[#32] Support full bearer token for object routes

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov 2022-08-18 18:41:33 +03:00 committed by Kirillov Denis
parent e68cda7f9c
commit 8d5d19f3c4
15 changed files with 434 additions and 228 deletions

View file

@ -526,6 +526,9 @@ func init() {
{
"$ref": "#/parameters/signatureScheme"
},
{
"$ref": "#/parameters/fullBearerToken"
},
{
"description": "Object info to upload",
"name": "object",
@ -591,6 +594,9 @@ func init() {
{
"$ref": "#/parameters/signatureScheme"
},
{
"$ref": "#/parameters/fullBearerToken"
},
{
"type": "integer",
"default": 0,
@ -674,6 +680,9 @@ func init() {
{
"$ref": "#/parameters/signatureScheme"
},
{
"$ref": "#/parameters/fullBearerToken"
},
{
"type": "integer",
"description": "Range offset to start reading data.",
@ -728,6 +737,9 @@ func init() {
},
{
"$ref": "#/parameters/signatureScheme"
},
{
"$ref": "#/parameters/fullBearerToken"
}
],
"responses": {
@ -1575,6 +1587,13 @@ func init() {
"in": "path",
"required": true
},
"fullBearerToken": {
"type": "boolean",
"default": false,
"description": "Provided bearer token is final or gate should assemble it using signature.",
"name": "fullBearer",
"in": "query"
},
"objectId": {
"type": "string",
"description": "Base58 encoded object id.",
@ -1586,15 +1605,13 @@ func init() {
"type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key",
"in": "header",
"required": true
"in": "header"
},
"signatureParam": {
"type": "string",
"description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature",
"in": "header",
"required": true
"in": "header"
},
"signatureScheme": {
"type": "boolean",
@ -1769,15 +1786,13 @@ func init() {
"type": "string",
"description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature",
"in": "header",
"required": true
"in": "header"
},
{
"type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key",
"in": "header",
"required": true
"in": "header"
},
{
"type": "boolean",
@ -1867,15 +1882,13 @@ func init() {
"type": "string",
"description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature",
"in": "header",
"required": true
"in": "header"
},
{
"type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key",
"in": "header",
"required": true
"in": "header"
},
{
"type": "boolean",
@ -1986,15 +1999,13 @@ func init() {
"type": "string",
"description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature",
"in": "header",
"required": true
"in": "header"
},
{
"type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key",
"in": "header",
"required": true
"in": "header"
},
{
"type": "boolean",
@ -2087,15 +2098,13 @@ func init() {
"type": "string",
"description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature",
"in": "header",
"required": true
"in": "header"
},
{
"type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key",
"in": "header",
"required": true
"in": "header"
},
{
"type": "boolean",
@ -2179,15 +2188,13 @@ func init() {
"type": "string",
"description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature",
"in": "header",
"required": true
"in": "header"
},
{
"type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key",
"in": "header",
"required": true
"in": "header"
},
{
"type": "boolean",
@ -2196,6 +2203,13 @@ func init() {
"name": "walletConnect",
"in": "query"
},
{
"type": "boolean",
"default": false,
"description": "Provided bearer token is final or gate should assemble it using signature.",
"name": "fullBearer",
"in": "query"
},
{
"description": "Object info to upload",
"name": "object",
@ -2256,15 +2270,13 @@ func init() {
"type": "string",
"description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature",
"in": "header",
"required": true
"in": "header"
},
{
"type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key",
"in": "header",
"required": true
"in": "header"
},
{
"type": "boolean",
@ -2273,6 +2285,13 @@ func init() {
"name": "walletConnect",
"in": "query"
},
{
"type": "boolean",
"default": false,
"description": "Provided bearer token is final or gate should assemble it using signature.",
"name": "fullBearer",
"in": "query"
},
{
"minimum": 0,
"type": "integer",
@ -2356,15 +2375,13 @@ func init() {
"type": "string",
"description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature",
"in": "header",
"required": true
"in": "header"
},
{
"type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key",
"in": "header",
"required": true
"in": "header"
},
{
"type": "boolean",
@ -2373,6 +2390,13 @@ func init() {
"name": "walletConnect",
"in": "query"
},
{
"type": "boolean",
"default": false,
"description": "Provided bearer token is final or gate should assemble it using signature.",
"name": "fullBearer",
"in": "query"
},
{
"minimum": 0,
"type": "integer",
@ -2425,15 +2449,13 @@ func init() {
"type": "string",
"description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature",
"in": "header",
"required": true
"in": "header"
},
{
"type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key",
"in": "header",
"required": true
"in": "header"
},
{
"type": "boolean",
@ -2441,6 +2463,13 @@ func init() {
"description": "Use wallet connect signature scheme or native NeoFS signature.",
"name": "walletConnect",
"in": "query"
},
{
"type": "boolean",
"default": false,
"description": "Provided bearer token is final or gate should assemble it using signature.",
"name": "fullBearer",
"in": "query"
}
],
"responses": {
@ -3296,6 +3325,13 @@ func init() {
"in": "path",
"required": true
},
"fullBearerToken": {
"type": "boolean",
"default": false,
"description": "Provided bearer token is final or gate should assemble it using signature.",
"name": "fullBearer",
"in": "query"
},
"objectId": {
"type": "string",
"description": "Base58 encoded object id.",
@ -3307,15 +3343,13 @@ func init() {
"type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key",
"in": "header",
"required": true
"in": "header"
},
"signatureParam": {
"type": "string",
"description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature",
"in": "header",
"required": true
"in": "header"
},
"signatureScheme": {
"type": "boolean",

View file

@ -13,7 +13,6 @@ import (
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// NewDeleteContainerParams creates a new DeleteContainerParams object
@ -41,15 +40,13 @@ type DeleteContainerParams struct {
HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token.
Required: true
In: header
*/
XBearerSignature string
XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header
*/
XBearerSignatureKey string
XBearerSignatureKey *string
/*Base58 encoded container id.
Required: true
In: path
@ -98,40 +95,34 @@ func (o *DeleteContainerParams) BindRequest(r *http.Request, route *middleware.M
// bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *DeleteContainerParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignature = raw
o.XBearerSignature = &raw
return nil
}
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *DeleteContainerParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignatureKey = raw
o.XBearerSignatureKey = &raw
return nil
}

View file

@ -13,7 +13,6 @@ import (
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// NewDeleteObjectParams creates a new DeleteObjectParams object
@ -23,10 +22,14 @@ func NewDeleteObjectParams() DeleteObjectParams {
var (
// initialize parameters with default values
fullBearerDefault = bool(false)
walletConnectDefault = bool(false)
)
return DeleteObjectParams{
FullBearer: &fullBearerDefault,
WalletConnect: &walletConnectDefault,
}
}
@ -41,20 +44,23 @@ type DeleteObjectParams struct {
HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token.
Required: true
In: header
*/
XBearerSignature string
XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header
*/
XBearerSignatureKey string
XBearerSignatureKey *string
/*Base58 encoded container id.
Required: true
In: path
*/
ContainerID string
/*Provided bearer token is final or gate should assemble it using signature.
In: query
Default: false
*/
FullBearer *bool
/*Base58 encoded object id.
Required: true
In: path
@ -91,6 +97,11 @@ func (o *DeleteObjectParams) BindRequest(r *http.Request, route *middleware.Matc
res = append(res, err)
}
qFullBearer, qhkFullBearer, _ := qs.GetOK("fullBearer")
if err := o.bindFullBearer(qFullBearer, qhkFullBearer, route.Formats); err != nil {
res = append(res, err)
}
rObjectID, rhkObjectID, _ := route.Params.GetOK("objectId")
if err := o.bindObjectID(rObjectID, rhkObjectID, route.Formats); err != nil {
res = append(res, err)
@ -108,40 +119,34 @@ func (o *DeleteObjectParams) BindRequest(r *http.Request, route *middleware.Matc
// bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *DeleteObjectParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignature = raw
o.XBearerSignature = &raw
return nil
}
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *DeleteObjectParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignatureKey = raw
o.XBearerSignatureKey = &raw
return nil
}
@ -160,6 +165,30 @@ func (o *DeleteObjectParams) bindContainerID(rawData []string, hasKey bool, form
return nil
}
// bindFullBearer binds and validates parameter FullBearer from query.
func (o *DeleteObjectParams) bindFullBearer(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
// AllowEmptyValue: false
if raw == "" { // empty values pass all other validations
// Default values have been previously initialized by NewDeleteObjectParams()
return nil
}
value, err := swag.ConvertBool(raw)
if err != nil {
return errors.InvalidType("fullBearer", "query", "bool", raw)
}
o.FullBearer = &value
return nil
}
// bindObjectID binds and validates parameter ObjectID from path.
func (o *DeleteObjectParams) bindObjectID(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string

View file

@ -13,7 +13,6 @@ import (
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// NewFormBinaryBearerParams creates a new FormBinaryBearerParams object
@ -41,15 +40,13 @@ type FormBinaryBearerParams struct {
HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token.
Required: true
In: header
*/
XBearerSignature string
XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header
*/
XBearerSignatureKey string
XBearerSignatureKey *string
/*Use wallet connect signature scheme or native NeoFS signature.
In: query
Default: false
@ -88,40 +85,34 @@ func (o *FormBinaryBearerParams) BindRequest(r *http.Request, route *middleware.
// bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *FormBinaryBearerParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignature = raw
o.XBearerSignature = &raw
return nil
}
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *FormBinaryBearerParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignatureKey = raw
o.XBearerSignatureKey = &raw
return nil
}

View file

@ -23,12 +23,15 @@ func NewGetObjectInfoParams() GetObjectInfoParams {
var (
// initialize parameters with default values
fullBearerDefault = bool(false)
maxPayloadSizeDefault = int64(4.194304e+06)
walletConnectDefault = bool(false)
)
return GetObjectInfoParams{
FullBearer: &fullBearerDefault,
MaxPayloadSize: &maxPayloadSizeDefault,
WalletConnect: &walletConnectDefault,
@ -45,20 +48,23 @@ type GetObjectInfoParams struct {
HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token.
Required: true
In: header
*/
XBearerSignature string
XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header
*/
XBearerSignatureKey string
XBearerSignatureKey *string
/*Base58 encoded container id.
Required: true
In: path
*/
ContainerID string
/*Provided bearer token is final or gate should assemble it using signature.
In: query
Default: false
*/
FullBearer *bool
/*Max payload size (in bytes) that can be included in the response.
If the actual size is greater than this params the payload won't be included in the response.
@ -114,6 +120,11 @@ func (o *GetObjectInfoParams) BindRequest(r *http.Request, route *middleware.Mat
res = append(res, err)
}
qFullBearer, qhkFullBearer, _ := qs.GetOK("fullBearer")
if err := o.bindFullBearer(qFullBearer, qhkFullBearer, route.Formats); err != nil {
res = append(res, err)
}
qMaxPayloadSize, qhkMaxPayloadSize, _ := qs.GetOK("max-payload-size")
if err := o.bindMaxPayloadSize(qMaxPayloadSize, qhkMaxPayloadSize, route.Formats); err != nil {
res = append(res, err)
@ -146,40 +157,34 @@ func (o *GetObjectInfoParams) BindRequest(r *http.Request, route *middleware.Mat
// bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *GetObjectInfoParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignature = raw
o.XBearerSignature = &raw
return nil
}
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *GetObjectInfoParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignatureKey = raw
o.XBearerSignatureKey = &raw
return nil
}
@ -198,6 +203,30 @@ func (o *GetObjectInfoParams) bindContainerID(rawData []string, hasKey bool, for
return nil
}
// bindFullBearer binds and validates parameter FullBearer from query.
func (o *GetObjectInfoParams) bindFullBearer(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
// AllowEmptyValue: false
if raw == "" { // empty values pass all other validations
// Default values have been previously initialized by NewGetObjectInfoParams()
return nil
}
value, err := swag.ConvertBool(raw)
if err != nil {
return errors.InvalidType("fullBearer", "query", "bool", raw)
}
o.FullBearer = &value
return nil
}
// bindMaxPayloadSize binds and validates parameter MaxPayloadSize from query.
func (o *GetObjectInfoParams) bindMaxPayloadSize(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string

View file

@ -45,15 +45,13 @@ type PutContainerEACLParams struct {
HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token.
Required: true
In: header
*/
XBearerSignature string
XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header
*/
XBearerSignatureKey string
XBearerSignatureKey *string
/*Base58 encoded container id.
Required: true
In: path
@ -135,40 +133,34 @@ func (o *PutContainerEACLParams) BindRequest(r *http.Request, route *middleware.
// bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *PutContainerEACLParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignature = raw
o.XBearerSignature = &raw
return nil
}
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *PutContainerEACLParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignatureKey = raw
o.XBearerSignatureKey = &raw
return nil
}

View file

@ -48,15 +48,13 @@ type PutContainerParams struct {
HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token.
Required: true
In: header
*/
XBearerSignature string
XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header
*/
XBearerSignatureKey string
XBearerSignatureKey *string
/*Container info
Required: true
In: body
@ -138,40 +136,34 @@ func (o *PutContainerParams) BindRequest(r *http.Request, route *middleware.Matc
// bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *PutContainerParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignature = raw
o.XBearerSignature = &raw
return nil
}
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *PutContainerParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignatureKey = raw
o.XBearerSignatureKey = &raw
return nil
}

View file

@ -27,10 +27,14 @@ func NewPutObjectParams() PutObjectParams {
var (
// initialize parameters with default values
fullBearerDefault = bool(false)
walletConnectDefault = bool(false)
)
return PutObjectParams{
FullBearer: &fullBearerDefault,
WalletConnect: &walletConnectDefault,
}
}
@ -45,15 +49,18 @@ type PutObjectParams struct {
HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token.
Required: true
In: header
*/
XBearerSignature string
XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header
*/
XBearerSignatureKey string
XBearerSignatureKey *string
/*Provided bearer token is final or gate should assemble it using signature.
In: query
Default: false
*/
FullBearer *bool
/*Object info to upload
Required: true
In: body
@ -85,6 +92,11 @@ func (o *PutObjectParams) BindRequest(r *http.Request, route *middleware.Matched
res = append(res, err)
}
qFullBearer, qhkFullBearer, _ := qs.GetOK("fullBearer")
if err := o.bindFullBearer(qFullBearer, qhkFullBearer, route.Formats); err != nil {
res = append(res, err)
}
if runtime.HasBody(r) {
defer r.Body.Close()
var body models.ObjectUpload
@ -125,40 +137,58 @@ func (o *PutObjectParams) BindRequest(r *http.Request, route *middleware.Matched
// bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *PutObjectParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignature = raw
o.XBearerSignature = &raw
return nil
}
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *PutObjectParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignatureKey = raw
o.XBearerSignatureKey = &raw
return nil
}
// bindFullBearer binds and validates parameter FullBearer from query.
func (o *PutObjectParams) bindFullBearer(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
// AllowEmptyValue: false
if raw == "" { // empty values pass all other validations
// Default values have been previously initialized by NewPutObjectParams()
return nil
}
value, err := swag.ConvertBool(raw)
if err != nil {
return errors.InvalidType("fullBearer", "query", "bool", raw)
}
o.FullBearer = &value
return nil
}

View file

@ -27,6 +27,7 @@ func NewSearchObjectsParams() SearchObjectsParams {
var (
// initialize parameters with default values
fullBearerDefault = bool(false)
limitDefault = int64(100)
offsetDefault = int64(0)
@ -34,6 +35,8 @@ func NewSearchObjectsParams() SearchObjectsParams {
)
return SearchObjectsParams{
FullBearer: &fullBearerDefault,
Limit: &limitDefault,
Offset: &offsetDefault,
@ -52,20 +55,23 @@ type SearchObjectsParams struct {
HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token.
Required: true
In: header
*/
XBearerSignature string
XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header
*/
XBearerSignatureKey string
XBearerSignatureKey *string
/*Base58 encoded container id.
Required: true
In: path
*/
ContainerID string
/*Provided bearer token is final or gate should assemble it using signature.
In: query
Default: false
*/
FullBearer *bool
/*The numbers of containers to return.
Maximum: 10000
Minimum: 1
@ -115,6 +121,11 @@ func (o *SearchObjectsParams) BindRequest(r *http.Request, route *middleware.Mat
res = append(res, err)
}
qFullBearer, qhkFullBearer, _ := qs.GetOK("fullBearer")
if err := o.bindFullBearer(qFullBearer, qhkFullBearer, route.Formats); err != nil {
res = append(res, err)
}
qLimit, qhkLimit, _ := qs.GetOK("limit")
if err := o.bindLimit(qLimit, qhkLimit, route.Formats); err != nil {
res = append(res, err)
@ -165,40 +176,34 @@ func (o *SearchObjectsParams) BindRequest(r *http.Request, route *middleware.Mat
// bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *SearchObjectsParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignature = raw
o.XBearerSignature = &raw
return nil
}
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *SearchObjectsParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil {
return err
if raw == "" { // empty values pass all other validations
return nil
}
o.XBearerSignatureKey = raw
o.XBearerSignatureKey = &raw
return nil
}
@ -217,6 +222,30 @@ func (o *SearchObjectsParams) bindContainerID(rawData []string, hasKey bool, for
return nil
}
// bindFullBearer binds and validates parameter FullBearer from query.
func (o *SearchObjectsParams) bindFullBearer(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
// AllowEmptyValue: false
if raw == "" { // empty values pass all other validations
// Default values have been previously initialized by NewSearchObjectsParams()
return nil
}
value, err := swag.ConvertBool(raw)
if err != nil {
return errors.InvalidType("fullBearer", "query", "bool", raw)
}
o.FullBearer = &value
return nil
}
// bindLimit binds and validates parameter Limit from query.
func (o *SearchObjectsParams) bindLimit(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string

