[FEAT] added connect option ignoreAuthErrorAbort which disables a c…

…onnection abort if client fails to authenticate twice with the same error.

.github/workflows/test.yml

@@ -33,9 +33,9 @@ jobs:
         run: echo "NATS_VERSION=v2.9.5" >> $GITHUB_ENV
 
       # this here because dns seems to be wedged on gha
-      - name: Add hosts to /etc/hosts
-        run: |
-          sudo echo "145.40.102.131 demo.nats.io" | sudo tee -a /etc/hosts
+#      - name: Add hosts to /etc/hosts
+#        run: |
+#          sudo echo "145.40.102.131 demo.nats.io" | sudo tee -a /etc/hosts
 
       - name: Get nats-server
         run: |

nats-base-client/options.ts

@@ -44,6 +44,7 @@ export function defaultOptions(): ConnectionOptions {
     tls: undefined,
     verbose: false,
     waitOnFirstConnect: false,
+    ignoreAuthErrorAbort: false,
   } as ConnectionOptions;
 }
 

nats-base-client/protocol.ts

@@ -466,7 +466,10 @@ export class ProtocolHandler implements Dispatcher<ParserEvent> {
   }
 
   handleAuthError(err: NatsError) {
-    if (this.lastError && err.code === this.lastError.code) {
+    if (
+      (this.lastError && err.code === this.lastError.code) &&
+      this.options.ignoreAuthErrorAbort === false
+    ) {
       this.abortReconnect = true;
     }
     if (this.connectError) {

nats-base-client/types.ts

@@ -352,6 +352,13 @@ export interface ConnectionOptions {
    * to specify a subject where requests can deliver responses.
    */
   inboxPrefix?: string;
+
+  /**
+   * By default, NATS clients will abort reconnect if they fail authentication
+   * twice in a row with the same error, regardless of the reconnect policy.
+   * This option should be used with care as it will disable this behaviour when true
+   */
+  ignoreAuthErrorAbort?: boolean;
 }
 
 /**

tests/auth_test.ts

@@ -36,15 +36,25 @@ import {
   UserPass,
 } from "../src/mod.ts";
 import { assertErrorCode, NatsServer } from "./helpers/mod.ts";
-import { deferred, nkeys } from "../nats-base-client/internal_mod.ts";
-import { NKeyAuth } from "../nats-base-client/authenticator.ts";
+import {
+  deferred,
+  delay,
+  NatsConnectionImpl,
+  nkeys,
+} from "../nats-base-client/internal_mod.ts";
+import {
+  buildAuthenticator,
+  NKeyAuth,
+} from "../nats-base-client/authenticator.ts";
 import { assert } from "../nats-base-client/denobuffer.ts";
 import { cleanup, setup } from "./jstest_util.ts";
 import {
   encodeAccount,
   encodeOperator,
   encodeUser,
 } from "https://raw.githubusercontent.com/nats-io/jwt.js/main/src/jwt.ts";
+import { Msg } from "https://deno.land/x/[email protected]/nats-base-client/types.ts";
+import { DEFAULT_MAX_RECONNECT_ATTEMPTS } from "../nats-base-client/types.ts";
 
 const conf = {
   authorization: {
@@ -968,3 +978,46 @@ Deno.test("auth - perm sub iterator error", async () => {
 
   await cleanup(ns, nc);
 });
+
+Deno.test("auth - ignore auth error abort", async () => {
+  const ns = await NatsServer.start({
+    authorization: {
+      users: [{
+        user: "a",
+        password: "a",
+      }],
+    },
+  });
+  async function t(ignoreAuthErrorAbort = false): Promise<number> {
+    let pass = "a";
+    const authenticator = (): UserPass => {
+      return { user: "a", pass };
+    };
+    const nc = await connect({
+      port: ns.port,
+      authenticator,
+      ignoreAuthErrorAbort,
+      reconnectTimeWait: 150,
+    });
+
+    let count = 0;
+    (async () => {
+      for await (const s of nc.status()) {
+        if (s.type === "error" && s.data === "AUTHORIZATION_VIOLATION") {
+          count++;
+        }
+      }
+    })().then();
+
+    const nci = nc as NatsConnectionImpl;
+    pass = "b";
+    nci.protocol.transport.disconnect();
+
+    await nc.closed();
+    return count;
+  }
+
+  assertEquals(await t(), 2);
+  assertEquals(await t(true), DEFAULT_MAX_RECONNECT_ATTEMPTS);
+  await ns.stop();
+});