[#163] Support JSON bearer token

Signed-off-by: Roman Loginov <r.loginov@yadro.com>

CODEOWNERS

@@ -1 +1,3 @@
-.*       @alexvanin @dkirillov
+.*          @TrueCloudLab/storage-services-developers @TrueCloudLab/storage-services-committers
+.forgejo/.* @potyarkin
+Makefile    @potyarkin

cmd/http-gw/integration_test.go

@@ -75,11 +75,13 @@ func TestIntegration(t *testing.T) {
 		CID, err := createContainer(ctx, t, clientPool, ownerID, version)
 		require.NoError(t, err, version)
 
-		token := makeBearerToken(t, key, ownerID, version)
+		jsonToken, binaryToken := makeBearerTokens(t, key, ownerID, version)
 
 		t.Run("simple put "+version, func(t *testing.T) { simplePut(ctx, t, clientPool, CID, version) })
-		t.Run("put with bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, token) })
-		t.Run("put with bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, token) })
+		t.Run("put with json bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, jsonToken) })
+		t.Run("put with json bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, jsonToken) })
+		t.Run("put with binary bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, binaryToken) })
+		t.Run("put with binary bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, binaryToken) })
 		t.Run("put with duplicate keys "+version, func(t *testing.T) { putWithDuplicateKeys(t, CID) })
 		t.Run("simple get "+version, func(t *testing.T) { simpleGet(ctx, t, clientPool, ownerID, CID, version) })
 		t.Run("get by attribute "+version, func(t *testing.T) { getByAttr(ctx, t, clientPool, ownerID, CID, version) })
@@ -526,7 +528,7 @@ func putObject(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID
 	return id.ObjectID
 }
 
-func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) string {
+func makeBearerTokens(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) (jsonTokenBase64, binaryTokenBase64 string) {
 	tkn := new(bearer.Token)
 	tkn.ForUser(ownerID)
 	tkn.SetExp(10000)
@@ -540,10 +542,16 @@ func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, versio
 	err := tkn.Sign(key.PrivateKey)
 	require.NoError(t, err)
 
-	t64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
-	require.NotEmpty(t, t64)
+	jsonToken, err := tkn.MarshalJSON()
+	require.NoError(t, err)
 
-	return t64
+	jsonTokenBase64 = base64.StdEncoding.EncodeToString(jsonToken)
+	binaryTokenBase64 = base64.StdEncoding.EncodeToString(tkn.Marshal())
+
+	require.NotEmpty(t, jsonTokenBase64)
+	require.NotEmpty(t, binaryTokenBase64)
+
+	return
 }
 
 func makeTempWallet(t *testing.T, key *keys.PrivateKey, path string) {

tokens/bearer-token.go

@@ -82,14 +82,22 @@ func fetchBearerToken(ctx *fasthttp.RequestCtx) (*bearer.Token, error) {
 		tkn = new(bearer.Token)
 	)
 	for _, parse := range []fromHandler{BearerTokenFromHeader, BearerTokenFromCookie} {
-		if buf = parse(&ctx.Request.Header); buf == nil {
+		buf = parse(&ctx.Request.Header)
+		if buf == nil {
 			continue
-		} else if data, err := base64.StdEncoding.DecodeString(string(buf)); err != nil {
+		}
+
+		data, err := base64.StdEncoding.DecodeString(string(buf))
+		if err != nil {
 			lastErr = fmt.Errorf("can't base64-decode bearer token: %w", err)
 			continue
-		} else if err = tkn.Unmarshal(data); err != nil {
-			lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err)
-			continue
+		}
+
+		if err = tkn.Unmarshal(data); err != nil {
+			if err = tkn.UnmarshalJSON(data); err != nil {
+				lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err)
+				continue
+			}
 		}
 
 		return tkn, nil

tokens/bearer-token_test.go

@@ -98,8 +98,14 @@ func TestFetchBearerToken(t *testing.T) {
 	tkn := new(bearer.Token)
 	tkn.ForUser(uid)
 
-	t64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
-	require.NotEmpty(t, t64)
+	jsonToken, err := tkn.MarshalJSON()
+	require.NoError(t, err)
+
+	jsonTokenBase64 := base64.StdEncoding.EncodeToString(jsonToken)
+	binaryTokenBase64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
+
+	require.NotEmpty(t, jsonTokenBase64)
+	require.NotEmpty(t, binaryTokenBase64)
 
 	cases := []struct {
 		name   string
@@ -143,25 +149,47 @@ func TestFetchBearerToken(t *testing.T) {
 			error:  "can't unmarshal bearer token",
 		},
 		{
-			name:   "bad header, but good cookie",
+			name:   "bad header, but good cookie with binary token",
 			header: "dGVzdAo=",
-			cookie: t64,
+			cookie: binaryTokenBase64,
 			expect: tkn,
 		},
 		{
-			name:   "bad cookie, but good header",
-			header: t64,
+			name:   "bad cookie, but good header with binary token",
+			header: binaryTokenBase64,
 			cookie: "dGVzdAo=",
 			expect: tkn,
 		},
 		{
-			name:   "ok for header",
-			header: t64,
+			name:   "bad header, but good cookie with json token",
+			header: "dGVzdAo=",
+			cookie: jsonTokenBase64,
 			expect: tkn,
 		},
 		{
-			name:   "ok for cookie",
-			cookie: t64,
+			name:   "bad cookie, but good header with json token",
+			header: jsonTokenBase64,
+			cookie: "dGVzdAo=",
+			expect: tkn,
+		},
+		{
+			name:   "ok for header with binary token",
+			header: binaryTokenBase64,
+			expect: tkn,
+		},
+		{
+			name:   "ok for cookie with binary token",
+			cookie: binaryTokenBase64,
+			expect: tkn,
+		},
+		{
+			name:   "ok for header with json token",
+			header: jsonTokenBase64,
+			expect: tkn,
+		},
+		{
+			name:   "ok for cookie with json token",
+			cookie: jsonTokenBase64,
 			expect: tkn,
 		},
 	}