From e68cda7f9cbc40729f3bdf7b31471268043edce9 Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Thu, 18 Aug 2022 17:51:18 +0300 Subject: [PATCH] [#32] Support bearer token for all users Signed-off-by: Denis Kirillov --- gen/restapi/embedded_spec.go | 14 +++++++++ gen/restapi/operations/auth_parameters.go | 37 ++++++++++++++++++++++- handlers/auth.go | 13 +++++--- spec/rest.yaml | 5 +++ 4 files changed, 64 insertions(+), 5 deletions(-) diff --git a/gen/restapi/embedded_spec.go b/gen/restapi/embedded_spec.go index c930b7a..2753ab2 100644 --- a/gen/restapi/embedded_spec.go +++ b/gen/restapi/embedded_spec.go @@ -95,6 +95,13 @@ func init() { "name": "X-Bearer-Lifetime", "in": "header" }, + { + "type": "boolean", + "default": false, + "description": "Form token for all users or only for this gate.", + "name": "X-Bearer-For-All-Users", + "in": "header" + }, { "description": "Bearer tokens to form.", "name": "tokens", @@ -1689,6 +1696,13 @@ func init() { "name": "X-Bearer-Lifetime", "in": "header" }, + { + "type": "boolean", + "default": false, + "description": "Form token for all users or only for this gate.", + "name": "X-Bearer-For-All-Users", + "in": "header" + }, { "description": "Bearer tokens to form.", "name": "tokens", diff --git a/gen/restapi/operations/auth_parameters.go b/gen/restapi/operations/auth_parameters.go index 9bdf03f..08dac73 100644 --- a/gen/restapi/operations/auth_parameters.go +++ b/gen/restapi/operations/auth_parameters.go @@ -26,10 +26,13 @@ func NewAuthParams() AuthParams { var ( // initialize parameters with default values - xBearerLifetimeDefault = int64(100) + xBearerForAllUsersDefault = bool(false) + xBearerLifetimeDefault = int64(100) ) return AuthParams{ + XBearerForAllUsers: &xBearerForAllUsersDefault, + XBearerLifetime: &xBearerLifetimeDefault, } } @@ -43,6 +46,11 @@ type AuthParams struct { // HTTP Request Object HTTPRequest *http.Request `json:"-"` + /*Form token for all users or only for this gate. + In: header + Default: false + */ + XBearerForAllUsers *bool /*Token lifetime in epoch. In: header Default: 100 @@ -69,6 +77,10 @@ func (o *AuthParams) BindRequest(r *http.Request, route *middleware.MatchedRoute o.HTTPRequest = r + if err := o.bindXBearerForAllUsers(r.Header[http.CanonicalHeaderKey("X-Bearer-For-All-Users")], true, route.Formats); err != nil { + res = append(res, err) + } + if err := o.bindXBearerLifetime(r.Header[http.CanonicalHeaderKey("X-Bearer-Lifetime")], true, route.Formats); err != nil { res = append(res, err) } @@ -112,6 +124,29 @@ func (o *AuthParams) BindRequest(r *http.Request, route *middleware.MatchedRoute return nil } +// bindXBearerForAllUsers binds and validates parameter XBearerForAllUsers from header. +func (o *AuthParams) bindXBearerForAllUsers(rawData []string, hasKey bool, formats strfmt.Registry) error { + var raw string + if len(rawData) > 0 { + raw = rawData[len(rawData)-1] + } + + // Required: false + + if raw == "" { // empty values pass all other validations + // Default values have been previously initialized by NewAuthParams() + return nil + } + + value, err := swag.ConvertBool(raw) + if err != nil { + return errors.InvalidType("X-Bearer-For-All-Users", "header", "bool", raw) + } + o.XBearerForAllUsers = &value + + return nil +} + // bindXBearerLifetime binds and validates parameter XBearerLifetime from header. func (o *AuthParams) bindXBearerLifetime(rawData []string, hasKey bool, formats strfmt.Registry) error { var raw string diff --git a/handlers/auth.go b/handlers/auth.go index 8d5f936..02a9546 100644 --- a/handlers/auth.go +++ b/handlers/auth.go @@ -22,8 +22,9 @@ import ( const defaultTokenExpDuration = 100 // in epoch type headersParams struct { - XBearerLifetime uint64 - XBearerOwnerID string + XBearerLifetime uint64 + XBearerOwnerID string + XBearerForAllUsers bool } type objectTokenParams struct { @@ -40,7 +41,8 @@ type containerTokenParams struct { func newHeaderParams(params operations.AuthParams) headersParams { prm := headersParams{ - XBearerOwnerID: params.XBearerOwnerID, + XBearerOwnerID: params.XBearerOwnerID, + XBearerForAllUsers: *params.XBearerForAllUsers, } if params.XBearerLifetime != nil && *params.XBearerLifetime > 0 { @@ -122,7 +124,10 @@ func prepareObjectToken(ctx context.Context, params objectTokenParams, pool *poo if err != nil { return nil, fmt.Errorf("couldn't transform token to native: %w", err) } - btoken.ForUser(owner) + + if !params.XBearerForAllUsers { + btoken.ForUser(owner) + } iat, exp, err := getTokenLifetime(ctx, pool, params.XBearerLifetime) if err != nil { diff --git a/spec/rest.yaml b/spec/rest.yaml index 8418ddd..ac03699 100644 --- a/spec/rest.yaml +++ b/spec/rest.yaml @@ -79,6 +79,11 @@ paths: name: X-Bearer-Lifetime type: integer default: 100 + - in: header + description: Form token for all users or only for this gate. + name: X-Bearer-For-All-Users + type: boolean + default: false - in: body name: tokens required: true