using System.Security.Authentication; using NATS.Server.Auth; namespace NATS.Server; public sealed class NatsOptions { public string Host { get; set; } = "0.0.0.0"; public int Port { get; set; } = 4222; public string? ServerName { get; set; } public int MaxPayload { get; set; } = 1024 * 1024; public int MaxControlLine { get; set; } = 4096; public int MaxConnections { get; set; } = 65536; public long MaxPending { get; set; } = 64 * 1024 * 1024; // 64MB, matching Go MAX_PENDING_SIZE public TimeSpan WriteDeadline { get; set; } = TimeSpan.FromSeconds(10); public TimeSpan PingInterval { get; set; } = TimeSpan.FromMinutes(2); public int MaxPingsOut { get; set; } = 2; // Simple auth (single user) public string? Username { get; set; } public string? Password { get; set; } public string? Authorization { get; set; } // Multiple users/nkeys public IReadOnlyList? Users { get; set; } public IReadOnlyList? NKeys { get; set; } // Default/fallback public string? NoAuthUser { get; set; } // Auth timing public TimeSpan AuthTimeout { get; set; } = TimeSpan.FromSeconds(2); // Monitoring (0 = disabled; standard port is 8222) public int MonitorPort { get; set; } public string MonitorHost { get; set; } = "0.0.0.0"; public string? MonitorBasePath { get; set; } // 0 = disabled public int MonitorHttpsPort { get; set; } // TLS public string? TlsCert { get; set; } public string? TlsKey { get; set; } public string? TlsCaCert { get; set; } public bool TlsVerify { get; set; } public bool TlsMap { get; set; } public TimeSpan TlsTimeout { get; set; } = TimeSpan.FromSeconds(2); public bool TlsHandshakeFirst { get; set; } public TimeSpan TlsHandshakeFirstFallback { get; set; } = TimeSpan.FromMilliseconds(50); public bool AllowNonTls { get; set; } public long TlsRateLimit { get; set; } public HashSet? TlsPinnedCerts { get; set; } public SslProtocols TlsMinVersion { get; set; } = SslProtocols.Tls12; public bool HasTls => TlsCert != null && TlsKey != null; }