nats-architecture-and-design
nats-architecture-and-design copied to clipboard
nats-io
Accept encoded connection urls.
Overview
It is valid to have the uri encoded.
tls://user:Rmwuukd0QsJI%5ERMkFGHz1J7vjz0A%2A27oCA%23j6%21WYf%23@host:4222
where the password is actually
Rmwuukd0QsJI^RMkFGHz1J7vjz0A*27oCA#j6!WYf#
Clients and Tools
- [x] Schemas @ripienaar
- [x] CLI @ripienaar
- [x] Terraform @ripienaar
- [x] Github Actions @ripienaar
- [x] Go
- [x] Java @scottf
- [x] JavaScript @aricart (N/A JavaScript clients don't pass user/pass in URL)
- [x] .Net @scottf
- [x] C @kozlovic (no demand for this at this time)
- [ ] Python @wallyqs
- [ ] Ruby @wallyqs
- [ ] Rust @Jarema
Other Tasks
- [ ] docs.nats.io updated @jnmoyne
- [ ] Update client features spreadsheet
Client authors please update with your progress. If you open issues in your own repositories as a result of this request, please link them to this one by pasting the issue URL in a comment or main issue description.
I'm building unit tests against this:
authorization {
ENC = {
publish: {
allow: [
"sub.>"
]
}
subscribe: {
allow: [
"sub.>"
]
}
}
users = [
{user: space, password: 'space space', permissions: $ENC}
{user: quote, password: "quote'quote", permissions: $ENC}
{user: colon, password: "colon:colon", permissions: $ENC}
{user: slash, password: 'slash/slash', permissions: $ENC}
{user: question, password: 'question?question', permissions: $ENC}
{user: pound, password: 'pound#pound', permissions: $ENC}
{user: sqleft, password: 'sqleft[sqleft', permissions: $ENC}
{user: sqright, password: 'sqright]sqright', permissions: $ENC}
{user: at, password: 'at@at', permissions: $ENC}
{user: bang, password: 'bang!bang', permissions: $ENC}
{user: dollar, password: 'dollar$dollar', permissions: $ENC}
{user: amp, password: 'amp&', permissions: $ENC}
{user: comma, password: 'comma,comma', permissions: $ENC}
{user: parenleft, password: 'parenleft(parenleft', permissions: $ENC}
{user: parentright, password: 'parentright)parentright', permissions: $ENC}
{user: asterix, password: 'asterix*asterix', permissions: $ENC}
{user: plus, password: 'plus+plus', permissions: $ENC}
{user: semi, password: 'semi;semi', permissions: $ENC}
{user: eq, password: 'eq=eq', permissions: $ENC}
{user: pct, password: 'pct%pct', permissions: $ENC}
]
}
Data
| Raw | Encoded |
|---|---|
| space space | space%20space |
| colon:colon | colon%3Acolon |
| quote'quote | quote%27quote |
| slash/slash | slash%2Fslash |
| question?question | question%3Fquestion |
| pound#pound | pound%23pound |
| sqleft[sqleft | sqleft%5Bsqleft |
| sqright]sqright | sqright%5Dsqright |
| at@at | at%40at |
| bang!bang | bang%21bang |
| dollar$dollar | dollar%24dollar |
| amp& | amp%26amp |
| comma,comma | comma%2Ccomma |
| parenleft(parenleft | parenleft%28parenleft |
| parentright)parentright | parentright%29parentright |
| asterix*asterix | asterix%2Aasterix |
| plus+plus | plus%2Bplus |
| semi;semi | semi%3Bsemi |
| eq=eq | eq%3Deq |
| pct%pct | pct%25pct |
This ADR documents current Go client behavior, for example given the following conf:
authorization {
users = [
{
user: "user",
pass: "Rmwuukd0QsJI^RMkFGHz1J7vjz0A*27oCA#j6!WYf#"
}
]
}
a Go client can connect with the following nats.Connect syntax using the URL encoded:
nats.Connect("tls://user:Rmwuukd0QsJI%5ERMkFGHz1J7vjz0A%2A27oCA%23j6%21WYf%[email protected]:4222")
Then when sending CONNECT this is sent decoded to the server (matches what is in authorization config):
CONNECT {"verbose":false,"pedantic":false,"user":"user","pass":"Rmwuukd0QsJI^RMkFGHz1J7vjz0A*27oCA#j6!WYf#","tls_required":false,"name":"","lang":"go","version":"1.16.0","protocol":1,"echo":true,"headers":true,"no_responders":true}
We rely on the net/url package to parse this, so passing a raw URI will fail to parse:
nats.Connect("tls://user:Rmwuukd0QsJI^RMkFGHz1J7vjz0A*27oCA#j6!WYf#@127.0.0.1:4222")
// Result:
Error: parse "tls://user:Rmwuukd0QsJI^RMkFGHz1J7vjz0A*27oCA": invalid port ":Rmwuukd0QsJI^RMkFGHz1J7vjz0A*27oCA" after host
