|
import { NatsServer } from "/Users/aricart/src/github.com/nats-io/nats.js/test_helpers/mod.ts"; |
|
import { connect } from "@nats-io/transport-deno"; |
|
import { NatsConnectionImpl } from "@nats-io/nats-core/internal"; |
|
import { |
|
createAccount, |
|
createOperator, |
|
createUser, |
|
defaultUserPermissionsLimits, |
|
encodeAccount, |
|
encodeOperator, |
|
encodeUser, |
|
newScopedSigner, |
|
type UserPermissionsLimits, |
|
} from "https://jsr.io/@nats-io/jwt/0.0.9-3/src/mod.ts"; |
|
import { |
|
jwtAuthenticator, |
|
} from "https://jsr.io/@nats-io/nats-core/3.0.0-1/mod.ts"; |
|
|
|
const O = createOperator(); |
|
const SYS = createAccount(); |
|
const A = createAccount(); |
|
const AA = createAccount(); |
|
const U = createUser(); |
|
|
|
const authenticator = jwtAuthenticator( |
|
await encodeUser("U", U, A, {tags:["op:hello"]}, { signer: AA, scopedUser: true }), |
|
); |
|
|
|
const resolver: Record<string, string> = {}; |
|
resolver[A.getPublicKey()] = await encodeAccount("A", A, { |
|
signing_keys: [ |
|
newScopedSigner( |
|
AA, |
|
"test", |
|
defaultUserPermissionsLimits({ |
|
bearer_token: true, |
|
sub: { |
|
allow: [">"], |
|
}, |
|
pub: { |
|
allow: ["hi", "$SYS.>", "foo.{{subject()}}", "bar.{{account-tag(car)}}", "op.{{tag(op)}}"], |
|
}, |
|
} as Partial<UserPermissionsLimits>), |
|
), |
|
], |
|
tags: ["car:BMW"], |
|
limits: { |
|
conn: -1, |
|
subs: -1, |
|
}, |
|
}, { signer: O }); |
|
resolver[SYS.getPublicKey()] = await encodeAccount("SYS", SYS, { |
|
limits: { |
|
conn: -1, |
|
subs: -1, |
|
}, |
|
}, { signer: O }); |
|
const conf = { |
|
debug: true, |
|
operator: await encodeOperator("O", O, { |
|
tags: ["op:smooth"], |
|
system_account: SYS.getPublicKey(), |
|
}), |
|
resolver: "MEMORY", |
|
"resolver_preload": resolver, |
|
}; |
|
|
|
const ns = await NatsServer.start(conf, true); |
|
const nc = await connect({ |
|
port: ns.port, |
|
authenticator, |
|
}) as NatsConnectionImpl; |
|
console.log(await nc.context()); |
