get.pme.sh/pnats@v0.0.0-20240304004023-26bb5a137ed0/server/configs/authorization.conf

get.pme.sh/pnats@v0.0.0-20240304004023-26bb5a137ed0/server/configs/authorization.conf (about)

     1  listen: 127.0.0.1:4222
     2  
     3  authorization {
     4    # Our role based permissions.
     5  
     6    # Superuser can do anything.
     7    super_user = {
     8      publish = "*"
     9      subscribe = ">"
    10    }
    11    # Can do requests on foo or bar, and subscribe to anything
    12    # that is a response to an _INBOX.
    13    #
    14    # Notice that authorization filters can be singletons or arrays.
    15    req_pub_user = {
    16      publish = ["req.foo", "req.bar"]
    17      subscribe = "_INBOX.>"
    18    }
    19  
    20    # Setup a default user that can subscribe to anything, but has
    21    # no publish capabilities.
    22    default_user = {
    23      subscribe = "PUBLIC.>"
    24    }
    25  
    26    # Service can listen on the request subject and respond to any
    27    # received reply subject.
    28    my_service = {
    29      subscribe = "my.service.req"
    30      publish_allow_responses: true
    31    }
    32  
    33    # Can support a map with max messages and expiration of the permission.
    34    my_stream_service = {
    35      subscribe = "my.service.req"
    36      allow_responses: {max: 10, expires: "1m"}
    37    }
    38  
    39    # Default permissions if none presented. e.g. susan below.
    40    default_permissions: $default_user
    41  
    42    # Users listed with persmissions.
    43    users = [
    44      {user: alice, password: foo, permissions: $super_user}
    45      {user: bob,   password: bar, permissions: $req_pub_user}
    46      {user: susan, password: baz}
    47      {user: svca,  password: pc,  permissions: $my_service}
    48      {user: svcb,  password: sam, permissions: $my_stream_service}
    49    ]
    50  }