[#212] Support CORS container for CORS settings

Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2025-02-27 12:13:12 +03:00 · 2025-02-27 12:13:12 +03:00 · 9ef6b06e91
commit 9ef6b06e91
parent 9cf2a4f0e0
18 changed files with 1204 additions and 203 deletions
--- a/cmd/http-gw/app.go
+++ b/cmd/http-gw/app.go
@ -17,6 +17,7 @@ import (
 	"time"

 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/cache"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/data"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
@ -30,6 +31,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
 	"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
 	v2container "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/api/container"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
 	treepool "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool/tree"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
@ -65,6 +67,8 @@ type (
 		settings       *appSettings
 		loggerSettings *loggerSettings
 		bucketCache    *cache.BucketCache
+		handle         *handler.Handler
+		corsCnrID      cid.ID

 		servers       []Server
 		unbindServers []ServerInfo
@ -105,12 +109,7 @@ type (
 		bufferMaxSizeForPut    uint64
 		namespaceHeader        string
 		defaultNamespaces      []string
-		corsAllowOrigin        string
-		corsAllowMethods       []string
-		corsAllowHeaders       []string
-		corsExposeHeaders      []string
-		corsAllowCredentials   bool
-		corsMaxAge             int
+		cors                   *data.CORSRule
 		enableFilepathFallback bool
 	}

@ -122,15 +121,6 @@ type (
 		logLevel   zap.AtomicLevel
 		tagsConfig *tagsConfig
 	}
-
-	CORS struct {
-		AllowOrigin      string
-		AllowMethods     []string
-		AllowHeaders     []string
-		ExposeHeaders    []string
-		AllowCredentials bool
-		MaxAge           int
-	}
 )

 func newLogLevel(v *viper.Viper) zap.AtomicLevel {
@ -251,6 +241,7 @@ func newApp(ctx context.Context, cfg *appCfg) App {
 	a.initResolver()
 	a.initMetrics()
 	a.initTracing(ctx)
+	a.initContainers(ctx)

 	return a
 }
@ -259,6 +250,14 @@ func (a *app) config() *viper.Viper {
 	return a.cfg.config()
 }

+func (a *app) initContainers(ctx context.Context) {
+	corsCnrID, err := a.fetchContainerID(ctx, cfgContainersCORS)
+	if err != nil {
+		a.log.Fatal(logs.CouldNotFetchCORSContainerInfo, zap.Error(err), logs.TagField(logs.TagApp))
+	}
+	a.corsCnrID = *corsCnrID
+}
+
 func (a *app) initAppSettings(lc *logLevelConfig) {
 	a.settings = &appSettings{
 		reconnectInterval: fetchReconnectInterval(a.config()),
@ -278,12 +277,7 @@ func (s *appSettings) update(v *viper.Viper, l *zap.Logger) {
 	namespaceHeader := v.GetString(cfgResolveNamespaceHeader)
 	defaultNamespaces := fetchDefaultNamespaces(v)
 	indexPage, indexEnabled := fetchIndexPageTemplate(v, l)
-	corsAllowOrigin := v.GetString(cfgCORSAllowOrigin)
-	corsAllowMethods := v.GetStringSlice(cfgCORSAllowMethods)
-	corsAllowHeaders := v.GetStringSlice(cfgCORSAllowHeaders)
-	corsExposeHeaders := v.GetStringSlice(cfgCORSExposeHeaders)
-	corsAllowCredentials := v.GetBool(cfgCORSAllowCredentials)
-	corsMaxAge := fetchCORSMaxAge(v)
+	cors := fetchCORSConfig(v)
 	enableFilepathFallback := v.GetBool(cfgFeaturesEnableFilepathFallback)

 	s.mu.Lock()
@ -298,12 +292,7 @@ func (s *appSettings) update(v *viper.Viper, l *zap.Logger) {
 	s.defaultNamespaces = defaultNamespaces
 	s.returnIndexPage = indexEnabled
 	s.indexPageTemplate = indexPage
-	s.corsAllowOrigin = corsAllowOrigin
-	s.corsAllowMethods = corsAllowMethods
-	s.corsAllowHeaders = corsAllowHeaders
-	s.corsExposeHeaders = corsExposeHeaders
-	s.corsAllowCredentials = corsAllowCredentials
-	s.corsMaxAge = corsMaxAge
+	s.cors = cors
 	s.enableFilepathFallback = enableFilepathFallback
 }

