gnatsd-refunc/main.go at master · refunc/gnatsd-refunc · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
// Modified from github.com/nats-io/gnatsd/blob/master/main.go
// Copyright antmanler
// Copyright 2012-2016 Apcera Inc. All rights reserved.

package main

import (
	"flag"
	"fmt"
	"io/ioutil"
	"log"
	"os"
	"path/filepath"

	"github.com/antmanler/gnatsd-jwt/jwtauth"
	"github.com/garyburd/redigo/redis"
	"github.com/nats-io/gnatsd/server"
)

var usageStr = `
Usage: gnatsd [options]

Server Options:
    -a, --addr <host>                Bind to host address (default: 0.0.0.0)
    -p, --port <port>                Use port for clients (default: 4222)
    -P, --pid <file>                 File to store PID
    -m, --http_port <port>           Use port for http monitoring
    -ms,--https_port <port>          Use port for https monitoring
    -c, --config <file>              Configuration file
    -sl,--signal <signal>[=<pid>]    Send signal to gnatsd process (stop, quit, reopen, reload)
        --client_advertise <string>  Client URL to advertise to other servers

Logging Options:
    -l, --log <file>                 File to redirect log output
    -T, --logtime                    Timestamp log entries (default: true)
    -s, --syslog                     Log to syslog or windows event log
    -r, --remote_syslog <addr>       Syslog server addr (udp://localhost:514)
    -D, --debug                      Enable debugging output
    -V, --trace                      Trace the raw protocol
    -DV                              Debug and trace

Authorization Options:
        --user <user>                User required for connections
        --pass <password>            Password required for connections
        --auth <token>               Authorization token required for connections
        --jwt_publickey <file>       File name or folder name to load public key(s) for JWT

TLS Options:
        --tls                        Enable TLS, do not verify clients (default: false)
        --tlscert <file>             Server certificate file
        --tlskey <file>              Private key for server certificate
        --tlsverify                  Enable TLS, verify client certificates
        --tlscacert <file>           Client certificate CA for verification

Cluster Options:
        --routes <rurl-1, rurl-2>    Routes to solicit and connect
        --cluster <cluster-url>      Cluster URL for solicited routes
        --no_advertise <bool>        Advertise known cluster IPs to clients
        --cluster_advertise <string> Cluster URL to advertise to other servers
        --connect_retries <number>   For implicit routes, number of connect retries


Common Options:
    -h, --help                       Show this message
    -v, --version                    Show version
        --help_tls                   TLS help
`

// usage will print out the flag options for the server.
func usage() {
	fmt.Printf("%s\n", usageStr)
	os.Exit(0)
}

func main() {
	// Create a FlagSet and sets the usage
	fs := flag.NewFlagSet("nats-server", flag.ExitOnError)
	fs.Usage = usage

	var pkName string
	fs.StringVar(&pkName, "jwt_publickey", "", "File name or folder name to load public key(s) for JWT.")

	// Configure the options from the flags/config file
	opts, err := server.ConfigureOptions(fs, os.Args[1:],
		server.PrintServerAndExit,
		fs.Usage,
		server.PrintTLSHelpAndDie)
	if err != nil {
		server.PrintAndDie(err.Error() + "\n" + usageStr)
	}

	var auther customAuther
	if pkName != "" {
		fi, err := os.Stat(pkName)
		if err != nil {
			server.PrintAndDie(err.Error() + "\n" + usageStr)
			return
		}
		var pkeys []jwtauth.KeyProvider
		if fi.Mode().IsDir() {
			files, err := ioutil.ReadDir(pkName)
			server.PrintAndDie(err.Error() + "\n" + usageStr)
			for _, fi := range files {
				proivder, err := jwtauth.NewLazyPublicKeyFileProvider(filepath.Join(pkName, fi.Name()))
				if err != nil {
					server.PrintAndDie(err.Error() + "\n" + usageStr)
				}
				pkeys = append(pkeys, proivder)
			}
		} else {
			proivder, err := jwtauth.NewLazyPublicKeyFileProvider(pkName)
			if err != nil {
				server.PrintAndDie(err.Error() + "\n" + usageStr)
			}
			pkeys = []jwtauth.KeyProvider{proivder}
		}
		auther = &jwtauth.JWTAuth{
			PublicKeys: pkeys,
		}
	}

	redisURL := os.Getenv("REDIS_URL")
	if redisURL != "" {
		connPool := redis.NewPool(func() (redis.Conn, error) {
			return redis.DialURL(redisURL)
		}, 3)

		c := connPool.Get()
		if _, err := c.Do("PING"); err != nil {
			c.Close()
			log.Fatalf("failed to connect to redis, %v", err)
		}
		c.Close()

		auther = &refuncAuth{
			pool:        connPool,
			tokenAuther: auther,
		}
	}

	if auther != nil {
		opts.CustomClientAuthentication = auther
	}

	// Create the server with appropriate options.
	s := server.New(opts)

	// Configure the logger based on the flags
	s.ConfigureLogger()
	if auther != nil {
		auther.SetLogger(s)
	}

	// Start things up. Block here until done.
	if err := server.Run(s); err != nil {
		server.PrintAndDie(err.Error())
	}
}