nats 0.10.0 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8caff8d7b6a0c87a312c9942174fe3c455e2cfc1c3abdb7c6baf7eb5db7445ef
-  data.tar.gz: 2dd5eb84f34dea3c6509c732b8da35d095af409fb955de312bc75c0b5306c7b0
+  metadata.gz: da544e9e03c583ba122aebfae0813c138de976f84da6255255aa414b8d637f82
+  data.tar.gz: a98249f31459f3a6d917d3bc6660c9ac8a727c0af5b77cac5f445b6969de670b
 SHA512:
-  metadata.gz: 2d8e2aa2738f152cc9f15bb1a5759714062535d55a6c449fc0a55e61b2cd59f45d37e39129fade9acf9cb0a82c2f5bf555f00fd82302e97ec9ec603ee2d2e493
-  data.tar.gz: '07828fd12c5c5a89eebfabaf8dae0315fa0bb0eb5dd013fee13282a63a5c037e04d2a072424fd97c266cabeb9d465ad3f79b66c4ace6c1280af85a4acf5da203'
+  metadata.gz: 0230ee1118324856fc933c80292623e858115feeb8423c7ab66e5f0d4fb75e23cf804183117423279aa4a7b684af40bfa2a5ae52f225eb7601a7a292291d6443
+  data.tar.gz: b9b7de57143d9898310ce65f591ca217c55becb5085287c2f0ad2d9982862af17aa2834786a34596aa0bde6c4e4198f4a9e9cda4d9e3438061fd028bb67a2809

data/HISTORY.md

@@ -1,5 +1,8 @@
 # HISTORY
 
+## v0.11.0 (June 10, 2019)
+  - NATS v2.0 support! (#162)
+
 ## v0.8.4 (Feb 23, 2018)
   - Support to include connection `name` as part of CONNECT options (#145)
   - Fixed support for Ruby 2.5 due to missing OpenSSL `require` (#144)

data/README.md

@@ -3,16 +3,7 @@
 A [Ruby](http://ruby-lang.org) client for the [NATS messaging system](https://nats.io).
 
 [![License Apache 2.0](https://img.shields.io/badge/License-Apache2-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)
-[![Build Status](https://travis-ci.org/nats-io/ruby-nats.svg)](http://travis-ci.org/nats-io/ruby-nats) [![Gem Version](https://d25lcipzij17d.cloudfront.net/badge.svg?id=rb&type=5&v=0.10.0)](https://rubygems.org/gems/nats/versions/0.10.0) [![Yard Docs](http://img.shields.io/badge/yard-docs-blue.svg)](https://www.rubydoc.info/gems/nats)
-
-## Supported Platforms
-
-This gem and the client are known to work on the following Ruby platforms:
-
-- MRI 2.3.0, 2.4.0, 2.5.0
-- JRuby 9.1.2.0, 9.1.15.0, 9.2.0.0
-
-If you're looking for a non-EventMachine alternative, check out the [nats-pure](https://github.com/nats-io/pure-ruby-nats) gem.
+[![Build Status](https://travis-ci.org/nats-io/nats.rb.svg)](http://travis-ci.org/nats-io/nats.rb) [![Gem Version](https://d25lcipzij17d.cloudfront.net/badge.svg?id=rb&type=5&v=0.11.0)](https://rubygems.org/gems/nats/versions/0.11.0) [![Yard Docs](http://img.shields.io/badge/yard-docs-blue.svg)](https://www.rubydoc.info/gems/nats)
 
 ## Getting Started
 
@@ -23,6 +14,16 @@ nats-sub foo &
 nats-pub foo 'Hello World!'
 ```
 
+Starting from [v0.11.0](https://github.com/nats-io/nats.py/releases/tag/v0.11.0) release,
+you can also optionally install [NKEYS](https://github.com/nats-io/nkeys.rb) in order to use
+the new NATS v2.0 auth features:
+
+```bash
+gem install nkeys
+```
+
+If you're looking for a non-EventMachine alternative, check out the [nats-pure](https://github.com/nats-io/nats-pure.rb) gem.
+
 ## Basic Usage
 
