Merge branch 'feature/sections-7-10-gaps' into main

2026-02-23 03:34:00 -05:00
parent 42c7c9cb7a 56de543713
commit cc5ce63cb9
28 changed files with 1165 additions and 62 deletions
--- a/tests/NATS.Server.Tests/LoggingTests.cs
+++ b/tests/NATS.Server.Tests/LoggingTests.cs
@@ -0,0 +1,60 @@
+using Serilog;
+
+namespace NATS.Server.Tests;
+
+public class LoggingTests : IDisposable
+{
+    private readonly string _logDir;
+
+    public LoggingTests()
+    {
+        _logDir = Path.Combine(Path.GetTempPath(), $"nats-log-test-{Guid.NewGuid():N}");
+        Directory.CreateDirectory(_logDir);
+    }
+
+    public void Dispose()
+    {
+        try { Directory.Delete(_logDir, true); } catch { }
+    }
+
+    [Fact]
+    public void File_sink_creates_log_file()
+    {
+        var logPath = Path.Combine(_logDir, "test.log");
+
+        using var logger = new LoggerConfiguration()
+            .WriteTo.File(logPath)
+            .CreateLogger();
+
+        logger.Information("Hello from test");
+        logger.Dispose();
+
+        File.Exists(logPath).ShouldBeTrue();
+        var content = File.ReadAllText(logPath);
+        content.ShouldContain("Hello from test");
+    }
+
+    [Fact]
+    public void File_sink_rotates_on_size_limit()
+    {
+        var logPath = Path.Combine(_logDir, "rotate.log");
+
+        using var logger = new LoggerConfiguration()
+            .WriteTo.File(
+                logPath,
+                fileSizeLimitBytes: 200,
+                rollOnFileSizeLimit: true,
+                retainedFileCountLimit: 3)
+            .CreateLogger();
+
+        // Write enough to trigger rotation
+        for (int i = 0; i < 50; i++)
+            logger.Information("Log message number {Number} with some padding text", i);
+
+        logger.Dispose();
+
+        // Should have created rotated files
+        var logFiles = Directory.GetFiles(_logDir, "rotate*.log");
+        logFiles.Length.ShouldBeGreaterThan(1);
+    }
+}
--- a/tests/NATS.Server.Tests/MonitorTests.cs
+++ b/tests/NATS.Server.Tests/MonitorTests.cs
@@ -179,6 +179,53 @@ public class MonitorTests : IAsyncLifetime
        conn.Subs.ShouldContain("bar");
    }

+    [Fact]
+    public async Task Connz_state_closed_returns_disconnected_clients()
+    {
+        // Connect then disconnect a client
+        var sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
+        await sock.ConnectAsync(new IPEndPoint(IPAddress.Loopback, _natsPort));
+        using var stream = new NetworkStream(sock);
+        var buf = new byte[4096];
+        _ = await stream.ReadAsync(buf);
+        await stream.WriteAsync("CONNECT {\"name\":\"closing-client\"}\r\n"u8.ToArray());
+        await Task.Delay(200);
+        sock.Shutdown(SocketShutdown.Both);
+        sock.Dispose();
+        await Task.Delay(500);
+
+        var response = await _http.GetAsync($"http://127.0.0.1:{_monitorPort}/connz?state=closed");
+        var connz = await response.Content.ReadFromJsonAsync<Connz>();
+        connz.ShouldNotBeNull();
+        connz.Conns.ShouldContain(c => c.Name == "closing-client");
+        var closed = connz.Conns.First(c => c.Name == "closing-client");
+        closed.Stop.ShouldNotBeNull();
+        closed.Reason.ShouldNotBeNullOrEmpty();
+    }
+
+    [Fact]
+    public async Task Connz_sort_by_stop_requires_closed_state()
+    {
+        var response = await _http.GetAsync($"http://127.0.0.1:{_monitorPort}/connz?sort=stop&state=open");
+        var connz = await response.Content.ReadFromJsonAsync<Connz>();
+        connz.ShouldNotBeNull();
+    }
+
+    [Fact]
+    public async Task Connz_sort_by_reason()
+    {
+        var sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
+        await sock.ConnectAsync(new IPEndPoint(IPAddress.Loopback, _natsPort));
+        var buf = new byte[4096];
+        _ = await sock.ReceiveAsync(buf);
+        sock.Shutdown(SocketShutdown.Both);
+        sock.Dispose();
+        await Task.Delay(500);
+
+        var response = await _http.GetAsync($"http://127.0.0.1:{_monitorPort}/connz?sort=reason&state=closed");
+        response.StatusCode.ShouldBe(HttpStatusCode.OK);
+    }
+
    private static int GetFreePort()
