NATS源代碼分析之auth目錄

 

NATS是一個輕量的消息發佈-訂閱系統。NATS的核心是Event machine。

項目Server端源代碼地址： github.com/nats-io/gnatsd

 

在auth目錄中， multiuser.go plain.go token.go 本文一一記錄

 

multisuer.go

1 // MultiUser Plain authentication is a basic username and password
2 type MultiUser struct {
3     users map[string]*server.User
4 }

其中User結構代碼以下：

 1 // For multiple accounts/users.
 2 type User struct {
 3     Username    string       `json:"user"`
 4     Password    string       `json:"password"`
 5     Permissions *Permissions `json:"permissions"`
 6 }
 7 
 8 // Authorization are the allowed subjects on a per
 9 // publish or subscribe basis.
10 type Permissions struct {
11     Publish   []string `json:"publish"`
12     Subscribe []string `json:"subscribe"`
13 }

 server.auto.go中，與multouser結構關聯，其代碼以下：

// Auth is an interface for implementing authentication
type Auth interface {
	// Check if a client is authorized to connect
	Check(c ClientAuth) bool
}

// ClientAuth is an interface for client authentication
type ClientAuth interface {
	// Get options associated with a client
	GetOpts() *clientOpts
	// If TLS is enabled, TLS ConnectionState, nil otherwise
	GetTLSConnectionState() *tls.ConnectionState
	// Optionally map a user after auth.
	RegisterUser(*User)
}

　　plain.go 

Plain authentication is a basic username and password

type Plain struct {
	Username string
	Password string
}

　　token.go

Token holds a string token used for authentication

// Token holds a string token used for authentication
type Token struct {
	Token string
}

// Check authenticates a client from a token
func (p *Token) Check(c server.ClientAuth) bool {
	opts := c.GetOpts()
	// Check to see if the token is a bcrypt hash
	if isBcrypt(p.Token) {
		if err := bcrypt.CompareHashAndPassword([]byte(p.Token), []byte(opts.Authorization)); err != nil {
			return false
		}
	} else if p.Token != opts.Authorization {
		return false
	}

	return true
}