feat: enforce account jetstream limits and jwt tiers

2026-02-23 06:21:51 -05:00
parent ccbcf759a9
commit 2aa7265db1
8 changed files with 91 additions and 3 deletions
--- a/src/NATS.Server/JetStream/StreamManager.cs
+++ b/src/NATS.Server/JetStream/StreamManager.cs
@@ -1,4 +1,5 @@
 using System.Collections.Concurrent;
+using NATS.Server.Auth;
 using NATS.Server.JetStream.Api;
 using NATS.Server.JetStream.Cluster;
 using NATS.Server.JetStream.MirrorSource;
@@ -11,6 +12,7 @@ namespace NATS.Server.JetStream;

 public sealed class StreamManager
 {
+    private readonly Account? _account;
    private readonly JetStreamMetaGroup? _metaGroup;
    private readonly ConcurrentDictionary<string, StreamHandle> _streams =
        new(StringComparer.Ordinal);
@@ -21,9 +23,10 @@ public sealed class StreamManager
    private readonly ConcurrentDictionary<string, List<SourceCoordinator>> _sourcesByOrigin =
        new(StringComparer.Ordinal);

-    public StreamManager(JetStreamMetaGroup? metaGroup = null)
+    public StreamManager(JetStreamMetaGroup? metaGroup = null, Account? account = null)
    {
        _metaGroup = metaGroup;
+        _account = account;
    }

    public IReadOnlyCollection<string> StreamNames => _streams.Keys.ToArray();
@@ -34,6 +37,10 @@ public sealed class StreamManager
            return JetStreamApiResponse.ErrorResponse(400, "stream name required");

        var normalized = NormalizeConfig(config);
+        var isCreate = !_streams.ContainsKey(normalized.Name);
+        if (isCreate && _account is not null && !_account.TryReserveStream())
+            return JetStreamApiResponse.ErrorResponse(10027, "maximum streams exceeded");
+
        var handle = _streams.AddOrUpdate(
            normalized.Name,
            _ => new StreamHandle(normalized, new MemStore()),