gogrlx/nats-server
1
0
Fork 0
mirror of https://github.com/gogrlx/nats-server.git synced 2026-04-02 03:38:42 -07:00
Code Issues Packages Projects Releases Wiki Activity
4,394 Commits 30 Branches 48 Tags
ocsp-dev
Commit Graph

61 Commits

Author SHA1 Message Date
Waldemar Quevedo
46eccd7658 WIP: NATS Server + OCSP Support 
Signed-off-by: Waldemar Quevedo <wally@synadia.com>
Signed-off-by: Jaime Piña <jaime@synadia.com>
 2021-04-29 17:59:34 -07:00
Derek Collison
518ff9be14 Concurrent multiple durable subscribers would cause unpredictable behaviors. 
Upgraded to current Go client.

Signed-off-by: Derek Collison <derek@nats.io>
 2021-04-20 19:50:24 -07:00
Matthias Hanel
e390958beb Updated go client for unit tests and fixing test 
One test had a race.
For the other one, the updated go client changed the callback used.s

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-03-30 21:46:39 -04:00
Jaime Piña
6941bb3ade Update Go client in tests 2021-03-30 13:17:34 -07:00
Matthias Hanel
eb1a91d5b6 [fixed] private import issue by pulling in up to date jwt library 
Also prevent nats based account resolver from storing invalid jwt
Updated compress and highwayhash

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-03-14 19:37:14 -04:00
Derek Collison
7c67a9c5cc Update Go client 
Signed-off-by: Derek Collison <derek@nats.io>
 2021-02-28 05:11:01 -08:00
Derek Collison
afea79610a Consumer interest was not properly handled cross cluster. 
Signed-off-by: Derek Collison <derek@nats.io>
 2021-02-18 18:29:59 -08:00
Matthias Hanel
0cae6ab4e7 [added] support for jwt based account mappings (#1897) 
support for jwt based account mappings

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-02-08 17:25:14 -05:00
Derek Collison
a9b8948abe Add in tracking for quorum in raft and do auto stepdown. 
Also added in API responses when no leader is present for meta, streams and consumers.

Signed-off-by: Derek Collison <derek@nats.io>
 2021-01-27 13:34:00 -08:00
Matthias Hanel
dea9effa8d [added] support for StrictSigningKeyUsage and updated jwt library (#1845) 
This will cause the server to not trust accounts/user signed by an
identity key

The boot strapping system account will assume the account is issued by
the operator.
If this is not desirable, the system account can be provided right away
as resolver_preload.

[fixes] crash when the system account uses signing keys and an update changes that key set.

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-01-26 17:49:58 -05:00
Derek Collison
9c858d197a Added ability to properly restore consumers from a snapshot. 
This made us add forwarding proposals functionality in the raft layer.
More general cleanup and bug fixes as well.

Signed-off-by: Derek Collison <derek@nats.io>
 2021-01-24 19:30:34 -08:00
Derek Collison
d7cfb8f6e9 Use client version for stream and consumer extended info 
Signed-off-by: Derek Collison <derek@nats.io>
 2021-01-22 13:11:36 -08:00
Derek Collison
cb69df7118 Add proper support for stream update 
Signed-off-by: Derek Collison <derek@nats.io>
 2021-01-16 06:29:37 -08:00
Derek Collison
37cf7584bd Merge branch 'master' into jsc 2021-01-14 02:52:35 -07:00
Derek Collison
f0cdf89c61 JetStream Clustering WIP 
Signed-off-by: Derek Collison <derek@nats.io>
 2021-01-14 01:14:52 -08:00
Matthias Hanel
0ff6252692 Added tests for cfg/jwt based queue restrictions and updated jwt lib 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-01-07 17:30:51 -05:00
Matthias Hanel
592a6447a7 [Added] support for wildcard services and import remapping by JWT. 
Imports in JWT where extended to contain a new filed LocalSubject.
This Change pulls the new JWT library version in.
It was needed as prefix did not exist in the JWT library and the
original field could not be used. The field To has been deprecated.

When LocalSubject is set, service imports can be configured the same way
they are in config. Meaning, no reversal due to the type.

This change also ensures that wildcard references in transforms are only
set in To/LocalSubject. Before, for services, $1 would have to be set in Subject.

