feat: add auth model types (User, NKeyUser, Permissions) and auth config to NatsOptions

src/NATS.Server/Auth/NKeyUser.cs

@@ -0,0 +1,9 @@
+namespace NATS.Server.Auth;
+
+public sealed class NKeyUser
+{
+    public required string Nkey { get; init; }
+    public Permissions? Permissions { get; init; }
+    public string? Account { get; init; }
+    public string? SigningKey { get; init; }
+}

src/NATS.Server/Auth/Permissions.cs

@@ -0,0 +1,20 @@
+namespace NATS.Server.Auth;
+
+public sealed class Permissions
+{
+    public SubjectPermission? Publish { get; init; }
+    public SubjectPermission? Subscribe { get; init; }
+    public ResponsePermission? Response { get; init; }
+}
+
+public sealed class SubjectPermission
+{
+    public IReadOnlyList<string>? Allow { get; init; }
+    public IReadOnlyList<string>? Deny { get; init; }
+}
+
+public sealed class ResponsePermission
+{
+    public int MaxMsgs { get; init; }
+    public TimeSpan Expires { get; init; }
+}

src/NATS.Server/Auth/User.cs

@@ -0,0 +1,10 @@
+namespace NATS.Server.Auth;
+
+public sealed class User
+{
+    public required string Username { get; init; }
+    public required string Password { get; init; }
+    public Permissions? Permissions { get; init; }
+    public string? Account { get; init; }
+    public DateTimeOffset? ConnectionDeadline { get; init; }
+}

src/NATS.Server/NatsOptions.cs

@@ -1,3 +1,5 @@
+using NATS.Server.Auth;
+
 namespace NATS.Server;
 
 public sealed class NatsOptions
@@ -10,4 +12,19 @@ public sealed class NatsOptions
     public int MaxConnections { get; set; } = 65536;
     public TimeSpan PingInterval { get; set; } = TimeSpan.FromMinutes(2);
     public int MaxPingsOut { get; set; } = 2;
+
+    // Simple auth (single user)
+    public string? Username { get; set; }
+    public string? Password { get; set; }
+    public string? Authorization { get; set; }
+
+    // Multiple users/nkeys
+    public IReadOnlyList<User>? Users { get; set; }
+    public IReadOnlyList<NKeyUser>? NKeys { get; set; }
+
+    // Default/fallback
+    public string? NoAuthUser { get; set; }
+
+    // Auth timing
+    public TimeSpan AuthTimeout { get; set; } = TimeSpan.FromSeconds(1);
 }

tests/NATS.Server.Tests/AuthConfigTests.cs

@@ -0,0 +1,21 @@
+using NATS.Server;
+using NATS.Server.Auth;
+
+namespace NATS.Server.Tests;
+
+public class AuthConfigTests
+{
+    [Fact]
+    public void NatsOptions_has_auth_fields_with_defaults()
+    {
+        var opts = new NatsOptions();
+
+        opts.Username.ShouldBeNull();
+        opts.Password.ShouldBeNull();
+        opts.Authorization.ShouldBeNull();
+        opts.Users.ShouldBeNull();
+        opts.NKeys.ShouldBeNull();
+        opts.NoAuthUser.ShouldBeNull();
+        opts.AuthTimeout.ShouldBe(TimeSpan.FromSeconds(1));
+    }
+}