NATS源代码分析之auth目录

 

NATS是一个轻量的消息发布-订阅系统。NATS的核心是Event machine。

项目Server端源代码地址： github.com/nats-io/gnatsd

 

在auth目录中， multiuser.go plain.go token.go 本文一一记录

 

multisuer.go

// MultiUser Plain authentication is a basic username and password
type MultiUser struct {
    users map[string]*server.User
}

其中User结构代码如下：

// For multiple accounts/users.
type User struct {
    Username    string       `json:"user"`
    Password    string       `json:"password"`
    Permissions *Permissions `json:"permissions"`
}

// Authorization are the allowed subjects on a per
// publish or subscribe basis.
type Permissions struct {
    Publish   []string `json:"publish"`
    Subscribe []string `json:"subscribe"`
}

 server.auto.go中，与multouser结构关联，其代码如下：

// Auth is an interface for implementing authentication
type Auth interface {
	// Check if a client is authorized to connect
	Check(c ClientAuth) bool
}

// ClientAuth is an interface for client authentication
type ClientAuth interface {
	// Get options associated with a client
	GetOpts() *clientOpts
	// If TLS is enabled, TLS ConnectionState, nil otherwise
	GetTLSConnectionState() *tls.ConnectionState
	// Optionally map a user after auth.
	RegisterUser(*User)
}

　　plain.go 

Plain authentication is a basic username and password

type Plain struct {
	Username string
	Password string
}

　　token.go

Token holds a string token used for authentication

// Token holds a string token used for authentication
type Token struct {
	Token string
}

// Check authenticates a client from a token
func (p *Token) Check(c server.ClientAuth) bool {
	opts := c.GetOpts()
	// Check to see if the token is a bcrypt hash
	if isBcrypt(p.Token) {
		if err := bcrypt.CompareHashAndPassword([]byte(p.Token), []byte(opts.Authorization)); err != nil {
			return false
		}
	} else if p.Token != opts.Authorization {
		return false
	}

	return true
}