func (p *protocolV2) CheckAuth(client *nsqd.ClientV2, cmd, topicName, channelName string) error {
// if auth is enabled, the client must have authorized already
// compare topic/channel against cached authorization data (refetching if expired)
if p.ctx.isAuthEnabled() {
if !client.HasAuthorizations() {
return protocol.NewFatalClientErr(nil, "E_AUTH_FIRST",
fmt.Sprintf("AUTH required before %s", cmd))
}
ok, err := client.IsAuthorized(topicName, channelName)
if err != nil {
// we don't want to leak errors contacting the auth server to untrusted clients
nsqd.NsqLogger().Logf("PROTOCOL(V2): [%s] Auth Failed %s", client, err)
return protocol.NewFatalClientErr(nil, "E_AUTH_FAILED", "AUTH failed")
}
if !ok {
return protocol.NewFatalClientErr(nil, "E_UNAUTHORIZED",
fmt.Sprintf("AUTH failed for %s on %q %q", cmd, topicName, channelName))
}
}
return nil
}
