nc == nil { - return _EMPTY_ - } - - nc.mu.RLock() - defer nc.mu.RUnlock() - - if nc.status != CONNECTED { - return _EMPTY_ - } - return nc.conn.RemoteAddr().String() -} - -// ConnectedServerId reports the connected server's Id -func (nc *Conn) ConnectedServerId() string { - if nc == nil { - return _EMPTY_ - } - - nc.mu.RLock() - defer nc.mu.RUnlock() - - if nc.status != CONNECTED { - return _EMPTY_ - } - return nc.info.ID -} - -// ConnectedServerName reports the connected server's name -func (nc *Conn) ConnectedServerName() string { - if nc == nil { - return _EMPTY_ - } - - nc.mu.RLock() - defer nc.mu.RUnlock() - - if nc.status != CONNECTED { - return _EMPTY_ - } - return nc.info.Name -} - -// ConnectedClusterName reports the connected server's cluster name if any -func (nc *Conn) ConnectedClusterName() string { - if nc == nil { - return _EMPTY_ - } - - nc.mu.RLock() - defer nc.mu.RUnlock() - - if nc.status != CONNECTED { - return _EMPTY_ - } - return nc.info.Cluster -} - -// Low level setup for structs, etc -func (nc *Conn) setup() { - nc.subs = make(map[int64]*Subscription) - nc.pongs = make([]chan struct{}, 0, 8) - - nc.fch = make(chan struct{}, flushChanSize) - nc.rqch = make(chan struct{}) - - // Setup scratch outbound buffer for PUB/HPUB - pub := nc.scratch[:len(_HPUB_P_)] - copy(pub, _HPUB_P_) -} - -// Process a connected connection and initialize properly. -func (nc *Conn) processConnectInit() error { - - // Set our deadline for the whole connect process - nc.conn.SetDeadline(time.Now().Add(nc.Opts.Timeout)) - defer nc.conn.SetDeadline(time.Time{}) - - // Set our status to connecting. - nc.status = CONNECTING - - // Process the INFO protocol received from the server - err := nc.processExpectedInfo() - if err != nil { - return err - } - - // Send the CONNECT protocol along with the initial PING protocol. - // Wait for the PONG response (or any error that we get from the server). - err = nc.sendConnect() - if err != nil { - return err - } - - // Reset the number of PING sent out - nc.pout = 0 - - // Start or reset Timer - if nc.Opts.PingInterval > 0 { - if nc.ptmr == nil { - nc.ptmr = time.AfterFunc(nc.Opts.PingInterval, nc.processPingTimer) - } else { - nc.ptmr.Reset(nc.Opts.PingInterval) - } - } - - // Start the readLoop and flusher go routines, we will wait on both on a reconnect event. - nc.wg.Add(2) - go nc.readLoop() - go nc.flusher() - - return nil -} - -// Main connect function. Will connect to the nats-server -func (nc *Conn) connect() error { - var returnedErr error - - // Create actual socket connection - // For first connect we walk all servers in the pool and try - // to connect immediately. - nc.mu.Lock() - defer nc.mu.Unlock() - nc.initc = true - // The pool may change inside the loop iteration due to INFO protocol. - for i := 0; i < len(nc.srvPool); i++ { - nc.current = nc.srvPool[i] - - if err := nc.createConn(); err == nil { - // This was moved out of processConnectInit() because - // that function is now invoked from doReconnect() too. - nc.setup() - - err = nc.processConnectInit() - - if err == nil { - nc.current.didConnect = true - nc.current.reconnects = 0 - nc.current.lastErr = nil - returnedErr = nil - break - } else { - returnedErr = err - nc.mu.Unlock() - nc.close(DISCONNECTED, false, err) - nc.mu.Lock() - // Do not reset nc.current here since it would prevent - // RetryOnFailedConnect to work should this be the last server - // to try before starting doReconnect(). - } - } else { - // Cancel out default connection refused, will trigger the - // No servers error conditional - if strings.Contains(err.Error(), "connection refused") { - returnedErr = nil - } - } - } - - if returnedErr == nil && nc.status != CONNECTED { - returnedErr = ErrNoServers - } - - if returnedErr == nil { - nc.initc = false - } else if nc.Opts.RetryOnFailedConnect { - nc.setup() - nc.status = RECONNECTING - nc.pending = new(bytes.Buffer) - if nc.bw == nil { - nc.bw = nc.newBuffer() - } - nc.bw.Reset(nc.pending) - go nc.doReconnect(ErrNoServers) - returnedErr = nil - } else { - nc.current = nil - } - - return returnedErr -} - -// This will check to see if the connection should be -// secure. This can be dictated from either end and should -// only be called after the INIT protocol has been received. -func (nc *Conn) checkForSecure() error { - // Check to see if we need to engage TLS - o := nc.Opts - - // Check for mismatch in setups - if o.Secure && !nc.info.TLSRequired && !nc.info.TLSAvailable { - return ErrSecureConnWanted - } else if nc.info.TLSRequired && !o.Secure { - // Switch to Secure since server needs TLS. - o.Secure = true - } - - // Need to rewrap with bufio - if o.Secure { - if err := nc.makeTLSConn(); err != nil { - return err - } - } - return nil -} - -// processExpectedInfo will look for the expected first INFO message -// sent when a connection is established. The lock should be held entering. -func (nc *Conn) processExpectedInfo() error { - - c := &control{} - - // Read the protocol - err := nc.readOp(c) - if err != nil { - return err - } - - // The nats protocol should send INFO first always. - if c.op != _INFO_OP_ { - return ErrNoInfoReceived - } - - // Parse the protocol - if err := nc.processInfo(c.args); err != nil { - return err - } - - if nc.Opts.Nkey != "" && nc.info.Nonce == "" { - return ErrNkeysNotSupported - } - - return nc.checkForSecure() -} - -// Sends a protocol control message by queuing into the bufio writer -// and kicking the flush Go routine. These writes are protected. -func (nc *Conn) sendProto(proto string) { - nc.mu.Lock() - nc.bw.WriteString(proto) - nc.kickFlusher() - nc.mu.Unlock() -} - -// Generate a connect protocol message, issuing user/password if -// applicable. The lock is assumed to be held upon entering. -func (nc *Conn) connectProto() (string, error) { - o := nc.Opts - var nkey, sig, user, pass, token, ujwt string - u := nc.current.url.User - if u != nil { - // if no password, assume username is authToken - if _, ok := u.Password(); !ok { - token = u.Username() - } else { - user = u.Username() - pass, _ = u.Password() - } - } else { - // Take from options (possibly all empty strings) - user = o.User - pass = o.Password - token = o.Token - nkey = o.Nkey - } - - // Look for user jwt. - if o.UserJWT != nil { - if jwt, err := o.UserJWT(); err != nil { - return _EMPTY_, err - } else { - ujwt = jwt - } - if nkey != _EMPTY_ { - return _EMPTY_, ErrNkeyAndUser - } - } - - if ujwt != _EMPTY_ || nkey != _EMPTY_ { - if o.SignatureCB == nil { - if ujwt == _EMPTY_ { - return _EMPTY_, ErrNkeyButNoSigCB - } - return _EMPTY_, ErrUserButNoSigCB - } - sigraw, err := o.SignatureCB([]byte(nc.info.Nonce)) - if err != nil { - return _EMPTY_, err - } - sig = base64.RawURLEncoding.EncodeToString(sigraw) - } - - if nc.Opts.TokenHandler != nil { - if token != _EMPTY_ { - return _EMPTY_, ErrTokenAlreadySet - } - token = nc.Opts.TokenHandler() - } - - // If our server does not support headers then we can't do them or no responders. - hdrs := nc.info.Headers - cinfo := connectInfo{o.Verbose, o.Pedantic, ujwt, nkey, sig, user, pass, token, - o.Secure, o.Name, LangString, Version, clientProtoInfo, !o.NoEcho, hdrs, hdrs} - - b, err := json.Marshal(cinfo) - if err != nil { - return _EMPTY_, ErrJsonParse - } - - // Check if NoEcho is set and we have a server that supports it. - if o.NoEcho && nc.info.Proto < 1 { - return _EMPTY_, ErrNoEchoNotSupported - } - - return fmt.Sprintf(connectProto, b), nil -} - -// normalizeErr removes the prefix -ERR, trim spaces and remove the quotes. -func normalizeErr(line string) string { - s := strings.TrimSpace(strings.TrimPrefix(line, _ERR_OP_)) - s = strings.TrimLeft(strings.TrimRight(s, "'"), "'") - return s -} - -// Send a connect protocol message to the server, issue user/password if -// applicable. Will wait for a flush to return from the server for error -// processing. -func (nc *Conn) sendConnect() error { - // Construct the CONNECT protocol string - cProto, err := nc.connectProto() - if err != nil { - return err - } - - // Write the protocol into the buffer - _, err = nc.bw.WriteString(cProto) - if err != nil { - return err - } - - // Add to the buffer the PING protocol - _, err = nc.bw.WriteString(pingProto) - if err != nil { - return err - } - - // Flush the buffer - err = nc.bw.Flush() - if err != nil { - return err - } - - // We don't want to read more than we need here, otherwise - // we would need to transfer the excess read data to the readLoop. - // Since in normal situations we just are looking for a PONG\r\n, - // reading byte-by-byte here is ok. - proto, err := nc.readProto() - if err != nil { - return err - } - - // If opts.Verbose is set, handle +OK - if nc.Opts.Verbose && proto == okProto { - // Read the rest now... - proto, err = nc.readProto() - if err != nil { - return err - } - } - - // We expect a PONG - if proto != pongProto { - // But it could be something else, like -ERR - - // Since we no longer use ReadLine(), trim the trailing "\r\n" - proto = strings.TrimRight(proto, "\r\n") - - // If it's a server error... - if strings.HasPrefix(proto, _ERR_OP_) { - // Remove -ERR, trim spaces and quotes, and convert to lower case. - proto = normalizeErr(proto) - - // Check if this is an auth error - if authErr := checkAuthError(strings.ToLower(proto)); authErr != nil { - // This will schedule an async error if we are in reconnect, - // and keep track of the auth error for the current server. - // If we have got the same error twice, this sets nc.ar to true to - // indicate that the reconnect should be aborted (will be checked - // in doReconnect()). - nc.processAuthError(authErr) - } - - return errors.New("nats: " + proto) - } - - // Notify that we got an unexpected protocol. - return fmt.Errorf("nats: expected '%s', got '%s'", _PONG_OP_, proto) - } - - // This is where we are truly connected. - nc.status = CONNECTED - - return nil -} - -// reads a protocol one byte at a time. -func (nc *Conn) readProto() (string, error) { - var ( - _buf = [10]byte{} - buf = _buf[:0] - b = [1]byte{} - protoEnd = byte('\n') - ) - for { - if _, err := nc.conn.Read(b[:1]); err != nil { - // Do not report EOF error - if err == io.EOF { - return string(buf), nil - } - return "", err - } - buf = append(buf, b[0]) - if b[0] == protoEnd { - return string(buf), nil - } - } -} - -// A control protocol line. -type control struct { - op, args string -} - -// Read a control line and process the intended op. -func (nc *Conn) readOp(c *control) error { - br := bufio.NewReaderSize(nc.conn, defaultBufSize) - line, err := br.ReadString('\n') - if err != nil { - return err - } - parseControl(line, c) - return nil -} - -// Parse a control line from the server. -func parseControl(line string, c *control) { - toks := strings.SplitN(line, _SPC_, 2) - if len(toks) == 1 { - c.op = strings.TrimSpace(toks[0]) - c.args = _EMPTY_ - } else if len(toks) == 2 { - c.op, c.args = strings.TrimSpace(toks[0]), strings.TrimSpace(toks[1]) - } else { - c.op = _EMPTY_ - } -} - -// flushReconnectPending will push the pending items that were -// gathered while we were in a RECONNECTING state to the socket. -func (nc *Conn) flushReconnectPendingItems() { - if nc.pending == nil { - return - } - if nc.pending.Len() > 0 { - nc.bw.Write(nc.pending.Bytes()) - } -} - -// Stops the ping timer if set. -// Connection lock is held on entry. -func (nc *Conn) stopPingTimer() { - if nc.ptmr != nil { - nc.ptmr.Stop() - } -} - -// Try to reconnect using the option parameters. -// This function assumes we are allowed to reconnect. -func (nc *Conn) doReconnect(err error) { - // We want to make sure we have the other watchers shutdown properly - // here before we proceed past this point. - nc.waitForExits() - - // FIXME(dlc) - We have an issue here if we have - // outstanding flush points (pongs) and they were not - // sent out, but are still in the pipe. - - // Hold the lock manually and release where needed below, - // can't do defer here. - nc.mu.Lock() - - // Clear any queued pongs, e.g. pending flush calls. - nc.clearPendingFlushCalls() - - // Clear any errors. - nc.err = nil - // Perform appropriate callback if needed for a disconnect. - // DisconnectedErrCB has priority over deprecated DisconnectedCB - if !nc.initc { - if nc.Opts.DisconnectedErrCB != nil { - nc.ach.push(func() { nc.Opts.DisconnectedErrCB(nc, err) }) - } else