Merge pull request #70 from wasmCloud/fix/support-jwt-seed-auth

Support jwt and seed authentication for NATS
wasmCloud · Jan 31, 2022 · 2ad063b · 2ad063b
2 parents f930258 + 1752f62
commit 2ad063b
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/rpc-rs/Cargo.toml b/rpc-rs/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "wasmbus-rpc"
-version = "0.7.0-alpha.1"
+version = "0.7.0-alpha.2"
 authors = [ "wasmcloud Team" ]
 license = "Apache-2.0"
 description = "Runtime library for actors and capability providers"
@@ -49,6 +49,7 @@ tokio = { version = "1", features = ["full"]}
 futures = "0.3"
 nats-aflowt = "0.16.103"
 once_cell = "1.8"
+nkeys = "0.2.0"
 crossbeam = "0.8"
 uuid = { version = "0.8", features=["v4", "serde"] }
 wascap = "0.6.0"

diff --git a/rpc-rs/src/provider_main.rs b/rpc-rs/src/provider_main.rs
@@ -91,8 +91,23 @@ where
         RpcError::InvalidParameter(format!("Invalid nats server url '{}': {}", nats_addr, e))
     })?;
 
+    let nats_opts = match (
+        host_data.lattice_rpc_user_jwt.trim(),
+        host_data.lattice_rpc_user_seed.trim(),
+    ) {
+        ("", "") => nats_aflowt::Options::default(),
+        (rpc_jwt, rpc_seed) => {
+            let kp = nkeys::KeyPair::from_seed(rpc_seed).unwrap();
+            let jwt = rpc_jwt.to_owned();
+            nats_aflowt::Options::with_jwt(
+                move || Ok(jwt.to_owned()),
+                move |nonce| kp.sign(nonce).unwrap(),
+            )
+        }
+    };
+
     // Connect to nats
-    let nc = nats_aflowt::Options::default()
+    let nc = nats_opts
         .max_reconnects(None)
         .connect(vec![nats_server])
         .await