From 65b5d6e3d2463175ec240c698fd81e6af13fa326 Mon Sep 17 00:00:00 2001
From: Evgeniy Kulikov <kim@nspcc.ru>
Date: Tue, 13 Oct 2020 12:31:23 +0300
Subject: [PATCH] [#25] Fixes around cmd/gate

closes #25

Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru>
---
 cmd/gate/app-settings.go |  57 +++++++++++--------
 cmd/gate/app.go          | 118 ++++++++++++++++++++++++---------------
 cmd/gate/app_option.go   |  21 +++++++
 cmd/gate/main.go         |   2 +-
 4 files changed, 129 insertions(+), 69 deletions(-)
 create mode 100644 cmd/gate/app_option.go

diff --git a/cmd/gate/app-settings.go b/cmd/gate/app-settings.go
index 4e121e48..6518c43c 100644
--- a/cmd/gate/app-settings.go
+++ b/cmd/gate/app-settings.go
@@ -1,16 +1,20 @@
 package main
 
 import (
+	"context"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"os"
 	"strconv"
 	"strings"
 	"time"
 
+	"github.com/nspcc-dev/neofs-authmate/accessbox/hcs"
+
 	crypto "github.com/nspcc-dev/neofs-crypto"
 	"github.com/nspcc-dev/neofs-s3-gate/api/pool"
 	"github.com/nspcc-dev/neofs-s3-gate/auth"
@@ -91,40 +95,47 @@ type empty int
 
 func (empty) Read([]byte) (int, error) { return 0, io.EOF }
 
-func fetchAuthCenter(l *zap.Logger, v *viper.Viper, peers []pool.Peer) (*auth.Center, error) {
+func fetchGateAuthKeys(v *viper.Viper) (*hcs.X25519Keys, error) {
+	path := v.GetString(cfgGateAuthPrivateKey)
+
+	data, err := ioutil.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+
+	return hcs.NewKeys(data)
+}
+
+func fetchNeoFSKey(v *viper.Viper) (*ecdsa.PrivateKey, error) {
 	var (
-		err             error
-		neofsPrivateKey *ecdsa.PrivateKey
+		err error
+		key *ecdsa.PrivateKey
 	)
-	switch nfspk := v.GetString(cfgNeoFSPrivateKey); nfspk {
+
+	switch val := v.GetString(cfgNeoFSPrivateKey); val {
 	case generated:
-		neofsPrivateKey, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+		key, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 		if err != nil {
 			return nil, errors.Wrap(err, "could not generate NeoFS private key")
 		}
 	default:
-		neofsPrivateKey, err = crypto.LoadPrivateKey(nfspk)
+		key, err = crypto.LoadPrivateKey(val)
 		if err != nil {
 			return nil, errors.Wrap(err, "could not load NeoFS private key")
 		}
 	}
-	gapk := v.GetString(cfgGateAuthPrivateKey)
-	gateAuthPrivateKey, err := auth.LoadGateAuthPrivateKey(gapk)
-	if err != nil {
-		return nil, errors.Wrapf(err, "could not load gate auth private key %q", gapk)
-	}
-	// NB: Maybe choose a peer more smarter.
-	center, err := auth.NewCenter(l, peers[0].Address)
-	if err != nil {
-		return nil, errors.Wrap(err, "failed to create auth center")
-	}
-	if err = center.SetAuthKeys(gateAuthPrivateKey); err != nil {
-		return nil, errors.Wrap(err, "failed to set gate auth keys")
-	}
-	if err = center.SetNeoFSKeys(neofsPrivateKey); err != nil {
-		return nil, errors.Wrap(err, "failed to set NeoFS keys")
-	}
-	return center, nil
+
+	return key, nil
+}
+
+func fetchAuthCenter(ctx context.Context, p *authCenterParams) (*auth.Center, error) {
+	return auth.New(ctx, &auth.Params{
+		Con:     p.Pool,
+		Log:     p.Logger,
+		Timeout: p.Timeout,
+		GAKey:   p.GateAuthKeys,
+		NFKey:   p.NeoFSPrivateKey,
+	})
 }
 
