forked from TrueCloudLab/frostfs-node
[#1371] bearer: Upgrade SDK package
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
parent
ae92074272
commit
3a188bb2e5
13 changed files with 80 additions and 85 deletions
|
@ -3,11 +3,11 @@ package internal
|
||||||
import (
|
import (
|
||||||
"io"
|
"io"
|
||||||
|
|
||||||
|
"github.com/nspcc-dev/neofs-sdk-go/bearer"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/client"
|
"github.com/nspcc-dev/neofs-sdk-go/client"
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
|
addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/token"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// here are small structures with public setters to share between parameter structures
|
// here are small structures with public setters to share between parameter structures
|
||||||
|
@ -40,11 +40,11 @@ func (x *sessionTokenPrm) SetSessionToken(tok *session.Token) {
|
||||||
}
|
}
|
||||||
|
|
||||||
type bearerTokenPrm struct {
|
type bearerTokenPrm struct {
|
||||||
bearerToken *token.BearerToken
|
bearerToken *bearer.Token
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetBearerToken sets the bearer token to be attached to the request.
|
// SetBearerToken sets the bearer token to be attached to the request.
|
||||||
func (x *bearerTokenPrm) SetBearerToken(tok *token.BearerToken) {
|
func (x *bearerTokenPrm) SetBearerToken(tok *bearer.Token) {
|
||||||
x.bearerToken = tok
|
x.bearerToken = tok
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -13,10 +13,10 @@ import (
|
||||||
|
|
||||||
internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
|
internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/network"
|
"github.com/nspcc-dev/neofs-node/pkg/network"
|
||||||
|
"github.com/nspcc-dev/neofs-sdk-go/bearer"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/client"
|
"github.com/nspcc-dev/neofs-sdk-go/client"
|
||||||
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/token"
|
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -101,9 +101,11 @@ func createToken(cmd *cobra.Command, _ []string) error {
|
||||||
return fmt.Errorf("can't parse recipient: %w", err)
|
return fmt.Errorf("can't parse recipient: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
b := token.NewBearerToken()
|
var b bearer.Token
|
||||||
b.SetLifetime(exp, nvb, iat)
|
b.SetExpiration(exp)
|
||||||
b.SetOwner(ownerID)
|
b.SetNotBefore(nvb)
|
||||||
|
b.SetIssuedAt(iat)
|
||||||
|
b.SetOwnerID(*ownerID)
|
||||||
|
|
||||||
eaclPath, _ := cmd.Flags().GetString(eaclFlag)
|
eaclPath, _ := cmd.Flags().GetString(eaclFlag)
|
||||||
if eaclPath != "" {
|
if eaclPath != "" {
|
||||||
|
@ -115,7 +117,7 @@ func createToken(cmd *cobra.Command, _ []string) error {
|
||||||
if err := json.Unmarshal(raw, table); err != nil {
|
if err := json.Unmarshal(raw, table); err != nil {
|
||||||
return fmt.Errorf("can't parse extended ACL: %w", err)
|
return fmt.Errorf("can't parse extended ACL: %w", err)
|
||||||
}
|
}
|
||||||
b.SetEACLTable(table)
|
b.SetEACLTable(*table)
|
||||||
}
|
}
|
||||||
|
|
||||||
var data []byte
|
var data []byte
|
||||||
|
@ -123,11 +125,11 @@ func createToken(cmd *cobra.Command, _ []string) error {
|
||||||
toJSON, _ := cmd.Flags().GetBool(jsonFlag)
|
toJSON, _ := cmd.Flags().GetBool(jsonFlag)
|
||||||
if toJSON {
|
if toJSON {
|
||||||
data, err = json.Marshal(b)
|
data, err = json.Marshal(b)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("can't mashal token to JSON: %w", err)
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
data, err = b.Marshal(nil)
|
data = b.Marshal()
|
||||||
}
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("can't mashal token: %w", err)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
out, _ := cmd.Flags().GetString(outFlag)
|
out, _ := cmd.Flags().GetString(outFlag)
|
||||||
|
|
|
@ -18,6 +18,7 @@ import (
|
||||||
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
||||||
internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
|
internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
|
||||||
sessionCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/session"
|
sessionCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/session"
|
||||||
|
"github.com/nspcc-dev/neofs-sdk-go/bearer"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/checksum"
|
"github.com/nspcc-dev/neofs-sdk-go/checksum"
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/object"
|
"github.com/nspcc-dev/neofs-sdk-go/object"
|
||||||
|
@ -25,7 +26,6 @@ import (
|
||||||
oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
|
oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/token"
|
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -1056,7 +1056,7 @@ func marshalHeader(cmd *cobra.Command, hdr *object.Object) ([]byte, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func getBearerToken(cmd *cobra.Command, flagname string) (*token.BearerToken, error) {
|
func getBearerToken(cmd *cobra.Command, flagname string) (*bearer.Token, error) {
|
||||||
path, err := cmd.Flags().GetString(flagname)
|
path, err := cmd.Flags().GetString(flagname)
|
||||||
if err != nil || len(path) == 0 {
|
if err != nil || len(path) == 0 {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
|
@ -1067,7 +1067,7 @@ func getBearerToken(cmd *cobra.Command, flagname string) (*token.BearerToken, er
|
||||||
return nil, fmt.Errorf("can't read bearer token file: %w", err)
|
return nil, fmt.Errorf("can't read bearer token file: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
tok := token.NewBearerToken()
|
var tok bearer.Token
|
||||||
if err := tok.UnmarshalJSON(data); err != nil {
|
if err := tok.UnmarshalJSON(data); err != nil {
|
||||||
if err = tok.Unmarshal(data); err != nil {
|
if err = tok.Unmarshal(data); err != nil {
|
||||||
return nil, fmt.Errorf("can't decode bearer token: %w", err)
|
return nil, fmt.Errorf("can't decode bearer token: %w", err)
|
||||||
|
@ -1078,7 +1078,7 @@ func getBearerToken(cmd *cobra.Command, flagname string) (*token.BearerToken, er
|
||||||
printVerbose("Using JSON encoded bearer token")
|
printVerbose("Using JSON encoded bearer token")
|
||||||
}
|
}
|
||||||
|
|
||||||
return tok, nil
|
return &tok, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func getObjectRange(cmd *cobra.Command, _ []string) {
|
func getObjectRange(cmd *cobra.Command, _ []string) {
|
||||||
|
|
|
@ -17,10 +17,10 @@ import (
|
||||||
sessionCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/session"
|
sessionCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/session"
|
||||||
"github.com/nspcc-dev/neofs-node/misc"
|
"github.com/nspcc-dev/neofs-node/misc"
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/network"
|
"github.com/nspcc-dev/neofs-node/pkg/network"
|
||||||
|
"github.com/nspcc-dev/neofs-sdk-go/bearer"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/client"
|
"github.com/nspcc-dev/neofs-sdk-go/client"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/token"
|
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
"github.com/spf13/viper"
|
"github.com/spf13/viper"
|
||||||
)
|
)
|
||||||
|
@ -217,7 +217,7 @@ func prepareAPIClientWithKey(cmd *cobra.Command, key *ecdsa.PrivateKey, dst ...c
|
||||||
}
|
}
|
||||||
|
|
||||||
type bearerPrm interface {
|
type bearerPrm interface {
|
||||||
SetBearerToken(prm *token.BearerToken)
|
SetBearerToken(prm *bearer.Token)
|
||||||
}
|
}
|
||||||
|
|
||||||
func prepareBearerPrm(cmd *cobra.Command, prm bearerPrm) {
|
func prepareBearerPrm(cmd *cobra.Command, prm bearerPrm) {
|
||||||
|
|
|
@ -10,7 +10,6 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/util/keyer"
|
"github.com/nspcc-dev/neofs-node/pkg/util/keyer"
|
||||||
locodedb "github.com/nspcc-dev/neofs-node/pkg/util/locode/db"
|
locodedb "github.com/nspcc-dev/neofs-node/pkg/util/locode/db"
|
||||||
airportsdb "github.com/nspcc-dev/neofs-node/pkg/util/locode/db/airports"
|
airportsdb "github.com/nspcc-dev/neofs-node/pkg/util/locode/db/airports"
|
||||||
|
@ -18,8 +17,6 @@ import (
|
||||||
continentsdb "github.com/nspcc-dev/neofs-node/pkg/util/locode/db/continents/geojson"
|
continentsdb "github.com/nspcc-dev/neofs-node/pkg/util/locode/db/continents/geojson"
|
||||||
csvlocode "github.com/nspcc-dev/neofs-node/pkg/util/locode/table/csv"
|
csvlocode "github.com/nspcc-dev/neofs-node/pkg/util/locode/table/csv"
|
||||||
sdkstatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
sdkstatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/token"
|
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/version"
|
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
"github.com/spf13/viper"
|
"github.com/spf13/viper"
|
||||||
)
|
)
|
||||||
|
@ -296,10 +293,7 @@ func signBearerToken(cmd *cobra.Command, _ []string) {
|
||||||
key, err := getKey()
|
key, err := getKey()
|
||||||
exitOnErr(cmd, err)
|
exitOnErr(cmd, err)
|
||||||
|
|
||||||
err = completeBearerToken(btok)
|
err = btok.Sign(*key)
|
||||||
exitOnErr(cmd, err)
|
|
||||||
|
|
||||||
err = btok.SignToken(key)
|
|
||||||
exitOnErr(cmd, err)
|
exitOnErr(cmd, err)
|
||||||
|
|
||||||
to := cmd.Flag("to").Value.String()
|
to := cmd.Flag("to").Value.String()
|
||||||
|
@ -310,8 +304,7 @@ func signBearerToken(cmd *cobra.Command, _ []string) {
|
||||||
data, err = btok.MarshalJSON()
|
data, err = btok.MarshalJSON()
|
||||||
exitOnErr(cmd, errf("can't JSON encode bearer token: %w", err))
|
exitOnErr(cmd, errf("can't JSON encode bearer token: %w", err))
|
||||||
} else {
|
} else {
|
||||||
data, err = btok.Marshal()
|
data = btok.Marshal()
|
||||||
exitOnErr(cmd, errf("can't binary encode bearer token: %w", err))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(to) == 0 {
|
if len(to) == 0 {
|
||||||
|
@ -424,22 +417,6 @@ func processKeyer(cmd *cobra.Command, args []string) {
|
||||||
result.PrettyPrint(uncompressed, useHex)
|
result.PrettyPrint(uncompressed, useHex)
|
||||||
}
|
}
|
||||||
|
|
||||||
func completeBearerToken(btok *token.BearerToken) error {
|
|
||||||
if v2 := btok.ToV2(); v2 != nil {
|
|
||||||
// set eACL table version, because it usually omitted
|
|
||||||
table := v2.GetBody().GetEACL()
|
|
||||||
|
|
||||||
var ver refs.Version
|
|
||||||
version.Current().WriteToV2(&ver)
|
|
||||||
|
|
||||||
table.SetVersion(&ver)
|
|
||||||
} else {
|
|
||||||
return errors.New("unsupported bearer token version")
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func prettyPrintJSON(cmd *cobra.Command, data []byte) {
|
func prettyPrintJSON(cmd *cobra.Command, data []byte) {
|
||||||
buf := new(bytes.Buffer)
|
buf := new(bytes.Buffer)
|
||||||
if err := json.Indent(buf, data, "", " "); err != nil {
|
if err := json.Indent(buf, data, "", " "); err != nil {
|
||||||
|
|
2
go.mod
2
go.mod
|
@ -19,7 +19,7 @@ require (
|
||||||
github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220321144137-d5a9af5860af // indirect
|
github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220321144137-d5a9af5860af // indirect
|
||||||
github.com/nspcc-dev/neofs-api-go/v2 v2.12.1
|
github.com/nspcc-dev/neofs-api-go/v2 v2.12.1
|
||||||
github.com/nspcc-dev/neofs-contract v0.14.2
|
github.com/nspcc-dev/neofs-contract v0.14.2
|
||||||
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413075357-96892d7bc4a8
|
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413082415-24d6c2221f6b
|
||||||
github.com/nspcc-dev/tzhash v1.5.2
|
github.com/nspcc-dev/tzhash v1.5.2
|
||||||
github.com/panjf2000/ants/v2 v2.4.0
|
github.com/panjf2000/ants/v2 v2.4.0
|
||||||
github.com/paulmach/orb v0.2.2
|
github.com/paulmach/orb v0.2.2
|
||||||
|
|
2
go.sum
2
go.sum
|
@ -409,6 +409,8 @@ github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413072812-c961aea14446 h1:B
|
||||||
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413072812-c961aea14446/go.mod h1:Hl7a1l0ntZ4b1ZABpGX6fuAuFS3c6+hyMCUNVvZv/w4=
|
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413072812-c961aea14446/go.mod h1:Hl7a1l0ntZ4b1ZABpGX6fuAuFS3c6+hyMCUNVvZv/w4=
|
||||||
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413075357-96892d7bc4a8 h1:/nV57s9EQO8JXOHNL4UIv8nT76vN57yPT9aCeCPszLg=
|
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413075357-96892d7bc4a8 h1:/nV57s9EQO8JXOHNL4UIv8nT76vN57yPT9aCeCPszLg=
|
||||||
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413075357-96892d7bc4a8/go.mod h1:cQKdlr9Gmp5jxbOJ78S714i1AycfYUzpVddxVUD48WM=
|
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413075357-96892d7bc4a8/go.mod h1:cQKdlr9Gmp5jxbOJ78S714i1AycfYUzpVddxVUD48WM=
|
||||||
|
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413082415-24d6c2221f6b h1:iUu/zoMiEwltB8dHJQEhEdlJnQ2f73nmUT1LYRJtrs4=
|
||||||
|
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413082415-24d6c2221f6b/go.mod h1:cQKdlr9Gmp5jxbOJ78S714i1AycfYUzpVddxVUD48WM=
|
||||||
github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
|
github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
|
||||||
github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
|
github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
|
||||||
github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
|
github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
|
||||||
|
|
|
@ -13,10 +13,10 @@ import (
|
||||||
"github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
|
"github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl"
|
||||||
eaclV2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl/v2"
|
eaclV2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl/v2"
|
||||||
v2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/v2"
|
v2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/v2"
|
||||||
|
bearerSDK "github.com/nspcc-dev/neofs-sdk-go/bearer"
|
||||||
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||||
addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
|
addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
||||||
bearerSDK "github.com/nspcc-dev/neofs-sdk-go/token"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// CheckerPrm groups parameters for Checker
|
// CheckerPrm groups parameters for Checker
|
||||||
|
@ -143,21 +143,21 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
|
||||||
reqInfo.CleanBearer()
|
reqInfo.CleanBearer()
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var table eaclSDK.Table
|
||||||
table *eaclSDK.Table
|
|
||||||
err error
|
|
||||||
)
|
|
||||||
|
|
||||||
if reqInfo.Bearer().Empty() {
|
bearerTok := reqInfo.Bearer()
|
||||||
table, err = c.eaclSrc.GetEACL(reqInfo.ContainerID())
|
if bearerTok == nil {
|
||||||
|
pTable, err := c.eaclSrc.GetEACL(reqInfo.ContainerID())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if errors.Is(err, container.ErrEACLNotFound) {
|
if errors.Is(err, container.ErrEACLNotFound) {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
table = *pTable
|
||||||
} else {
|
} else {
|
||||||
table = reqInfo.Bearer().EACLTable()
|
table = bearerTok.EACLTable()
|
||||||
}
|
}
|
||||||
|
|
||||||
// if bearer token is not present, isValidBearer returns true
|
// if bearer token is not present, isValidBearer returns true
|
||||||
|
@ -195,7 +195,7 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
|
||||||
WithHeaderSource(
|
WithHeaderSource(
|
||||||
eaclV2.NewMessageHeaderSource(hdrSrcOpts...),
|
eaclV2.NewMessageHeaderSource(hdrSrcOpts...),
|
||||||
).
|
).
|
||||||
WithEACLTable(table),
|
WithEACLTable(&table),
|
||||||
)
|
)
|
||||||
|
|
||||||
if action != eaclSDK.ActionAllow {
|
if action != eaclSDK.ActionAllow {
|
||||||
|
@ -210,9 +210,8 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
|
||||||
func isValidBearer(reqInfo v2.RequestInfo, st netmap.State) error {
|
func isValidBearer(reqInfo v2.RequestInfo, st netmap.State) error {
|
||||||
token := reqInfo.Bearer()
|
token := reqInfo.Bearer()
|
||||||
|
|
||||||
// 0. Check if bearer token is present in reqInfo. It might be non nil
|
// 0. Check if bearer token is present in reqInfo.
|
||||||
// empty structure.
|
if token == nil {
|
||||||
if token == nil || token.Empty() {
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -227,32 +226,35 @@ func isValidBearer(reqInfo v2.RequestInfo, st netmap.State) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// 3. Then check if container owner signed this token.
|
// 3. Then check if container owner signed this token.
|
||||||
tokenIssuerKey := unmarshalPublicKey(token.Signature().Key())
|
issuer, ok := token.Issuer()
|
||||||
if !isOwnerFromKey(reqInfo.ContainerOwner(), tokenIssuerKey) {
|
if !ok {
|
||||||
|
panic("unexpected false return from Issuer method on signed bearer token")
|
||||||
|
}
|
||||||
|
|
||||||
|
if !issuer.Equal(reqInfo.ContainerOwner()) {
|
||||||
// TODO: #767 in this case we can issue all owner keys from neofs.id and check once again
|
// TODO: #767 in this case we can issue all owner keys from neofs.id and check once again
|
||||||
return errBearerNotSignedByOwner
|
return errBearerNotSignedByOwner
|
||||||
}
|
}
|
||||||
|
|
||||||
// 4. Then check if request sender has rights to use this token.
|
// 4. Then check if request sender has rights to use this token.
|
||||||
tokenOwnerField := token.OwnerID()
|
tokenOwner := token.OwnerID()
|
||||||
if tokenOwnerField != nil { // see bearer token owner field description
|
requestSenderKey := unmarshalPublicKey(reqInfo.SenderKey())
|
||||||
requestSenderKey := unmarshalPublicKey(reqInfo.SenderKey())
|
|
||||||
if !isOwnerFromKey(tokenOwnerField, requestSenderKey) {
|
if !isOwnerFromKey(&tokenOwner, requestSenderKey) {
|
||||||
// TODO: #767 in this case we can issue all owner keys from neofs.id and check once again
|
// TODO: #767 in this case we can issue all owner keys from neofs.id and check once again
|
||||||
return errBearerInvalidOwner
|
return errBearerInvalidOwner
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func isValidLifetime(t *bearerSDK.BearerToken, epoch uint64) bool {
|
func isValidLifetime(t *bearerSDK.Token, epoch uint64) bool {
|
||||||
// The "exp" (expiration time) claim identifies the expiration time on
|
// The "exp" (expiration time) claim identifies the expiration time on
|
||||||
// or after which the JWT MUST NOT be accepted for processing.
|
// or after which the JWT MUST NOT be accepted for processing.
|
||||||
// The "nbf" (not before) claim identifies the time before which the JWT
|
// The "nbf" (not before) claim identifies the time before which the JWT
|
||||||
// MUST NOT be accepted for processing
|
// MUST NOT be accepted for processing
|
||||||
// RFC 7519 sections 4.1.4, 4.1.5
|
// RFC 7519 sections 4.1.4, 4.1.5
|
||||||
return epoch >= t.NotBeforeTime() && epoch <= t.Expiration()
|
return epoch >= t.NotBefore() && epoch <= t.Expiration()
|
||||||
}
|
}
|
||||||
|
|
||||||
func isOwnerFromKey(id *owner.ID, key *keys.PublicKey) bool {
|
func isOwnerFromKey(id *owner.ID, key *keys.PublicKey) bool {
|
||||||
|
|
|
@ -6,12 +6,12 @@ import (
|
||||||
|
|
||||||
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session"
|
sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||||
|
"github.com/nspcc-dev/neofs-sdk-go/bearer"
|
||||||
containerIDSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
containerIDSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||||
oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
|
oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
||||||
sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
|
sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
|
||||||
bearerSDK "github.com/nspcc-dev/neofs-sdk-go/token"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// RequestInfo groups parsed version-independent (from SDK library)
|
// RequestInfo groups parsed version-independent (from SDK library)
|
||||||
|
@ -29,7 +29,7 @@ type RequestInfo struct {
|
||||||
|
|
||||||
senderKey []byte
|
senderKey []byte
|
||||||
|
|
||||||
bearer *bearerSDK.BearerToken // bearer token of request
|
bearer *bearer.Token // bearer token of request
|
||||||
|
|
||||||
srcRequest interface{}
|
srcRequest interface{}
|
||||||
}
|
}
|
||||||
|
@ -72,7 +72,7 @@ func (r *RequestInfo) CleanBearer() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Bearer returns bearer token of the request.
|
// Bearer returns bearer token of the request.
|
||||||
func (r RequestInfo) Bearer() *bearerSDK.BearerToken {
|
func (r RequestInfo) Bearer() *bearer.Token {
|
||||||
return r.bearer
|
return r.bearer
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -106,7 +106,7 @@ func (r RequestInfo) RequestRole() eaclSDK.Role {
|
||||||
type MetaWithToken struct {
|
type MetaWithToken struct {
|
||||||
vheader *sessionV2.RequestVerificationHeader
|
vheader *sessionV2.RequestVerificationHeader
|
||||||
token *sessionSDK.Token
|
token *sessionSDK.Token
|
||||||
bearer *bearerSDK.BearerToken
|
bearer *bearer.Token
|
||||||
src interface{}
|
src interface{}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -10,13 +10,13 @@ import (
|
||||||
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
||||||
refsV2 "github.com/nspcc-dev/neofs-api-go/v2/refs"
|
refsV2 "github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||||
sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session"
|
sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||||
|
"github.com/nspcc-dev/neofs-sdk-go/bearer"
|
||||||
containerIDSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
containerIDSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||||
oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
|
oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
"github.com/nspcc-dev/neofs-sdk-go/owner"
|
||||||
sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
|
sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/signature"
|
"github.com/nspcc-dev/neofs-sdk-go/signature"
|
||||||
bearerSDK "github.com/nspcc-dev/neofs-sdk-go/token"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func getContainerIDFromRequest(req interface{}) (id *containerIDSDK.ID, err error) {
|
func getContainerIDFromRequest(req interface{}) (id *containerIDSDK.ID, err error) {
|
||||||
|
@ -47,12 +47,20 @@ func getContainerIDFromRequest(req interface{}) (id *containerIDSDK.ID, err erro
|
||||||
|
|
||||||
// originalBearerToken goes down to original request meta header and fetches
|
// originalBearerToken goes down to original request meta header and fetches
|
||||||
// bearer token from there.
|
// bearer token from there.
|
||||||
func originalBearerToken(header *sessionV2.RequestMetaHeader) *bearerSDK.BearerToken {
|
func originalBearerToken(header *sessionV2.RequestMetaHeader) *bearer.Token {
|
||||||
for header.GetOrigin() != nil {
|
for header.GetOrigin() != nil {
|
||||||
header = header.GetOrigin()
|
header = header.GetOrigin()
|
||||||
}
|
}
|
||||||
|
|
||||||
return bearerSDK.NewBearerTokenFromV2(header.GetBearerToken())
|
tokV2 := header.GetBearerToken()
|
||||||
|
if tokV2 == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
var tok bearer.Token
|
||||||
|
tok.ReadFromV2(*tokV2)
|
||||||
|
|
||||||
|
return &tok
|
||||||
}
|
}
|
||||||
|
|
||||||
// originalSessionToken goes down to original request meta header and fetches
|
// originalSessionToken goes down to original request meta header and fetches
|
||||||
|
|
|
@ -7,20 +7,23 @@ import (
|
||||||
acltest "github.com/nspcc-dev/neofs-api-go/v2/acl/test"
|
acltest "github.com/nspcc-dev/neofs-api-go/v2/acl/test"
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||||
sessiontest "github.com/nspcc-dev/neofs-api-go/v2/session/test"
|
sessiontest "github.com/nspcc-dev/neofs-api-go/v2/session/test"
|
||||||
|
"github.com/nspcc-dev/neofs-sdk-go/bearer"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
||||||
sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
|
sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session"
|
||||||
bearerSDK "github.com/nspcc-dev/neofs-sdk-go/token"
|
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestOriginalTokens(t *testing.T) {
|
func TestOriginalTokens(t *testing.T) {
|
||||||
sToken := sessiontest.GenerateSessionToken(false)
|
sToken := sessiontest.GenerateSessionToken(false)
|
||||||
bToken := acltest.GenerateBearerToken(false)
|
bTokenV2 := acltest.GenerateBearerToken(false)
|
||||||
|
|
||||||
|
var bToken bearer.Token
|
||||||
|
bToken.ReadFromV2(*bTokenV2)
|
||||||
|
|
||||||
for i := 0; i < 10; i++ {
|
for i := 0; i < 10; i++ {
|
||||||
metaHeaders := testGenerateMetaHeader(uint32(i), bToken, sToken)
|
metaHeaders := testGenerateMetaHeader(uint32(i), bTokenV2, sToken)
|
||||||
require.Equal(t, sessionSDK.NewTokenFromV2(sToken), originalSessionToken(metaHeaders), i)
|
require.Equal(t, sessionSDK.NewTokenFromV2(sToken), originalSessionToken(metaHeaders), i)
|
||||||
require.Equal(t, bearerSDK.NewBearerTokenFromV2(bToken), originalBearerToken(metaHeaders), i)
|
require.Equal(t, &bToken, originalBearerToken(metaHeaders), i)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"io"
|
"io"
|
||||||
|
|
||||||
coreclient "github.com/nspcc-dev/neofs-node/pkg/core/client"
|
coreclient "github.com/nspcc-dev/neofs-node/pkg/core/client"
|
||||||
|
"github.com/nspcc-dev/neofs-sdk-go/bearer"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/client"
|
"github.com/nspcc-dev/neofs-sdk-go/client"
|
||||||
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
|
||||||
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||||||
|
@ -15,7 +16,6 @@ import (
|
||||||
addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
|
addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address"
|
||||||
oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
|
oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/session"
|
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/token"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type commonPrm struct {
|
type commonPrm struct {
|
||||||
|
@ -27,7 +27,7 @@ type commonPrm struct {
|
||||||
|
|
||||||
tokenSession *session.Token
|
tokenSession *session.Token
|
||||||
|
|
||||||
tokenBearer *token.BearerToken
|
tokenBearer *bearer.Token
|
||||||
|
|
||||||
local bool
|
local bool
|
||||||
|
|
||||||
|
@ -65,7 +65,7 @@ func (x *commonPrm) SetSessionToken(tok *session.Token) {
|
||||||
// SetBearerToken sets bearer token to be attached to the request.
|
// SetBearerToken sets bearer token to be attached to the request.
|
||||||
//
|
//
|
||||||
// By default token is not attached to the request.
|
// By default token is not attached to the request.
|
||||||
func (x *commonPrm) SetBearerToken(tok *token.BearerToken) {
|
func (x *commonPrm) SetBearerToken(tok *bearer.Token) {
|
||||||
x.tokenBearer = tok
|
x.tokenBearer = tok
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,8 +4,8 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
"github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||||
|
"github.com/nspcc-dev/neofs-sdk-go/bearer"
|
||||||
sessionsdk "github.com/nspcc-dev/neofs-sdk-go/session"
|
sessionsdk "github.com/nspcc-dev/neofs-sdk-go/session"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/token"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// maxLocalTTL is maximum TTL for an operation to be considered local.
|
// maxLocalTTL is maximum TTL for an operation to be considered local.
|
||||||
|
@ -18,7 +18,7 @@ type CommonPrm struct {
|
||||||
|
|
||||||
token *sessionsdk.Token
|
token *sessionsdk.Token
|
||||||
|
|
||||||
bearer *token.BearerToken
|
bearer *bearer.Token
|
||||||
|
|
||||||
ttl uint32
|
ttl uint32
|
||||||
|
|
||||||
|
@ -67,7 +67,7 @@ func (p *CommonPrm) SessionToken() *sessionsdk.Token {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *CommonPrm) BearerToken() *token.BearerToken {
|
func (p *CommonPrm) BearerToken() *bearer.Token {
|
||||||
if p != nil {
|
if p != nil {
|
||||||
return p.bearer
|
return p.bearer
|
||||||
}
|
}
|
||||||
|
@ -116,7 +116,8 @@ func CommonPrmFromV2(req interface {
|
||||||
}
|
}
|
||||||
|
|
||||||
if tok := meta.GetBearerToken(); tok != nil {
|
if tok := meta.GetBearerToken(); tok != nil {
|
||||||
prm.bearer = token.NewBearerTokenFromV2(tok)
|
prm.bearer = new(bearer.Token)
|
||||||
|
prm.bearer.ReadFromV2(*tok)
|
||||||
}
|
}
|
||||||
|
|
||||||
for i := range xHdrs {
|
for i := range xHdrs {
|
||||||
|
|
Loading…
Reference in a new issue