View file

@ -106,7 +106,13 @@ func (a *API) PostAuth(params operations.AuthParams) middleware.Responder {
// FormBinaryBearer handler that forms binary bearer token using headers with body and signature.
func (a *API) FormBinaryBearer(params operations.FormBinaryBearerParams, principal *models.Principal) middleware.Responder {
btoken, err := getBearerToken(principal, params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect)
bearerHeaders, err := prepareBearerTokenHeaders(params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect, false)
if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer headers", err)
return operations.NewFormBinaryBearerBadRequest().WithPayload(resp)
}
btoken, err := getBearerToken(principal, bearerHeaders)
if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer token", err)
return operations.NewFormBinaryBearerBadRequest().WithPayload(resp)

View file

@ -70,7 +70,7 @@ func TestSign(t *testing.T) {
Key: pubKeyHex,
}
_, err = prepareBearerToken(bt, false)
_, err = prepareBearerToken(bt, false, false)
require.NoError(t, err)
}

View file

@ -37,14 +37,12 @@ const (
// PutContainers handler that creates container in NeoFS.
func (a *API) PutContainers(params operations.PutContainerParams, principal *models.Principal) middleware.Responder {
st := &SessionToken{
BearerToken: BearerToken{
Token: string(*principal),
Signature: params.XBearerSignature,
Key: params.XBearerSignatureKey,
},
Verb: sessionv2.ContainerVerbPut,
st, err := formSessionTokenFromHeaders(principal, params.XBearerSignature, params.XBearerSignatureKey, sessionv2.ContainerVerbPut)
if err != nil {
resp := a.logAndGetErrorResponse("invalid session token headers", err)
return operations.NewPutContainerBadRequest().WithPayload(resp)
}
stoken, err := prepareSessionToken(st, *params.WalletConnect)
if err != nil {
resp := a.logAndGetErrorResponse("invalid session token", err)
@ -92,14 +90,12 @@ func (a *API) PutContainerEACL(params operations.PutContainerEACLParams, princip
return operations.NewPutContainerEACLBadRequest().WithPayload(resp)
}
st := &SessionToken{
BearerToken: BearerToken{
Token: string(*principal),
Signature: params.XBearerSignature,
Key: params.XBearerSignatureKey,
},
Verb: sessionv2.ContainerVerbSetEACL,
st, err := formSessionTokenFromHeaders(principal, params.XBearerSignature, params.XBearerSignatureKey, sessionv2.ContainerVerbSetEACL)
if err != nil {
resp := a.logAndGetErrorResponse("invalid session token headers", err)
return operations.NewPutContainerEACLBadRequest().WithPayload(resp)
}
stoken, err := prepareSessionToken(st, *params.WalletConnect)
if err != nil {
resp := a.logAndGetErrorResponse("invalid session token", err)
@ -192,14 +188,12 @@ func (a *API) ListContainer(params operations.ListContainersParams) middleware.R
// DeleteContainer handler that returns container info.
func (a *API) DeleteContainer(params operations.DeleteContainerParams, principal *models.Principal) middleware.Responder {
st := &SessionToken{
BearerToken: BearerToken{
Token: string(*principal),
Signature: params.XBearerSignature,
Key: params.XBearerSignatureKey,
},
Verb: sessionv2.ContainerVerbDelete,
st, err := formSessionTokenFromHeaders(principal, params.XBearerSignature, params.XBearerSignatureKey, sessionv2.ContainerVerbDelete)
if err != nil {
resp := a.logAndGetErrorResponse("invalid session token headers", err)
return operations.NewDeleteContainerBadRequest().WithPayload(resp)
}
stoken, err := prepareSessionToken(st, *params.WalletConnect)
if err != nil {
resp := a.logAndGetErrorResponse("invalid session token", err)