 ```ruby
@@ -285,6 +286,47 @@ NATS.start {
 }
 ```
 
+### New Authentication (Nkeys and User Credentials)
+
+This requires server with version >= 2.0.0
+
+NATS servers have a new security and authentication mechanism to authenticate with user credentials and NKEYS. A single file containing the JWT and NKEYS to authenticate against a NATS v2 server can be set with the `user_credentials` option:
+
+```ruby
+require 'nats/client'
+
+NATS.start("tls://connect.ngs.global", user_credentials: "/path/to/creds") do |nc|
+  nc.subscribe("hello") do |msg|
+    puts "[Received] #{msg}"
+  end
+  nc.publish('hello', 'world')
+end
+```
+
+This will create two callback handlers to present the user JWT and sign the nonce challenge from the server. The core client library never has direct access to your private key and simply performs the callback for signing the server challenge. The library will load and wipe and clear the objects it uses for each connect or reconnect.
+
+Bare NKEYS are also supported. The nkey seed should be in a read only file, e.g. `seed.txt`.
+
+```bash
+> cat seed.txt
+# This is my seed nkey!
+SUAGMJH5XLGZKQQWAWKRZJIGMOU4HPFUYLXJMXOO5NLFEO2OOQJ5LPRDPM
+```
+
+Then in the client specify the path to the seed using the `nkeys_seed` option:
+
+```ruby
+require 'nats/client'
+
+NATS.start("tls://connect.ngs.global", nkeys_seed: "path/to/seed.txt") do |nc|
+  nc.subscribe("hello") do |msg|
+    puts "[Received] #{msg}"
+  end
+  nc.publish('hello', 'world')
+end
+
+```
+
 ## License
 
 Unless otherwise noted, the NATS source files are distributed under

data/bin/nats-pub

@@ -18,12 +18,13 @@ require 'rubygems'
 require 'nats/client'
 
 def usage
-  puts "Usage: nats-pub <subject> <msg> [-s server]"; exit
+  puts "Usage: nats-pub <subject> <msg> [-s server] [--creds CREDS]"; exit
 end
 
 args = ARGV.dup
 opts_parser = OptionParser.new do |opts|
   opts.on('-s SERVER') { |server| $nats_server = server }
+  opts.on('--creds CREDS') { |creds| $creds = creds }
 end
 args = opts_parser.parse!(args)
 
@@ -33,7 +34,7 @@ msg ||= 'Hello World'
 
 NATS.on_error { |err| puts "Server Error: #{err}"; exit! }
 
-NATS.start(:uri => $nats_server) do
+NATS.start($nats_server, user_credentials: $creds) do
   NATS.publish(subject, msg) { NATS.stop }
 end
 

data/bin/nats-queue

@@ -28,6 +28,7 @@ opts_parser = OptionParser.new do |opts|
   opts.on('-s SERVER') { |server| $nats_server = server }
   opts.on('-t','--time') { $show_time = true }
   opts.on('-r','--raw') { $show_raw = true }
+  opts.on('--creds CREDS') { |creds| $creds = creds }
 end
 args = opts_parser.parse!(args)
 
@@ -54,7 +55,7 @@ end
 
 NATS.on_error { |err| puts "Server Error: #{err}"; exit! }
 
-NATS.start(:uri => $nats_server) do
+NATS.start($nats_server, user_credentials: $creds) do
   puts "Listening on [#{subject}], queue group [#{queue_group}]" unless $show_raw
   NATS.subscribe(subject, :queue => queue_group) { |msg, _, sub|
     puts decorate(sub, msg)

data/bin/nats-request

@@ -29,6 +29,7 @@ opts_parser = OptionParser.new do |opts|
   opts.on('-t','--time') { $show_time = true }
   opts.on('-r','--raw') { $show_raw = true }
   opts.on('-n RESPONSES') { |responses| $responses = Integer(responses) if Integer(responses) > 0 }
+  opts.on('--creds CREDS') { |creds| $creds = creds }
 end
 args = opts_parser.parse!(args)
 
@@ -55,7 +56,7 @@ end
 
 NATS.on_error { |err| puts "Server Error: #{err}"; exit! }
 
-NATS.start(:uri => $nats_server) do
+NATS.start($nats_server, user_credentials: $creds) do
   NATS.request(subject, msg) { |(msg, reply)|
     puts decorate(msg)
     exit! if $responses && ($responses-=1) < 1

data/bin/nats-sub

@@ -20,7 +20,7 @@ require 'nats/client'
 ['TERM', 'INT'].each { |s| trap(s) {  puts; exit! } }
 
 def usage
-  puts "Usage: nats-sub <subject> [-s server] [-t] [-r]"; exit
+  puts "Usage: nats-sub <subject> [-s server] [--creds CREDS] [-t] [-r]"; exit
 end
 
 args = ARGV.dup
@@ -28,6 +28,7 @@ opts_parser = OptionParser.new do |opts|
   opts.on('-s SERVER') { |server| $nats_server = server }
   opts.on('-t','--time') { $show_time = true }
   opts.on('-r','--raw') { $show_raw = true }
+  opts.on('--creds CREDS') { |creds| $creds = creds }
 end
 args = opts_parser.parse!(args)
 
@@ -53,7 +54,7 @@ end
 
 NATS.on_error { |err| puts "Server Error: #{err}"; exit! }
 
-NATS.start(:uri => $nats_server) do
+NATS.start($nats_server, user_credentials: $creds) do
   puts "Listening on [#{subject}]" unless $show_raw
   NATS.subscribe(subject) { |msg, _, sub| puts decorate(sub, msg) }
 end

data/lib/nats/client.rb

@@ -72,6 +72,7 @@ module NATS
   # Parser
   AWAITING_CONTROL_LINE = 1 #:nodoc:
   AWAITING_MSG_PAYLOAD  = 2 #:nodoc:
+  AWAITING_INFO_LINE = 3 # :nodoc:
 
   class Error < StandardError; end #:nodoc:
 
@@ -150,7 +151,9 @@ module NATS
     def connect(uri=nil, opts={}, &blk)
       case uri
       when String
-        opts[:uri] = process_uri(uri)
+        # Initialize TLS defaults in case any url is using it.
+        uris = opts[:uri] = process_uri(uri)
+        opts[:tls] ||= {} if uris.any? {|u| u.scheme == 'tls'}
       when Hash
         opts = uri
       end
@@ -482,7 +485,16 @@ module NATS
     # Drain mode
     @draining = false
     @drained_subs = false
-    send_connect_command
+
+    # NKEYS
+    @user_credentials = options[:user_credentials] if options[:user_credentials]
+    @nkeys_seed = options[:nkeys_seed] if options[:nkeys_seed]
+    @user_nkey_cb = nil
+    @user_jwt_cb = nil
+    @signature_cb = nil
+
+    # NKEYS
+    setup_nkeys_connect if @user_credentials or @nkeys_seed
   end
 
   # Publish a message to a given subject, with optional reply subject and completion block
@@ -770,7 +782,7 @@ module NATS
   end
 
   def auth_connection?
-    !@uri.user.nil? || @options[:token]
+    !@uri.user.nil? || @options[:token] || @server_info[:auth_required]
   end
 
   def connect_command #:nodoc:
@@ -782,7 +794,16 @@ module NATS
       :protocol => ::NATS::PROTOCOL_VERSION,
       :echo => !@options[:no_echo]
     }
+
     case
+    when @options[:user_credentials]
+      nonce = @server_info[:nonce]
+      cs[:jwt] = @user_jwt_cb.call
+      cs[:sig] = @signature_cb.call(nonce)
+    when @options[:nkeys_seed]
+      nonce = @server_info[:nonce]
+      cs[:nkey] = @user_nkey_cb.call
+      cs[:sig] = @signature_cb.call(nonce)
     when @options[:token]
       cs[:auth_token] = @options[:token]
     when @uri.password.nil?
@@ -853,6 +874,15 @@ module NATS
 
     while (@buf)
       case @parse_state
+      when AWAITING_INFO_LINE
+        case @buf
+        when INFO
+          @buf = $'
+          process_connect_init($1)
+        else
+          # If we are here we do not have a complete line yet that we understand.
+          return
+        end
       when AWAITING_CONTROL_LINE
         case @buf
         when MSG
@@ -901,7 +931,7 @@ module NATS
     end
   end
 
-  def process_info(info) #:nodoc:
+  def process_connect_init(info) # :nodoc:
     # Each JSON parser uses a different key/value pair to use symbol keys
     # instead of strings when parsing. Passing all three pairs assures each
     # parser gets what it needs. For the json gem :symbolize_name, for yajl
@@ -931,9 +961,29 @@ module NATS
         close_connection_after_writing
       end
     end
+    send_connect_command
+
+    # Only initial INFO command is treated specially for auth reasons,
+    # the rest are processed asynchronously to discover servers.
+    @parse_state = AWAITING_CONTROL_LINE
+    process_info(info)
+    process_connect
+
+    if @server_info[:auth_required]
+      current = server_pool.first
+      current[:auth_required] = true
+
+      # Send pending connect followed by ping/pong to ensure we're authorized.
+      queue_server_rt { current[:auth_ok] = true }
+    end
+    flush_pending
+  end
+
+  def process_info(info_line) #:nodoc:
+    info = JSON.parse(info_line, :symbolize_keys => true, :symbolize_names => true, :symbol_keys => true)
 
     # Detect any announced server that we might not be aware of...
-    connect_urls = @server_info[:connect_urls]
+    connect_urls = info[:connect_urls]
     if connect_urls
       srvs = []
 
@@ -963,15 +1013,7 @@ module NATS
       server_pool.push(*srvs)
     end
 
-    if @server_info[:auth_required]
-      current = server_pool.first
-      current[:auth_required] = true
-      # Send pending connect followed by ping/pong to ensure we're authorized.
-      queue_server_rt { current[:auth_ok] = true }
-      flush_pending
-    end
-
-    @server_info
+    info
   end
 
   def client_using_secure_connection?
@@ -1002,22 +1044,19 @@ module NATS
