using System.Text.Json.Serialization; namespace NATS.Server.Auth.Jwt; ///

/// Represents the claims in a NATS account JWT. /// Contains standard JWT fields (sub, iss, iat, exp) and a NATS-specific nested object /// with account limits, signing keys, and revocations. ///

/// /// Reference: github.com/nats-io/jwt/v2 — AccountClaims, Account, OperatorLimits types /// public sealed class AccountClaims { ///

Subject — the account's NKey public key.

[JsonPropertyName("sub")] public string? Subject { get; set; } ///

Issuer — the operator or signing key that issued this JWT.

[JsonPropertyName("iss")] public string? Issuer { get; set; } ///

Issued-at time as Unix epoch seconds.

[JsonPropertyName("iat")] public long IssuedAt { get; set; } ///

Expiration time as Unix epoch seconds. 0 means no expiry.

[JsonPropertyName("exp")] public long Expires { get; set; } ///

Human-readable name for the account.

[JsonPropertyName("name")] public string? Name { get; set; } ///

NATS-specific account claims.

[JsonPropertyName("nats")] public AccountNats? Nats { get; set; } } ///

/// NATS-specific portion of account JWT claims. /// Contains limits, signing keys, and user revocations. ///

public sealed class AccountNats { ///

Account resource limits.

[JsonPropertyName("limits")] public AccountLimits? Limits { get; set; } ///

JetStream entitlement limits/tier for this account.

[JsonPropertyName("jetstream")] public AccountJetStreamLimits? JetStream { get; set; } ///

NKey public keys authorized to sign user JWTs for this account.

[JsonPropertyName("signing_keys")] public string[]? SigningKeys { get; set; } ///

/// Map of revoked user NKey public keys to the Unix epoch time of revocation. /// Any user JWT issued before the revocation time is considered revoked. ///

[JsonPropertyName("revocations")] public Dictionary? Revocations { get; set; } ///

Tags associated with this account.

[JsonPropertyName("tags")] public string[]? Tags { get; set; } ///

Claim type (e.g., "account").

[JsonPropertyName("type")] public string? Type { get; set; } ///

Claim version.

[JsonPropertyName("version")] public int Version { get; set; } } ///

/// Resource limits for a NATS account. A value of -1 means unlimited. ///

public sealed class AccountLimits { ///

Maximum number of connections. -1 means unlimited.

[JsonPropertyName("conn")] public long MaxConnections { get; set; } ///

Maximum number of subscriptions. -1 means unlimited.

[JsonPropertyName("subs")] public long MaxSubscriptions { get; set; } ///

Maximum payload size in bytes. -1 means unlimited.

[JsonPropertyName("payload")] public long MaxPayload { get; set; } ///

Maximum data transfer in bytes. -1 means unlimited.

[JsonPropertyName("data")] public long MaxData { get; set; } } public sealed class AccountJetStreamLimits { [JsonPropertyName("max_streams")] public int MaxStreams { get; set; } [JsonPropertyName("tier")] public string? Tier { get; set; } }