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2021-01-04 14:11:36 -05:00
Alberto Ricart
f09992a889 updated iteration of signing keys (previously a list, now a map). (#1779) 2020-12-17 13:59:18 -07:00
Matthias Hanel
c6daffbfcc [Added] ability to use jwt latency sampling properties headers/share 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-12-16 14:34:09 -05:00
Derek Collison
3b18f188ed Switched behavior to never refuse new request, and to alert when expiring ones with interest 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-10-21 10:35:29 -07:00
Derek Collison
610d2d21b7 More robust waiting queue for pull mode consumers 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-10-19 19:51:46 -07:00
Matthias Hanel
2bfb8b1227 [Fixed] revocation check for activations used current time instead of jwt issue time 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-10-15 15:36:50 -04:00
Matthias Hanel
387e1e1ee4 [Fixed] revocation check used current time instead of jwt issue time 
Also empty revoked keys once account jwt has no revocations.

Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-10-06 21:45:34 -04:00
Matthias Hanel
08e37e0d94 Updated jwt library and check (account/token) issuer prior to jwt Validate 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-09-29 21:03:40 -04:00
Ivan Kozlovic
7ccbaca782 Added an allowed connection type filter for users 
Users and NKey users will now have the option to specify a list
of allowed connection types.

This will allow for instance a certain user to be allowed to
connect as a standard NATS client, but not as Websocket, or
vice-versa.

This also fixes the websocket auth override. Indeed, with
the original behavior, the websocket users would have been bound
to $G, which would not work when there are accounts defined, since
when that is the case, no app can connect/bind to $G account.

Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
 2020-09-16 18:22:44 -06:00
Matthias Hanel
431560b004 Update JWT and incorporate change of cidr ranges from string to array 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-08-27 23:11:54 -04:00
Matthias Hanel
32615b4c71 Update jwtv2 and fix test that embedded jwtv2 operators 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-08-24 11:49:50 -04:00
Derek Collison
06ca580334 Update write deadline, client processing and slow proxy 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-06-30 16:41:01 -07:00
Derek Collison
4dee03b587 Allow mixed TLS and non-TLS on same port 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-06-05 18:04:11 -07:00
Matthias Hanel
cf6fcda75c Added default_permissions to accounts and account jwt 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-06-02 16:06:01 -04:00
Matthias Hanel
2d61507bb7 Moving nats.go unit test and updating go modules 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-06-02 12:44:00 -04:00
aricart
e7590f3065 jwt2 testbed 2020-06-01 18:00:13 -04:00
Derek Collison
19cf156d00 go.mod cleanup 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-31 05:46:16 -07:00
Derek Collison
dbde2479c2 Add in headers to consumer delivered messages 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-30 15:03:54 -07:00
Derek Collison
eca04c6fce First pass header support for JetStream 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-30 10:04:23 -07:00
Derek Collison
625129f20a Fix flapper test where no messages to receive at end 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-28 13:23:00 -07:00
Derek Collison
12e353e3ac Close connections when a remote update exceeds maximum 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-28 11:09:00 -07:00
Derek Collison
c9f78d6f79 Fixes post rebasing with master 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-19 16:38:19 -07:00
Derek Collison
d2ff4311d4 Rebase with master, updates to go.mod and vendor, bumped version 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-19 14:20:02 -07:00
Derek Collison
0d44a6150a More debug info on startup and restore 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-19 14:15:11 -07:00
Derek Collison
79b85ae385 Optimize for concurrent pub/sub 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-19 14:13:22 -07:00
Derek Collison
39aba7de92 filestore first pass 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-05-19 14:12:28 -07:00
Matthias Hanel
84e52bfb44 Pointing to jwt master 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-05-19 16:06:22 -04:00
Matthias Hanel
a989024075 Picking up jwt branch corresponding to this change 
Signed-off-by: Matthias Hanel <mh@synadia.com>
 2020-05-18 18:57:39 -04:00
Ivan Kozlovic
b329215af3 Release v2.1.7 
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
 2020-05-13 19:40:49 -06:00
Ivan Kozlovic
182e30adb6 Update dependencies 
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
 2020-03-30 18:23:43 -06:00
Derek Collison
643e73c0c5 Fix for #1256, mixed IP and DNS for cluster and TLS with leafnodes 
Signed-off-by: Derek Collison <derek@nats.io>
 2020-01-22 11:25:09 -08:00
Ivan Kozlovic
4a03b6382e Release 2.1.2 
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
 2019-11-18 15:22:52 -07:00
Derek Collison
fccf147898 Updated JWT dependency 
Signed-off-by: Derek Collison <derek@nats.io>
 2019-09-20 10:13:09 -07:00
Derek Collison
0551371b31 Add in JWT support for tracking latency 
Signed-off-by: Derek Collison <derek@nats.io>
 2019-09-18 08:51:43 -07:00