   end
 
   def connection_completed #:nodoc:
-    @parse_state = AWAITING_CONTROL_LINE
+    @parse_state = AWAITING_INFO_LINE
 
     # Delay sending CONNECT or any other command here until we are sure
     # that we have a valid established secure connection.
     return if (@ssl or @tls)
 
-    # Mark that we established already TCP connection to the server. In case of TLS,
-    # prepare commands which will be dispatched to server and delay flushing until
-    # we have processed the INFO line sent by the server and done the handshake.
+    # Mark that we established already TCP connection to the server,
+    # when using TLS we only do so after handshake has been completed.
     @connected = true
-    process_connect
   end
 
   def ssl_handshake_completed
     @connected = true
-    process_connect
   end
 
   def process_connect #:nodoc:
@@ -1174,7 +1213,6 @@ module NATS
     current[:reconnect_attempts] ||= 0
     current[:reconnect_attempts] += 1
 
-    send_connect_command
     begin
       EM.reconnect(@uri.host, @uri.port, self)
     rescue
@@ -1201,6 +1239,84 @@ module NATS
     true
   end
 
+  def setup_nkeys_connect
+    begin
+      require 'nkeys'
+      require 'base64'
+    rescue LoadError
+      raise(Error, "nkeys is not installed")
+    end
+
+    case
+    when @nkeys_seed
+      @user_nkey_cb = proc {
+        seed = File.read(@nkeys_seed).chomp
+        kp = NKEYS::from_seed(seed)
+
+        # Take a copy since original will be gone with the wipe.
+        pub_key = kp.public_key.dup
+        kp.wipe!
+
+        pub_key
+      }
+
+      @signature_cb = proc { |nonce|
+        seed = File.read(@nkeys_seed).chomp
+        kp = NKEYS::from_seed(seed)
+        raw_signed = kp.sign(nonce)
+        kp.wipe!
+        encoded = Base64.urlsafe_encode64(raw_signed)
+        encoded.gsub('=', '')
+      }
+    when @user_credentials
+      # When the credentials are within a single decorated file.
+      @user_jwt_cb = proc {
+        jwt_start = "BEGIN NATS USER JWT".freeze
+        found = false
+        jwt = nil
+        File.readlines(@user_credentials).each do |line|
+          case
+          when found
+            jwt = line.chomp
+            break
+          when line.include?(jwt_start)
+            found = true
+          end
+        end
+        raise(Error, "No JWT found in #{@user_credentials}") if not found
+
+        jwt
+      }
+
+      @signature_cb = proc { |nonce|
+        seed_start = "BEGIN USER NKEY SEED".freeze
+        found = false
+        seed = nil
+        File.readlines(@user_credentials).each do |line|
+          case
+          when found
+            seed = line.chomp
+            break
+          when line.include?(seed_start)
+            found = true
+          end
+        end
+        raise(Error, "No nkey user seed found in #{@user_credentials}") if not found
+
+        kp = NKEYS::from_seed(seed)
+        raw_signed = kp.sign(nonce)
+
+        # seed is a reference so also cleared when doing wipe,
+        # which can be done since Ruby strings are mutable.
+        kp.wipe
+        encoded = Base64.urlsafe_encode64(raw_signed)
+
+        # Remove padding
+        encoded.gsub('=', '')
+      }
+    end
+  end
+
   # Parse out URIs which can now be an array of server choices
   # The server pool will contain both explicit and implicit members.
   def process_uri_options #:nodoc

data/lib/nats/version.rb

@@ -14,7 +14,7 @@
 
 module NATS
   # NOTE: These are all announced to the server on CONNECT
-  VERSION = "0.10.0".freeze
+  VERSION = "0.11.0".freeze
   LANG    = RUBY_ENGINE
   PROTOCOL_VERSION = 1
 end

metadata

@@ -1,33 +1,33 @@
 --- !ruby/object:Gem::Specification
 name: nats
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.11.0
 platform: ruby
 authors:
 - Derek Collison
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-31 00:00:00.000000000 Z
+date: 2019-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: eventmachine
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
 description: NATS is an open-source, high-performance, lightweight cloud messaging
@@ -88,8 +88,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.3
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: NATS is an open-source, high-performance, lightweight cloud messaging system.