go client

[ghost]

Hey @jirenius Congrats on getting onto the NATS blog :) The article is well written.

I am wondering what happened to the go-client ? Cant find the repo for it.

[ghost]

ah founf it: https://github.com/jirenius/go-res

Is this going to be supported going forward ? I worked out a way to use this from Dart without having to use any nodejs etc.

EDIT: I see it uses NATS so if i put my Go.res code on the client it will need to call Resgate over the NATS call not to local host but to a Server over the WAN. Is this an issue do you think ? Wondering if he new Security package from NATS miht help me make it secure. DO you know anything about the nkey ? https://github.com/nats-io/nkeys

EDIT: BTw they have a js version here: https://github.com/nats-io/ts-nkeys SO it really looks like this is designed for over the WAN i suspect, which is great for my needs. Here is the JWT that wraps the crypt. https://github.com/nats-io/jwt SO it looks like this PKI infra is designed for Client Server over the WAN to me.

[jirenius]

Hi @gedw99! Thanks about the blog. And nice hearing you from again! :)

Regarding package github.com/jirenius/go-res, yes, it will be officially supported by myself.
However, as the README says under Contribution (?), I may still make breaking changes to the go-res package API.
I have actually been working a bit on it the last two days, trying to make it easy to use, yet flexible enough that you can do whatever you want to within the boundaries of the RES protocol specifications.

You used the go-res code in Dart? Dart can load Go code?! Or you mean, you used Dart as the language to make a service?
Anyhow, I would love to see it! :D

I haven't looked fully into nkeys, but understand that you can restrict what subjects (aka. topics) a NATS client (that is, Resgate, or any of the microservices) may subscribe or publish to. While I do like the feature, I don't see that it would add much to Resgate's already existing security. Well, except for perhaps restricting Resgate to only be allowed to subscribe to the range of topics specified by the RES protocol - just in case a hacker found a way to make a Resgate publish arbitrary requests onto NATS.

But since a hacker only has access to Resgate's WebSocket, never the NATS server, they are bound by the strict rules of the RES protocol. I believe the nkeys feature in NATS is primarily to allow non-trusted NATS clients to connect directly to a NATS server. Resgate can be considered trusted.

What sort of attack vector against a Resgate API do you see that would get more secure with nkeys?

To allow using Resgate and NATS on different servers, I have planned to add support to Resgate to make encrypted connections to NATS, and utilizing user/password or token based authentication, supported by NATS Server.

https://godoc.org/github.com/nats-io/nats#UserInfo

As I said, glad to hear from you again, and to try answering your questions :)

[ghost]

You can run golang inside of flutter. So that mean I don't really need a dart resgate client. So you can build mobile and desktop apps with it.

There is a web browser version of flutter coming and golang can run their too. But that's not being admitted to by Google skia team.

Anyways I saw the tidy up in the resgate code is much cleaner and will try again

On Mon, 24 Sep 2018, 21:41 Samuel Jirénius, notifications@github.com wrote:

Hi @gedw99 https://github.com/gedw99! Thanks about the blog. And nice hearing you from again! :)

Regarding package github.com/jirenius/go-res, yes, it will be officially supported by myself. However, as the README https://github.com/jirenius/go-res/blob/master/README.md says under Contribution (?), I may still make breaking changes to the go-res package API. I have actually been working a bit on it the last two days, trying to make it easy to use, yet flexible enough that you can do whatever you want to within the boundaries of the RES protocol specifications.

You used the go-res code in Dart? Dart can load Go code?! Or you mean, you used Dart as the language to make a service? Anyhow, I would love to see it! :D

I haven't looked fully into nkeys, but understand that you can restrict what subjects (aka. topics) a NATS client (that is, Resgate, or any of the microservices) may subscribe or publish to. While I do like the feature, I don't see that it would add much to Resgate's already existing security. Well, except for perhaps restricting Resgate to only be allowed to subscribe to the range of topics specified by the RES protocol - just in case a hacker found a way to make a Resgate publish arbitrary requests onto NATS.

But since a hacker only has access to Resgate's WebSocket, never the NATS server, they are bound by the strict rules of the RES protocol. I believe the nkeys feature in NATS is primarily to allow non-trusted NATS clients to connect directly to a NATS server. Resgate can be considered trusted.

What sort of attack vector against a Resgate API do you see that would get more secure with nkeys?

To allow using Resgate and NATS on different servers, I have planned to add support to Resgate to make encrypted connections to NATS, and utilizing user/password or token based authentication, supported by NATS Server https://github.com/nats-io/gnatsd.

https://godoc.org/github.com/nats-io/nats#UserInfo

As I said, glad to hear from you again, and to try answering your questions :)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jirenius/resgate/issues/52#issuecomment-424099702, or mute the thread https://github.com/notifications/unsubscribe-auth/ATuCwvvwygUHQuROyP3EFRfjI0P0wm93ks5ueTV-gaJpZM4W2huj .

[jirenius]

Closing topic