Adds NatsJwt.SetScopedUserClaims (#6)

https://github.com/nats-io/jwt/blob/41dad79143e9cff55e4bde8af4df7a40ad49786c/v2/user_claims.go#L78 Co-authored-by: Chuck Kasabula <[email protected]>
nats-io · Aug 14, 2024 · 848530c · 848530c
1 parent 247e8b6
commit 848530c
Show file tree

Hide file tree

Showing 3 changed files with 97 additions and 0 deletions.
diff --git a/NATS.Jwt.Tests/Models/NatsUserClaimsTests.cs b/NATS.Jwt.Tests/Models/NatsUserClaimsTests.cs
@@ -208,4 +208,69 @@ public void Deserialize_NullUser_ShouldDeserializeNull()
 
         Assert.Null(deserialized.User);
     }
+
+    [Fact]
+    public void TestSetScoped()
+    {
+        var initUser = (NatsUser user) =>
+        {
+            user.Pub = new NatsPermission { Allow = ["allowed.>"], Deny = ["denied.>"], };
+            user.Sub = new NatsPermission { Allow = ["allowed.>"], Deny = ["denied.>"], };
+            user.Resp = new NatsResponsePermission { MaxMsgs = 100, Expires = TimeSpan.FromSeconds(60), };
+            user.Src = ["192.168.1.0/24"];
+            user.Times = [new TimeRange { Start = "09:00:00", End = "17:00:00", }];
+            user.Locale = "America/New_York";
+            user.Subs = 1000;
+            user.Data = 10_000_000;
+            user.Payload = 1024;
+            user.BearerToken = true;
+            user.AllowedConnectionTypes = ["STANDARD", "WEBSOCKET"];
+        };
+
+        var claims = new NatsUserClaims();
+        initUser(claims.User);
+        claims.SetScoped(true);
+
+        Assert.Equal(claims.User.Pub, new NatsPermission());
+        Assert.Equal(claims.User.Sub, new NatsPermission());
+        Assert.Equal(claims.User.Resp, default);
+        Assert.Equal(claims.User.Src, default);
+        Assert.Equal(claims.User.Times, default);
+        Assert.Equal(claims.User.Locale, default);
+        Assert.Equal(claims.User.Subs, 0);
+        Assert.Equal(claims.User.Data, 0);
+        Assert.Equal(claims.User.Payload, 0);
+        Assert.Equal(claims.User.BearerToken, default);
+        Assert.Equal(claims.User.AllowedConnectionTypes, default);
+
+        initUser(claims.User);
+        claims.SetScoped(false);
+
+        Assert.NotNull(claims.User.Pub);
+        Assert.NotNull(claims.User.Pub.Allow);
+        Assert.Equal(claims.User.Pub.Allow.Count, 1);
+        Assert.Equal(claims.User.Pub.Allow[0], "allowed.>");
+        Assert.NotNull(claims.User.Pub.Deny);
+        Assert.Equal(claims.User.Pub.Deny.Count, 1);
+        Assert.Equal(claims.User.Pub.Deny[0], "denied.>");
+        Assert.NotNull(claims.User.Sub);
+        Assert.NotNull(claims.User.Sub.Allow);
+        Assert.Equal(claims.User.Sub.Allow.Count, 1);
+        Assert.Equal(claims.User.Sub.Allow[0], "allowed.>");
+        Assert.NotNull(claims.User.Sub.Deny);
+        Assert.Equal(claims.User.Sub.Deny.Count, 1);
+        Assert.Equal(claims.User.Sub.Deny[0], "denied.>");
+        Assert.Equal(claims.User.Resp, new NatsResponsePermission { MaxMsgs = 100, Expires = TimeSpan.FromSeconds(60), });
+        Assert.Equal(claims.User.Src, default);
+        Assert.Equal(claims.User.Times, default);
+        Assert.Equal(claims.User.Locale, default);
+        Assert.Equal(claims.User.Subs, NatsJwt.NoLimit);
+        Assert.Equal(claims.User.Data, NatsJwt.NoLimit);
+        Assert.Equal(claims.User.Payload, NatsJwt.NoLimit);
+        Assert.Equal(claims.User.BearerToken, true);
+        Assert.NotNull(claims.User.AllowedConnectionTypes);
+        Assert.Equal(claims.User.AllowedConnectionTypes.Count, 2);
+        Assert.Equal(claims.User.AllowedConnectionTypes[0], "STANDARD");
+        Assert.Equal(claims.User.AllowedConnectionTypes[1], "WEBSOCKET");
+    }
 }
diff --git a/NATS.Jwt/Models/NatsUserClaims.cs b/NATS.Jwt/Models/NatsUserClaims.cs
@@ -17,4 +17,35 @@ public record NatsUserClaims : JwtClaimsData
     [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)]
     [JsonPropertyOrder(1)]
     public NatsUser User { get; set; } = new();
+
+    /// <summary>
+    /// Sets the user claims as scoped or not.
+    /// </summary>
+    /// <param name="scoped">Indicates whether the user claims should be scoped or not.</param>
+    public void SetScoped(bool scoped)
+    {
+#pragma warning disable CS8625 // Cannot convert null literal to non-nullable reference type.
+        User.Src = default;
+        User.Times = default;
+        User.Locale = default;
+
+        if (scoped)
+        {
+            User.Pub = new NatsPermission();
+            User.Sub = new NatsPermission();
+            User.Resp = default;
+            User.Subs = 0;
+            User.Data = 0;
+            User.Payload = 0;
+            User.BearerToken = default;
+            User.AllowedConnectionTypes = default;
+        }
+        else
+        {
+            User.Subs = NatsJwt.NoLimit;
+            User.Data = NatsJwt.NoLimit;
+            User.Payload = NatsJwt.NoLimit;
+        }
+#pragma warning restore CS8625 // Cannot convert null literal to non-nullable reference type.
+    }
 }
diff --git a/NATS.Jwt/PublicAPI.Unshipped.txt b/NATS.Jwt/PublicAPI.Unshipped.txt
@@ -352,6 +352,7 @@ NATS.Jwt.Models.NatsUser.Times.set -> void
 NATS.Jwt.Models.NatsUserClaims
 NATS.Jwt.Models.NatsUserClaims.User.get -> NATS.Jwt.Models.NatsUser!
 NATS.Jwt.Models.NatsUserClaims.User.set -> void
+NATS.Jwt.Models.NatsUserClaims.SetScoped(bool scoped) -> void
 NATS.Jwt.Models.NatsWeightedMapping
 NATS.Jwt.Models.NatsWeightedMapping.Cluster.get -> string!
 NATS.Jwt.Models.NatsWeightedMapping.Cluster.set -> void