@ -350,26 +339,33 @@ func (s *appSettings) IndexPageTemplate() string {
 	return s.indexPageTemplate
 }

-func (s *appSettings) CORS() CORS {
+func (s *appSettings) CORS() *data.CORSRule {
 	s.mu.RLock()
 	defer s.mu.RUnlock()

-	allowMethods := make([]string, len(s.corsAllowMethods))
-	copy(allowMethods, s.corsAllowMethods)
+	if s.cors == nil {
+		return nil
+	}

-	allowHeaders := make([]string, len(s.corsAllowHeaders))
-	copy(allowHeaders, s.corsAllowHeaders)
+	allowMethods := make([]string, len(s.cors.AllowedMethods))
+	copy(allowMethods, s.cors.AllowedMethods)

-	exposeHeaders := make([]string, len(s.corsExposeHeaders))
-	copy(exposeHeaders, s.corsExposeHeaders)
+	allowHeaders := make([]string, len(s.cors.AllowedHeaders))
+	copy(allowHeaders, s.cors.AllowedHeaders)

-	return CORS{
-		AllowOrigin:      s.corsAllowOrigin,
-		AllowMethods:     allowMethods,
-		AllowHeaders:     allowHeaders,
-		ExposeHeaders:    exposeHeaders,
-		AllowCredentials: s.corsAllowCredentials,
-		MaxAge:           s.corsMaxAge,
+	exposeHeaders := make([]string, len(s.cors.ExposeHeaders))
+	copy(exposeHeaders, s.cors.ExposeHeaders)
+
+	allowOrigins := make([]string, len(s.cors.AllowedOrigins))
+	copy(allowOrigins, s.cors.AllowedOrigins)
+
+	return &data.CORSRule{
+		AllowedOrigins:     allowOrigins,
+		AllowedMethods:     allowMethods,
+		AllowedHeaders:     allowHeaders,
+		ExposeHeaders:      exposeHeaders,
+		AllowedCredentials: s.cors.AllowedCredentials,
+		MaxAgeSeconds:      s.cors.MaxAgeSeconds,
 	}
 }

@ -391,15 +387,15 @@ func (s *appSettings) NamespaceHeader() string {
 	return s.namespaceHeader
 }

-func (s *appSettings) FormContainerZone(ns string) (zone string, isDefault bool) {
+func (s *appSettings) FormContainerZone(ns string) string {
 	s.mu.RLock()
 	namespaces := s.defaultNamespaces
 	s.mu.RUnlock()
 	if slices.Contains(namespaces, ns) {
-		return v2container.SysAttributeZoneDefault, true
+		return v2container.SysAttributeZoneDefault
 	}

-	return ns + ".ns", false
+	return ns + ".ns"
 }

 func (s *appSettings) EnableFilepathFallback() bool {
@ -420,7 +416,6 @@ func (a *app) getResolverConfig() ([]string, *resolver.Config) {
 	resolveCfg := &resolver.Config{
 		FrostFS:    frostfs.NewResolverFrostFS(a.pool),
 		RPCAddress: a.config().GetString(cfgRPCEndpoint),
-		Settings:   a.settings,
 	}

 	order := a.config().GetStringSlice(cfgResolveOrder)
@ -606,10 +601,8 @@ func (a *app) Serve() {
 		close(a.webDone)
 	}()

-	handle := handler.New(a.AppParams(), a.settings, tree.NewTree(frostfs.NewPoolWrapper(a.treePool)), workerPool)
-
 	// Configure router.
-	a.configureRouter(handle)
+	a.configureRouter(workerPool)

 	a.startServices()
 	a.initServers(a.ctx)
@ -730,7 +723,9 @@ func (a *app) stopServices() {
 	}
 }

-func (a *app) configureRouter(h *handler.Handler) {
+func (a *app) configureRouter(workerPool *ants.Pool) {
+	a.handle = handler.New(a.AppParams(), a.settings, tree.NewTree(frostfs.NewPoolWrapper(a.treePool)), workerPool)
+
 	r := router.New()
 	r.RedirectTrailingSlash = true
 	r.NotFound = func(r *fasthttp.RequestCtx) {
@ -740,21 +735,21 @@ func (a *app) configureRouter(h *handler.Handler) {
 		handler.ResponseError(r, "Method Not Allowed", fasthttp.StatusMethodNotAllowed)
 	}

-	r.POST("/upload/{cid}", a.addMiddlewares(h.Upload))
-	r.OPTIONS("/upload/{cid}", a.addPreflight())
+	r.POST("/upload/{cid}", a.addMiddlewares(a.handle.Upload))
+	r.OPTIONS("/upload/{cid}", a.addPreflight(a.handle.Preflight))
 	a.log.Info(logs.AddedPathUploadCid, logs.TagField(logs.TagApp))
-	r.GET("/get/{cid}/{oid:*}", a.addMiddlewares(h.DownloadByAddressOrBucketName))
-	r.HEAD("/get/{cid}/{oid:*}", a.addMiddlewares(h.HeadByAddressOrBucketName))
-	r.OPTIONS("/get/{cid}/{oid:*}", a.addPreflight())
+	r.GET("/get/{cid}/{oid:*}", a.addMiddlewares(a.handle.DownloadByAddressOrBucketName))
+	r.HEAD("/get/{cid}/{oid:*}", a.addMiddlewares(a.handle.HeadByAddressOrBucketName))
+	r.OPTIONS("/get/{cid}/{oid:*}", a.addPreflight(a.handle.Preflight))
 	a.log.Info(logs.AddedPathGetCidOid, logs.TagField(logs.TagApp))
-	r.GET("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addMiddlewares(h.DownloadByAttribute))
-	r.HEAD("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addMiddlewares(h.HeadByAttribute))
-	r.OPTIONS("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addPreflight())
+	r.GET("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addMiddlewares(a.handle.DownloadByAttribute))
+	r.HEAD("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addMiddlewares(a.handle.HeadByAttribute))
+	r.OPTIONS("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.addPreflight(a.handle.Preflight))
 	a.log.Info(logs.AddedPathGetByAttributeCidAttrKeyAttrVal, logs.TagField(logs.TagApp))
-	r.GET("/zip/{cid}/{prefix:*}", a.addMiddlewares(h.DownloadZip))
-	r.OPTIONS("/zip/{cid}/{prefix:*}", a.addPreflight())
-	r.GET("/tar/{cid}/{prefix:*}", a.addMiddlewares(h.DownloadTar))
-	r.OPTIONS("/tar/{cid}/{prefix:*}", a.addPreflight())
+	r.GET("/zip/{cid}/{prefix:*}", a.addMiddlewares(a.handle.DownloadZip))
+	r.OPTIONS("/zip/{cid}/{prefix:*}", a.addPreflight(a.handle.Preflight))
+	r.GET("/tar/{cid}/{prefix:*}", a.addMiddlewares(a.handle.DownloadTar))
+	r.OPTIONS("/tar/{cid}/{prefix:*}", a.addPreflight(a.handle.Preflight))
 	a.log.Info(logs.AddedPathZipCidPrefix, logs.TagField(logs.TagApp))

 	a.webServer.Handler = r.Handler
@ -777,14 +772,14 @@ func (a *app) addMiddlewares(h fasthttp.RequestHandler) fasthttp.RequestHandler
 	return h
 }

-func (a *app) addPreflight() fasthttp.RequestHandler {
+func (a *app) addPreflight(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 	list := []func(fasthttp.RequestHandler) fasthttp.RequestHandler{
 		a.tracer,
 		a.logger,
+		a.canonicalizer,
 		a.reqNamespace,
 	}

-	h := a.preflightHandler
 	for i := len(list) - 1; i >= 0; i-- {
 		h = list[i](h)
 	}
@ -792,46 +787,16 @@ func (a *app) addPreflight() fasthttp.RequestHandler {
 	return h
 }

