dohertj2/natsnet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(batch1): implement jwt wipe and nonce-required internal logic

Browse Source
This commit is contained in:
Joseph Doherty
2026-02-28 06:30:23 -05:00
parent f9b582dcca
commit d8d71eab95
8 changed files with 161 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dotnet/src/ZB.MOM.NatsNet.Server/Auth/AuthHandler.cs
View File

@@ -269,7 +269,7 @@ public static partial class AuthHandler
/// </summary>
public static void WipeSlice(Span<byte> buf)
{
buf.Fill((byte)'x');
JwtProcessor.WipeSlice(buf);
}
/// <summary>

9
dotnet/src/ZB.MOM.NatsNet.Server/Auth/JwtProcessor.cs
View File

@@ -31,6 +31,15 @@ public static class JwtProcessor
/// </summary>
public const string JwtPrefix = "eyJ";
/// <summary>
/// Wipes a byte slice by filling with <c>'x'</c>.
/// Mirrors Go <c>wipeSlice</c>.
/// </summary>
public static void WipeSlice(Span<byte> buf)
{
buf.Fill((byte)'x');
}
/// <summary>
/// Validates that the given IP host address is allowed by the user claims source CIDRs.
/// Returns true if the host is within any of the allowed CIDRs, or if no CIDRs are specified.

23
dotnet/src/ZB.MOM.NatsNet.Server/NatsServer.Listeners.cs
View File

@@ -61,10 +61,29 @@ public sealed partial class NatsServer
/// <summary>
/// Returns true if this server requires clients to send a nonce for auth.
/// Stub — full implementation in session 11.
/// Mirrors Go <c>Server.NonceRequired()</c>.
/// Mirrors Go <c>Server.nonceRequired()</c>.
/// </summary>
private bool NonceRequired() => false;
private bool NonceRequired()
{
_mu.EnterReadLock();
try
{
return NonceRequiredInternal();
}
finally
{
_mu.ExitReadLock();
}
}
/// <summary>
/// Returns true if this server requires clients to send a nonce for auth.
/// Lock should be held by caller for strict Go parity.
/// Mirrors Go <c>Server.nonceRequired()</c>.
/// </summary>
internal bool NonceRequiredInternal()
=> GetOpts().AlwaysEnableNonce || (_nkeys?.Count > 0) || _trustedKeys != null || _proxiesKeyPairs.Count > 0;
/// <summary>
/// Fills <paramref name="nonce"/> with random bytes.