 func fetchPeers(l *zap.Logger, v *viper.Viper) []pool.Peer {
diff --git a/cmd/gate/app.go b/cmd/gate/app.go
index 043d58e2..baf2cddf 100644
--- a/cmd/gate/app.go
+++ b/cmd/gate/app.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/nspcc-dev/neofs-authmate/accessbox/hcs"
 	"github.com/nspcc-dev/neofs-s3-gate/api"
 	"github.com/nspcc-dev/neofs-s3-gate/api/handler"
 	"github.com/nspcc-dev/neofs-s3-gate/api/layer"
@@ -19,13 +20,13 @@ import (
 
 type (
 	App struct {
-		center *auth.Center
-		cli    pool.Pool
-		log    *zap.Logger
-		cfg    *viper.Viper
-		tls    *tlsConfig
-		obj    layer.Client
-		api    api.Handler
+		cli pool.Pool
+		ctr *auth.Center
+		log *zap.Logger
+		cfg *viper.Viper
+		tls *tlsConfig
+		obj layer.Client
+		api api.Handler
 
 		conTimeout time.Duration
 		reqTimeout time.Duration
@@ -44,14 +45,18 @@ type (
 	}
 )
 
-func newApp(l *zap.Logger, v *viper.Viper) *App {
+func newApp(ctx context.Context, l *zap.Logger, v *viper.Viper) *App {
 	var (
-		err        error
-		cli        pool.Pool
-		tls        *tlsConfig
-		caller     api.Handler
-		obj        layer.Client
-		key        *ecdsa.PrivateKey
+		err    error
+		cli    pool.Pool
+		tls    *tlsConfig
+		caller api.Handler
+		ctr    *auth.Center
+		obj    layer.Client
+
+		gaKey *hcs.X25519Keys
+		nfKey *ecdsa.PrivateKey
+
 		reBalance  = defaultRebalanceTimer
 		conTimeout = defaultConnectTimeout
 		reqTimeout = defaultRequestTimeout
@@ -59,19 +64,6 @@ func newApp(l *zap.Logger, v *viper.Viper) *App {
 		maxClientsCount    = defaultMaxClientsCount
 		maxClientsDeadline = defaultMaxClientsDeadline
 	)
-	peers := fetchPeers(l, v)
-	center, err := fetchAuthCenter(l, v, peers)
-	if err != nil {
-		l.Fatal("failed to initialize auth center", zap.Error(err))
-	}
-	key = center.GetNeoFSPrivateKey()
-
-	if v.IsSet(cfgTLSKeyFile) && v.IsSet(cfgTLSCertFile) {
-		tls = &tlsConfig{
-			KeyFile:  v.GetString(cfgTLSKeyFile),
-			CertFile: v.GetString(cfgTLSCertFile),
-		}
-	}
 
 	if v := v.GetDuration(cfgConnectTimeout); v > 0 {
 		conTimeout = v
@@ -89,15 +81,36 @@ func newApp(l *zap.Logger, v *viper.Viper) *App {
 		maxClientsDeadline = v
 	}
 
+	if v := v.GetDuration(cfgRebalanceTimer); v > 0 {
+		reBalance = v
+	}
+
+	if nfKey, err = fetchNeoFSKey(v); err != nil {
+		l.Fatal("could not load NeoFS private key")
+	}
+
+	if gaKey, err = fetchGateAuthKeys(v); err != nil {
+		l.Fatal("could not load gate auth key")
+	}
+
+	if v.IsSet(cfgTLSKeyFile) && v.IsSet(cfgTLSCertFile) {
+		tls = &tlsConfig{
+			KeyFile:  v.GetString(cfgTLSKeyFile),
+			CertFile: v.GetString(cfgTLSCertFile),
+		}
+	}
+
+	peers := fetchPeers(l, v)
+
 	poolConfig := &pool.Config{
+		ConnectTimeout: conTimeout,
+		RequestTimeout: reqTimeout,
 		ConnectionTTL:  v.GetDuration(cfgConnectionTTL),
-		ConnectTimeout: v.GetDuration(cfgConnectTimeout),
-		RequestTimeout: v.GetDuration(cfgRequestTimeout),
 
 		Peers: peers,
 
 		Logger:     l,
-		PrivateKey: key,
+		PrivateKey: nfKey,
 
 		GRPCLogger:  gRPCLogger(l),
 		GRPCVerbose: v.GetBool(cfgGRPCVerbose),
@@ -105,27 +118,42 @@ func newApp(l *zap.Logger, v *viper.Viper) *App {
 		ClientParameters: keepalive.ClientParameters{},
 	}
 
-	if v := v.GetDuration(cfgRebalanceTimer); v > 0 {
-		reBalance = v
-	}
-
 	if cli, err = pool.New(poolConfig); err != nil {
 		l.Fatal("could not prepare pool connections", zap.Error(err))
 	}
 
+	{ // prepare auth center
+		ctx, cancel := context.WithTimeout(ctx, conTimeout)
+		defer cancel()
+
+		params := &authCenterParams{
+			Logger: l,
+			Pool:   cli,
+
+			Timeout: conTimeout,
+
+			GateAuthKeys:    gaKey,
+			NeoFSPrivateKey: nfKey,
+		}
+
+		if ctr, err = fetchAuthCenter(ctx, params); err != nil {
+			l.Fatal("failed to initialize auth center", zap.Error(err))
+		}
+	}
+
 	{ // should establish connection with NeoFS Storage Nodes
-		ctx, cancel := context.WithTimeout(context.Background(), conTimeout)
+		ctx, cancel := context.WithTimeout(ctx, conTimeout)
 		defer cancel()
 
 		cli.ReBalance(ctx)
 
-		if _, err = cli.GetConnection(ctx); err != nil {
+		if _, err = cli.Connection(ctx); err != nil {
 			l.Fatal("could not establish connection",
 				zap.Error(err))
 		}
 	}
 
-	if obj, err = layer.NewLayer(l, cli, key); err != nil {
+	if obj, err = layer.NewLayer(l, cli, nfKey); err != nil {
 		l.Fatal("could not prepare ObjectLayer", zap.Error(err))
 	}
 
@@ -134,13 +162,13 @@ func newApp(l *zap.Logger, v *viper.Viper) *App {
 	}
 
 	return &App{
-		center: center,
-		cli:    cli,
-		log:    l,
-		cfg:    v,
-		obj:    obj,
-		tls:    tls,
-		api:    caller,
+		ctr: ctr,
+		cli: cli,
+		log: l,
+		cfg: v,
+		obj: obj,
+		tls: tls,
+		api: caller,
 
 		webDone: make(chan struct{}, 1),
 		wrkDone: make(chan struct{}, 1),
@@ -189,7 +217,7 @@ func (a *App) Server(ctx context.Context) {
 	attachProfiler(router, a.cfg, a.log)
 
 	// Attach S3 API:
-	api.Attach(router, a.maxClients, a.api, a.center, a.log)
+	api.Attach(router, a.maxClients, a.api, a.ctr, a.log)
 
 	// Use mux.Router as http.Handler
 	srv.Handler = router
diff --git a/cmd/gate/app_option.go b/cmd/gate/app_option.go
new file mode 100644
index 00000000..188a228f
--- /dev/null
+++ b/cmd/gate/app_option.go
@@ -0,0 +1,21 @@
+package main
+
+import (
+	"crypto/ecdsa"
+	"time"
+
+	"github.com/nspcc-dev/neofs-authmate/accessbox/hcs"
+	"github.com/nspcc-dev/neofs-s3-gate/api/pool"
+	"go.uber.org/zap"
+)
+
+type (
+	authCenterParams struct {
+		Pool    pool.Client
+		Logger  *zap.Logger
+		Timeout time.Duration
+
+		GateAuthKeys    *hcs.X25519Keys
+		NeoFSPrivateKey *ecdsa.PrivateKey
+	}
+)
diff --git a/cmd/gate/main.go b/cmd/gate/main.go
index a2b06b11..e49f090b 100644
--- a/cmd/gate/main.go
+++ b/cmd/gate/main.go
@@ -4,8 +4,8 @@ func main() {
 	var (
 		v = newSettings()
 		l = newLogger(v)
-		a = newApp(l, v)
 		g = newGracefulContext(l)
+		a = newApp(g, l, v)
 	)
 
 	go a.Server(g)