View file

@ -33,7 +33,13 @@ func (a *API) PutObjects(params operations.PutObjectParams, principal *models.Pr
errorResponse := operations.NewPutObjectBadRequest()
ctx := params.HTTPRequest.Context()
btoken, err := getBearerToken(principal, params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect)
bearerHeaders, err := prepareBearerTokenHeaders(params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect, *params.FullBearer)
if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer headers", err)
return errorResponse.WithPayload(resp)
}
btoken, err := getBearerToken(principal, bearerHeaders)
if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer token", err)
return errorResponse.WithPayload(resp)
@ -99,7 +105,13 @@ func (a *API) GetObjectInfo(params operations.GetObjectInfoParams, principal *mo
return errorResponse.WithPayload(resp)
}
btoken, err := getBearerToken(principal, params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect)
bearerHeaders, err := prepareBearerTokenHeaders(params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect, *params.FullBearer)
if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer headers", err)
return errorResponse.WithPayload(resp)
}
btoken, err := getBearerToken(principal, bearerHeaders)
if err != nil {
resp := a.logAndGetErrorResponse("get bearer token", err)
return errorResponse.WithPayload(resp)
@ -195,7 +207,13 @@ func (a *API) DeleteObject(params operations.DeleteObjectParams, principal *mode
return errorResponse.WithPayload(resp)
}
btoken, err := getBearerToken(principal, params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect)
bearerHeaders, err := prepareBearerTokenHeaders(params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect, *params.FullBearer)
if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer headers", err)
return errorResponse.WithPayload(resp)
}
btoken, err := getBearerToken(principal, bearerHeaders)
if err != nil {
resp := a.logAndGetErrorResponse("failed to get bearer token", err)
return errorResponse.WithPayload(resp)
@ -226,7 +244,13 @@ func (a *API) SearchObjects(params operations.SearchObjectsParams, principal *mo
return errorResponse.WithPayload(resp)
}
btoken, err := getBearerToken(principal, params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect)
bearerHeaders, err := prepareBearerTokenHeaders(params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect, *params.FullBearer)
if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer headers", err)
return errorResponse.WithPayload(resp)
}
btoken, err := getBearerToken(principal, bearerHeaders)
if err != nil {
resp := a.logAndGetErrorResponse("failed to get bearer token", err)
return errorResponse.WithPayload(resp)
@ -339,22 +363,41 @@ func parseAddress(containerID, objectID string) (oid.Address, error) {
return addr, nil
}
func getBearerToken(token *models.Principal, signature, key string, isWalletConnect bool) (bearer.Token, error) {
type BearerTokenHeaders struct {
Signature string
Key string
IsWalletConnect bool
IsFullToken bool
}
func getBearerToken(token *models.Principal, hdr *BearerTokenHeaders) (bearer.Token, error) {
bt := &BearerToken{
Token: string(*token),
Signature: signature,
Key: key,
Signature: hdr.Signature,
Key: hdr.Key,
}
return prepareBearerToken(bt, isWalletConnect)
return prepareBearerToken(bt, hdr.IsWalletConnect, hdr.IsFullToken)
}
func prepareBearerToken(bt *BearerToken, isWalletConnect bool) (bearer.Token, error) {
func prepareBearerToken(bt *BearerToken, isWalletConnect, isFullToken bool) (bearer.Token, error) {
data, err := base64.StdEncoding.DecodeString(bt.Token)
if err != nil {
return bearer.Token{}, fmt.Errorf("can't base64-decode bearer token: %w", err)
}
if isFullToken {
var btoken bearer.Token
if err = btoken.Unmarshal(data); err != nil {
return bearer.Token{}, fmt.Errorf("couldn't unmarshall bearer token: %w", err)
}
if !btoken.VerifySignature() {
return bearer.Token{}, fmt.Errorf("invalid signature")
}
return btoken, nil
}
signature, err := hex.DecodeString(bt.Signature)
if err != nil {
return bearer.Token{}, fmt.Errorf("couldn't decode bearer signature: %w", err)
@ -367,7 +410,7 @@ func prepareBearerToken(bt *BearerToken, isWalletConnect bool) (bearer.Token, er
body := new(acl.BearerTokenBody)
if err = body.Unmarshal(data); err != nil {
return bearer.Token{}, fmt.Errorf("can't unmarshal bearer token: %w", err)
return bearer.Token{}, fmt.Errorf("can't unmarshal bearer token body: %w", err)
}
v2signature := new(refs.Signature)

View file

@ -2,11 +2,13 @@ package handlers
import (
"context"
"errors"
"fmt"
"strconv"
"time"
objectv2 "github.com/nspcc-dev/neofs-api-go/v2/object"
sessionv2 "github.com/nspcc-dev/neofs-api-go/v2/session"
"github.com/nspcc-dev/neofs-rest-gw/gen/models"
"github.com/nspcc-dev/neofs-sdk-go/object"
"github.com/nspcc-dev/neofs-sdk-go/pool"
@ -171,3 +173,37 @@ func IsObjectToken(token *models.Bearer) (bool, error) {
return isObject, nil
}
func prepareBearerTokenHeaders(signature, key *string, isWalletConnect, isFullToken bool) (*BearerTokenHeaders, error) {
bearerHeaders := &BearerTokenHeaders{
IsWalletConnect: isWalletConnect,
IsFullToken: isFullToken,
}
if isFullToken {
return bearerHeaders, nil
}
if signature == nil || key == nil {
return nil, errors.New("missed signature or key header")
}
bearerHeaders.Signature = *signature
bearerHeaders.Key = *key
return bearerHeaders, nil
}
func formSessionTokenFromHeaders(principal *models.Principal, signature, key *string, verb sessionv2.ContainerSessionVerb) (*SessionToken, error) {
if signature == nil || key == nil {
return nil, errors.New("missed signature or key header")
}
return &SessionToken{
BearerToken: BearerToken{
Token: string(*principal),
Signature: *signature,
Key: *key,
},
Verb: verb,
}, nil
}

View file

@ -25,19 +25,25 @@ parameters:
name: X-Bearer-Signature
description: Base64 encoded signature for bearer token.
type: string
required: true
required: false
signatureKeyParam:
in: header
name: X-Bearer-Signature-Key
description: Hex encoded the public part of the key that signed the bearer token.
type: string
required: true
required: false
signatureScheme:
in: query
name: walletConnect
description: Use wallet connect signature scheme or native NeoFS signature.
type: boolean
default: false
fullBearerToken:
in: query
name: fullBearer
description: Provided bearer token is final or gate should assemble it using signature.
type: boolean
default: false
containerId:
in: path
name: containerId
@ -182,6 +188,7 @@ paths:
- $ref: '#/parameters/signatureParam'
- $ref: '#/parameters/signatureKeyParam'
- $ref: '#/parameters/signatureScheme'
- $ref: '#/parameters/fullBearerToken'
- in: body
required: true
name: object
@ -226,6 +233,7 @@ paths:
- $ref: '#/parameters/signatureParam'
- $ref: '#/parameters/signatureKeyParam'
- $ref: '#/parameters/signatureScheme'
- $ref: '#/parameters/fullBearerToken'
- in: query
name: offset
type: integer
@ -282,6 +290,7 @@ paths:
- $ref: '#/parameters/signatureParam'
- $ref: '#/parameters/signatureKeyParam'
- $ref: '#/parameters/signatureScheme'
- $ref: '#/parameters/fullBearerToken'
- in: query
name: range-offset
type: integer
@ -320,6 +329,7 @@ paths:
- $ref: '#/parameters/signatureParam'
- $ref: '#/parameters/signatureKeyParam'
- $ref: '#/parameters/signatureScheme'
- $ref: '#/parameters/fullBearerToken'
responses:
200:
headers: