get.pme.sh/pnats@v0.0.0-20240304004023-26bb5a137ed0/test/configs/auths.conf

get.pme.sh/pnats@v0.0.0-20240304004023-26bb5a137ed0/test/configs/auths.conf (about)

     1  # Our role based permissions.
     2  
     3  # Admin can do anything.
     4  ADMIN = {
     5    publish = ">"
     6    subscribe = ">"
     7  }
     8  
     9  # Can do requests on req.foo or req.bar, and subscribe to anything
    10  # that is a response, e.g. _INBOX.*
    11  #
    12  # Notice that authorization filters can be singletons or arrays.
    13  
    14  REQUESTOR = {
    15    publish = ["req.foo", "req.bar"]
    16    subscribe = "_INBOX.*"
    17  }
    18  
    19  # Default permissions if none presented. e.g. Joe below.
    20  DEFAULT_PERMISSIONS = {
    21     publish = "SANDBOX.*"
    22     subscribe = ["PUBLIC.>", "_INBOX.>"]
    23  }
    24  
    25  # This is to benchmark pub performance.
    26  BENCH = {
    27     publish = "a"
    28  }
    29  
    30  # New Style Permissions
    31  
    32  NEW_STYLE = {
    33    publish = {
    34      allow = "*.*"
    35      deny = ["SYS.*", "bar.baz", "foo.*"]
    36    }
    37    subscribe = {
    38      allow = ["foo.*", "SYS.TEST.>"]
    39      deny = ["foo.baz", "SYS.*"]
    40    }
    41  }
    42  
    43  NS_PUB = {
    44    publish = "foo.baz"
    45    subscribe = "foo.baz"
    46  }
    47  
    48  BENCH_DENY = {
    49     subscribe = {
    50      allow = ["foo", "*"]
    51      deny = "foo.bar"
    52    }
    53  }
    54  
    55  # This is for services where you only want
    56  # responses to reply subjects to be allowed.
    57  MY_SERVICE = {
    58      subscribe = "my.service.req"
    59      publish_allow_responses: true
    60    }
    61  
    62  # This is a more detailed example where responses
    63  # could be streams and you want to set the TTL
    64  # and maximum allowed.
    65  MY_STREAM_SERVICE = {
    66      subscribe = "my.service.req"
    67      allow_responses = {max: 10, ttl: "50ms"}
    68  }