You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are using nats as a channel for JSON-RPC and exposed it to our client so that they can invoke our API using Message reply = nc.request("req.foo", request)
How do I prevent our client from subscribing to '_INBOX.>' and read other's response?
I am going to look at making that public, but had a thought about making it an option, not sure what the effect would be in the client, I will have to double check. What do you think about having that be settable?
We are using nats as a channel for JSON-RPC and exposed it to our client so that they can invoke our API using
Message reply = nc.request("req.foo", request)
How do I prevent our client from subscribing to '_INBOX.>' and read other's response?
authorization {
CLIENT = {
publish = ["req.foo", "req.bar"]
subscribe = "_INBOX.>"
}
Only way I see now is to mimic NatsConnection.request method to use a custom inbox like _INBOX.clientid.*
and set client specific rule as below
authorization {
CLIENT1 = {
publish = ["req.foo", "req.bar"]
subscribe = "_INBOX.client1.>"
}
Exposing NatsConnection.INBOX_PREFIX might help?
The text was updated successfully, but these errors were encountered: