nats 0.4.10 → 0.4.22

data/lib/nats/server.rb

@@ -10,9 +10,12 @@ require "#{ep}/ext/bytesize"
 require "#{ep}/ext/json"
 require "#{ep}/server/server"
 require "#{ep}/server/sublist"
+require "#{ep}/server/connection"
 require "#{ep}/server/options"
 require "#{ep}/server/const"
 require "#{ep}/server/util"
+require "#{ep}/server/varz"
+require "#{ep}/server/connz"
 
 # Do setup
 NATSD::Server.setup(ARGV.dup)
@@ -20,6 +23,7 @@ NATSD::Server.setup(ARGV.dup)
 # Event Loop
 EM.run {
   log "Starting #{NATSD::APP_NAME} version #{NATSD::VERSION} on port #{NATSD::Server.port}"
+  log "TLS/SSL Support Enabled" if NATSD::Server.options[:ssl] 
   begin
     EM.set_descriptor_table_size(32768) # Requires Root privileges
     EventMachine::start_server(NATSD::Server.host, NATSD::Server.port, NATSD::Connection)
@@ -28,4 +32,15 @@ EM.run {
     log_error
     exit(1)
   end
+
+  # Check to see if we need to fire up the http monitor port and server
+  if NATSD::Server.options[:http_port]
+    begin
+      NATSD::Server.start_http_server
+    rescue => e
+      log "Could not start monitoring server on port #{NATSD::Server.options[:http_port]}"
+      log_error
+      exit(1)
+    end
+  end
 }

data/lib/nats/server/connection.rb

@@ -0,0 +1,269 @@
+module NATSD #:nodoc: all
+
+  module Connection #:nodoc: all
+
+    attr_accessor :in_msgs, :out_msgs, :in_bytes, :out_bytes
+    attr_reader :cid, :closing, :last_activity, :writev_size
+    alias :closing? :closing
+
+    def flush_data
+      return if @writev.nil? || closing?
+      send_data(@writev.join)
+      @writev, @writev_size = nil, 0
+    end
+
+    def queue_data(data)
+      EM.next_tick { flush_data } if @writev.nil?
+      (@writev ||= []) << data
+      @writev_size += data.bytesize
+      flush_data if @writev_size > MAX_WRITEV_SIZE
+    end
+
+    def client_info
+      @client_info ||= (get_peername.nil? ? 'N/A' : Socket.unpack_sockaddr_in(get_peername))
+    end
+
+    def info
+      {
+        :cid => cid,
+        :ip => client_info[1],
+        :port => client_info[0],
+        :subscriptions => @subscriptions.size,
+        :pending_size => get_outbound_data_size,
+        :in_msgs => @in_msgs,
+        :out_msgs => @out_msgs,
+        :in_bytes => @in_bytes,
+        :out_bytes => @out_bytes
+      }
+    end
+
+    def max_connections_exceeded?
+      return false unless (Server.num_connections > Server.max_connections)
+      error_close MAX_CONNS_EXCEEDED
+      debug "Maximum #{Server.max_connections} connections exceeded, c:#{cid} will be closed"
+      true
+    end
+
+    def post_init
+      @cid = Server.cid
+      @subscriptions = {}
+      @verbose = @pedantic = true # suppressed by most clients, but allows friendly telnet
+      @in_msgs = @out_msgs = @in_bytes = @out_bytes = 0
+      @writev_size = 0
+      @parse_state = AWAITING_CONTROL_LINE
+      send_info
+      debug "Client connection created", client_info, cid
+      if Server.ssl_required?
+        debug "Starting TLS/SSL", client_info, cid
+        flush_data
+        @ssl_pending = EM.add_timer(NATSD::Server.ssl_timeout) { connect_ssl_timeout }
+        start_tls(:verify_peer => true) if Server.ssl_required?
+      end
+      @auth_pending = EM.add_timer(NATSD::Server.auth_timeout) { connect_auth_timeout } if Server.auth_required?
+      @ping_timer = EM.add_periodic_timer(NATSD::Server.ping_interval) { send_ping }
+      @pings_outstanding = 0
+      Server.num_connections += 1
+      return if max_connections_exceeded?
+    end
+
+    def send_ping
+      return if @closing
+      if @pings_outstanding > NATSD::Server.ping_max
+        error_close UNRESPONSIVE
+        return
+      end
+      queue_data(PING_RESPONSE)
+      flush_data
+      @pings_outstanding += 1
+    end
+
+    def connect_auth_timeout
+      error_close AUTH_REQUIRED
+      debug "Connection timeout due to lack of auth credentials", cid
+    end
+
+    def connect_ssl_timeout
+      error_close SSL_REQUIRED
+      debug "Connection timeout due to lack of TLS/SSL negotiations", cid
+    end
+
+    def receive_data(data)
+      @buf = @buf ? @buf << data : data
+      return close_connection if @buf =~ /(\006|\004)/ # ctrl+c or ctrl+d for telnet friendly
+
+      # while (@buf && !@buf.empty? && !@closing)
+      while (@buf && !@closing)
+        case @parse_state
+        when AWAITING_CONTROL_LINE
+          case @buf
+          when PUB_OP
+            ctrace('PUB OP', strip_op($&)) if NATSD::Server.trace_flag?
+            return connect_auth_timeout if @auth_pending
+            @buf = $'
+            @parse_state = AWAITING_MSG_PAYLOAD
+            @msg_sub, @msg_reply, @msg_size = $1, $3, $4.to_i
+            if (@msg_size > NATSD::Server.max_payload)
+              debug_print_msg_too_big(@msg_size)
+              error_close PAYLOAD_TOO_BIG
+            end
+            queue_data(INVALID_SUBJECT) if (@pedantic && !(@msg_sub =~ SUB_NO_WC))
+          when SUB_OP
+            ctrace('SUB OP', strip_op($&)) if NATSD::Server.trace_flag?
+            return connect_auth_timeout if @auth_pending
+            @buf = $'
+            sub, qgroup, sid = $1, $3, $4
+            return queue_data(INVALID_SUBJECT) if !($1 =~ SUB)
+            return queue_data(INVALID_SID_TAKEN) if @subscriptions[sid]
+            sub = Subscriber.new(self, sub, sid, qgroup, 0)
+            @subscriptions[sid] = sub
+            Server.subscribe(sub)
+            queue_data(OK) if @verbose
+          when UNSUB_OP
+            ctrace('UNSUB OP', strip_op($&)) if NATSD::Server.trace_flag?
+            return connect_auth_timeout if @auth_pending
+            @buf = $'
+            sid, sub = $1, @subscriptions[$1]
+            if sub
+              # If we have set max_responses, we will unsubscribe once we have received
+              # the appropriate amount of responses.
+              sub.max_responses = ($2 && $3) ? $3.to_i : nil
+              delete_subscriber(sub) unless (sub.max_responses && (sub.num_responses < sub.max_responses))
+              queue_data(OK) if @verbose
+            else
+              queue_data(INVALID_SID_NOEXIST) if @pedantic
+            end
+          when PING
+            ctrace('PING OP', strip_op($&)) if NATSD::Server.trace_flag?
+            @buf = $'
+            queue_data(PONG_RESPONSE)
+            flush_data
+          when PONG
+            ctrace('PONG OP', strip_op($&)) if NATSD::Server.trace_flag?
+            @buf = $'
+            @pings_outstanding -= 1
+          when CONNECT
+            ctrace('CONNECT OP', strip_op($&)) if NATSD::Server.trace_flag?
+            @buf = $'
+            begin
+              config = JSON.parse($1)
+              process_connect_config(config)
+            rescue => e
+              queue_data(INVALID_CONFIG)
+              log_error
+            end
+          when INFO
+            ctrace('INFO OP', strip_op($&)) if NATSD::Server.trace_flag?
+            return connect_auth_timeout if @auth_pending
+            @buf = $'
+            send_info
+          when UNKNOWN
+            ctrace('Unknown Op', strip_op($&)) if NATSD::Server.trace_flag?
+            return connect_auth_timeout if @auth_pending
+            @buf = $'
+            queue_data(UNKNOWN_OP)
+          else
+            # If we are here we do not have a complete line yet that we understand.
+            # If too big, cut the connection off.
+            if @buf.bytesize > NATSD::Server.max_control_line
+              debug_print_controlline_too_big(@buf.bytesize)
+              close_connection
+            end
+            return
+          end
+          @buf = nil if (@buf && @buf.empty?)
+
+        when AWAITING_MSG_PAYLOAD
+          return unless (@buf.bytesize >= (@msg_size + CR_LF_SIZE))
+          msg = @buf.slice(0, @msg_size)
+          ctrace('Processing msg', @msg_sub, @msg_reply, msg) if NATSD::Server.trace_flag?
+          queue_data(OK) if @verbose
+          Server.route_to_subscribers(@msg_sub, @msg_reply, msg)
+          @in_msgs += 1
+          @in_bytes += @msg_size
+          @buf = @buf.slice((@msg_size + CR_LF_SIZE), @buf.bytesize)
+          @msg_sub = @msg_size = @reply = nil
+          @parse_state = AWAITING_CONTROL_LINE
+          @buf = nil if (@buf && @buf.empty?)
+        end
+      end
+    end
+
+    def send_info
+      queue_data("INFO #{Server.info_string}#{CR_LF}")
+    end
+
+    def process_connect_config(config)
+      @verbose  = config['verbose'] unless config['verbose'].nil?
+      @pedantic = config['pedantic'] unless config['pedantic'].nil?
+
+      return queue_data(OK) unless Server.auth_required?
+
+      EM.cancel_timer(@auth_pending)
+      if Server.auth_ok?(config['user'], config['pass'])
+        queue_data(OK) if @verbose
+        @auth_pending = nil
+      else
+        error_close AUTH_FAILED
+        debug "Authorization failed for connection", cid
+      end
+    end
+
+    def delete_subscriber(sub)
+      ctrace('DELSUB OP', sub.subject, sub.qgroup, sub.sid) if NATSD::Server.trace_flag?
+      Server.unsubscribe(sub)
+      @subscriptions.delete(sub.sid)
+    end
+
+    def error_close(msg)
+      queue_data(msg)
+      flush_data
+      EM.next_tick { close_connection_after_writing }
+      @closing = true
+    end
+
+    def debug_print_controlline_too_big(line_size)
+      sizes = "#{pretty_size(line_size)} vs #{pretty_size(NATSD::Server.max_control_line)} max"
+      debug "Control line size exceeded (#{sizes}), closing connection.."
+    end
+
+    def debug_print_msg_too_big(msg_size)
+      sizes = "#{pretty_size(msg_size)} vs #{pretty_size(NATSD::Server.max_payload)} max"
+      debug "Message payload size exceeded (#{sizes}), closing connection"
+    end
+
+    def unbind
+      debug "Client connection closed", client_info, cid
+      Server.num_connections -= 1
+      @subscriptions.each_value { |sub| Server.unsubscribe(sub) }
+      EM.cancel_timer(@ssl_pending) if @ssl_pending
+      @ssl_pending = nil
+      EM.cancel_timer(@auth_pending) if @auth_pending
+      @auth_pending = nil
+      EM.cancel_timer(@ping_timer) if @ping_timer
+      @ping_timer = nil
+
+      @closing = true
+    end
+
+    def ssl_handshake_completed
+      EM.cancel_timer(@ssl_pending)
+      @ssl_pending = nil
+      cert = get_peer_cert
+      debug "Client Certificate:", cert ? cert : 'N/A', cid
+    end
+
+    # FIXME! Cert accepted by default
+    def ssl_verify_peer(cert)
+      true
+    end
+
+    def ctrace(*args)
+      trace(args, "c: #{cid}")
+    end
+
+    def strip_op(op='')
+      op.dup.sub(CR_LF, EMPTY)
+    end
+  end
+
+end