    {
        using var sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
--- a/tests/NATS.Server.Tests/NATS.Server.Tests.csproj
+++ b/tests/NATS.Server.Tests/NATS.Server.Tests.csproj
@@ -13,6 +13,7 @@
    <PackageReference Include="xunit" />
    <PackageReference Include="xunit.runner.visualstudio" />
    <PackageReference Include="NATS.NKeys" />
+    <PackageReference Include="Serilog.Sinks.File" />
  </ItemGroup>

  <ItemGroup>
--- a/tests/NATS.Server.Tests/RttTests.cs
+++ b/tests/NATS.Server.Tests/RttTests.cs
@@ -0,0 +1,123 @@
+using System.Net;
+using System.Net.Http.Json;
+using System.Net.Sockets;
+using Microsoft.Extensions.Logging.Abstractions;
+using NATS.Server.Monitoring;
+
+namespace NATS.Server.Tests;
+
+public class RttTests : IAsyncLifetime
+{
+    private readonly NatsServer _server;
+    private readonly int _natsPort;
+    private readonly int _monitorPort;
+    private readonly CancellationTokenSource _cts = new();
+    private readonly HttpClient _http = new();
+
+    public RttTests()
+    {
+        _natsPort = GetFreePort();
+        _monitorPort = GetFreePort();
+        _server = new NatsServer(
+            new NatsOptions
+            {
+                Port = _natsPort,
+                MonitorPort = _monitorPort,
+                PingInterval = TimeSpan.FromMilliseconds(200),
+                MaxPingsOut = 4,
+            },
+            NullLoggerFactory.Instance);
+    }
+
+    public async Task InitializeAsync()
+    {
+        _ = _server.StartAsync(_cts.Token);
+        await _server.WaitForReadyAsync();
+        for (int i = 0; i < 50; i++)
+        {
+            try
+            {
+                var resp = await _http.GetAsync($"http://127.0.0.1:{_monitorPort}/healthz");
+                if (resp.IsSuccessStatusCode) break;
+            }
+            catch (HttpRequestException) { }
+            await Task.Delay(50);
+        }
+    }
+
+    public async Task DisposeAsync()
+    {
+        _http.Dispose();
+        await _cts.CancelAsync();
+        _server.Dispose();
+    }
+
+    [Fact]
+    public async Task Rtt_populated_after_ping_pong_cycle()
+    {
+        using var sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
+        await sock.ConnectAsync(new IPEndPoint(IPAddress.Loopback, _natsPort));
+        using var stream = new NetworkStream(sock);
+        var buf = new byte[4096];
+        _ = await stream.ReadAsync(buf); // INFO
+
+        // Send CONNECT + PING (triggers firstPongSent)
+        await stream.WriteAsync("CONNECT {}\r\nPING\r\n"u8.ToArray());
+        await stream.FlushAsync();
+        _ = await stream.ReadAsync(buf); // PONG
+
+        // Wait for server's PING cycle
+        await Task.Delay(500);
+
+        // Read server PING and respond with PONG
+        var received = new byte[4096];
+        int totalRead = 0;
+        bool gotPing = false;
+        using var readCts = new CancellationTokenSource(2000);
+        while (!gotPing && !readCts.IsCancellationRequested)
+        {
+            var n = await stream.ReadAsync(received.AsMemory(totalRead), readCts.Token);
+            totalRead += n;
+            var text = System.Text.Encoding.ASCII.GetString(received, 0, totalRead);
+            if (text.Contains("PING"))
+            {
+                gotPing = true;
+                await stream.WriteAsync("PONG\r\n"u8.ToArray());
+                await stream.FlushAsync();
+            }
+        }
+
+        gotPing.ShouldBeTrue("Server should have sent PING");
+
+        // Wait for RTT to be computed
+        await Task.Delay(200);
+
+        var response = await _http.GetAsync($"http://127.0.0.1:{_monitorPort}/connz");
+        var connz = await response.Content.ReadFromJsonAsync<Connz>();
+        connz.ShouldNotBeNull();
+        var conn = connz.Conns.FirstOrDefault(c => c.Rtt != "");
+        conn.ShouldNotBeNull("At least one connection should have RTT populated");
+    }
+
+    [Fact]
+    public async Task Connz_sort_by_rtt()
+    {
+        using var sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
+        await sock.ConnectAsync(new IPEndPoint(IPAddress.Loopback, _natsPort));
+        using var stream = new NetworkStream(sock);
+        var buf = new byte[4096];
+        _ = await stream.ReadAsync(buf);
+        await stream.WriteAsync("CONNECT {}\r\n"u8.ToArray());
+        await Task.Delay(200);
+
+        var response = await _http.GetAsync($"http://127.0.0.1:{_monitorPort}/connz?sort=rtt");
+        response.StatusCode.ShouldBe(System.Net.HttpStatusCode.OK);
+    }
+
+    private static int GetFreePort()
+    {
+        using var sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
+        sock.Bind(new IPEndPoint(IPAddress.Loopback, 0));
+        return ((IPEndPoint)sock.LocalEndPoint!).Port;
+    }
+}
--- a/tests/NATS.Server.Tests/ServerStatsTests.cs
+++ b/tests/NATS.Server.Tests/ServerStatsTests.cs
@@ -75,6 +75,27 @@ public class ServerStatsTests : IAsyncLifetime
        client.StartTime.ShouldNotBe(default);
    }

+    [Fact]
+    public void StaleConnection_stats_incremented_on_mark_closed()
+    {
+        var stats = new ServerStats();
+        stats.StaleConnectionClients.ShouldBe(0);
+
+        Interlocked.Increment(ref stats.StaleConnectionClients);
+        stats.StaleConnectionClients.ShouldBe(1);
+    }
+
+    [Fact]
+    public void StaleConnection_stats_all_fields_default_to_zero()
+    {
+        var stats = new ServerStats();
+        stats.StaleConnections.ShouldBe(0);
+        stats.StaleConnectionClients.ShouldBe(0);
+        stats.StaleConnectionRoutes.ShouldBe(0);
+        stats.StaleConnectionLeafs.ShouldBe(0);
+        stats.StaleConnectionGateways.ShouldBe(0);
+    }
+
    private static int GetFreePort()
    {
        using var sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
--- a/tests/NATS.Server.Tests/SubszTests.cs
+++ b/tests/NATS.Server.Tests/SubszTests.cs
@@ -0,0 +1,137 @@
+using System.Net;
+using System.Net.Http.Json;
+using System.Net.Sockets;
+using Microsoft.Extensions.Logging.Abstractions;
+using NATS.Server.Monitoring;
+
+namespace NATS.Server.Tests;
+
+public class SubszTests : IAsyncLifetime
+{
+    private readonly NatsServer _server;
+    private readonly int _natsPort;
+    private readonly int _monitorPort;
+    private readonly CancellationTokenSource _cts = new();
+    private readonly HttpClient _http = new();
+
+    public SubszTests()
+    {
+        _natsPort = GetFreePort();
+        _monitorPort = GetFreePort();
+        _server = new NatsServer(
+            new NatsOptions { Port = _natsPort, MonitorPort = _monitorPort },
+            NullLoggerFactory.Instance);
+    }
+
+    public async Task InitializeAsync()
+    {
+        _ = _server.StartAsync(_cts.Token);
+        await _server.WaitForReadyAsync();
+        for (int i = 0; i < 50; i++)
+        {
+            try
+            {
+                var resp = await _http.GetAsync($"http://127.0.0.1:{_monitorPort}/healthz");
+                if (resp.IsSuccessStatusCode) break;
+            }
+            catch (HttpRequestException) { }
+            await Task.Delay(50);
+        }
+    }
+
+    public async Task DisposeAsync()
+    {
+        _http.Dispose();
+        await _cts.CancelAsync();
+        _server.Dispose();
+    }
+
+    [Fact]
+    public async Task Subz_returns_empty_when_no_subscriptions()
+    {
+        var response = await _http.GetAsync($"http://127.0.0.1:{_monitorPort}/subz");
+        response.StatusCode.ShouldBe(HttpStatusCode.OK);
+
+        var subz = await response.Content.ReadFromJsonAsync<Subsz>();
+        subz.ShouldNotBeNull();
+        subz.NumSubs.ShouldBe(0u);
+    }
+
+    [Fact]
+    public async Task Subz_returns_count_with_subscriptions()
+    {
+        using var sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
+        await sock.ConnectAsync(new IPEndPoint(IPAddress.Loopback, _natsPort));
+        using var stream = new NetworkStream(sock);
+        var buf = new byte[4096];
+        _ = await stream.ReadAsync(buf);
+        await stream.WriteAsync("CONNECT {}\r\nSUB foo 1\r\nSUB bar 2\r\nSUB baz.* 3\r\n"u8.ToArray());
+        await Task.Delay(200);
+
+        var response = await _http.GetAsync($"http://127.0.0.1:{_monitorPort}/subz");
+        var subz = await response.Content.ReadFromJsonAsync<Subsz>();
+        subz.ShouldNotBeNull();
+        subz.NumSubs.ShouldBeGreaterThanOrEqualTo(3u);
+    }
+
+    [Fact]
+    public async Task Subz_subs_true_returns_subscription_details()
+    {
+        using var sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
+        await sock.ConnectAsync(new IPEndPoint(IPAddress.Loopback, _natsPort));
+        using var stream = new NetworkStream(sock);
+        var buf = new byte[4096];
+        _ = await stream.ReadAsync(buf);
+        await stream.WriteAsync("CONNECT {}\r\nSUB foo 1\r\n"u8.ToArray());
+        await Task.Delay(200);
+
+        var response = await _http.GetAsync($"http://127.0.0.1:{_monitorPort}/subz?subs=true");
+        var subz = await response.Content.ReadFromJsonAsync<Subsz>();
+        subz.ShouldNotBeNull();
+        subz.Subs.ShouldNotBeEmpty();
+        subz.Subs.ShouldContain(s => s.Subject == "foo");
+    }
+
+    [Fact]
+    public async Task Subz_test_subject_filters_matching_subs()
+    {
+        using var sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
+        await sock.ConnectAsync(new IPEndPoint(IPAddress.Loopback, _natsPort));
+        using var stream = new NetworkStream(sock);
+        var buf = new byte[4096];
+        _ = await stream.ReadAsync(buf);
+        await stream.WriteAsync("CONNECT {}\r\nSUB foo.* 1\r\nSUB bar 2\r\n"u8.ToArray());
+        await Task.Delay(200);
+
+        var response = await _http.GetAsync($"http://127.0.0.1:{_monitorPort}/subz?subs=true&test=foo.hello");
+        var subz = await response.Content.ReadFromJsonAsync<Subsz>();
+        subz.ShouldNotBeNull();
+        subz.Subs.ShouldContain(s => s.Subject == "foo.*");
+        subz.Subs.ShouldNotContain(s => s.Subject == "bar");
+    }
+
+    [Fact]
+    public async Task Subz_pagination()
+    {
+        using var sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
+        await sock.ConnectAsync(new IPEndPoint(IPAddress.Loopback, _natsPort));
+        using var stream = new NetworkStream(sock);
+        var buf = new byte[4096];
+        _ = await stream.ReadAsync(buf);
+        await stream.WriteAsync("CONNECT {}\r\nSUB a 1\r\nSUB b 2\r\nSUB c 3\r\n"u8.ToArray());
+        await Task.Delay(200);
+
+        var response = await _http.GetAsync($"http://127.0.0.1:{_monitorPort}/subz?subs=true&offset=0&limit=2");
+        var subz = await response.Content.ReadFromJsonAsync<Subsz>();
+        subz.ShouldNotBeNull();
+        subz.Subs.Length.ShouldBe(2);
+        subz.Total.ShouldBeGreaterThanOrEqualTo(3);
+    }
+
+    private static int GetFreePort()
+    {
+        using var sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
+        sock.Bind(new IPEndPoint(IPAddress.Loopback, 0));
+        return ((IPEndPoint)sock.LocalEndPoint!).Port;
+    }
+}
--- a/tests/NATS.Server.Tests/TlsMapAuthenticatorTests.cs
+++ b/tests/NATS.Server.Tests/TlsMapAuthenticatorTests.cs
@@ -0,0 +1,134 @@
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using NATS.Server.Auth;
+
+namespace NATS.Server.Tests;
+
+public class TlsMapAuthenticatorTests
+{
+    private static X509Certificate2 CreateSelfSignedCert(string cn)
+    {
+        using var rsa = RSA.Create(2048);
+        var req = new CertificateRequest($"CN={cn}", rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+        return req.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(1));
+    }
+
+    private static X509Certificate2 CreateCertWithDn(string dn)
+    {
+        using var rsa = RSA.Create(2048);
+        var req = new CertificateRequest(dn, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+        return req.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(1));
+    }
+
+    [Fact]
+    public void Matches_user_by_cn()
+    {
+        var users = new List<User>
+        {
+            new() { Username = "alice", Password = "" },
+        };
+        var auth = new TlsMapAuthenticator(users);
+        var cert = CreateSelfSignedCert("alice");
+
+        var ctx = new ClientAuthContext
+        {
+            Opts = new Protocol.ClientOptions(),
+            Nonce = [],
+            ClientCertificate = cert,
+        };
+
+        var result = auth.Authenticate(ctx);
+        result.ShouldNotBeNull();
+        result.Identity.ShouldBe("alice");
+    }
+
+    [Fact]
+    public void Returns_null_when_no_cert()
+    {
+        var users = new List<User>
+        {
+            new() { Username = "alice", Password = "" },
+        };
+        var auth = new TlsMapAuthenticator(users);
+
+        var ctx = new ClientAuthContext
+        {
+            Opts = new Protocol.ClientOptions(),
+            Nonce = [],
+            ClientCertificate = null,
+        };
+
+        var result = auth.Authenticate(ctx);
+        result.ShouldBeNull();
+    }
+
+    [Fact]
+    public void Returns_null_when_cn_doesnt_match()
+    {
+        var users = new List<User>
+        {
+            new() { Username = "alice", Password = "" },
+        };
+        var auth = new TlsMapAuthenticator(users);
+        var cert = CreateSelfSignedCert("bob");
+
+        var ctx = new ClientAuthContext
+        {
+            Opts = new Protocol.ClientOptions(),
+            Nonce = [],
+            ClientCertificate = cert,
+        };
+
+        var result = auth.Authenticate(ctx);
+        result.ShouldBeNull();
+    }
+
+    [Fact]
+    public void Matches_by_full_dn_string()
+    {
+        var users = new List<User>
+        {
+            new() { Username = "CN=alice, O=TestOrg", Password = "" },
+        };
+        var auth = new TlsMapAuthenticator(users);
+        var cert = CreateCertWithDn("CN=alice, O=TestOrg");
+
+        var ctx = new ClientAuthContext
+        {
+            Opts = new Protocol.ClientOptions(),
+            Nonce = [],
+            ClientCertificate = cert,
+        };
+
+        var result = auth.Authenticate(ctx);
+        result.ShouldNotBeNull();
+        result.Identity.ShouldBe("CN=alice, O=TestOrg");
+    }
+
+    [Fact]
+    public void Returns_permissions_from_matched_user()
+    {
+        var perms = new Permissions
+        {
+            Publish = new SubjectPermission { Allow = ["foo.>"] },
+        };
+        var users = new List<User>
+        {
+            new() { Username = "alice", Password = "", Permissions = perms },
+        };
+        var auth = new TlsMapAuthenticator(users);
+        var cert = CreateSelfSignedCert("alice");
+
+        var ctx = new ClientAuthContext
+        {
+            Opts = new Protocol.ClientOptions(),
+            Nonce = [],
+            ClientCertificate = cert,
+        };
+
+        var result = auth.Authenticate(ctx);
+        result.ShouldNotBeNull();
+        result.Permissions.ShouldNotBeNull();
+        result.Permissions.Publish!.Allow!.ShouldContain("foo.>");
+    }
+}
--- a/tests/NATS.Server.Tests/TlsRateLimiterTests.cs
+++ b/tests/NATS.Server.Tests/TlsRateLimiterTests.cs
@@ -0,0 +1,49 @@
+using NATS.Server.Tls;
+
+namespace NATS.Server.Tests;
+
+public class TlsRateLimiterTests
+{
+    [Fact]
+    public async Task Rate_limiter_allows_configured_tokens_per_second()
+    {
+        using var limiter = new TlsRateLimiter(5);
+
+        // Should allow 5 tokens immediately
+        for (int i = 0; i < 5; i++)
+        {
+            using var cts = new CancellationTokenSource(100);
+            await limiter.WaitAsync(cts.Token); // Should not throw
+        }
+
+        // 6th token should block (no refill yet)
+        using var blockCts = new CancellationTokenSource(200);
+        var blocked = false;
+        try
+        {
+            await limiter.WaitAsync(blockCts.Token);
+        }
+        catch (OperationCanceledException)
+        {
+            blocked = true;
+        }
+        blocked.ShouldBeTrue("6th token should be blocked before refill");
+    }
+
+    [Fact]
+    public async Task Rate_limiter_refills_after_one_second()
+    {
+        using var limiter = new TlsRateLimiter(2);
+
+        // Consume all tokens
+        await limiter.WaitAsync(CancellationToken.None);
+        await limiter.WaitAsync(CancellationToken.None);
+
+        // Wait for refill
+        await Task.Delay(1200);
+
+        // Should have tokens again
+        using var cts = new CancellationTokenSource(200);
+        await limiter.WaitAsync(cts.Token); // Should not throw
+    }
+}