Improve NATS

2023-10-27 21:46:09 +02:00 · 2023-10-27 21:46:09 +02:00 · 67716a883d
commit 67716a883d
parent 4afa9a01b6
4 changed files with 44 additions and 14 deletions
--- a/go.mod
+++ b/go.mod
@ -8,6 +8,7 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.0.0
 	github.com/google/uuid v1.3.1
 	github.com/nats-io/nats.go v1.31.0
+	github.com/nats-io/nkeys v0.4.5
 	github.com/pelletier/go-toml/v2 v2.1.0
 	github.com/urfave/cli/v2 v2.25.7
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0
--- a/mf-auth.toml
+++ b/mf-auth.toml
@ -1,5 +1,8 @@
 ListenAddr = ":8082"
-NATSAddr = "nats:4222"
-BaseSubject = "microfilm.auth.v1"
+UserServiceBaseURL = "http://mf-users:8080"

-UserServiceBaseURL = "http://mf-users:8080"
+[NATS]
+Enabled = true
+Addr = "nats://nats1:4222,nats://nats2:4222,nats://nats3:4222"
+NKeySeed = "SUAOUHJPINF4CK6TSNZMRR5G4DKGW5S76XRNIYURPEISNMWXJIXSVWIO7Y"
+Subject = "microfilm.auth.v1"
--- a/server/config.go
+++ b/server/config.go
@ -7,13 +7,20 @@ import (
 )

 type Config struct {
-	ListenAddr  string `toml:"ListenAddr"`
-	NATSAddr    string `toml:"NATSAddr"`
-	BaseSubject string `toml:"BaseSubject"`
+	ListenAddr  string      `toml:"ListenAddr"`
+	NATS        *NATSConfig `toml:"NATS"`
+	BaseSubject string      `toml:"BaseSubject"`

 	UserServiceBaseURL string `toml:"UserServiceBaseURL"`
 }

+type NATSConfig struct {
+	Enabled  bool   `toml:"Enabled"`
+	NKeySeed string `toml:"NKeySeed"`
+	Addr     string `toml:"Addr"`
+	Subject  string `toml:"Subject"`
+}
+
 func ConfigFromReader(r io.Reader) (*Config, error) {
 	decoder := toml.NewDecoder(r)
 	var c Config
--- a/server/server.go
+++ b/server/server.go
@ -20,6 +20,7 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/google/uuid"
 	"github.com/nats-io/nats.go"
+	"github.com/nats-io/nkeys"
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp"
 	"go.opentelemetry.io/otel/propagation"
@ -72,16 +73,34 @@ func NewServer(config *Config) (*Server, error) {

 	srv.store = store.NewMemoryAuthStore()

-	conn, err := nats.Connect(config.NATSAddr)
-	if err != nil {
-		return nil, err
-	}
-	encoded, err := nats.NewEncodedConn(conn, "json")
-	if err != nil {
-		return nil, err
+	if config.NATS.Enabled {
+		var opts []nats.Option
+		if config.NATS.NKeySeed != "" {
+			keys, err := nkeys.FromSeed([]byte(config.NATS.NKeySeed))
+			if err != nil {
+				return nil, err
+			}
+			pubkey, err := keys.PublicKey()
+			if err != nil {
+				return nil, err
+			}
+			srv.Logger.Debug("NATS enabled with NKeys", "pubkey", pubkey)
+			creds := nats.Nkey(pubkey, keys.Sign)
+			opts = append(opts, creds)
+		}
+
+		conn, err := nats.Connect(config.NATS.Addr, opts...)
+		if err != nil {
+			return nil, err
+		}
+		encoded, err := nats.NewEncodedConn(conn, "json")
+		if err != nil {
+			return nil, err
+		}
+
+		srv.nats = encoded
 	}

-	srv.nats = encoded
 	srv.userClient = NewUserClient(config.UserServiceBaseURL)

 	// Generate keys