NATS是一个轻量的消息发布-订阅系统。NATS的核心是Event machine。
项目Server端源代码地址: github.com/nats-io/gnatsd
在auth目录中, multiuser.go plain.go token.go 本文一一记录
multisuer.go
1 // MultiUser Plain authentication is a basic username and password 2 type MultiUser struct { 3 users map[string]*server.User 4 }
其中User结构代码如下:
1 // For multiple accounts/users. 2 type User struct { 3 Username string `json:"user"` 4 Password string `json:"password"` 5 Permissions *Permissions `json:"permissions"` 6 } 7 8 // Authorization are the allowed subjects on a per 9 // publish or subscribe basis. 10 type Permissions struct { 11 Publish []string `json:"publish"` 12 Subscribe []string `json:"subscribe"` 13 }
server.auto.go中,与multouser结构关联,其代码如下:
// Auth is an interface for implementing authentication
type Auth interface {
// Check if a client is authorized to connect
Check(c ClientAuth) bool
}
// ClientAuth is an interface for client authentication
type ClientAuth interface {
// Get options associated with a client
GetOpts() *clientOpts
// If TLS is enabled, TLS ConnectionState, nil otherwise
GetTLSConnectionState() *tls.ConnectionState
// Optionally map a user after auth.
RegisterUser(*User)
}
plain.go
Plain authentication is a basic username and password
type Plain struct {
Username string
Password string
}
token.go
Token holds a string token used for authentication
// Token holds a string token used for authentication
type Token struct {
Token string
}
// Check authenticates a client from a token
func (p *Token) Check(c server.ClientAuth) bool {
opts := c.GetOpts()
// Check to see if the token is a bcrypt hash
if isBcrypt(p.Token) {
if err := bcrypt.CompareHashAndPassword([]byte(p.Token), []byte(opts.Authorization)); err != nil {
return false
}
} else if p.Token != opts.Authorization {
return false
}
return true
}