-func (a *app) preflightHandler(c *fasthttp.RequestCtx) {
-	cors := a.settings.CORS()
-	setCORSHeaders(c, cors)
-}
-
 func (a *app) cors(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 	return func(c *fasthttp.RequestCtx) {
 		h(c)
 		code := c.Response.StatusCode()
 		if code >= fasthttp.StatusOK && code < fasthttp.StatusMultipleChoices {
-			cors := a.settings.CORS()
-			setCORSHeaders(c, cors)
+			a.handle.SetCORSHeaders(c)
 		}
 	}
 }

-func setCORSHeaders(c *fasthttp.RequestCtx, cors CORS) {
-	c.Response.Header.Set(fasthttp.HeaderAccessControlMaxAge, strconv.Itoa(cors.MaxAge))
-
-	if len(cors.AllowOrigin) != 0 {
-		c.Response.Header.Set(fasthttp.HeaderAccessControlAllowOrigin, cors.AllowOrigin)
-	}
-
-	if len(cors.AllowMethods) != 0 {
-		c.Response.Header.Set(fasthttp.HeaderAccessControlAllowMethods, strings.Join(cors.AllowMethods, ","))
-	}
-
-	if len(cors.AllowHeaders) != 0 {
-		c.Response.Header.Set(fasthttp.HeaderAccessControlAllowHeaders, strings.Join(cors.AllowHeaders, ","))
-	}
-
-	if len(cors.ExposeHeaders) != 0 {
-		c.Response.Header.Set(fasthttp.HeaderAccessControlExposeHeaders, strings.Join(cors.ExposeHeaders, ","))
-	}
-
-	if cors.AllowCredentials {
-		c.Response.Header.Set(fasthttp.HeaderAccessControlAllowCredentials, "true")
-	}
-}
-
 func (a *app) logger(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 	return func(req *fasthttp.RequestCtx) {
 		requiredFields := []zap.Field{zap.Uint64("id", req.ID())}
@ -930,11 +895,13 @@ func (a *app) reqNamespace(h fasthttp.RequestHandler) fasthttp.RequestHandler {

 func (a *app) AppParams() *handler.AppParams {
 	return &handler.AppParams{
-		Logger:   a.log,
-		FrostFS:  frostfs.NewFrostFS(a.pool),
-		Owner:    a.owner,
-		Resolver: a.resolver,
-		Cache:    a.bucketCache,
+		Logger:    a.log,
+		FrostFS:   frostfs.NewFrostFS(a.pool),
+		Owner:     a.owner,
+		Resolver:  a.resolver,
+		Cache:     a.bucketCache,
+		CORSCnrID: a.corsCnrID,
+		CORSCache: cache.NewCORSCache(getCORSCacheOptions(a.config(), a.log)),
 	}
 }

@ -1135,3 +1102,44 @@ func (a *app) tryReconnect(ctx context.Context, sr *fasthttp.Server) bool {

 	return len(a.unbindServers) == 0
 }
+
+func (a *app) fetchContainerID(ctx context.Context, cfgKey string) (id *cid.ID, err error) {
+	cnrID, err := a.resolveContainerID(ctx, cfgKey)
+	if err != nil {
+		return nil, err
+	}
+
+	err = checkContainerExists(ctx, *cnrID, a.pool)
+	if err != nil {
+		return nil, err
+	}
+
+	return cnrID, nil
+}
+
+func (a *app) resolveContainerID(ctx context.Context, cfgKey string) (*cid.ID, error) {
+	containerString := a.config().GetString(cfgKey)
+
+	id := new(cid.ID)
+	if err := id.DecodeString(containerString); err != nil {
+		i := strings.Index(containerString, ".")
+		if i < 0 {
+			return nil, fmt.Errorf("invalid container address: %s", containerString)
+		}
+
+		if id, err = a.resolver.Resolve(ctx, containerString[i+1:], containerString[:i]); err != nil {
+			return nil, fmt.Errorf("resolve container address %s: %w", containerString, err)
+		}
+	}
+
+	return id, nil
+}
+
+func checkContainerExists(ctx context.Context, id cid.ID, frostFSPool *pool.Pool) error {
+	prm := pool.PrmContainerGet{
+		ContainerID: id,
+	}
+
+	_, err := frostFSPool.GetContainer(ctx, prm)
+	return err
+}