feat: add JwtAuthenticator with account resolution, revocation, and template expansion

2026-02-23 04:41:01 -05:00
parent 39a1383de2
commit afbbccab82
7 changed files with 790 additions and 1 deletions
--- a/src/NATS.Server/Auth/Account.cs
+++ b/src/NATS.Server/Auth/Account.cs
@@ -13,6 +13,24 @@ public sealed class Account : IDisposable
    public int MaxConnections { get; set; } // 0 = unlimited
    public int MaxSubscriptions { get; set; } // 0 = unlimited

+    // JWT fields
+    public string? Nkey { get; set; }
+    public string? Issuer { get; set; }
+    public Dictionary<string, object>? SigningKeys { get; set; }
+    private readonly ConcurrentDictionary<string, long> _revokedUsers = new(StringComparer.Ordinal);
+
+    public void RevokeUser(string userNkey, long issuedAt) => _revokedUsers[userNkey] = issuedAt;
+
+    public bool IsUserRevoked(string userNkey, long issuedAt)
+    {
+        if (_revokedUsers.TryGetValue(userNkey, out var revokedAt))
+            return issuedAt <= revokedAt;
+        // Check "*" wildcard for all-user revocation
+        if (_revokedUsers.TryGetValue("*", out revokedAt))
+            return issuedAt <= revokedAt;
+        return false;
+    }
+
    private readonly ConcurrentDictionary<ulong, byte> _clients = new();
    private int _subscriptionCount;