data/lib/nats/server/connz.rb

@@ -0,0 +1,54 @@
+module NATSD #:nodoc: all
+
+  class Connz
+    def call(env)
+      c_info = Server.dump_connections
+      qs = env['QUERY_STRING']
+      if (qs =~ /n=(\d+)/)
+        sort_key = :pending_size
+        n = $1.to_i
+        if (qs =~ /s=(\S+)/)
+          case $1.downcase
+            when 'in_msgs'; sort_key = :in_msgs
+            when 'msgs_from'; sort_key = :in_msgs
+            when 'out_msgs'; sort_key = :out_msgs
+            when 'msgs_to'; sort_key = :out_msgs
+            when 'in_bytes'; sort_key = :in_bytes
+            when 'bytes_from'; sort_key = :in_bytes
+            when 'out_bytes'; sort_key = :out_bytes
+            when 'bytes_to'; sort_key = :out_bytes
+            when 'subs'; sort_key = :subscriptions
+            when 'subscriptions'; sort_key = :subscriptions
+          end
+        end
+        conns = c_info[:connections]
+        c_info[:connections] = conns.sort { |a,b| b[sort_key] <=> a[sort_key] } [0, n]
+      end
+      connz_json = JSON.pretty_generate(c_info) + "\n"
+      hdrs = RACK_JSON_HDR.dup
+      hdrs['Content-Length'] = connz_json.bytesize.to_s
+      [200, hdrs, connz_json]
+    end
+  end
+
+  class Server
+    class << self
+
+      def dump_connections
+        conns, total = [], 0
+        ObjectSpace.each_object(NATSD::Connection) do |c|
+          next if c.closing?
+          total += c.info[:pending_size]
+          conns << c.info
+        end
+        {
+          :pending_size => total,
+          :num_connections => conns.size,
+          :connections => conns
+        }
+      end
+
+    end
+  end
+
+end

data/lib/nats/server/const.rb

@@ -1,7 +1,7 @@
 
 module NATSD #:nodoc:
 
-  VERSION  = '0.4.10'
+  VERSION  = '0.4.22'
   APP_NAME = 'nats-server'
 
   DEFAULT_PORT = 4222
@@ -26,6 +26,7 @@ module NATSD #:nodoc:
   CR_LF_SIZE = CR_LF.bytesize
   EMPTY = ''.freeze
   OK = "+OK#{CR_LF}".freeze
+  PING_RESPONSE = "PING#{CR_LF}".freeze
   PONG_RESPONSE = "PONG#{CR_LF}".freeze
   INFO_RESPONSE = "#{CR_LF}".freeze
 
@@ -38,8 +39,12 @@ module NATSD #:nodoc:
   INVALID_CONFIG      = "-ERR 'Invalid config, valid JSON required for connection configuration'#{CR_LF}".freeze
   AUTH_REQUIRED       = "-ERR 'Authorization is required'#{CR_LF}".freeze
   AUTH_FAILED         = "-ERR 'Authorization failed'#{CR_LF}".freeze
+  SSL_REQUIRED        = "-ERR 'TSL/SSL is required'#{CR_LF}".freeze
+  SSL_FAILED          = "-ERR 'TLS/SSL failed'#{CR_LF}".freeze
   UNKNOWN_OP          = "-ERR 'Unknown Protocol Operation'#{CR_LF}".freeze
   SLOW_CONSUMER       = "-ERR 'Slow consumer detected, connection dropped'#{CR_LF}".freeze
+  UNRESPONSIVE        = "-ERR 'Unresponsive client detected, connection dropped'#{CR_LF}".freeze
+  MAX_CONNS_EXCEEDED  = "-ERR 'Maximum client connections exceeded, connection dropped'#{CR_LF}".freeze
 
   # Pedantic Mode
   SUB = /^([^\.\*>\s]+|>$|\*)(\.([^\.\*>\s]+|>$|\*))*$/
@@ -56,7 +61,24 @@ module NATSD #:nodoc:
   # Maximum outbound size per client
   MAX_PENDING_SIZE = (10*1024*1024)
 
+  # Maximum pending bucket size
+  MAX_WRITEV_SIZE = (64*1024)
+
+  # Maximum connections default
+  DEFAULT_MAX_CONNECTIONS = (64*1024)
+
+  # TLS/SSL wait time
+  SSL_TIMEOUT = 0.5
+
   # Authorization wait time
-  AUTH_TIMEOUT = 1
+  AUTH_TIMEOUT = SSL_TIMEOUT + 0.5
+
+  # Ping intervals
+  DEFAULT_PING_INTERVAL = 120
+  DEFAULT_PING_MAX = 2
+
+  # HTTP
+  RACK_JSON_HDR = { 'Content-Type' => 'application/json' }
+  RACK_TEXT_HDR = { 'Content-Type' => 'text/plain' }
 
 end

data/lib/nats/server/options.rb

@@ -17,7 +17,9 @@ module NATSD
                                        "(default: #{DEFAULT_HOST})")           { |host| @options[:addr] = host }
           opts.on("-p", "--port PORT", "Use PORT (default: #{DEFAULT_PORT})")  { |port| @options[:port] = port.to_i }
           opts.on("-d", "--daemonize", "Run daemonized in the background")     { @options[:daemonize] = true }
-          opts.on("-P", "--pid FILE", "File to store PID")                     { |file| @options[:pid_file] = file }
+          opts.on("-P", "--pid FILE",  "File to store PID")                    { |file| @options[:pid_file] = file }
+
+          opts.on("-m", "--http_port PORT", "Use HTTP PORT ")                  { |port| @options[:http_port] = port.to_i }
 
           opts.on("-c", "--config FILE", "Configuration File")                 { |file| @options[:config_file] = file }
 
@@ -35,6 +37,9 @@ module NATSD
           opts.on("--user user", "User required for connections")              { |user| @options[:user] = user }
           opts.on("--pass password", "Password required for connections")      { |pass| @options[:pass] = pass }
 
