Jetstream movement can fail, so return that error and abort start-up if there's
a failure in moving precious data, rather than serve without it.
Create the jetstream directory if needed.
Create directories for private data mode 0750 not 0755.
This does not handle a directory layout made with 2.2.3, but does support a
2.2.2 to 2.2.4 migration. The empty directories made under 2.2.3 will still
hinder the renames we do here.
When a response was needed from a leafnode cluster back to a hub, we had rules to disallow.
That rule was a bit dated and since we have cluster origin for leafnode clusters and that
is checked before the message is actually sent we could remove the old rule.
Signed-off-by: Derek Collison <derek@nats.io>
There are 2 options, same_origin and allowed_origins that should
apply only to webbrowsers that set the Origin http header. If
the header is not present, the server should not fail direct
clients using websocket protocol, or leafnodes.
From spec:
https://datatracker.ietf.org/doc/html/rfc6455#section-1.6
The WebSocket Protocol uses the origin model used by web browsers to
restrict which web pages can contact a WebSocket server when the
WebSocket Protocol is used from a web page. Naturally, when the
WebSocket Protocol is used by a dedicated client directly (i.e., not
from a web page through a web browser), the origin model is not
useful, as the client can provide any arbitrary origin string.
Resolves#2207
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
When using multiple source streams from either different accounts or domains, the stream name could be the same and would cause bad behavior.
Signed-off-by: Derek Collison <derek@nats.io>
Only log when actually moving an account in case other files start polluting the directory.
When failing to look up an account and we have a resolver check to see if its a valid account name before attempting lookup.
Signed-off-by: Derek Collison <derek@nats.io>
We need the consumer state on the stream leader.
Also if we can't find the store yet for a consumer fallback to calculate needsAck.
Signed-off-by: Derek Collison <derek@nats.io>
At the time where we need the domain to construct the session hash,
we have access to server options. So use that instead of storing
the domain in the internal mqtt structure.
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
When a raft group was trying to catch up a consumer but the log is empty and we do have a snapshot but the requested sequence was the first sequence.
Signed-off-by: Derek Collison <derek@nats.io>
