RubyGems - nats-pure - Versions diffs - 0.5.0 → 0.6.0 - Mend

nats-pure 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 741d87f63f2851dc25639453f9cd5ed68b3e2bfb66f45f1b5fe6caa9b3e352dd
-  data.tar.gz: 1af44d28a31788e37fbb50d14f966ff30805ee42614ae37a7ab3599edd0de4f0
+  metadata.gz: 23e0d5e7517e6747ba93d5e0f0941d2443bcce881936a7d986b9aeda9a668007
+  data.tar.gz: 1ee9d4e3277a283bc1a3eabefbb56bae81be9e32422311b9c9f48c4b2f369d07
 SHA512:
-  metadata.gz: 432d3b3cf28752ec19c6278763ec5e1ef5992ee9d57796aeadb41b978028b3700c699795134f46297c982d9fc98fc3979d0760842f74fb528977e62b66431c9c
-  data.tar.gz: 758a3b3deb4c2b14198bca42b647d2b11726c08d7150a914a8835a64fa6720d57d28c2207ddcd6ad40995427902ab1afd6705f2ab4c4ea1adbe9e131ccc1ea32
+  metadata.gz: 0eeae802740d61db43b624ffdd21996200befa37125fd04eda0e49474db17bdedbba3408da06ffec907076f935279df80901f4eb5c94a07e6cf26fa1e36ed649
+  data.tar.gz: a31a3936f8fafafb4b0ebfc47913021d62a208606193cc2566e2051dd06141011c75e0879f4cb69157677b2ef8f64bbac77f728c0e478bdc5f0ff116d1f26d81

