[#329] Add multiple session tokens in authmate

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov 2022-01-26 09:57:11 +03:00 committed by Alex Vanin
parent 3686828577
commit 13664135c5
2 changed files with 58 additions and 14 deletions

View file

@ -384,20 +384,21 @@ func buildEACLTable(cid *cid.ID, eaclTable []byte) (*eacl.Table, error) {
return table, nil
}
func buildContext(rules []byte) (*session.ContainerContext, error) {
sessionCtx := session.NewContainerContext() // wildcard == true on by default
func buildContext(rules []byte) ([]*session.ContainerContext, error) {
var sessionCtxs []*session.ContainerContext
if len(rules) != 0 {
// cast ToV2 temporary, because there is no method for unmarshalling in ContainerContext in api-go
err := sessionCtx.UnmarshalJSON(rules)
err := json.Unmarshal(rules, &sessionCtxs)
if err != nil {
return nil, fmt.Errorf("failed to read rules for session token: %w", err)
return nil, fmt.Errorf("failed to unmarshal rules for session token: %w", err)
}
return sessionCtx, nil
return sessionCtxs, nil
}
sessionCtx := session.NewContainerContext()
sessionCtx.ForPut()
sessionCtx.ApplyTo(nil)
return sessionCtx, nil
return []*session.ContainerContext{sessionCtx}, nil
}
func buildBearerToken(key *keys.PrivateKey, table *eacl.Table, lifetime lifetimeOptions, gateKey *keys.PublicKey) (*token.BearerToken, error) {
@ -441,14 +442,18 @@ func buildSessionToken(key *keys.PrivateKey, oid *owner.ID, lifetime lifetimeOpt
return tok, tok.Sign(&key.PrivateKey)
}
func buildSessionTokens(key *keys.PrivateKey, oid *owner.ID, lifetime lifetimeOptions, ctx *session.ContainerContext, gatesKeys []*keys.PublicKey) ([]*session.Token, error) {
sessionTokens := make([]*session.Token, 0, len(gatesKeys))
func buildSessionTokens(key *keys.PrivateKey, oid *owner.ID, lifetime lifetimeOptions, ctxs []*session.ContainerContext, gatesKeys []*keys.PublicKey) ([][]*session.Token, error) {
sessionTokens := make([][]*session.Token, 0, len(gatesKeys))
for _, gateKey := range gatesKeys {
tkn, err := buildSessionToken(key, oid, lifetime, ctx, gateKey)
if err != nil {
return nil, err
tkns := make([]*session.Token, len(ctxs))
for i, ctx := range ctxs {
tkn, err := buildSessionToken(key, oid, lifetime, ctx, gateKey)
if err != nil {
return nil, err
}
tkns[i] = tkn
}
sessionTokens = append(sessionTokens, tkn)
sessionTokens = append(sessionTokens, tkns)
}
return sessionTokens, nil
}
@ -480,7 +485,7 @@ func createTokens(options *IssueSecretOptions, lifetime lifetimeOptions, cid *ci
return nil, err
}
for i, sessionToken := range sessionTokens {
gates[i].SessionToken = sessionToken
gates[i].SessionToken = sessionToken[0]
}
}

39
authmate/authmate_test.go Normal file
View file

@ -0,0 +1,39 @@
package authmate
import (
"testing"
"github.com/stretchr/testify/require"
)
func TestContainerSessionRules(t *testing.T) {
jsonRules := []byte(`
[
{
"verb": "PUT",
"wildcard": true,
"containerID": null
},
{
"verb": "DELETE",
"wildcard": true,
"containerID": null
},
{
"verb": "SETEACL",
"wildcard": true,
"containerID": null
}
]`)
sessionContext, err := buildContext(jsonRules)
require.NoError(t, err)
require.Len(t, sessionContext, 3)
require.True(t, sessionContext[0].IsForPut())
require.Nil(t, sessionContext[0].Container())
require.True(t, sessionContext[1].IsForDelete())
require.Nil(t, sessionContext[1].Container())
require.True(t, sessionContext[2].IsForSetEACL())
require.Nil(t, sessionContext[2].Container())
}