forked from TrueCloudLab/frostfs-rest-gw
[#68] Check basic ACL size
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
parent
47691727d4
commit
09e8196ed4
2 changed files with 41 additions and 2 deletions
|
@ -355,8 +355,8 @@ func createContainer(ctx context.Context, p *pool.Pool, stoken session.Container
|
||||||
request.BasicACL = defaultBasicACL
|
request.BasicACL = defaultBasicACL
|
||||||
}
|
}
|
||||||
|
|
||||||
var basicACL acl.Basic
|
basicACL, err := decodeBasicACL(request.BasicACL)
|
||||||
if err = basicACL.DecodeString(request.BasicACL); err != nil {
|
if err != nil {
|
||||||
return cid.ID{}, fmt.Errorf("couldn't parse basic acl: %w", err)
|
return cid.ID{}, fmt.Errorf("couldn't parse basic acl: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -6,11 +6,13 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"math"
|
"math"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
objectv2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
objectv2 "github.com/nspcc-dev/neofs-api-go/v2/object"
|
||||||
sessionv2 "github.com/nspcc-dev/neofs-api-go/v2/session"
|
sessionv2 "github.com/nspcc-dev/neofs-api-go/v2/session"
|
||||||
"github.com/nspcc-dev/neofs-rest-gw/gen/models"
|
"github.com/nspcc-dev/neofs-rest-gw/gen/models"
|
||||||
|
"github.com/nspcc-dev/neofs-sdk-go/container/acl"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/object"
|
"github.com/nspcc-dev/neofs-sdk-go/object"
|
||||||
"github.com/nspcc-dev/neofs-sdk-go/pool"
|
"github.com/nspcc-dev/neofs-sdk-go/pool"
|
||||||
)
|
)
|
||||||
|
@ -219,3 +221,40 @@ func formSessionTokenFromHeaders(principal *models.Principal, signature, key *st
|
||||||
Verb: verb,
|
Verb: verb,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// decodeBasicACL is the same as DecodeString on acl.Basic but
|
||||||
|
// it also checks length for hex formatted acl.
|
||||||
|
func decodeBasicACL(input string) (acl.Basic, error) {
|
||||||
|
switch input {
|
||||||
|
case acl.NamePrivate:
|
||||||
|
return acl.Private, nil
|
||||||
|
case acl.NamePrivateExtended:
|
||||||
|
return acl.PrivateExtended, nil
|
||||||
|
case acl.NamePublicRO:
|
||||||
|
return acl.PublicRO, nil
|
||||||
|
case acl.NamePublicROExtended:
|
||||||
|
return acl.PublicROExtended, nil
|
||||||
|
case acl.NamePublicRW:
|
||||||
|
return acl.PublicRW, nil
|
||||||
|
case acl.NamePublicRWExtended:
|
||||||
|
return acl.PublicRWExtended, nil
|
||||||
|
case acl.NamePublicAppend:
|
||||||
|
return acl.PublicAppend, nil
|
||||||
|
case acl.NamePublicAppendExtended:
|
||||||
|
return acl.PublicAppendExtended, nil
|
||||||
|
default:
|
||||||
|
trimmedInput := strings.TrimPrefix(strings.ToLower(input), "0x")
|
||||||
|
if len(trimmedInput) != 8 {
|
||||||
|
return 0, fmt.Errorf("invalid basic ACL size: %s", input)
|
||||||
|
}
|
||||||
|
|
||||||
|
v, err := strconv.ParseUint(trimmedInput, 16, 32)
|
||||||
|
if err != nil {
|
||||||
|
return 0, fmt.Errorf("parse hex: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
var res acl.Basic
|
||||||
|
res.FromBits(uint32(v))
|
||||||
|
return res, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue