[#255] Add expiration to access box

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2021-09-10 11:07:26 +03:00 · 2021-09-10 11:07:26 +03:00 · 26f30e7ace
commit 26f30e7ace
parent 3c2e25f977
3 changed files with 11 additions and 7 deletions
--- a/authmate/authmate.go
+++ b/authmate/authmate.go
@ -227,7 +227,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr

 	address, err := tokens.
 		New(a.pool, secrets.EphemeralKey).
-		Put(ctx, cid, oid, box, options.GatesPublicKeys...)
+		Put(ctx, cid, oid, box, lifetime.Exp, options.GatesPublicKeys...)
 	if err != nil {
 		return fmt.Errorf("failed to put bearer token: %w", err)
 	}
--- a/cmd/authmate/main.go
+++ b/cmd/authmate/main.go
@ -26,8 +26,8 @@ import (
 const (
 	poolConnectTimeout = 5 * time.Second
 	poolRequestTimeout = 5 * time.Second
-	// a number of 15-second blocks in a month.
-	defaultLifetime = 172800
+	// a number of 1-hour epochs in a month.
+	defaultLifetime = 720
 )

 var (
@ -199,7 +199,7 @@ func issueSecret() *cli.Command {
 			},
 			&cli.Uint64Flag{
 				Name:        "lifetime",
-				Usage:       "Lifetime of tokens in NeoFS epoch (number of blocks in sidechain)",
+				Usage:       "Lifetime of tokens in NeoFS epoch",
 				Required:    false,
 				Destination: &lifetimeFlag,
 				Value:       defaultLifetime,
--- a/creds/tokens/credentials.go
+++ b/creds/tokens/credentials.go
@ -21,7 +21,7 @@ type (
 	// Credentials is a bearer token get/put interface.
 	Credentials interface {
 		GetBox(context.Context, *object.Address) (*accessbox.Box, error)
-		Put(context.Context, *cid.ID, *owner.ID, *accessbox.AccessBox, ...*keys.PublicKey) (*object.Address, error)
+		Put(context.Context, *cid.ID, *owner.ID, *accessbox.AccessBox, uint64, ...*keys.PublicKey) (*object.Address, error)
 	}

 	cred struct {
@ -100,7 +100,7 @@ func (c *cred) getAccessBox(ctx context.Context, address *object.Address) (*acce
 	return &box, nil
 }

-func (c *cred) Put(ctx context.Context, cid *cid.ID, issuer *owner.ID, box *accessbox.AccessBox, keys ...*keys.PublicKey) (*object.Address, error) {
+func (c *cred) Put(ctx context.Context, cid *cid.ID, issuer *owner.ID, box *accessbox.AccessBox, expiration uint64, keys ...*keys.PublicKey) (*object.Address, error) {
 	var (
 		err     error
 		created = strconv.FormatInt(time.Now().Unix(), 10)
@ -124,10 +124,14 @@ func (c *cred) Put(ctx context.Context, cid *cid.ID, issuer *owner.ID, box *acce
 	filename.SetKey(object.AttributeFileName)
 	filename.SetValue(created + "_access.box")

+	expirationAttr := object.NewAttribute()
+	expirationAttr.SetKey("__NEOFS__EXPIRATION_EPOCH")
+	expirationAttr.SetValue(strconv.FormatUint(expiration, 10))
+
 	raw := object.NewRaw()
 	raw.SetContainerID(cid)
 	raw.SetOwnerID(issuer)
-	raw.SetAttributes(filename, timestamp)
+	raw.SetAttributes(filename, timestamp, expirationAttr)

 	ops := new(client.PutObjectParams).WithObject(raw.Object()).WithPayloadReader(bytes.NewBuffer(data))
 	oid, err := c.pool.PutObject(