feat: add response permission tracking for dynamic reply subject authorization
This commit is contained in:
@@ -6,12 +6,14 @@ public sealed class ClientPermissions : IDisposable
|
||||
{
|
||||
private readonly PermissionSet? _publish;
|
||||
private readonly PermissionSet? _subscribe;
|
||||
private readonly ResponseTracker? _responseTracker;
|
||||
private readonly PermissionLruCache _pubCache = new(128);
|
||||
|
||||
private ClientPermissions(PermissionSet? publish, PermissionSet? subscribe)
|
||||
private ClientPermissions(PermissionSet? publish, PermissionSet? subscribe, ResponseTracker? responseTracker)
|
||||
{
|
||||
_publish = publish;
|
||||
_subscribe = subscribe;
|
||||
_responseTracker = responseTracker;
|
||||
}
|
||||
|
||||
public static ClientPermissions? Build(Permissions? permissions)
|
||||
@@ -21,13 +23,18 @@ public sealed class ClientPermissions : IDisposable
|
||||
|
||||
var pub = PermissionSet.Build(permissions.Publish);
|
||||
var sub = PermissionSet.Build(permissions.Subscribe);
|
||||
ResponseTracker? responseTracker = null;
|
||||
if (permissions.Response != null)
|
||||
responseTracker = new ResponseTracker(permissions.Response.MaxMsgs, permissions.Response.Expires);
|
||||
|
||||
if (pub == null && sub == null)
|
||||
if (pub == null && sub == null && responseTracker == null)
|
||||
return null;
|
||||
|
||||
return new ClientPermissions(pub, sub);
|
||||
return new ClientPermissions(pub, sub, responseTracker);
|
||||
}
|
||||
|
||||
public ResponseTracker? ResponseTracker => _responseTracker;
|
||||
|
||||
public bool IsPublishAllowed(string subject)
|
||||
{
|
||||
if (_publish == null)
|
||||
@@ -37,6 +44,14 @@ public sealed class ClientPermissions : IDisposable
|
||||
return cached;
|
||||
|
||||
var allowed = _publish.IsAllowed(subject);
|
||||
|
||||
// If denied but response tracking is enabled, check reply table
|
||||
if (!allowed && _responseTracker != null)
|
||||
{
|
||||
if (_responseTracker.IsReplyAllowed(subject))
|
||||
return true; // Don't cache dynamic reply permissions
|
||||
}
|
||||
|
||||
_pubCache.Set(subject, allowed);
|
||||
return allowed;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user