if nc.Opts.DisconnectedCB != nil { - nc.ach.push(func() { nc.Opts.DisconnectedCB(nc) }) - } - } - - // This is used to wait on go routines exit if we start them in the loop - // but an error occurs after that. - waitForGoRoutines := false - var rt *time.Timer - // Channel used to kick routine out of sleep when conn is closed. - rqch := nc.rqch - // Counter that is increased when the whole list of servers has been tried. - var wlf int - - var jitter time.Duration - var rw time.Duration - // If a custom reconnect delay handler is set, this takes precedence. - crd := nc.Opts.CustomReconnectDelayCB - if crd == nil { - rw = nc.Opts.ReconnectWait - // TODO: since we sleep only after the whole list has been tried, we can't - // rely on individual *srv to know if it is a TLS or non-TLS url. - // We have to pick which type of jitter to use, for now, we use these hints: - jitter = nc.Opts.ReconnectJitter - if nc.Opts.Secure || nc.Opts.TLSConfig != nil { - jitter = nc.Opts.ReconnectJitterTLS - } - } - - for i := 0; len(nc.srvPool) > 0; { - cur, err := nc.selectNextServer() - if err != nil { - nc.err = err - break - } - - doSleep := i+1 >= len(nc.srvPool) - nc.mu.Unlock() - - if !doSleep { - i++ - // Release the lock to give a chance to a concurrent nc.Close() to break the loop. - runtime.Gosched() - } else { - i = 0 - var st time.Duration - if crd != nil { - wlf++ - st = crd(wlf) - } else { - st = rw - if jitter > 0 { - st += time.Duration(rand.Int63n(int64(jitter))) - } - } - if rt == nil { - rt = time.NewTimer(st) - } else { - rt.Reset(st) - } - select { - case <-rqch: - rt.Stop() - case <-rt.C: - } - } - // If the readLoop, etc.. go routines were started, wait for them to complete. - if waitForGoRoutines { - nc.waitForExits() - waitForGoRoutines = false - } - nc.mu.Lock() - - // Check if we have been closed first. - if nc.isClosed() { - break - } - - // Mark that we tried a reconnect - cur.reconnects++ - - // Try to create a new connection - err = nc.createConn() - - // Not yet connected, retry... - // Continue to hold the lock - if err != nil { - nc.err = nil - continue - } - - // We are reconnected - nc.Reconnects++ - - // Process connect logic - if nc.err = nc.processConnectInit(); nc.err != nil { - // Check if we should abort reconnect. If so, break out - // of the loop and connection will be closed. - if nc.ar { - break - } - nc.status = RECONNECTING - // Reset the buffered writer to the pending buffer - // (was set to a buffered writer on nc.conn in createConn) - nc.bw.Reset(nc.pending) - continue - } - - // Clear possible lastErr under the connection lock after - // a successful processConnectInit(). - nc.current.lastErr = nil - - // Clear out server stats for the server we connected to.. - cur.didConnect = true - cur.reconnects = 0 - - // Send existing subscription state - nc.resendSubscriptions() - - // Now send off and clear pending buffer - nc.flushReconnectPendingItems() - - // Flush the buffer - nc.err = nc.bw.Flush() - if nc.err != nil { - nc.status = RECONNECTING - // Reset the buffered writer to the pending buffer (bytes.Buffer). - nc.bw.Reset(nc.pending) - // Stop the ping timer (if set) - nc.stopPingTimer() - // Since processConnectInit() returned without error, the - // go routines were started, so wait for them to return - // on the next iteration (after releasing the lock). - waitForGoRoutines = true - continue - } - - // Done with the pending buffer - nc.pending = nil - - // This is where we are truly connected. - nc.status = CONNECTED - - // If we are here with a retry on failed connect, indicate that the - // initial connect is now complete. - nc.initc = false - - // Queue up the reconnect callback. - if nc.Opts.ReconnectedCB != nil { - nc.ach.push(func() { nc.Opts.ReconnectedCB(nc) }) - } - - // Release lock here, we will return below. - nc.mu.Unlock() - - // Make sure to flush everything - nc.Flush() - - return - } - - // Call into close.. We have no servers left.. - if nc.err == nil { - nc.err = ErrNoServers - } - nc.mu.Unlock() - nc.close(CLOSED, true, nil) -} - -// processOpErr handles errors from reading or parsing the protocol. -// The lock should not be held entering this function. -func (nc *Conn) processOpErr(err error) { - nc.mu.Lock() - if nc.isConnecting() || nc.isClosed() || nc.isReconnecting() { - nc.mu.Unlock() - return - } - - if nc.Opts.AllowReconnect && nc.status == CONNECTED { - // Set our new status - nc.status = RECONNECTING - // Stop ping timer if set - nc.stopPingTimer() - if nc.conn != nil { - nc.bw.Flush() - nc.conn.Close() - nc.conn = nil - } - - // Create pending buffer before reconnecting. - nc.pending = new(bytes.Buffer) - nc.bw.Reset(nc.pending) - - go nc.doReconnect(err) - nc.mu.Unlock() - return - } - - nc.status = DISCONNECTED - nc.err = err - nc.mu.Unlock() - nc.close(CLOSED, true, nil) -} - -// dispatch is responsible for calling any async callbacks -func (ac *asyncCallbacksHandler) asyncCBDispatcher() { - for { - ac.mu.Lock() - // Protect for spurious wakeups. We should get out of the - // wait only if there is an element to pop from the list. - for ac.head == nil { - ac.cond.Wait() - } - cur := ac.head - ac.head = cur.next - if cur == ac.tail { - ac.tail = nil - } - ac.mu.Unlock() - - // This signals that the dispatcher has been closed and all - // previous callbacks have been dispatched. - if cur.f == nil { - return - } - // Invoke callback outside of handler's lock - cur.f() - } -} - -// Add the given function to the tail of the list and -// signals the dispatcher. -func (ac *asyncCallbacksHandler) push(f func()) { - ac.pushOrClose(f, false) -} - -// Signals that we are closing... -func (ac *asyncCallbacksHandler) close() { - ac.pushOrClose(nil, true) -} - -// Add the given function to the tail of the list and -// signals the dispatcher. -func (ac *asyncCallbacksHandler) pushOrClose(f func(), close bool) { - ac.mu.Lock() - defer ac.mu.Unlock() - // Make sure that library is not calling push with nil function, - // since this is used to notify the dispatcher that it should stop. - if !close && f == nil { - panic("pushing a nil callback") - } - cb := &asyncCB{f: f} - if ac.tail != nil { - ac.tail.next = cb - } else { - ac.head = cb - } - ac.tail = cb - if close { - ac.cond.Broadcast() - } else { - ac.cond.Signal() - } -} - -// readLoop() will sit on the socket reading and processing the -// protocol from the server. It will dispatch appropriately based -// on the op type. -func (nc *Conn) readLoop() { - // Release the wait group on exit - defer nc.wg.Done() - - // Create a parseState if needed. - nc.mu.Lock() - if nc.ps == nil { - nc.ps = &parseState{} - } - conn := nc.conn - nc.mu.Unlock() - - if conn == nil { - return - } - - // Stack based buffer. - b := make([]byte, defaultBufSize) - - for { - if n, err := conn.Read(b); err != nil { - nc.processOpErr(err) - break - } else if err = nc.parse(b[:n]); err != nil { - nc.processOpErr(err) - break - } - } - // Clear the parseState here.. - nc.mu.Lock() - nc.ps = nil - nc.mu.Unlock() -} - -// waitForMsgs waits on the conditional shared with readLoop and processMsg. -// It is used to deliver messages to asynchronous subscribers. -func (nc *Conn) waitForMsgs(s *Subscription) { - var closed bool - var delivered, max uint64 - - // Used to account for adjustments to sub.pBytes when we wrap back around. - msgLen := -1 - - for { - s.mu.Lock() - // Do accounting for last msg delivered here so we only lock once - // and drain state trips after callback has returned. - if msgLen >= 0 { - s.pMsgs-- - s.pBytes -= msgLen - msgLen = -1 - } - - if s.pHead == nil && !s.closed { - s.pCond.Wait() - } - // Pop the msg off the list - m := s.pHead - if m != nil { - s.pHead = m.next - if s.pHead == nil { - s.pTail = nil - } - if m.barrier != nil { - s.mu.Unlock() - if atomic.AddInt64(&m.barrier.refs, -1) == 0 { - m.barrier.f() - } - continue - } - msgLen = len(m.Data) - } - mcb := s.mcb - max = s.max - closed = s.closed - if !s.closed { - s.delivered++ - delivered = s.delivered - } - s.mu.Unlock() - - if closed { - break - } - - // Deliver the message. - if m != nil && (max == 0 || delivered <= max) { - mcb(m) - } - // If we have hit the max for delivered msgs, remove sub. - if max > 0 && delivered >= max { - nc.mu.Lock() - nc.removeSub(s) - nc.mu.Unlock() - break - } - } - // Check for barrier messages - s.mu.Lock() - for m := s.pHead; m != nil; m = s.pHead { - if m.barrier != nil { - s.mu.Unlock() - if atomic.AddInt64(&m.barrier.refs, -1) == 0 { - m.barrier.f() - } - s.mu.Lock() - } - s.pHead = m.next - } - s.mu.Unlock() -} - -// processMsg is called by parse and will place the msg on the -// appropriate channel/pending queue for processing. If the channel is full, -// or the pending queue is over the pending limits, the connection is -// considered a slow consumer. -func (nc *Conn) processMsg(data []byte) { - // Stats - atomic.AddUint64(&nc.InMsgs, 1) - atomic.AddUint64(&nc.InBytes, uint64(len(data))) - - // Don't lock the connection to avoid server cutting us off if the - // flusher is holding the connection lock, trying to send to the server - // that is itself trying to send data to us. - nc.subsMu.RLock() - sub := nc.subs[nc.ps.ma.sid] - nc.subsMu.RUnlock() - - if sub == nil { - return - } - - // Copy them into string - subj := string(nc.ps.ma.subject) - reply := string(nc.ps.ma.reply) - - // Doing message create outside of the sub's lock to reduce contention. - // It's possible that we end-up not using the message, but that's ok. - - // FIXME(dlc): Need to copy, should/can do COW? - msgPayload := make([]byte, len(data)) - copy(msgPayload, data) - - // Check if we have headers encoded here. - var h http.Header - var err error - - if nc.ps.ma.hdr > 0 { - hbuf := msgPayload[:nc.ps.ma.hdr] - msgPayload = msgPayload[nc.ps.ma.hdr:] - h, err = decodeHeadersMsg(hbuf) - if err != nil { - // We will pass the message through but send async error. - nc.mu.Lock() - nc.err = ErrBadHeaderMsg - if nc.Opts.AsyncErrorCB != nil { - nc.ach.push(func() { nc.Opts.AsyncErrorCB(nc, sub, ErrBadHeaderMsg) }) - } - nc.mu.Unlock() - } - } - - // FIXME(dlc): Should we recycle these containers? - m := &Msg{Header: h, Data: msgPayload, Subject: subj, Reply: reply, Sub: sub} - - sub.mu.Lock() - - // Check if closed. - if sub.closed { - sub.mu.Unlock() - return - } - - // Subscription internal stats (applicable only for non ChanSubscription's) - if sub.typ != ChanSubscription { - sub.pMsgs++ - if sub.pMsgs > sub.pMsgsMax { - sub.pMsgsMax = sub.pMsgs - } - sub.pBytes += len(m.Data) - if sub.pBytes > sub.pBytesMax { - sub.pBytesMax = sub.pBytes - } - - // Check for a Slow Consumer - if (sub.pMsgsLimit > 0 && sub.pMsgs > sub.pMsgsLimit) || - (sub.pBytesLimit > 0 && sub.pBytes > sub.pBytesLimit) { - goto slowConsumer - } - } - - // We have two modes of delivery. One is the channel, used by channel - // subscribers and syncSubscribers, the other is a linked list for async. - if sub.mch != nil { - select { - case sub.mch <- m: - default: - goto slowConsumer - } - } else { - // Push onto the async pList - if sub.pHead == nil { - sub.pHead = m - sub.pTail = m - if sub.pCond != nil { - sub.pCond.Signal() - } - } else { - sub.pTail.next = m - sub.pTail = m - } - } - - // Clear SlowConsumer status. - sub.sc = false - - sub.mu.Unlock() - return - -slowConsumer: - sub.dropped++ - sc := !sub.sc - sub.sc = true - // Undo stats from above - if sub.typ != ChanSubscription { - sub.pMsgs-- - sub.pBytes -= len(m.Data) - } - sub.mu.Unlock() - if sc { - // Now we need connection's lock and we may end-up in the situation - // that we were trying to avoid, except that in this case, the client - // is already experiencing client-side slow consumer situation. - nc.mu.Lock() - nc.err = ErrSlowConsumer - if nc.Opts.AsyncErrorCB != nil { - nc.ach.push(func() { nc.Opts.AsyncErrorCB(nc, sub, ErrSlowConsumer) }) - } - nc.mu.Unlock() - } -} - -// processPermissionsViolation is called when the server signals a subject -// permissions violation on either publish or subscribe. -func (nc *Conn) processPermissionsViolation(err string) { - nc.mu.Lock() - // create error here so we can pass it as a closure to the async cb dispatcher. - e := errors.New("nats: " + err) - nc.err = e - if nc.Opts.AsyncErrorCB != nil { - nc.ach.push(func() { nc.Opts.AsyncErrorCB(nc, nil, e) }) - } - nc.mu.Unlock() -} - -// processAuthError generally processing for auth errors. We want to do retries -// unless we get the same error again. This allows us for instance to swap credentials -// and have the app reconnect, but if nothing is changing we should bail. -// This function will return true if the connection should be closed, false otherwise. -// Connection lock is held on entry -func (nc *Conn) processAuthError(err error) bool { - nc.err = err - if !nc.initc && nc.Opts.AsyncErrorCB != nil { - nc.ach.push(func() { nc.Opts.AsyncErrorCB(nc, nil, err) }) - } - // We should give up if we tried twice on this server and got the - // same error. - if nc.current.lastErr == err { - nc.ar = true - } else { - nc.current.lastErr = err - } - return nc.ar -} - -// flusher is a separate Go routine that will process flush requests for the write -// bufio. This allows coalescing of writes to the underlying socket. -func (nc *Conn) flusher() { - // Release the wait group - defer nc.wg.Done() - - // snapshot the bw and conn since they can change from underneath of us. - nc.mu.Lock() - bw := nc.bw - conn := nc.conn - fch := nc.fch - nc.mu.Unlock() - - if conn == nil || bw == nil { - return - } - - for { - if _, ok := <-fch; !ok { - return - } - nc.mu.Lock() - - // Check to see if we should bail out. - if !nc.isConnected() || nc.isConnecting() || bw != nc.bw || conn != nc.conn { - nc.mu.Unlock() - return - } - if bw.Buffered() > 0 { - if err := bw.Flush(); err != nil { - if nc.err == nil { - nc.err = err - } - } - } - nc.mu.Unlock() - } -} - -// processPing will send an immediate pong protocol response to the -// server. The server uses this mechanism to detect dead clients. -func (nc *Conn) processPing() { - nc.sendProto(pongProto) -} - -// processPong is used to process responses to the client's ping -// messages. We use pings for the flush mechanism as well. -func (nc *Conn) processPong() { - var ch chan struct{} - - nc.mu.Lock() - if len(nc.pongs) > 0 { - ch = nc.pongs[0] - nc.pongs = nc.pongs[1:] - } - nc.pout = 0 - nc.mu.Unlock() - if ch != nil { - ch <- struct{}{} - } -} - -// processOK is a placeholder for processing OK messages. -func (nc *Conn) processOK() { - // do nothing -} - -// processInfo is used to parse the info messages sent -// from the server. -// This function may update the server pool. -func (nc *Conn) processInfo(info string) error { - if info == _EMPTY_ { - return nil - } - ncInfo := serverInfo{} - if err := json.Unmarshal([]byte(info), &ncInfo); err != nil { - return err - } - - // Copy content into connection's info structure. - nc.info = ncInfo - // The array could be empty/not present on initial connect, - // if advertise is disabled on that server, or servers that - // did not include themselves in the async INFO protocol. - // If empty, do not remove the implicit servers from the pool. - if len(nc.info.ConnectURLs) == 0 { - if !nc.initc && ncInfo.LameDuckMode && nc.Opts.LameDuckModeHandler != nil { - nc.ach.push(func() { nc.Opts.LameDuckModeHandler(nc) }) - } - return nil - } - // Note about pool randomization: when the pool was first created, - // it was randomized (if allowed). We keep the order the same (removing - // implicit servers that are no longer sent to us). New URLs are sent - // to us in no specific order so don't need extra randomization. - hasNew := false - // This is what we got from the server we are connected to. - urls := nc.info.ConnectURLs - // Transform that to a map for easy lookups - tmp := make(map[string]struct{}, len(urls)) - for _, curl := range urls { - tmp[curl] = struct{}{} - } - // Walk the pool and removed the implicit servers that are no longer in the - // given array/map - sp := nc.srvPool - for i := 0; i < len(sp); i++ { - srv := sp[i] - curl := srv.url.Host - // Check if this URL is in the INFO protocol - _, inInfo := tmp[curl] - // Remove from the temp map so that at the end we are left with only - // new (or restarted) servers that need to be added to the pool. - delete(tmp, curl) - // Keep servers that were set through Options, but also the one that - // we are currently connected to (even if it is a discovered server). - if !srv.isImplicit || srv.url == nc.current.url { - continue - } - if !inInfo { - // Remove from server pool. Keep current order. - copy(sp[i:], sp[i+1:]) - nc.srvPool = sp[:len(sp)-1] - sp = nc.srvPool - i-- - } - } - // Figure out if we should save off the current non-IP hostname if we encounter a bare IP. - saveTLS := nc.current != nil && !hostIsIP(nc.current.url) - - // If there are any left in the tmp map, these are new (or restarted) servers - // and need to be added to the pool. - for curl := range tmp { - // Before adding, check if this is a new (as in never seen) URL. - // This is used to figure out if we invoke the DiscoveredServersCB - if _, present := nc.urls[curl]; !present { - hasNew = true - } - nc.addURLToPool(fmt.Sprintf("%s://%s", nc.connScheme(), curl), true, saveTLS) - } - if hasNew { - // Randomize the pool if allowed but leave the first URL in place. - if !nc.Opts.NoRandomize { - nc.shufflePool(1) - } - if !nc.initc && nc.Opts.DiscoveredServersCB != nil { - nc.ach.push(func() { nc.Opts.DiscoveredServersCB(nc) }) - } - } - if !nc.initc && ncInfo.LameDuckMode && nc.Opts.LameDuckModeHandler != nil { - nc.ach.push(func() { nc.Opts.LameDuckModeHandler(nc) }) - } - return nil -} - -// processAsyncInfo does the same than processInfo, but is called -// from the parser. Calls processInfo under connection's lock -// protection. -func (nc *Conn) processAsyncInfo(info []byte) { - nc.mu.Lock() - // Ignore errors, we will simply not update the server pool... - nc.processInfo(string(info)) - nc.mu.Unlock() -} - -// LastError reports the last error encountered via the connection. -// It can be used reliably within ClosedCB in order to find out reason -// why connection was closed for example. -func (nc *Conn) LastError() error { - if nc == nil { - return ErrInvalidConnection - } - nc.mu.RLock() - err := nc.err - nc.mu.RUnlock() - return err -} - -// Check if the given error string is an auth error, and if so returns -// the corresponding ErrXXX error, nil otherwise -func checkAuthError(e string) error { - if strings.HasPrefix(e, AUTHORIZATION_ERR) { - return ErrAuthorization - } - if strings.HasPrefix(e, AUTHENTICATION_EXPIRED_ERR) { - return ErrAuthExpired - } - return nil -} - -// processErr processes any error messages from the server and -// sets the connection's lastError. -func (nc *Conn) processErr(ie string) { - // Trim, remove quotes - ne := normalizeErr(ie) - // convert to lower case. - e := strings.ToLower(ne) - - close := false - - // FIXME(dlc) - process Slow Consumer signals special. - if e == STALE_CONNECTION { - nc.processOpErr(ErrStaleConnection) - } else if strings.HasPrefix(e, PERMISSIONS_ERR) { - nc.processPermissionsViolation(ne) - } else if authErr := checkAuthError(e); authErr != nil { - nc.mu.Lock() - close = nc.processAuthError(authErr) - nc.mu.Unlock() - } else { - close = true - nc.mu.Lock() - nc.err = errors.New("nats: " + ne) - nc.mu.Unlock() - } - if close { - nc.close(CLOSED, true, nil) - } -} - -// kickFlusher will send a bool on a channel to kick the -// flush Go routine to flush data to the server. -func (nc *Conn) kickFlusher() { - if nc.bw != nil { - select { - case nc.fch <- struct{}{}: - default: - } - } -} - -// Publish publishes the data argument to the given subject. The data -// argument is left untouched and needs to be correctly interpreted on -// the receiver. -func (nc *Conn) Publish(subj string, data []byte) error { - return nc.publish(subj, _EMPTY_, nil, data) -} - -// NewMsg creates a message for publishing that will use headers. -func NewMsg(subject string) *Msg { - return &Msg{ - Subject: subject, - Header: make(http.Header), - } -} - -const ( - hdrLine = "NATS/1.0\r\n" - crlf = "\r\n" - hdrPreEnd = len(hdrLine) - len(crlf) - statusHdr = "Status" - descrHdr = "Description" - noResponders = "503" - statusLen = 3 // e.g. 20x, 40x, 50x -) - -// decodeHeadersMsg will decode and headers. -func decodeHeadersMsg(data []byte) (http.Header, error) { - tp := textproto.NewReader(bufio.NewReader(bytes.NewReader(data))) - l, err := tp.ReadLine() - if err != nil || len(l) < hdrPreEnd || l[:hdrPreEnd] != hdrLine[:hdrPreEnd] { - return nil, ErrBadHeaderMsg - } - mh, err := tp.ReadMIMEHeader() - if err != nil { - return nil, ErrBadHeaderMsg - } - // Check if we have an inlined status. - if len(l) > hdrPreEnd { - var description string - status := strings.TrimSpace(l[hdrPreEnd:]) - if len(status) != statusLen { - description = strings.TrimSpace(status[statusLen:]) - status = status[:statusLen] - } - mh.Add(statusHdr, status) - if len(description) > 0 { - mh.Add(descrHdr, description) - } - } - return http.Header(mh), nil -} - -// PublishMsg publishes the Msg structure, which includes the -// Subject, an optional Reply and an optional Data field. -func (nc *Conn) PublishMsg(m *Msg) error { - if m == nil { - return ErrInvalidMsg - } - - var hdr []byte - var err error - - if len(m.Header) > 0 { - if !nc.info.Headers { - return ErrHeadersNotSupported - } - - hdr, err = m.headerBytes() - if err != nil { - return err - } - } - - return nc.publish(m.Subject, m.Reply, hdr, m.Data) -} - -// PublishRequest will perform a Publish() expecting a response on the -// reply subject. Use Request() for automatically waiting for a response -// inline. -func (nc *Conn) PublishRequest(subj, reply string, data []byte) error { - return nc.publish(subj, reply, nil, data) -} - -// Used for handrolled itoa -const digits = "0123456789" - -// publish is the internal function to publish messages to a nats-server. -// Sends a protocol data message by queuing into the bufio writer -// and kicking the flush go routine. These writes should be protected. -func (nc *Conn) publish(subj, reply string, hdr, data []byte) error { - if nc == nil { - return ErrInvalidConnection - } - if subj == "" { - return ErrBadSubject - } - nc.mu.Lock() - - if nc.isClosed() { - nc.mu.Unlock() - return ErrConnectionClosed - } - - if nc.isDrainingPubs() { - nc.mu.Unlock() - return ErrConnectionDraining - } - - // Proactively reject payloads over the threshold set by server. - msgSize := int64(len(data) + len(hdr)) - // Skip this check if we are not yet connected (RetryOnFailedConnect) - if !nc.initc && msgSize > nc.info.MaxPayload { - nc.mu.Unlock() - return ErrMaxPayload - } - - // Check if we are reconnecting, and if so check if - // we have exceeded our reconnect outbound buffer limits. - if nc.isReconnecting() { - // Flush to underlying buffer. - nc.bw.Flush() - // Check if we are over - if nc.pending.Len() >= nc.Opts.ReconnectBufSize { - nc.mu.Unlock() - return ErrReconnectBufExceeded - } - } - - var mh []byte - if hdr != nil { - mh = nc.scratch[:len(_HPUB_P_)] - } else { - mh = nc.scratch[1:len(_HPUB_P_)] - } - mh = append(mh, subj...) - mh = append(mh, ' ') - if reply != "" { - mh = append(mh, reply...) - mh = append(mh, ' ') - } - - // We could be smarter here, but simple loop is ok, - // just avoid strconv in fast path. - // FIXME(dlc) - Find a better way here. - // msgh = strconv.AppendInt(msgh, int64(len(data)), 10) - // go 1.14 some values strconv faster, may be able to switch over. - - var b [12]byte - var i = len(b) - - if hdr != nil { - if len(hdr) > 0 { - for l := len(hdr); l > 0; l /= 10 { - i-- - b[i] = digits[l%10] - } - } else { - i-- - b[i] = digits[0] - } - mh = append(mh, b[i:]...) - mh = append(mh, ' ') - // reset for below. - i = len(b) - } - - if msgSize > 0 { - for l := msgSize; l > 0; l /= 10 { - i-- - b[i] = digits[l%10] - } - } else { - i-- - b[i] = digits[0] - } - - mh = append(mh, b[i:]...) - mh = append(mh, _CRLF_...) - - _, err := nc.bw.Write(mh) - if err == nil { - if hdr != nil { - _, err = nc.bw.Write(hdr) - } - if err == nil { - _, err = nc.bw.Write(data) - } - } - if err == nil { - _, err = nc.bw.WriteString(_CRLF_) - } - if err != nil { - nc.mu.Unlock() - return err - } - - nc.OutMsgs++ - nc.OutBytes += uint64(len(data) + len(hdr)) - - if len(nc.fch) == 0 { - nc.kickFlusher() - } - nc.mu.Unlock() - return nil -} - -// respHandler is the global response handler. It will look up -// the appropriate channel based on the last token and place -// the message on the channel if possible. -func (nc *Conn) respHandler(m *Msg) { - nc.mu.Lock() - - // Just return if closed. - if nc.isClosed() { - nc.mu.Unlock() - return - } - - var mch chan *Msg - - // Grab mch - rt := nc.respToken(m.Subject) - if rt != _EMPTY_ { - mch = nc.respMap[rt] - // Delete the key regardless, one response only. - delete(nc.respMap, rt) - } else if len(nc.respMap) == 1 { - // If the server has rewritten the subject, the response token (rt) - // will not match (could be the case with JetStream). If that is the - // case and there is a single entry, use that. - for k, v := range nc.respMap { - mch = v - delete(nc.respMap, k) - break - } - } - nc.mu.Unlock() - - // Don't block, let Request timeout instead, mch is - // buffered and we should delete the key before a - // second response is processed. - select { - case mch <- m: - default: - return - } -} - -// Helper to setup and send new request style requests. Return the chan to receive the response. -func (nc *Conn) createNewRequestAndSend(subj string, hdr, data []byte) (chan *Msg, string, error) { - nc.mu.Lock() - // Do setup for the new style if needed. - if nc.respMap == nil { - nc.initNewResp() - } - // Create new literal Inbox and map to a chan msg. - mch := make(chan *Msg, RequestChanLen) - respInbox := nc.newRespInbox() - token := respInbox[respInboxPrefixLen:] - nc.respMap[token] = mch - if nc.respMux == nil { - // Create the response subscription we will use for all new style responses. - // This will be on an _INBOX with an additional terminal token. The subscription - // will be on a wildcard. - s, err := nc.subscribeLocked(nc.respSub, _EMPTY_, nc.respHandler, nil, false, nil) - if err != nil { - nc.mu.Unlock() - return nil, token, err - } - nc.respScanf = strings.Replace(nc.respSub, "*", "%s", -1) - nc.respMux = s - } - nc.mu.Unlock() - - if err := nc.publish(subj, respInbox, hdr, data); err != nil { - return nil, token, err - } - - return mch, token, nil -} - -// RequestMsg will send a request payload including optional headers and deliver -// the response message, or an error, including a timeout if no message was received properly. -func (nc *Conn) RequestMsg(msg *Msg, timeout time.Duration) (*Msg, error) { - var hdr []byte - var err error - - if len(msg.Header) > 0 { - if !nc.info.Headers { - return nil, ErrHeadersNotSupported - } - hdr, err = msg.headerBytes() - if err != nil { - return nil, err - } - } - - return nc.request(msg.Subject, hdr, msg.Data, timeout) -} - -// Request will send a request payload and deliver the response message, -// or an error, including a timeout if no message was received properly. -func (nc *Conn) Request(subj string, data []byte, timeout time.Duration) (*Msg, error) { - return nc.request(subj, nil, data, timeout) -} - -func (nc *Conn) useOldRequestStyle() bool { - nc.mu.RLock() - r := nc.Opts.UseOldRequestStyle - nc.mu.RUnlock() - return r -} - -func (nc *Conn) request(subj string, hdr, data []byte, timeout time.Duration) (*Msg, error) { - if nc == nil { - return nil, ErrInvalidConnection - } - - var m *Msg - var err error - - if nc.useOldRequestStyle() { - m, err = nc.oldRequest(subj, hdr, data, timeout) - } else { - m, err = nc.newRequest(subj, hdr, data, timeout) - } - - // Check for no responder status. - if err == nil && len(m.Data) == 0 && m.Header.Get(statusHdr) == noResponders { - m, err = nil, ErrNoResponders - } - return m, err -} - -func (nc *Conn) newRequest(subj string, hdr, data []byte, timeout time.Duration) (*Msg, error) { - mch, token, err := nc.createNewRequestAndSend(subj, hdr, data) - if err != nil { - return nil, err - } - - t := globalTimerPool.Get(timeout) - defer globalTimerPool.Put(t) - - var ok bool - var msg *Msg - - select { - case msg, ok = <-mch: - if !ok { - return nil, ErrConnectionClosed - } - case <-t.C: - nc.mu.Lock() - delete(nc.respMap, token) - nc.mu.Unlock() - return nil, ErrTimeout - } - - return msg, nil -} - -// oldRequest will create an Inbox and perform a Request() call -// with the Inbox reply and return the first reply received. -// This is optimized for the case of multiple responses. -func (nc *Conn) oldRequest(subj string, hdr, data []byte, timeout time.Duration) (*Msg, error) { - inbox := NewInbox() - ch := make(chan *Msg, RequestChanLen) - - s, err := nc.subscribe(inbox, _EMPTY_, nil, ch, true, nil) - if err != nil { - return nil, err - } - s.AutoUnsubscribe(1) - defer s.Unsubscribe() - - err = nc.publish(subj, inbox, hdr, data) - if err != nil { - return nil, err - } - - return s.NextMsg(timeout) -} - -// InboxPrefix is the prefix for all inbox subjects. -const ( - InboxPrefix = "_INBOX." - inboxPrefixLen = len(InboxPrefix) - respInboxPrefixLen = inboxPrefixLen + nuidSize + 1 - replySuffixLen = 8 // Gives us 62^8 - rdigits = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" - base = 62 -) - -// NewInbox will return an inbox string which can be used for directed replies from -// subscribers. These are guaranteed to be unique, but can be shared and subscribed -// to by others. -func NewInbox() string { - var b [inboxPrefixLen + nuidSize]byte - pres := b[:inboxPrefixLen] - copy(pres, InboxPrefix) - ns := b[inboxPrefixLen:] - copy(ns, nuid.Next()) - return string(b[:]) -} - -// Function to init new response structures. -func (nc *Conn) initNewResp() { - // _INBOX wildcard - nc.respSub = fmt.Sprintf("%s.*", NewInbox()) - nc.respMap = make(map[string]chan *Msg) - nc.respRand = rand.New(rand.NewSource(time.Now().UnixNano())) -} - -// newRespInbox creates a new literal response subject -// that will trigger the mux subscription handler. -// Lock should be held. -func (nc *Conn) newRespInbox() string { - if nc.respMap == nil { - nc.initNewResp() - } - var b [respInboxPrefixLen + replySuffixLen]byte - pres := b[:respInboxPrefixLen] - copy(pres, nc.respSub) - rn := nc.respRand.Int63() - for i, l := respInboxPrefixLen, rn; i < len(b); i++ { - b[i] = rdigits[l%base] - l /= base - } - return string(b[:]) -} - -// NewRespInbox is the new format used for _INBOX. -func (nc *Conn) NewRespInbox() string { - nc.mu.Lock() - s := nc.newRespInbox() - nc.mu.Unlock() - return s -} - -// respToken will return the last token of a literal response inbox -// which we use for the message channel lookup. This needs to do a -// scan to protect itself against the server changing the subject. -// Lock should be held. -func (nc *Conn) respToken(respInbox string) string { - var token string - n, err := fmt.Sscanf(respInbox, nc.respScanf, &token) - if err != nil || n != 1 { - return "" - } - return token -} - -// Subscribe will express interest in the given subject. The subject -// can have wildcards (partial:*, full:>). Messages will be delivered -// to the associated MsgHandler. -func (nc *Conn) Subscribe(subj string, cb MsgHandler) (*Subscription, error) { - return nc.subscribe(subj, _EMPTY_, cb, nil, false, nil) -} - -// ChanSubscribe will express interest in the given subject and place -// all messages received on the channel. -// You should not close the channel until sub.Unsubscribe() has been called. -func (nc *Conn) ChanSubscribe(subj string, ch chan *Msg) (*Subscription, error) { - return nc.subscribe(subj, _EMPTY_, nil, ch, false, nil) -} - -// ChanQueueSubscribe will express interest in the given subject. -// All subscribers with the same queue name will form the queue group -// and only one member of the group will be selected to receive any given message, -// which will be placed on the channel. -// You should not close the channel until sub.Unsubscribe() has been called. -// Note: This is the same than QueueSubscribeSyncWithChan. -func (nc *Conn) ChanQueueSubscribe(subj, group string, ch chan *Msg) (*Subscription, error) { - return nc.subscribe(subj, group, nil, ch, false, nil) -} - -// SubscribeSync will express interest on the given subject. Messages will -// be received synchronously using Subscription.NextMsg(). -func (nc *Conn) SubscribeSync(subj string) (*Subscription, error) { - if nc == nil { - return nil, ErrInvalidConnection - } - mch := make(chan *Msg, nc.Opts.SubChanLen) - s, e := nc.subscribe(subj, _EMPTY_, nil, mch, true, nil) - return s, e -} - -// QueueSubscribe creates an asynchronous queue subscriber on the given subject. -// All subscribers with the same queue name will form the queue group and -// only one member of the group will be selected to receive any given -// message asynchronously. -func (nc *Conn) QueueSubscribe(subj, queue string, cb MsgHandler) (*Subscription, error) { - return nc.subscribe(subj, queue, cb, nil, false, nil) -} - -// QueueSubscribeSync creates a synchronous queue subscriber on the given -// subject. All subscribers with the same queue name will form the queue -// group and only one member of the group will be selected to receive any -// given message synchronously using Subscription.NextMsg(). -func (nc *Conn) QueueSubscribeSync(subj, queue string) (*Subscription, error) { - mch := make(chan *Msg, nc.Opts.SubChanLen) - s, e := nc.subscribe(subj, queue, nil, mch, true, nil) - return s, e -} - -// QueueSubscribeSyncWithChan will express interest in the given subject. -// All subscribers with the same queue name will form the queue group -// and only one member of the group will be selected to receive any given message, -// which will be placed on the channel. -// You should not close the channel until sub.Unsubscribe() has been called. -// Note: This is the same than ChanQueueSubscribe. -func (nc *Conn) QueueSubscribeSyncWithChan(subj, queue string, ch chan *Msg) (*Subscription, error) { - return nc.subscribe(subj, queue, nil, ch, false, nil) -} - -// badSubject will do quick test on whether a subject is acceptable. -// Spaces are not allowed and all tokens should be > 0 in len. -func badSubject(subj string) bool { - if strings.ContainsAny(subj, " \t\r\n") { - return true - } - tokens := strings.Split(subj, ".") - for _, t := range tokens { - if len(t) == 0 { - return true - } - } - return false -} - -// badQueue will check a queue name for whitespace. -func badQueue(qname string) bool { - return strings.ContainsAny(qname, " \t\r\n") -} - -// subscribe is the internal subscribe function that indicates interest in a subject. -func (nc *Conn) subscribe(subj, queue string, cb MsgHandler, ch chan *Msg, isSync bool, js *jsSub) (*Subscription, error) { - if nc == nil { - return nil, ErrInvalidConnection - } - nc.mu.Lock() - defer nc.mu.Unlock() - return nc.subscribeLocked(subj, queue, cb, ch, isSync, js) -} - -func (nc *Conn) subscribeLocked(subj, queue string, cb MsgHandler, ch chan *Msg, isSync bool, js *jsSub) (*Subscription, error) { - if nc == nil { - return nil, ErrInvalidConnection - } - if badSubject(subj) { - return nil, ErrBadSubject - } - if queue != "" && badQueue(queue) { - return nil, ErrBadQueueName - } - - // Check for some error conditions. - if nc.isClosed() { - return nil, ErrConnectionClosed - } - if nc.isDraining() { - return nil, ErrConnectionDraining - } - - if cb == nil && ch == nil { - return nil, ErrBadSubscription - } - - sub := &Subscription{Subject: subj, Queue: queue, mcb: cb, conn: nc, jsi: js} - // Set pending limits. - if ch != nil { - sub.pMsgsLimit = cap(ch) - } else { - sub.pMsgsLimit = DefaultSubPendingMsgsLimit - } - sub.pBytesLimit = DefaultSubPendingBytesLimit - - // If we have an async callback, start up a sub specific - // Go routine to deliver the messages. - if cb != nil { - sub.typ = AsyncSubscription - sub.pCond = sync.NewCond(&sub.mu) - go nc.waitForMsgs(sub) - } else if !isSync { - sub.typ = ChanSubscription - sub.mch = ch - } else { // Sync Subscription - sub.typ = SyncSubscription - sub.mch = ch - } - - nc.subsMu.Lock() - nc.ssid++ - sub.sid = nc.ssid - nc.subs[sub.sid] = sub - nc.subsMu.Unlock() - - // We will send these for all subs when we reconnect - // so that we can suppress here if reconnecting. - if !nc.isReconnecting() { - fmt.Fprintf(nc.bw, subProto, subj, queue, sub.sid) - // Kick flusher if needed. - if len(nc.fch) == 0 { - nc.kickFlusher() - } - } - - return sub, nil -} - -// NumSubscriptions returns active number of subscriptions. -func (nc *Conn) NumSubscriptions() int { - nc.mu.RLock() - defer nc.mu.RUnlock() - return len(nc.subs) -} - -// Lock for nc should be held here upon entry -func (nc *Conn) removeSub(s *Subscription) { - nc.subsMu.Lock() - delete(nc.subs, s.sid) - nc.subsMu.Unlock() - s.mu.Lock() - defer s.mu.Unlock() - // Release callers on NextMsg for SyncSubscription only - if s.mch != nil && s.typ == SyncSubscription { - close(s.mch) - } - s.mch = nil - - // Mark as invalid - s.closed = true - if s.pCond != nil { - s.pCond.Broadcast() - } -} - -// SubscriptionType is the type of the Subscription. -type SubscriptionType int - -// The different types of subscription types. -const ( - AsyncSubscription = SubscriptionType(iota) - SyncSubscription - ChanSubscription - NilSubscription -) - -// Type returns the type of Subscription. -func (s *Subscription) Type() SubscriptionType { - if s == nil { - return NilSubscription - } - s.mu.Lock() - defer s.mu.Unlock() - return s.typ -} - -// IsValid returns a boolean indicating whether the subscription -// is still active. This will return false if the subscription has -// already been closed. -func (s *Subscription) IsValid() bool { - if s == nil { - return false - } - s.mu.Lock() - defer s.mu.Unlock() - return s.conn != nil && !s.closed -} - -// Drain will remove interest but continue callbacks until all messages -// have been processed. -func (s *Subscription) Drain() error { - if s == nil { - return ErrBadSubscription - } - s.mu.Lock() - conn := s.conn - s.mu.Unlock() - if conn == nil { - return ErrBadSubscription - } - return conn.unsubscribe(s, 0, true) -} - -// Unsubscribe will remove interest in the given subject. -func (s *Subscription) Unsubscribe() error { - if s == nil { - return ErrBadSubscription - } - s.mu.Lock() - conn := s.conn - closed := s.closed - s.mu.Unlock() - if conn == nil || conn.IsClosed() { - return ErrConnectionClosed - } - if closed { - return ErrBadSubscription - } - if conn.IsDraining() { - return ErrConnectionDraining - } - return conn.unsubscribe(s, 0, false) -} - -// checkDrained will watch for a subscription to be fully drained -// and then remove it. -func (nc *Conn) checkDrained(sub *Subscription) { - if nc == nil || sub == nil { - return - } - - // This allows us to know that whatever we have in the client pending - // is correct and the server will not send additional information. - nc.Flush() - - // Once we are here we just wait for Pending to reach 0 or - // any other state to exit this go routine. - for { - // check connection is still valid. - if nc.IsClosed() { - return - } - - // Check subscription state - sub.mu.Lock() - conn := sub.conn - closed := sub.closed - pMsgs := sub.pMsgs - sub.mu.Unlock() - - if conn == nil || closed || pMsgs == 0 { - nc.mu.Lock() - nc.removeSub(sub) - nc.mu.Unlock() - return - } - - time.Sleep(100 * time.Millisecond) - } -} - -// AutoUnsubscribe will issue an automatic Unsubscribe that is -// processed by the server when max messages have been received. -// This can be useful when sending a request to an unknown number -// of subscribers. -func (s *Subscription) AutoUnsubscribe(max int) error { - if s == nil { - return ErrBadSubscription - } - s.mu.Lock() - conn := s.conn - closed := s.closed - s.mu.Unlock() - if conn == nil || closed { - return ErrBadSubscription - } - return conn.unsubscribe(s, max, false) -} - -// unsubscribe performs the low level unsubscribe to the server. -// Use Subscription.Unsubscribe() -func (nc *Conn) unsubscribe(sub *Subscription, max int, drainMode bool) error { - // Check whether it is a JetStream sub and should clean up consumers. - sub.mu.Lock() - jsi := sub.jsi - sub.mu.Unlock() - if jsi != nil { - err := jsi.unsubscribe(drainMode) - if err != nil { - return err - } - } - - nc.mu.Lock() - // ok here, but defer is expensive - defer nc.mu.Unlock() - defer nc.kickFlusher() - - if nc.isClosed() { - return ErrConnectionClosed - } - - nc.subsMu.RLock() - s := nc.subs[sub.sid] - nc.subsMu.RUnlock() - // Already unsubscribed - if s == nil { - return nil - } - - maxStr := _EMPTY_ - if max > 0 { - s.max = uint64(max) - maxStr = strconv.Itoa(max) - } else if !drainMode { - nc.removeSub(s) - } - - if drainMode { - go nc.checkDrained(sub) - } - - // We will send these for all subs when we reconnect - // so that we can suppress here. - if !nc.isReconnecting() { - fmt.Fprintf(nc.bw, unsubProto, s.sid, maxStr) - } - return nil -} - -// NextMsg will return the next message available to a synchronous subscriber -// or block until one is available. An error is returned if the subscription is invalid (ErrBadSubscription), -// the connection is closed (ErrConnectionClosed), or the timeout is reached (ErrTimeout). -func (s *Subscription) NextMsg(timeout time.Duration) (*Msg, error) { - if s == nil { - return nil, ErrBadSubscription - } - - s.mu.Lock() - err := s.validateNextMsgState() - if err != nil { - s.mu.Unlock() - return nil, err - } - - // snapshot - mch := s.mch - s.mu.Unlock() - - var ok bool - var msg *Msg - - // If something is available right away, let's optimize that case. - select { - case msg, ok = <-mch: - if !ok { - return nil, s.getNextMsgErr() - } - if err := s.processNextMsgDelivered(msg); err != nil { - return nil, err - } else { - return msg, nil - } - default: - } - - // If we are here a message was not immediately available, so lets loop - // with a timeout. - - t := globalTimerPool.Get(timeout) - defer globalTimerPool.Put(t) - - select { - case msg, ok = <-mch: - if !ok { - return nil, s.getNextMsgErr() - } - if err := s.processNextMsgDelivered(msg); err != nil { - return nil, err - } - case <-t.C: - return nil, ErrTimeout - } - - return msg, nil -} - -// validateNextMsgState checks whether the subscription is in a valid -// state to call NextMsg and be delivered another message synchronously. -// This should be called while holding the lock. -func (s *Subscription) validateNextMsgState() error { - if s.connClosed { - return ErrConnectionClosed - } - if s.mch == nil { - if s.max > 0 && s.delivered >= s.max { - return ErrMaxMessages - } else if s.closed { - return ErrBadSubscription - } - } - if s.mcb != nil { - return ErrSyncSubRequired - } - if s.sc { - s.sc = false - return ErrSlowConsumer - } - - return nil -} - -// This is called when the sync channel has been closed. -// The error returned will be either connection or subscription -// closed depending on what caused NextMsg() to fail. -func (s *Subscription) getNextMsgErr() error { - s.mu.Lock() - defer s.mu.Unlock() - if s.connClosed { - return ErrConnectionClosed - } - return ErrBadSubscription -} - -// processNextMsgDelivered takes a message and applies the needed -// accounting to the stats from the subscription, returning an -// error in case we have the maximum number of messages have been -// delivered already. It should not be called while holding the lock. -func (s *Subscription) processNextMsgDelivered(msg *Msg) error { - s.mu.Lock() - nc := s.conn - max := s.max - jsi := s.jsi - - // Update some stats. - s.delivered++ - delivered := s.delivered - if s.typ == SyncSubscription { - s.pMsgs-- - s.pBytes -= len(msg.Data) - } - s.mu.Unlock() - - if max > 0 { - if delivered > max { - return ErrMaxMessages - } - // Remove subscription if we have reached max. - if delivered == max { - nc.mu.Lock() - nc.removeSub(s) - nc.mu.Unlock() - } - } - - // In case this is a JetStream message and in pull mode - // then check whether it is an JS API error. - if jsi != nil && jsi.pull > 0 && len(msg.Data) == 0 && msg.Header.Get(statusHdr) == noResponders { - return ErrNoResponders - } - - return nil -} - -// Queued returns the number of queued messages in the client for this subscription. -// DEPRECATED: Use Pending() -func (s *Subscription) QueuedMsgs() (int, error) { - m, _, err := s.Pending() - return int(m), err -} - -// Pending returns the number of queued messages and queued bytes in the client for this subscription. -func (s *Subscription) Pending() (int, int, error) { - if s == nil { - return -1, -1, ErrBadSubscription - } - s.mu.Lock() - defer s.mu.Unlock() - if s.conn == nil || s.closed { - return -1, -1, ErrBadSubscription - } - if s.typ == ChanSubscription { - return -1, -1, ErrTypeSubscription - } - return s.pMsgs, s.pBytes, nil -} - -// MaxPending returns the maximum number of queued messages and queued bytes seen so far. -func (s *Subscription) MaxPending() (int, int, error) { - if s == nil { - return -1, -1, ErrBadSubscription - } - s.mu.Lock() - defer s.mu.Unlock() - if s.conn == nil || s.closed { - return -1, -1, ErrBadSubscription - } - if s.typ == ChanSubscription { - return -1, -1, ErrTypeSubscription - } - return s.pMsgsMax, s.pBytesMax, nil -} - -// ClearMaxPending resets the maximums seen so far. -func (s *Subscription) ClearMaxPending() error { - if s == nil { - return ErrBadSubscription - } - s.mu.Lock() - defer s.mu.Unlock() - if s.conn == nil || s.closed { - return ErrBadSubscription - } - if s.typ == ChanSubscription { - return ErrTypeSubscription - } - s.pMsgsMax, s.pBytesMax = 0, 0 - return nil -} - -// Pending Limits -const ( - // DefaultSubPendingMsgsLimit will be 512k msgs. - DefaultSubPendingMsgsLimit = 512 * 1024 - // DefaultSubPendingBytesLimit is 64MB - DefaultSubPendingBytesLimit = 64 * 1024 * 1024 -) - -// PendingLimits returns the current limits for this subscription. -// If no error is returned, a negative value indicates that the -// given metric is not limited. -func (s *Subscription) PendingLimits() (int, int, error) { - if s == nil { - return -1, -1, ErrBadSubscription - } - s.mu.Lock() - defer s.mu.Unlock() - if s.conn == nil || s.closed { - return -1, -1, ErrBadSubscription - } - if s.typ == ChanSubscription { - return -1, -1, ErrTypeSubscription - } - return s.pMsgsLimit, s.pBytesLimit, nil -} - -// SetPendingLimits sets the limits for pending msgs and bytes for this subscription. -// Zero is not allowed. Any negative value means that the given metric is not limited. -func (s *Subscription) SetPendingLimits(msgLimit, bytesLimit int) error { - if s == nil { - return ErrBadSubscription - } - s.mu.Lock() - defer s.mu.Unlock() - if s.conn == nil || s.closed { - return ErrBadSubscription - } - if s.typ == ChanSubscription { - return ErrTypeSubscription - } - if msgLimit == 0 || bytesLimit == 0 { - return ErrInvalidArg - } - s.pMsgsLimit, s.pBytesLimit = msgLimit, bytesLimit - return nil -} - -// Delivered returns the number of delivered messages for this subscription. -func (s *Subscription) Delivered() (int64, error) { - if s == nil { - return -1, ErrBadSubscription - } - s.mu.Lock() - defer s.mu.Unlock() - if s.conn == nil || s.closed { - return -1, ErrBadSubscription - } - return int64(s.delivered), nil -} - -// Dropped returns the number of known dropped messages for this subscription. -// This will correspond to messages dropped by violations of PendingLimits. If -// the server declares the connection a SlowConsumer, this number may not be -// valid. -func (s *Subscription) Dropped() (int, error) { - if s == nil { - return -1, ErrBadSubscription - } - s.mu.Lock() - defer s.mu.Unlock() - if s.conn == nil || s.closed { - return -1, ErrBadSubscription - } - return s.dropped, nil -} - -// Respond allows a convenient way to respond to requests in service based subscriptions. -func (m *Msg) Respond(data []byte) error { - if m == nil || m.Sub == nil { - return ErrMsgNotBound - } - if m.Reply == "" { - return ErrMsgNoReply - } - m.Sub.mu.Lock() - nc := m.Sub.conn - m.Sub.mu.Unlock() - // No need to check the connection here since the call to publish will do all the checking. - return nc.Publish(m.Reply, data) -} - -// RespondMsg allows a convenient way to respond to requests in service based subscriptions that might include headers -func (m *Msg) RespondMsg(msg *Msg) error { - if m == nil || m.Sub == nil { - return ErrMsgNotBound - } - if m.Reply == "" { - return ErrMsgNoReply - } - msg.Subject = m.Reply - m.Sub.mu.Lock() - nc := m.Sub.conn - m.Sub.mu.Unlock() - // No need to check the connection here since the call to publish will do all the checking. - return nc.PublishMsg(msg) -} - -// FIXME: This is a hack -// removeFlushEntry is needed when we need to discard queued up responses -// for our pings as part of a flush call. This happens when we have a flush -// call outstanding and we call close. -func (nc *Conn) removeFlushEntry(ch chan struct{}) bool { - nc.mu.Lock() - defer nc.mu.Unlock() - if nc.pongs == nil { - return false - } - for i, c := range nc.pongs { - if c == ch { - nc.pongs[i] = nil - return true - } - } - return false -} - -// The lock must be held entering this function. -func (nc *Conn) sendPing(ch chan struct{}) { - nc.pongs = append(nc.pongs, ch) - nc.bw.WriteString(pingProto) - // Flush in place. - nc.bw.Flush() -} - -// This will fire periodically and send a client origin -// ping to the server. Will also check that we have received -// responses from the server. -func (nc *Conn) processPingTimer() { - nc.mu.Lock() - - if nc.status != CONNECTED { - nc.mu.Unlock() - return - } - - // Check for violation - nc.pout++ - if nc.pout > nc.Opts.MaxPingsOut { - nc.mu.Unlock() - nc.processOpErr(ErrStaleConnection) - return - } - - nc.sendPing(nil) - nc.ptmr.Reset(nc.Opts.PingInterval) - nc.mu.Unlock() -} - -// FlushTimeout allows a Flush operation to have an associated timeout. -func (nc *Conn) FlushTimeout(timeout time.Duration) (err error) { - if nc == nil { - return ErrInvalidConnection - } - if timeout <= 0 { - return ErrBadTimeout - } - - nc.mu.Lock() - if nc.isClosed() { - nc.mu.Unlock() - return ErrConnectionClosed - } - t := globalTimerPool.Get(timeout) - defer globalTimerPool.Put(t) - - // Create a buffered channel to prevent chan send to block - // in processPong() if this code here times out just when - // PONG was received. - ch := make(chan struct{}, 1) - nc.sendPing(ch) - nc.mu.Unlock() - - select { - case _, ok := <-ch: - if !ok { - err = ErrConnectionClosed - } else { - close(ch) - } - case <-t.C: - err = ErrTimeout - } - - if err != nil { - nc.removeFlushEntry(ch) - } - return -} - -// RTT calculates the round trip time between this client and the server. -func (nc *Conn) RTT() (time.Duration, error) { - if nc.IsClosed() { - return 0, ErrConnectionClosed - } - if nc.IsReconnecting() { - return 0, ErrDisconnected - } - start := time.Now() - if err := nc.FlushTimeout(10 * time.Second); err != nil { - return 0, err - } - return time.Since(start), nil -} - -// Flush will perform a round trip to the server and return when it -// receives the internal reply. -func (nc *Conn) Flush() error { - return nc.FlushTimeout(10 * time.Second) -} - -// Buffered will return the number of bytes buffered to be sent to the server. -// FIXME(dlc) take into account disconnected state. -func (nc *Conn) Buffered() (int, error) { - nc.mu.RLock() - defer nc.mu.RUnlock() - if nc.isClosed() || nc.bw == nil { - return -1, ErrConnectionClosed - } - return nc.bw.Buffered(), nil -} - -// resendSubscriptions will send our subscription state back to the -// server. Used in reconnects -func (nc *Conn) resendSubscriptions() { - // Since we are going to send protocols to the server, we don't want to - // be holding the subsMu lock (which is used in processMsg). So copy - // the subscriptions in a temporary array. - nc.subsMu.RLock() - subs := make([]*Subscription, 0, len(nc.subs)) - for _, s := range nc.subs { - subs = append(subs, s) - } - nc.subsMu.RUnlock() - for _, s := range subs { - adjustedMax := uint64(0) - s.mu.Lock() - if s.max > 0 { - if s.delivered < s.max { - adjustedMax = s.max - s.delivered - } - // adjustedMax could be 0 here if the number of delivered msgs - // reached the max, if so unsubscribe. - if adjustedMax == 0 { - s.mu.Unlock() - fmt.Fprintf(nc.bw, unsubProto, s.sid, _EMPTY_) - continue - } - } - s.mu.Unlock() - - fmt.Fprintf(nc.bw, subProto, s.Subject, s.Queue, s.sid) - if adjustedMax > 0 { - maxStr := strconv.Itoa(int(adjustedMax)) - fmt.Fprintf(nc.bw, unsubProto, s.sid, maxStr) - } - } -} - -// This will clear any pending flush calls and release pending calls. -// Lock is assumed to be held by the caller. -func (nc *Conn) clearPendingFlushCalls() { - // Clear any queued pongs, e.g. pending flush calls. - for _, ch := range nc.pongs { - if ch != nil { - close(ch) - } - } - nc.pongs = nil -} - -// This will clear any pending Request calls. -// Lock is assumed to be held by the caller. -func (nc *Conn) clearPendingRequestCalls() { - if nc.respMap == nil { - return - } - for key, ch := range nc.respMap { - if ch != nil { - close(ch) - delete(nc.respMap, key) - } - } -} - -// Low level close call that will do correct cleanup and set -// desired status. Also controls whether user defined callbacks -// will be triggered. The lock should not be held entering this -// function. This function will handle the locking manually. -func (nc *Conn) close(status Status, doCBs bool, err error) { - nc.mu.Lock() - if nc.isClosed() { - nc.status = status - nc.mu.Unlock() - return - } - nc.status = CLOSED - - // Kick the Go routines so they fall out. - nc.kickFlusher() - - // If the reconnect timer is waiting between a reconnect attempt, - // this will kick it out. - if nc.rqch != nil { - close(nc.rqch) - nc.rqch = nil - } - - // Clear any queued pongs, e.g. pending flush calls. - nc.clearPendingFlushCalls() - - // Clear any queued and blocking Requests. - nc.clearPendingRequestCalls() - - // Stop ping timer if set. - nc.stopPingTimer() - nc.ptmr = nil - - // Need to close and set tcp conn to nil if reconnect loop has stopped, - // otherwise we would incorrectly invoke Disconnect handler (if set) - // down below. - if nc.ar && nc.conn != nil { - nc.conn.Close() - nc.conn = nil - } else if nc.conn != nil { - // Go ahead and make sure we have flushed the outbound - nc.bw.Flush() - defer nc.conn.Close() - } - - // Close sync subscriber channels and release any - // pending NextMsg() calls. - nc.subsMu.Lock() - for _, s := range nc.subs { - s.mu.Lock() - - // Release callers on NextMsg for SyncSubscription only - if s.mch != nil && s.typ == SyncSubscription { - close(s.mch) - } - s.mch = nil - // Mark as invalid, for signaling to deliverMsgs - s.closed = true - // Mark connection closed in subscription - s.connClosed = true - // If we have an async subscription, signals it to exit - if s.typ == AsyncSubscription && s.pCond != nil { - s.pCond.Signal() - } - - s.mu.Unlock() - } - nc.subs = nil - nc.subsMu.Unlock() - - nc.status = status - - // Perform appropriate callback if needed for a disconnect. - if doCBs { - if nc.conn != nil { - if nc.Opts.DisconnectedErrCB != nil { - nc.ach.push(func() { nc.Opts.DisconnectedErrCB(nc, err) }) - } else if nc.Opts.DisconnectedCB != nil { - nc.ach.push(func() { nc.Opts.DisconnectedCB(nc) }) - } - } - if nc.Opts.ClosedCB != nil { - nc.ach.push(func() { nc.Opts.ClosedCB(nc) }) - } - } - // If this is terminal, then we have to notify the asyncCB handler that - // it can exit once all async cbs have been dispatched. - if status == CLOSED { - nc.ach.close() - } - nc.mu.Unlock() -} - -// Close will close the connection to the server. This call will release -// all blocking calls, such as Flush() and NextMsg() -func (nc *Conn) Close() { - if nc != nil { - nc.close(CLOSED, !nc.Opts.NoCallbacksAfterClientClose, nil) - } -} - -// IsClosed tests if a Conn has been closed. -func (nc *Conn) IsClosed() bool { - nc.mu.RLock() - defer nc.mu.RUnlock() - return nc.isClosed() -} - -// IsReconnecting tests if a Conn is reconnecting. -func (nc *Conn) IsReconnecting() bool { - nc.mu.RLock() - defer nc.mu.RUnlock() - return nc.isReconnecting() -} - -// IsConnected tests if a Conn is connected. -func (nc *Conn) IsConnected() bool { - nc.mu.RLock() - defer nc.mu.RUnlock() - return nc.isConnected() -} - -// drainConnection will run in a separate Go routine and will -// flush all publishes and drain all active subscriptions. -func (nc *Conn) drainConnection() { - // Snapshot subs list. - nc.mu.Lock() - - // Check again here if we are in a state to not process. - if nc.isClosed() { - nc.mu.Unlock() - return - } - if nc.isConnecting() || nc.isReconnecting() { - nc.mu.Unlock() - // Move to closed state. - nc.close(CLOSED, true, nil) - return - } - - subs := make([]*Subscription, 0, len(nc.subs)) - for _, s := range nc.subs { - if s == nc.respMux { - // Skip since might be in use while messages - // are being processed (can miss responses). - continue - } - subs = append(subs, s) - } - errCB := nc.Opts.AsyncErrorCB - drainWait := nc.Opts.DrainTimeout - respMux := nc.respMux - nc.mu.Unlock() - - // for pushing errors with context. - pushErr := func(err error) { - nc.mu.Lock() - nc.err = err - if errCB != nil { - nc.ach.push(func() { errCB(nc, nil, err) }) - } - nc.mu.Unlock() - } - - // Do subs first, skip request handler if present. - for _, s := range subs { - if err := s.Drain(); err != nil { - // We will notify about these but continue. - pushErr(err) - } - } - - // Wait for the subscriptions to drop to zero. - timeout := time.Now().Add(drainWait) - var min int - if respMux != nil { - min = 1 - } else { - min = 0 - } - for time.Now().Before(timeout) { - if nc.NumSubscriptions() == min { - break - } - time.Sleep(10 * time.Millisecond) - } - - // In case there was a request/response handler - // then need to call drain at the end. - if respMux != nil { - if err := respMux.Drain(); err != nil { - // We will notify about these but continue. - pushErr(err) - } - for time.Now().Before(timeout) { - if nc.NumSubscriptions() == 0 { - break - } - time.Sleep(10 * time.Millisecond) - } - } - - // Check if we timed out. - if nc.NumSubscriptions() != 0 { - pushErr(ErrDrainTimeout) - } - - // Flip State - nc.mu.Lock() - nc.status = DRAINING_PUBS - nc.mu.Unlock() - - // Do publish drain via Flush() call. - err := nc.FlushTimeout(5 * time.Second) - if err != nil { - pushErr(err) - nc.close(CLOSED, true, nil) - return - } - - // Move to closed state. - nc.close(CLOSED, true, nil) -} - -// Drain will put a connection into a drain state. All subscriptions will -// immediately be put into a drain state. Upon completion, the publishers -// will be drained and can not publish any additional messages. Upon draining -// of the publishers, the connection will be closed. Use the ClosedCB() -// option to know when the connection has moved from draining to closed. -func (nc *Conn) Drain() error { - nc.mu.Lock() - if nc.isClosed() { - nc.mu.Unlock() - return ErrConnectionClosed - } - if nc.isConnecting() || nc.isReconnecting() { - nc.mu.Unlock() - nc.close(CLOSED, true, nil) - return ErrConnectionReconnecting - } - if nc.isDraining() { - nc.mu.Unlock() - return nil - } - nc.status = DRAINING_SUBS - go nc.drainConnection() - nc.mu.Unlock() - - return nil -} - -// IsDraining tests if a Conn is in the draining state. -func (nc *Conn) IsDraining() bool { - nc.mu.RLock() - defer nc.mu.RUnlock() - return nc.isDraining() -} - -// caller must lock -func (nc *Conn) getServers(implicitOnly bool) []string { - poolSize := len(nc.srvPool) - var servers = make([]string, 0) - for i := 0; i < poolSize; i++ { - if implicitOnly && !nc.srvPool[i].isImplicit { - continue - } - url := nc.srvPool[i].url - servers = append(servers, fmt.Sprintf("%s://%s", url.Scheme, url.Host)) - } - return servers -} - -// Servers returns the list of known server urls, including additional -// servers discovered after a connection has been established. If -// authentication is enabled, use UserInfo or Token when connecting with -// these urls. -func (nc *Conn) Servers() []string { - nc.mu.RLock() - defer nc.mu.RUnlock() - return nc.getServers(false) -} - -// DiscoveredServers returns only the server urls that have been discovered -// after a connection has been established. If authentication is enabled, -// use UserInfo or Token when connecting with these urls. -func (nc *Conn) DiscoveredServers() []string { - nc.mu.RLock() - defer nc.mu.RUnlock() - return nc.getServers(true) -} - -// Status returns the current state of the connection. -func (nc *Conn) Status() Status { - nc.mu.RLock() - defer nc.mu.RUnlock() - return nc.status -} - -// Test if Conn has been closed Lock is assumed held. -func (nc *Conn) isClosed() bool { - return nc.status == CLOSED -} - -// Test if Conn is in the process of connecting -func (nc *Conn) isConnecting() bool { - return nc.status == CONNECTING -} - -// Test if Conn is being reconnected. -func (nc *Conn) isReconnecting() bool { - return nc.status == RECONNECTING -} - -// Test if Conn is connected or connecting. -func (nc *Conn) isConnected() bool { - return nc.status == CONNECTED || nc.isDraining() -} - -// Test if Conn is in the draining state. -func (nc *Conn) isDraining() bool { - return nc.status == DRAINING_SUBS || nc.status == DRAINING_PUBS -} - -// Test if Conn is in the draining state for pubs. -func (nc *Conn) isDrainingPubs() bool { - return nc.status == DRAINING_PUBS -} - -// Stats will return a race safe copy of the Statistics section for the connection. -func (nc *Conn) Stats() Statistics { - // Stats are updated either under connection's mu or with atomic operations - // for inbound stats in processMsg(). - nc.mu.Lock() - stats := Statistics{ - InMsgs: atomic.LoadUint64(&nc.InMsgs), - InBytes: atomic.LoadUint64(&nc.InBytes), - OutMsgs: nc.OutMsgs, - OutBytes: nc.OutBytes, - Reconnects: nc.Reconnects, - } - nc.mu.Unlock() - return stats -} - -// MaxPayload returns the size limit that a message payload can have. -// This is set by the server configuration and delivered to the client -// upon connect. -func (nc *Conn) MaxPayload() int64 { - nc.mu.RLock() - defer nc.mu.RUnlock() - return nc.info.MaxPayload -} - -// HeadersSupported will return if the server supports headers -func (nc *Conn) HeadersSupported() bool { - nc.mu.RLock() - defer nc.mu.RUnlock() - return nc.info.Headers -} - -// AuthRequired will return if the connected server requires authorization. -func (nc *Conn) AuthRequired() bool { - nc.mu.RLock() - defer nc.mu.RUnlock() - return nc.info.AuthRequired -} - -// TLSRequired will return if the connected server requires TLS connections. -func (nc *Conn) TLSRequired() bool { - nc.mu.RLock() - defer nc.mu.RUnlock() - return nc.info.TLSRequired -} - -// Barrier schedules the given function `f` to all registered asynchronous -// subscriptions. -// Only the last subscription to see this barrier will invoke the function. -// If no subscription is registered at the time of this call, `f()` is invoked -// right away. -// ErrConnectionClosed is returned if the connection is closed prior to -// the call. -func (nc *Conn) Barrier(f func()) error { - nc.mu.Lock() - if nc.isClosed() { - nc.mu.Unlock() - return ErrConnectionClosed - } - nc.subsMu.Lock() - // Need to figure out how many non chan subscriptions there are - numSubs := 0 - for _, sub := range nc.subs { - if sub.typ == AsyncSubscription { - numSubs++ - } - } - if numSubs == 0 { - nc.subsMu.Unlock() - nc.mu.Unlock() - f() - return nil - } - barrier := &barrierInfo{refs: int64(numSubs), f: f} - for _, sub := range nc.subs { - sub.mu.Lock() - if sub.mch == nil { - msg := &Msg{barrier: barrier} - // Push onto the async pList - if sub.pTail != nil { - sub.pTail.next = msg - } else { - sub.pHead = msg - sub.pCond.Signal() - } - sub.pTail = msg - } - sub.mu.Unlock() - } - nc.subsMu.Unlock() - nc.mu.Unlock() - return nil -} - -// GetClientIP returns the client IP as known by the server. -// Supported as of server version 2.1.6. -func (nc *Conn) GetClientIP() (net.IP, error) { - nc.mu.RLock() - defer nc.mu.RUnlock() - if nc.isClosed() { - return nil, ErrConnectionClosed - } - if nc.info.ClientIP == "" { - return nil, ErrClientIPNotSupported - } - ip := net.ParseIP(nc.info.ClientIP) - return ip, nil -} - -// GetClientID returns the client ID assigned by the server to which -// the client is currently connected to. Note that the value may change if -// the client reconnects. -// This function returns ErrClientIDNotSupported if the server is of a -// version prior to 1.2.0. -func (nc *Conn) GetClientID() (uint64, error) { - nc.mu.RLock() - defer nc.mu.RUnlock() - if nc.isClosed() { - return 0, ErrConnectionClosed - } - if nc.info.CID == 0 { - return 0, ErrClientIDNotSupported - } - return nc.info.CID, nil -} - -// NkeyOptionFromSeed will load an nkey pair from a seed file. -// It will return the NKey Option and will handle -// signing of nonce challenges from the server. It will take -// care to not hold keys in memory and to wipe memory. -func NkeyOptionFromSeed(seedFile string) (Option, error) { - kp, err := nkeyPairFromSeedFile(seedFile) - if err != nil { - return nil, err - } - // Wipe our key on exit. - defer kp.Wipe() - - pub, err := kp.PublicKey() - if err != nil { - return nil, err - } - if !nkeys.IsValidPublicUserKey(pub) { - return nil, fmt.Errorf("nats: Not a valid nkey user seed") - } - sigCB := func(nonce []byte) ([]byte, error) { - return sigHandler(nonce, seedFile) - } - return Nkey(string(pub), sigCB), nil -} - -// Just wipe slice with 'x', for clearing contents of creds or nkey seed file. -func wipeSlice(buf []byte) { - for i := range buf { - buf[i] = 'x' - } -} - -func userFromFile(userFile string) (string, error) { - path, err := expandPath(userFile) - if err != nil { - return _EMPTY_, fmt.Errorf("nats: %v", err) - } - - contents, err := ioutil.ReadFile(path) - if err != nil { - return _EMPTY_, fmt.Errorf("nats: %v", err) - } - defer wipeSlice(contents) - return nkeys.ParseDecoratedJWT(contents) -} - -func homeDir() (string, error) { - if runtime.GOOS == "windows" { - homeDrive, homePath := os.Getenv("HOMEDRIVE"), os.Getenv("HOMEPATH") - userProfile := os.Getenv("USERPROFILE") - - var home string - if homeDrive == "" || homePath == "" { - if userProfile == "" { - return _EMPTY_, errors.New("nats: failed to get home dir, require %HOMEDRIVE% and %HOMEPATH% or %USERPROFILE%") - } - home = userProfile - } else { - home = filepath.Join(homeDrive, homePath) - } - - return home, nil - } - - home := os.Getenv("HOME") - if home == "" { - return _EMPTY_, errors.New("nats: failed to get home dir, require $HOME") - } - return home, nil -} - -func expandPath(p string) (string, error) { - p = os.ExpandEnv(p) - - if !strings.HasPrefix(p, "~") { - return p, nil - } - - home, err := homeDir() - if err != nil { - return _EMPTY_, err - } - - return filepath.Join(home, p[1:]), nil -} - -func nkeyPairFromSeedFile(seedFile string) (nkeys.KeyPair, error) { - contents, err := ioutil.ReadFile(seedFile) - if err != nil { - return nil, fmt.Errorf("nats: %v", err) - } - defer wipeSlice(contents) - return nkeys.ParseDecoratedNKey(contents) -} - -// Sign authentication challenges from the server. -// Do not keep private seed in memory. -func sigHandler(nonce []byte, seedFile string) ([]byte, error) { - kp, err := nkeyPairFromSeedFile(seedFile) - if err != nil { - return nil, err - } - // Wipe our key on exit. - defer kp.Wipe() - - sig, _ := kp.Sign(nonce) - return sig, nil -} - -type timeoutWriter struct { - timeout time.Duration - conn net.Conn - err error -} - -// Write implements the io.Writer interface. -func (tw *timeoutWriter) Write(p []byte) (int, error) { - if tw.err != nil { - return 0, tw.err - } - - var n int - tw.conn.SetWriteDeadline(time.Now().Add(tw.timeout)) - n, tw.err = tw.conn.Write(p) - tw.conn.SetWriteDeadline(time.Time{}) - return n, tw.err -} diff --git a/vendor/github.com/nats-io/nats.go/netchan.go b/vendor/github.com/nats-io/nats.go/netchan.go deleted file mode 100644 index 3f2a33e6..00000000 --- a/vendor/github.com/nats-io/nats.go/netchan.go +++ /dev/null @@ -1,111 +0,0 @@ -// Copyright 2013-2018 The NATS Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package nats - -import ( - "errors" - "reflect" -) - -// This allows the functionality for network channels by binding send and receive Go chans -// to subjects and optionally queue groups. -// Data will be encoded and decoded via the EncodedConn and its associated encoders. - -// BindSendChan binds a channel for send operations to NATS. -func (c *EncodedConn) BindSendChan(subject string, channel interface{}) error { - chVal := reflect.ValueOf(channel) - if chVal.Kind() != reflect.Chan { - return ErrChanArg - } - go chPublish(c, chVal, subject) - return nil -} - -// Publish all values that arrive on the channel until it is closed or we -// encounter an error. -func chPublish(c *EncodedConn, chVal reflect.Value, subject string) { - for { - val, ok := chVal.Recv() - if !ok { - // Channel has most likely been closed. - return - } - if e := c.Publish(subject, val.Interface()); e != nil { - // Do this under lock. - c.Conn.mu.Lock() - defer c.Conn.mu.Unlock() - - if c.Conn.Opts.AsyncErrorCB != nil { - // FIXME(dlc) - Not sure this is the right thing to do. - // FIXME(ivan) - If the connection is not yet closed, try to schedule the callback - if c.Conn.isClosed() { - go c.Conn.Opts.AsyncErrorCB(c.Conn, nil, e) - } else { - c.Conn.ach.push(func() { c.Conn.Opts.AsyncErrorCB(c.Conn, nil, e) }) - } - } - return - } - } -} - -// BindRecvChan binds a channel for receive operations from NATS. -func (c *EncodedConn) BindRecvChan(subject string, channel interface{}) (*Subscription, error) { - return c.bindRecvChan(subject, _EMPTY_, channel) -} - -// BindRecvQueueChan binds a channel for queue-based receive operations from NATS. -func (c *EncodedConn) BindRecvQueueChan(subject, queue string, channel interface{}) (*Subscription, error) { - return c.bindRecvChan(subject, queue, channel) -} - -// Internal function to bind receive operations for a channel. -func (c *EncodedConn) bindRecvChan(subject, queue string, channel interface{}) (*Subscription, error) { - chVal := reflect.ValueOf(channel) - if chVal.Kind() != reflect.Chan { - return nil, ErrChanArg - } - argType := chVal.Type().Elem() - - cb := func(m *Msg) { - var oPtr reflect.Value - if argType.Kind() != reflect.Ptr { - oPtr = reflect.New(argType) - } else { - oPtr = reflect.New(argType.Elem()) - } - if err := c.Enc.Decode(m.Subject, m.Data, oPtr.Interface()); err != nil { - c.Conn.err = errors.New("nats: Got an error trying to unmarshal: " + err.Error()) - if c.Conn.Opts.AsyncErrorCB != nil { - c.Conn.ach.push(func() { c.Conn.Opts.AsyncErrorCB(c.Conn, m.Sub, c.Conn.err) }) - } - return - } - if argType.Kind() != reflect.Ptr { - oPtr = reflect.Indirect(oPtr) - } - // This is a bit hacky, but in this instance we may be trying to send to a closed channel. - // and the user does not know when it is safe to close the channel. - defer func() { - // If we have panicked, recover and close the subscription. - if r := recover(); r != nil { - m.Sub.Unsubscribe() - } - }() - // Actually do the send to the channel. - chVal.Send(oPtr) - } - - return c.Conn.subscribe(subject, queue, cb, nil, false, nil) -} diff --git a/vendor/github.com/nats-io/nats.go/parser.go b/vendor/github.com/nats-io/nats.go/parser.go deleted file mode 100644 index c9cbfeb6..00000000 --- a/vendor/github.com/nats-io/nats.go/parser.go +++ /dev/null @@ -1,552 +0,0 @@ -// Copyright 2012-2020 The NATS Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package nats - -import ( - "fmt" -) - -type msgArg struct { - subject []byte - reply []byte - sid int64 - hdr int - size int -} - -const MAX_CONTROL_LINE_SIZE = 4096 - -type parseState struct { - state int - as int - drop int - hdr int - ma msgArg - argBuf []byte - msgBuf []byte - scratch [MAX_CONTROL_LINE_SIZE]byte -} - -const ( - OP_START = iota - OP_PLUS - OP_PLUS_O - OP_PLUS_OK - OP_MINUS - OP_MINUS_E - OP_MINUS_ER - OP_MINUS_ERR - OP_MINUS_ERR_SPC - MINUS_ERR_ARG - OP_M - OP_MS - OP_MSG - OP_MSG_SPC - MSG_ARG - MSG_PAYLOAD - MSG_END - OP_H - OP_P - OP_PI - OP_PIN - OP_PING - OP_PO - OP_PON - OP_PONG - OP_I - OP_IN - OP_INF - OP_INFO - OP_INFO_SPC - INFO_ARG -) - -// parse is the fast protocol parser engine. -func (nc *Conn) parse(buf []byte) error { - var i int - var b byte - - // Move to loop instead of range syntax to allow jumping of i - for i = 0; i < len(buf); i++ { - b = buf[i] - - switch nc.ps.state { - case OP_START: - switch b { - case 'M', 'm': - nc.ps.state = OP_M - nc.ps.hdr = -1 - nc.ps.ma.hdr = -1 - case 'H', 'h': - nc.ps.state = OP_H - nc.ps.hdr = 0 - nc.ps.ma.hdr = 0 - case 'P', 'p': - nc.ps.state = OP_P - case '+': - nc.ps.state = OP_PLUS - case '-': - nc.ps.state = OP_MINUS - case 'I', 'i': - nc.ps.state = OP_I - default: - goto parseErr - } - case OP_H: - switch b { - case 'M', 'm': - nc.ps.state = OP_M - default: - goto parseErr - } - case OP_M: - switch b { - case 'S', 's': - nc.ps.state = OP_MS - default: - goto parseErr - } - case OP_MS: - switch b { - case 'G', 'g': - nc.ps.state = OP_MSG - default: - goto parseErr - } - case OP_MSG: - switch b { - case ' ', '\t': - nc.ps.state = OP_MSG_SPC - default: - goto parseErr - } - case OP_MSG_SPC: - switch b { - case ' ', '\t': - continue - default: - nc.ps.state = MSG_ARG - nc.ps.as = i - } - case MSG_ARG: - switch b { - case '\r': - nc.ps.drop = 1 - case '\n': - var arg []byte - if nc.ps.argBuf != nil { - arg = nc.ps.argBuf - } else { - arg = buf[nc.ps.as : i-nc.ps.drop] - } - if err := nc.processMsgArgs(arg); err != nil { - return err - } - nc.ps.drop, nc.ps.as, nc.ps.state = 0, i+1, MSG_PAYLOAD - - // jump ahead with the index. If this overruns - // what is left we fall out and process a split buffer. - i = nc.ps.as + nc.ps.ma.size - 1 - default: - if nc.ps.argBuf != nil { - nc.ps.argBuf = append(nc.ps.argBuf, b) - } - } - case MSG_PAYLOAD: - if nc.ps.msgBuf != nil { - if len(nc.ps.msgBuf) >= nc.ps.ma.size { - nc.processMsg(nc.ps.msgBuf) - nc.ps.argBuf, nc.ps.msgBuf, nc.ps.state = nil, nil, MSG_END - } else { - // copy as much as we can to the buffer and skip ahead. - toCopy := nc.ps.ma.size - len(nc.ps.msgBuf) - avail := len(buf) - i - - if avail < toCopy { - toCopy = avail - } - - if toCopy > 0 { - start := len(nc.ps.msgBuf) - // This is needed for copy to work. - nc.ps.msgBuf = nc.ps.msgBuf[:start+toCopy] - copy(nc.ps.msgBuf[start:], buf[i:i+toCopy]) - // Update our index - i = (i + toCopy) - 1 - } else { - nc.ps.msgBuf = append(nc.ps.msgBuf, b) - } - } - } else if i-nc.ps.as >= nc.ps.ma.size { - nc.processMsg(buf[nc.ps.as:i]) - nc.ps.argBuf, nc.ps.msgBuf, nc.ps.state = nil, nil, MSG_END - } - case MSG_END: - switch b { - case '\n': - nc.ps.drop, nc.ps.as, nc.ps.state = 0, i+1, OP_START - default: - continue - } - case OP_PLUS: - switch b { - case 'O', 'o': - nc.ps.state = OP_PLUS_O - default: - goto parseErr - } - case OP_PLUS_O: - switch b { - case 'K', 'k': - nc.ps.state = OP_PLUS_OK - default: - goto parseErr - } - case OP_PLUS_OK: - switch b { - case '\n': - nc.processOK() - nc.ps.drop, nc.ps.state = 0, OP_START - } - case OP_MINUS: - switch b { - case 'E', 'e': - nc.ps.state = OP_MINUS_E - default: - goto parseErr - } - case OP_MINUS_E: - switch b { - case 'R', 'r': - nc.ps.state = OP_MINUS_ER - default: - goto parseErr - } - case OP_MINUS_ER: - switch b { - case 'R', 'r': - nc.ps.state = OP_MINUS_ERR - default: - goto parseErr - } - case OP_MINUS_ERR: - switch b { - case ' ', '\t': - nc.ps.state = OP_MINUS_ERR_SPC - default: - goto parseErr - } - case OP_MINUS_ERR_SPC: - switch b { - case ' ', '\t': - continue - default: - nc.ps.state = MINUS_ERR_ARG - nc.ps.as = i - } - case MINUS_ERR_ARG: - switch b { - case '\r': - nc.ps.drop = 1 - case '\n': - var arg []byte - if nc.ps.argBuf != nil { - arg = nc.ps.argBuf - nc.ps.argBuf = nil - } else { - arg = buf[nc.ps.as : i-nc.ps.drop] - } - nc.processErr(string(arg)) - nc.ps.drop, nc.ps.as, nc.ps.state = 0, i+1, OP_START - default: - if nc.ps.argBuf != nil { - nc.ps.argBuf = append(nc.ps.argBuf, b) - } - } - case OP_P: - switch b { - case 'I', 'i': - nc.ps.state = OP_PI - case 'O', 'o': - nc.ps.state = OP_PO - default: - goto parseErr - } - case OP_PO: - switch b { - case 'N', 'n': - nc.ps.state = OP_PON - default: - goto parseErr - } - case OP_PON: - switch b { - case 'G', 'g': - nc.ps.state = OP_PONG - default: - goto parseErr - } - case OP_PONG: - switch b { - case '\n': - nc.processPong() - nc.ps.drop, nc.ps.state = 0, OP_START - } - case OP_PI: - switch b { - case 'N', 'n': - nc.ps.state = OP_PIN - default: - goto parseErr - } - case OP_PIN: - switch b { - case 'G', 'g': - nc.ps.state = OP_PING - default: - goto parseErr - } - case OP_PING: - switch b { - case '\n': - nc.processPing() - nc.ps.drop, nc.ps.state = 0, OP_START - } - case OP_I: - switch b { - case 'N', 'n': - nc.ps.state = OP_IN - default: - goto parseErr - } - case OP_IN: - switch b { - case 'F', 'f': - nc.ps.state = OP_INF - default: - goto parseErr - } - case OP_INF: - switch b { - case 'O', 'o': - nc.ps.state = OP_INFO - default: - goto parseErr - } - case OP_INFO: - switch b { - case ' ', '\t': - nc.ps.state = OP_INFO_SPC - default: - goto parseErr - } - case OP_INFO_SPC: - switch b { - case ' ', '\t': - continue - default: - nc.ps.state = INFO_ARG - nc.ps.as = i - } - case INFO_ARG: - switch b { - case '\r': - nc.ps.drop = 1 - case '\n': - var arg []byte - if nc.ps.argBuf != nil { - arg = nc.ps.argBuf - nc.ps.argBuf = nil - } else { - arg = buf[nc.ps.as : i-nc.ps.drop] - } - nc.processAsyncInfo(arg) - nc.ps.drop, nc.ps.as, nc.ps.state = 0, i+1, OP_START - default: - if nc.ps.argBuf != nil { - nc.ps.argBuf = append(nc.ps.argBuf, b) - } - } - default: - goto parseErr - } - } - // Check for split buffer scenarios - if (nc.ps.state == MSG_ARG || nc.ps.state == MINUS_ERR_ARG || nc.ps.state == INFO_ARG) && nc.ps.argBuf == nil { - nc.ps.argBuf = nc.ps.scratch[:0] - nc.ps.argBuf = append(nc.ps.argBuf, buf[nc.ps.as:i-nc.ps.drop]...) - // FIXME, check max len - } - // Check for split msg - if nc.ps.state == MSG_PAYLOAD && nc.ps.msgBuf == nil { - // We need to clone the msgArg if it is still referencing the - // read buffer and we are not able to process the msg. - if nc.ps.argBuf == nil { - nc.cloneMsgArg() - } - - // If we will overflow the scratch buffer, just create a - // new buffer to hold the split message. - if nc.ps.ma.size > cap(nc.ps.scratch)-len(nc.ps.argBuf) { - lrem := len(buf[nc.ps.as:]) - - nc.ps.msgBuf = make([]byte, lrem, nc.ps.ma.size) - copy(nc.ps.msgBuf, buf[nc.ps.as:]) - } else { - nc.ps.msgBuf = nc.ps.scratch[len(nc.ps.argBuf):len(nc.ps.argBuf)] - nc.ps.msgBuf = append(nc.ps.msgBuf, (buf[nc.ps.as:])...) - } - } - - return nil - -parseErr: - return fmt.Errorf("nats: Parse Error [%d]: '%s'", nc.ps.state, buf[i:]) -} - -// cloneMsgArg is used when the split buffer scenario has the pubArg in the existing read buffer, but -// we need to hold onto it into the next read. -func (nc *Conn) cloneMsgArg() { - nc.ps.argBuf = nc.ps.scratch[:0] - nc.ps.argBuf = append(nc.ps.argBuf, nc.ps.ma.subject...) - nc.ps.argBuf = append(nc.ps.argBuf, nc.ps.ma.reply...) - nc.ps.ma.subject = nc.ps.argBuf[:len(nc.ps.ma.subject)] - if nc.ps.ma.reply != nil { - nc.ps.ma.reply = nc.ps.argBuf[len(nc.ps.ma.subject):] - } -} - -const argsLenMax = 4 - -func (nc *Conn) processMsgArgs(arg []byte) error { - // Use separate function for header based messages. - if nc.ps.hdr >= 0 { - return nc.processHeaderMsgArgs(arg) - } - - // Unroll splitArgs to avoid runtime/heap issues - a := [argsLenMax][]byte{} - args := a[:0] - start := -1 - for i, b := range arg { - switch b { - case ' ', '\t', '\r', '\n': - if start >= 0 { - args = append(args, arg[start:i]) - start = -1 - } - default: - if start < 0 { - start = i - } - } - } - if start >= 0 { - args = append(args, arg[start:]) - } - - switch len(args) { - case 3: - nc.ps.ma.subject = args[0] - nc.ps.ma.sid = parseInt64(args[1]) - nc.ps.ma.reply = nil - nc.ps.ma.size = int(parseInt64(args[2])) - case 4: - nc.ps.ma.subject = args[0] - nc.ps.ma.sid = parseInt64(args[1]) - nc.ps.ma.reply = args[2] - nc.ps.ma.size = int(parseInt64(args[3])) - default: - return fmt.Errorf("nats: processMsgArgs Parse Error: '%s'", arg) - } - if nc.ps.ma.sid < 0 { - return fmt.Errorf("nats: processMsgArgs Bad or Missing Sid: '%s'", arg) - } - if nc.ps.ma.size < 0 { - return fmt.Errorf("nats: processMsgArgs Bad or Missing Size: '%s'", arg) - } - return nil -} - -// processHeaderMsgArgs is for a header based message. -func (nc *Conn) processHeaderMsgArgs(arg []byte) error { - // Unroll splitArgs to avoid runtime/heap issues - a := [argsLenMax][]byte{} - args := a[:0] - start := -1 - for i, b := range arg { - switch b { - case ' ', '\t', '\r', '\n': - if start >= 0 { - args = append(args, arg[start:i]) - start = -1 - } - default: - if start < 0 { - start = i - } - } - } - if start >= 0 { - args = append(args, arg[start:]) - } - - switch len(args) { - case 4: - nc.ps.ma.subject = args[0] - nc.ps.ma.sid = parseInt64(args[1]) - nc.ps.ma.reply = nil - nc.ps.ma.hdr = int(parseInt64(args[2])) - nc.ps.ma.size = int(parseInt64(args[3])) - case 5: - nc.ps.ma.subject = args[0] - nc.ps.ma.sid = parseInt64(args[1]) - nc.ps.ma.reply = args[2] - nc.ps.ma.hdr = int(parseInt64(args[3])) - nc.ps.ma.size = int(parseInt64(args[4])) - default: - return fmt.Errorf("nats: processHeaderMsgArgs Parse Error: '%s'", arg) - } - if nc.ps.ma.sid < 0 { - return fmt.Errorf("nats: processHeaderMsgArgs Bad or Missing Sid: '%s'", arg) - } - if nc.ps.ma.hdr < 0 || nc.ps.ma.hdr > nc.ps.ma.size { - return fmt.Errorf("nats: processHeaderMsgArgs Bad or Missing Header Size: '%s'", arg) - } - if nc.ps.ma.size < 0 { - return fmt.Errorf("nats: processHeaderMsgArgs Bad or Missing Size: '%s'", arg) - } - return nil -} - -// Ascii numbers 0-9 -const ( - ascii_0 = 48 - ascii_9 = 57 -) - -// parseInt64 expects decimal positive numbers. We -// return -1 to signal error -func parseInt64(d []byte) (n int64) { - if len(d) == 0 { - return -1 - } - for _, dec := range d { - if dec < ascii_0 || dec > ascii_9 { - return -1 - } - n = n*10 + (int64(dec) - ascii_0) - } - return n -} diff --git a/vendor/github.com/nats-io/nats.go/timer.go b/vendor/github.com/nats-io/nats.go/timer.go deleted file mode 100644 index 1216762d..00000000 --- a/vendor/github.com/nats-io/nats.go/timer.go +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright 2017-2018 The NATS Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package nats - -import ( - "sync" - "time" -) - -// global pool of *time.Timer's. can be used by multiple goroutines concurrently. -var globalTimerPool timerPool - -// timerPool provides GC-able pooling of *time.Timer's. -// can be used by multiple goroutines concurrently. -type timerPool struct { - p sync.Pool -} - -// Get returns a timer that completes after the given duration. -func (tp *timerPool) Get(d time.Duration) *time.Timer { - if t, _ := tp.p.Get().(*time.Timer); t != nil { - t.Reset(d) - return t - } - - return time.NewTimer(d) -} - -// Put pools the given timer. -// -// There is no need to call t.Stop() before calling Put. -// -// Put will try to stop the timer before pooling. If the -// given timer already expired, Put will read the unreceived -// value if there is one. -func (tp *timerPool) Put(t *time.Timer) { - if !t.Stop() { - select { - case <-t.C: - default: - } - } - - tp.p.Put(t) -} diff --git a/vendor/github.com/nats-io/nats.go/util/tls.go b/vendor/github.com/nats-io/nats.go/util/tls.go deleted file mode 100644 index 53ff9aa2..00000000 --- a/vendor/github.com/nats-io/nats.go/util/tls.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2017-2018 The NATS Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// +build go1.8 - -package util - -import "crypto/tls" - -// CloneTLSConfig returns a copy of c. -func CloneTLSConfig(c *tls.Config) *tls.Config { - if c == nil { - return &tls.Config{} - } - - return c.Clone() -} diff --git a/vendor/github.com/nats-io/nats.go/util/tls_go17.go b/vendor/github.com/nats-io/nats.go/util/tls_go17.go deleted file mode 100644 index fd646d31..00000000 --- a/vendor/github.com/nats-io/nats.go/util/tls_go17.go +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright 2016-2018 The NATS Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// +build go1.7,!go1.8 - -package util - -import ( - "crypto/tls" -) - -// CloneTLSConfig returns a copy of c. Only the exported fields are copied. -// This is temporary, until this is provided by the language. -// https://go-review.googlesource.com/#/c/28075/ -func CloneTLSConfig(c *tls.Config) *tls.Config { - return &tls.Config{ - Rand: c.Rand, - Time: c.Time, - Certificates: c.Certificates, - NameToCertificate: c.NameToCertificate, - GetCertificate: c.GetCertificate, - RootCAs: c.RootCAs, - NextProtos: c.NextProtos, - ServerName: c.ServerName, - ClientAuth: c.ClientAuth, - ClientCAs: c.ClientCAs, - InsecureSkipVerify: c.InsecureSkipVerify, - CipherSuites: c.CipherSuites, - PreferServerCipherSuites: c.PreferServerCipherSuites, - SessionTicketsDisabled: c.SessionTicketsDisabled, - SessionTicketKey: c.SessionTicketKey, - ClientSessionCache: c.ClientSessionCache, - MinVersion: c.MinVersion, - MaxVersion: c.MaxVersion, - CurvePreferences: c.CurvePreferences, - DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled, - Renegotiation: c.Renegotiation, - } -} diff --git a/vendor/modules.txt b/vendor/modules.txt index df72be88..6709e4f5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -4,14 +4,11 @@ github.com/klauspost/compress/s2 # github.com/minio/highwayhash v1.0.1 ## explicit github.com/minio/highwayhash +# github.com/nats-io/jwt v1.2.2 +github.com/nats-io/jwt # github.com/nats-io/jwt/v2 v2.0.1 ## explicit github.com/nats-io/jwt/v2 -# github.com/nats-io/nats.go v1.10.1-0.20210228004050-ed743748acac -## explicit -github.com/nats-io/nats.go -github.com/nats-io/nats.go/encoders/builtin -github.com/nats-io/nats.go/util # github.com/nats-io/nkeys v0.3.0 ## explicit github.com/nats-io/nkeys