+          opts.separator ""
+          opts.on("--ssl", "Enable SSL")                                       { |ssl| @options[:ssl] = true }
+
           opts.separator ""
           opts.separator "Advanced IO options:"
 
@@ -63,8 +68,13 @@ module NATSD
           @options[:pass] = auth['pass'] if @options[:pass].nil?
           @options[:token] = auth['token'] if @options[:token].nil?
           @options[:auth_timeout] = auth['timeout'] if @options[:auth_timeout].nil?
+          # Multiple Users setup
+          @options[:users] = symbolize_users(auth['users']) || []
         end
 
+        # TLS/SSL
+        @options[:ssl] = config['ssl'] if @options[:ssl].nil?
+
         @options[:pid_file] = config['pid_file'] if @options[:pid_file].nil?
         @options[:log_file] = config['log_file'] if @options[:log_file].nil?
         @options[:log_time] = config['logtime'] if @options[:log_time].nil?
@@ -75,11 +85,26 @@ module NATSD
         @options[:max_control_line] = config['max_control_line'] if config['max_control_line']
         @options[:max_payload] = config['max_payload'] if config['max_payload']
         @options[:max_pending] = config['max_pending'] if config['max_pending']
+        @options[:max_connections] = config['max_connections'] if config['max_connections']
 
         # just set
-        @options[:noepoll] = config['no_epoll'] if config['no_epoll']
+        @options[:noepoll]  = config['no_epoll'] if config['no_epoll']
         @options[:nokqueue] = config['no_kqueue'] if config['no_kqueue']
 
+        if http = config['http']
+          if @options[:http_net].nil?
+            @options[:http_net] = http['net'] || @options[:addr]
+          end
+          @options[:http_port] = http['port'] if @options[:http_port].nil?
+          @options[:http_user] = http['user'] if @options[:http_user].nil?
+          @options[:http_password] = http['password'] if @options[:http_password].nil?
+        end
+
+        if ping = config['ping']
+          @options[:ping_interval] = ping['interval'] if @options[:ping_interval].nil?
+          @options[:ping_max] = ping['max_outstanding'] if @options[:ping_max].nil?
+        end
+
       rescue => e
         log "Could not read configuration file:  #{e}"
         exit
@@ -87,16 +112,29 @@ module NATSD
 
       def setup_logs
         return unless @options[:log_file]
-        $stdout.reopen(@options[:log_file], "w")
+        $stdout.reopen(@options[:log_file], 'a')
         $stdout.sync = true
         $stderr.reopen($stdout)
       end
 
+      def symbolize_users(users)
+        return nil unless users
+        auth_users = []
+        users.each do |u|
+          auth_users << { :user => u['user'], :pass => u['pass'] || u['password'] }
+        end
+        auth_users
+      end
+
       def finalize_options
         # Addr/Port
         @options[:port] ||= DEFAULT_PORT
         @options[:addr] ||= DEFAULT_HOST
 
+        # Max Connections
+        @options[:max_connections] ||= DEFAULT_MAX_CONNECTIONS
+        @max_connections = @options[:max_connections]
+
         # Debug and Tracing
         @debug_flag = @options[:debug]
         @trace_flag = @options[:trace]
@@ -109,8 +147,28 @@ module NATSD
         trace "TRACE is on"
 
         # Authorization
+
+        # Multi-user setup for auth
+        if @options[:user]
+          # Multiple Users setup
+          @options[:users] ||= []
+          @options[:users].unshift({:user => @options[:user], :pass => @options[:pass]}) if @options[:user]
+        elsif @options[:users]
+          first = @options[:users].first
+          @options[:user], @options[:pass] = first[:user], first[:pass]
+        end
+
         @auth_required = (not @options[:user].nil?)
 
+        @ssl_required = (not @options[:ssl].nil?)
+
+        # Pings
+        @options[:ping_interval] ||= DEFAULT_PING_INTERVAL
+        @ping_interval = @options[:ping_interval]
+
+        @options[:ping_max] ||= DEFAULT_PING_MAX
+        @ping_max = @options[:ping_max]
+
         # Thresholds
         @options[:max_control_line] ||= MAX_CONTROL_LINE_SIZE
         @max_control_line = @options[:max_control_line]
@@ -123,6 +181,9 @@ module NATSD
 
         @options[:auth_timeout] ||= AUTH_TIMEOUT
         @auth_timeout = @options[:auth_timeout]
+
+        @options[:ssl_timeout] ||= SSL_TIMEOUT
+        @ssl_timeout = @options[:ssl_timeout]
       end
 
     end