data/lib/nats/io/client.rb CHANGED

@@ -174,16 +174,40 @@ module NATS
         # Hostname of current server; used for when TLS host
         # verification is enabled.
         @hostname = nil
+        @single_url_connect_used = false
         # New style request/response implementation.
         @resp_sub = nil
         @resp_map = nil
         @resp_sub_prefix = nil
         @nuid = NATS::NUID.new
+        # NKEYS
+        @user_credentials = nil
+        @nkeys_seed = nil
+        @user_nkey_cb = nil
+        @user_jwt_cb = nil
+        @signature_cb = nil
       end
       # Establishes connection to NATS.
-      def connect(opts={})
+      def connect(uri=nil, opts={})
+        case uri
+        when String
+          # Initialize TLS defaults in case any url is using it.
+          srvs = opts[:servers] = process_uri(uri)
+          if srvs.any? {|u| u.scheme == 'tls'} and !opts[:tls]
+            tls_context = OpenSSL::SSL::SSLContext.new
+            tls_context.set_params
+            opts[:tls] = {
+              context: tls_context
+            }
+          end
+          @single_url_connect_used = true if srvs.size == 1
+        when Hash
+          opts = uri
+        end
         opts[:verbose] = false if opts[:verbose].nil?
         opts[:pedantic] = false if opts[:pedantic].nil?
         opts[:reconnect] = true if opts[:reconnect].nil?
@@ -226,6 +250,11 @@ module NATS
           class << self; alias_method :request, :old_request; end
         end
+        # NKEYS
+        @user_credentials ||= opts[:user_credentials]
+        @nkeys_seed ||= opts[:nkeys_seed]
+        setup_nkeys_connect if @user_credentials or @nkeys_seed
         # Check for TLS usage
         @tls = @options[:tls]
@@ -245,7 +274,12 @@ module NATS
           @status = CONNECTING
           # Use the hostname from the server for TLS hostname verification.
-          @hostname = srv[:hostname]
+          if client_using_secure_connection? and single_url_connect_used?
+            # Always reuse the original hostname used to connect.
+            @hostname ||= srv[:hostname]
+          else
+            @hostname = srv[:hostname]
+          end
           # Established TCP connection successfully so can start connect
           process_connect_init
@@ -634,7 +668,8 @@ module NATS
           if connect_urls
             srvs = []
             connect_urls.each do |url|
-              u = URI.parse("nats://#{url}")
+              scheme = client_using_secure_connection? ? "tls" : "nats"
+              u = URI.parse("#{scheme}://#{url}")
               # Skip in case it is the current server which we already know
               next if @uri.host == u.host && @uri.port == u.port
@@ -753,6 +788,10 @@ module NATS
         @uri.scheme == "tls" || @tls
       end
+      def single_url_connect_used?
+        @single_url_connect_used
+      end
       def send_command(command)
         @pending_size += command.bytesize
         @pending_queue << command
@@ -774,13 +813,22 @@ module NATS
         }
         cs[:name] = @options[:name] if @options[:name]
-        if auth_connection?
+        case
+        when auth_connection?
           if @uri.password
             cs[:user] = @uri.user
             cs[:pass] = @uri.password
           else
             cs[:auth_token] = @uri.user
           end
+        when @user_credentials
+          nonce = @server_info[:nonce]
+          cs[:jwt] = @user_jwt_cb.call
+          cs[:sig] = @signature_cb.call(nonce)
+        when @nkeys_seed
+          nonce = @server_info[:nonce]
+          cs[:nkey] = @user_nkey_cb.call
+          cs[:sig] = @signature_cb.call(nonce)
         end
         "CONNECT #{cs.to_json}#{CR_LF}"
@@ -1021,7 +1069,12 @@ module NATS
           @stats[:reconnects] += 1
           # Set hostname to use for TLS hostname verification
-          @hostname = srv[:hostname]
+          if client_using_secure_connection? and single_url_connect_used?
+            # Reuse original hostname name in case of using TLS.
+            @hostname ||= srv[:hostname]
+          else
+            @hostname = srv[:hostname]
+          end
           # Established TCP connection successfully so can start connect
           process_connect_init
@@ -1241,6 +1294,115 @@ module NATS
           connect_timeout: DEFAULT_CONNECT_TIMEOUT
         })
       end
+      def setup_nkeys_connect
+        begin
+          require 'nkeys'
+          require 'base64'
+        rescue LoadError
+          raise(Error, "nkeys is not installed")
+        end
+        case
+        when @nkeys_seed
+          @user_nkey_cb = proc {
+            seed = File.read(@nkeys_seed).chomp
+            kp = NKEYS::from_seed(seed)
+            # Take a copy since original will be gone with the wipe.
+            pub_key = kp.public_key.dup
+            kp.wipe!
+            pub_key
+          }
+          @signature_cb = proc { |nonce|
+            seed = File.read(@nkeys_seed).chomp
+            kp = NKEYS::from_seed(seed)
+            raw_signed = kp.sign(nonce)
+            kp.wipe!
+            encoded = Base64.urlsafe_encode64(raw_signed)
+            encoded.gsub('=', '')
+          }
+        when @user_credentials
+          # When the credentials are within a single decorated file.
+          @user_jwt_cb = proc {
+            jwt_start = "BEGIN NATS USER JWT".freeze
+            found = false
+            jwt = nil
+            File.readlines(@user_credentials).each do |line|
+              case
+              when found
+                jwt = line.chomp
+                break
+              when line.include?(jwt_start)
+                found = true
+              end
+            end
+            raise(Error, "No JWT found in #{@user_credentials}") if not found
+            jwt
+          }
+          @signature_cb = proc { |nonce|
+            seed_start = "BEGIN USER NKEY SEED".freeze
+            found = false
+            seed = nil
+            File.readlines(@user_credentials).each do |line|
+              case
+              when found
+                seed = line.chomp
+                break
+              when line.include?(seed_start)
+                found = true
+              end
+            end
+            raise(Error, "No nkey user seed found in #{@user_credentials}") if not found
+            kp = NKEYS::from_seed(seed)
+            raw_signed = kp.sign(nonce)
+            # seed is a reference so also cleared when doing wipe,
+            # which can be done since Ruby strings are mutable.
+            kp.wipe
+            encoded = Base64.urlsafe_encode64(raw_signed)
+            # Remove padding
+            encoded.gsub('=', '')
+          }
+        end
+      end
+      def process_uri(uris)
+        connect_uris = []
+        uris.split(',').each do |uri|
+          opts = {}
+          # Scheme
+          if uri.include?("://")
+            scheme, uri = uri.split("://")
+            opts[:scheme] = scheme
+          else
+            opts[:scheme] = 'nats'
+          end
+          # UserInfo
+          if uri.include?("@")
+            userinfo, endpoint = uri.split("@")
+            host, port = endpoint.split(":")
+            opts[:userinfo] = userinfo
+          else
+            host, port = uri.split(":")
+          end
+          # Host and Port
+          opts[:host] = host || "localhost"
+          opts[:port] = port || DEFAULT_PORT
+          connect_uris << URI::Generic.build(opts)
+        end
+        connect_uris
+      end
     end
     # Implementation adapted from https://github.com/redis/redis-rb

data/lib/nats/io/version.rb CHANGED

@@ -15,7 +15,7 @@
 module NATS
   module IO
     # NOTE: These are all announced to the server on CONNECT
-    VERSION  = "0.5.0"
+    VERSION  = "0.6.0"
     LANG     = "#{RUBY_ENGINE}2".freeze
     PROTOCOL = 1
   end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nats-pure
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Waldemar Quevedo
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-04-04 00:00:00.000000000 Z
+date: 2019-06-19 00:00:00.000000000 Z
 dependencies: []
 description: NATS is an open-source, high-performance, lightweight cloud messaging
   system.
@@ -41,8 +41,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.3
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: NATS is an open-source, high-performance, lightweight cloud messaging system.