forked from TrueCloudLab/frostfs-s3-gw
Merge pull request #79 from KirillovDenis/feature/65-allow_no_sign_requests
[#65] Allow no sign requests
This commit is contained in:
commit
a59d7bc5d8
3 changed files with 28 additions and 15 deletions
|
@ -44,6 +44,8 @@ type (
|
||||||
prs int
|
prs int
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var ErrNoAuthorizationHeader = errors.New("no authorization header")
|
||||||
|
|
||||||
func (p prs) Read(_ []byte) (n int, err error) {
|
func (p prs) Read(_ []byte) (n int, err error) {
|
||||||
panic("implement me")
|
panic("implement me")
|
||||||
}
|
}
|
||||||
|
@ -70,7 +72,7 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) {
|
||||||
|
|
||||||
authHeaderField := r.Header["Authorization"]
|
authHeaderField := r.Header["Authorization"]
|
||||||
if len(authHeaderField) != 1 {
|
if len(authHeaderField) != 1 {
|
||||||
return nil, errors.New("unsupported request: wrong length of Authorization header field")
|
return nil, ErrNoAuthorizationHeader
|
||||||
}
|
}
|
||||||
|
|
||||||
sms1 := c.reg.getSubmatches(authHeaderField[0])
|
sms1 := c.reg.getSubmatches(authHeaderField[0])
|
||||||
|
|
|
@ -130,11 +130,12 @@ func (n *layer) GetBucketInfo(ctx context.Context, name string) (*BucketInfo, er
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
containerID := new(cid.ID)
|
||||||
|
if err := containerID.Parse(name); err != nil {
|
||||||
list, err := n.containerList(ctx)
|
list, err := n.containerList(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, bkt := range list {
|
for _, bkt := range list {
|
||||||
if bkt.Name == name {
|
if bkt.Name == name {
|
||||||
return bkt, nil
|
return bkt, nil
|
||||||
|
@ -144,6 +145,9 @@ func (n *layer) GetBucketInfo(ctx context.Context, name string) (*BucketInfo, er
|
||||||
return nil, status.Error(codes.NotFound, "bucket not found")
|
return nil, status.Error(codes.NotFound, "bucket not found")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return n.containerInfo(ctx, containerID)
|
||||||
|
}
|
||||||
|
|
||||||
// ListBuckets returns all user containers. Name of the bucket is a container
|
// ListBuckets returns all user containers. Name of the bucket is a container
|
||||||
// id. Timestamp is omitted since it is not saved in neofs container.
|
// id. Timestamp is omitted since it is not saved in neofs container.
|
||||||
func (n *layer) ListBuckets(ctx context.Context) ([]*BucketInfo, error) {
|
func (n *layer) ListBuckets(ctx context.Context) ([]*BucketInfo, error) {
|
||||||
|
|
|
@ -19,15 +19,22 @@ var BearerTokenKey = KeyWrapper("__context_bearer_token_key")
|
||||||
func AttachUserAuth(router *mux.Router, center auth.Center, log *zap.Logger) {
|
func AttachUserAuth(router *mux.Router, center auth.Center, log *zap.Logger) {
|
||||||
router.Use(func(h http.Handler) http.Handler {
|
router.Use(func(h http.Handler) http.Handler {
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
var ctx context.Context
|
||||||
token, err := center.Authenticate(r)
|
token, err := center.Authenticate(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
if err == auth.ErrNoAuthorizationHeader {
|
||||||
|
log.Debug("couldn't receive bearer token, using neofs-key")
|
||||||
|
ctx = r.Context()
|
||||||
|
} else {
|
||||||
log.Error("failed to pass authentication", zap.Error(err))
|
log.Error("failed to pass authentication", zap.Error(err))
|
||||||
WriteErrorResponse(r.Context(), w, GetAPIError(ErrAccessDenied), r.URL)
|
WriteErrorResponse(r.Context(), w, GetAPIError(ErrAccessDenied), r.URL)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
ctx = context.WithValue(r.Context(), BearerTokenKey, token)
|
||||||
|
}
|
||||||
|
|
||||||
h.ServeHTTP(w, r.WithContext(
|
h.ServeHTTP(w, r.WithContext(ctx))
|
||||||
context.WithValue(r.Context(), BearerTokenKey, token)))
|
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue