TrueCloudLab/frostfs-http-gw
17
1
Fork 18
Code Issues 10 Pull requests 7 Projects Releases 10 Activity Actions

Compare commits

base: TrueCloudLab:master
Branches Tags
TrueCloudLab:master
TrueCloudLab:support/v0.30
TrueCloudLab:support/v0.29
TrueCloudLab:support/v0.28
TrueCloudLab:poc/frostfsid
TrueCloudLab:support/v0.27
TrueCloudLab:v0.32.0
TrueCloudLab:v0.31.0
TrueCloudLab:v0.31.0-rc.6
TrueCloudLab:v0.31.0-rc.5
TrueCloudLab:v0.31.0-rc.4
TrueCloudLab:v0.31.0-rc.3
TrueCloudLab:v0.30.3
TrueCloudLab:v0.31.0-rc.2
TrueCloudLab:v0.31.0-rc.1
TrueCloudLab:v0.30.2
TrueCloudLab:v0.30.1
TrueCloudLab:v0.30.0
TrueCloudLab:v0.30.0-rc.4
TrueCloudLab:v0.30.0-rc.3
TrueCloudLab:v0.30.0-rc.2
TrueCloudLab:v0.29.0
TrueCloudLab:v0.30.0-rc.1
TrueCloudLab:v0.29.0-rc.2
TrueCloudLab:v0.29.0-rc.1
TrueCloudLab:v0.28.1
TrueCloudLab:v0.28.0
TrueCloudLab:v0.28.0-rc.1
TrueCloudLab:v0.27.0
TrueCloudLab:v0.27.0-rc.2
TrueCloudLab:v0.27.0-rc.1
..
compare: TrueCloudLab:v0.32.0
Branches Tags
TrueCloudLab:master
TrueCloudLab:support/v0.30
TrueCloudLab:support/v0.29
TrueCloudLab:support/v0.28
TrueCloudLab:poc/frostfsid
TrueCloudLab:support/v0.27
TrueCloudLab:v0.32.0
TrueCloudLab:v0.31.0
TrueCloudLab:v0.31.0-rc.6
TrueCloudLab:v0.31.0-rc.5
TrueCloudLab:v0.31.0-rc.4
TrueCloudLab:v0.31.0-rc.3
TrueCloudLab:v0.30.3
TrueCloudLab:v0.31.0-rc.2
TrueCloudLab:v0.31.0-rc.1
TrueCloudLab:v0.30.2
TrueCloudLab:v0.30.1
TrueCloudLab:v0.30.0
TrueCloudLab:v0.30.0-rc.4
TrueCloudLab:v0.30.0-rc.3
TrueCloudLab:v0.30.0-rc.2
TrueCloudLab:v0.29.0
TrueCloudLab:v0.30.0-rc.1
TrueCloudLab:v0.29.0-rc.2
TrueCloudLab:v0.29.0-rc.1
TrueCloudLab:v0.28.1
TrueCloudLab:v0.28.0
TrueCloudLab:v0.28.0-rc.1
TrueCloudLab:v0.27.0
TrueCloudLab:v0.27.0-rc.2
TrueCloudLab:v0.27.0-rc.1

No commits in common. "master" and "v0.32.0" have entirely different histories.
master ... v0.32.0

3 changed files with 35 additions and 98 deletions
Show stats Expand all files Collapse all files

67
cmd/http-gw/integration_test.go
View file

@ -14,7 +14,6 @@ import (
"net/http" "net/http"
"os" "os"
"sort" "sort"
"strings"
"testing" "testing"
"time" "time"
@ -55,7 +54,6 @@ func TestIntegration(t *testing.T) {
"1.2.7", "1.2.7",
"1.3.0", "1.3.0",
"1.5.0", "1.5.0",
"1.6.5",
} }
key, err := keys.NewPrivateKeyFromHex("1dd37fba80fec4e6a6f13fd708d8dcb3b29def768017052f6c930fa1c5d90bbb") key, err := keys.NewPrivateKeyFromHex("1dd37fba80fec4e6a6f13fd708d8dcb3b29def768017052f6c930fa1c5d90bbb")
require.NoError(t, err) require.NoError(t, err)
@ -72,28 +70,21 @@ func TestIntegration(t *testing.T) {
ctx, cancel2 := context.WithCancel(rootCtx) ctx, cancel2 := context.WithCancel(rootCtx)
aioContainer := createDockerContainer(ctx, t, aioImage+version) aioContainer := createDockerContainer(ctx, t, aioImage+version)
if strings.HasPrefix(version, "1.6") {
registerUser(t, ctx, aioContainer, file.Name())
}
// See the logs from the command execution.
server, cancel := runServer(file.Name()) server, cancel := runServer(file.Name())
clientPool := getPool(ctx, t, key) clientPool := getPool(ctx, t, key)
CID, err := createContainer(ctx, t, clientPool, ownerID) CID, err := createContainer(ctx, t, clientPool, ownerID, version)
require.NoError(t, err, version) require.NoError(t, err, version)
jsonToken, binaryToken := makeBearerTokens(t, key, ownerID, version) token := makeBearerToken(t, key, ownerID, version)
t.Run("simple put "+version, func(t *testing.T) { simplePut(ctx, t, clientPool, CID) }) t.Run("simple put "+version, func(t *testing.T) { simplePut(ctx, t, clientPool, CID, version) })
t.Run("put with json bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, jsonToken) }) t.Run("put with bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, token) })
t.Run("put with json bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, jsonToken) }) t.Run("put with bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, token) })
t.Run("put with binary bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, binaryToken) })
t.Run("put with binary bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, binaryToken) })
t.Run("put with duplicate keys "+version, func(t *testing.T) { putWithDuplicateKeys(t, CID) }) t.Run("put with duplicate keys "+version, func(t *testing.T) { putWithDuplicateKeys(t, CID) })
t.Run("simple get "+version, func(t *testing.T) { simpleGet(ctx, t, clientPool, ownerID, CID) }) t.Run("simple get "+version, func(t *testing.T) { simpleGet(ctx, t, clientPool, ownerID, CID, version) })
t.Run("get by attribute "+version, func(t *testing.T) { getByAttr(ctx, t, clientPool, ownerID, CID) }) t.Run("get by attribute "+version, func(t *testing.T) { getByAttr(ctx, t, clientPool, ownerID, CID, version) })
t.Run("get zip "+version, func(t *testing.T) { getZip(ctx, t, clientPool, ownerID, CID) }) t.Run("get zip "+version, func(t *testing.T) { getZip(ctx, t, clientPool, ownerID, CID, version) })
t.Run("test namespaces "+version, func(t *testing.T) { checkNamespaces(ctx, t, clientPool, ownerID, CID) }) t.Run("test namespaces "+version, func(t *testing.T) { checkNamespaces(ctx, t, clientPool, ownerID, CID, version) })
cancel() cancel()
server.Wait() server.Wait()
@ -116,7 +107,7 @@ func runServer(pathToWallet string) (App, context.CancelFunc) {
return application, cancel return application, cancel
} }
func simplePut(ctx context.Context, t *testing.T, p *pool.Pool, CID cid.ID) { func simplePut(ctx context.Context, t *testing.T, p *pool.Pool, CID cid.ID, version string) {
url := testHost + "/upload/" + CID.String() url := testHost + "/upload/" + CID.String()
makePutRequestAndCheck(ctx, t, p, CID, url) makePutRequestAndCheck(ctx, t, p, CID, url)
@ -264,7 +255,7 @@ func putWithDuplicateKeys(t *testing.T, CID cid.ID) {
require.Equal(t, http.StatusBadRequest, resp.StatusCode) require.Equal(t, http.StatusBadRequest, resp.StatusCode)
} }
func simpleGet(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID) { func simpleGet(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID, version string) {
content := "content of file" content := "content of file"
attributes := map[string]string{ attributes := map[string]string{
"some-attr": "some-get-value", "some-attr": "some-get-value",
@ -311,7 +302,7 @@ func checkGetByAttrResponse(t *testing.T, resp *http.Response, content string, a
} }
} }
func getByAttr(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID) { func getByAttr(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID, version string) {
keyAttr, valAttr := "some-attr", "some-get-by-attr-value" keyAttr, valAttr := "some-attr", "some-get-by-attr-value"
content := "content of file" content := "content of file"
attributes := map[string]string{keyAttr: valAttr} attributes := map[string]string{keyAttr: valAttr}
@ -333,7 +324,7 @@ func getByAttr(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID
checkGetByAttrResponse(t, resp, content, expectedAttr) checkGetByAttrResponse(t, resp, content, expectedAttr)
} }
func getZip(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID) { func getZip(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID, version string) {
names := []string{"zipfolder/dir/name1.txt", "zipfolder/name2.txt"} names := []string{"zipfolder/dir/name1.txt", "zipfolder/name2.txt"}
contents := []string{"content of file1", "content of file2"} contents := []string{"content of file1", "content of file2"}
attributes1 := map[string]string{object.AttributeFilePath: names[0]} attributes1 := map[string]string{object.AttributeFilePath: names[0]}
@ -398,7 +389,7 @@ func checkZip(t *testing.T, data []byte, length int64, names, contents []string)
} }
} }
func checkNamespaces(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID) { func checkNamespaces(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID, version string) {
content := "content of file" content := "content of file"
attributes := map[string]string{ attributes := map[string]string{
"some-attr": "some-get-value", "some-attr": "some-get-value",
@ -435,7 +426,7 @@ func checkNamespaces(ctx context.Context, t *testing.T, clientPool *pool.Pool, o
func createDockerContainer(ctx context.Context, t *testing.T, image string) testcontainers.Container { func createDockerContainer(ctx context.Context, t *testing.T, image string) testcontainers.Container {
req := testcontainers.ContainerRequest{ req := testcontainers.ContainerRequest{
Image: image, Image: image,
WaitingFor: wait.NewLogStrategy("aio container started").WithStartupTimeout(2 * time.Minute), WaitingFor: wait.NewLogStrategy("aio container started").WithStartupTimeout(30 * time.Second),
Name: "aio", Name: "aio",
Hostname: "aio", Hostname: "aio",
NetworkMode: "host", NetworkMode: "host",
@ -475,7 +466,7 @@ func getPool(ctx context.Context, t *testing.T, key *keys.PrivateKey) *pool.Pool
return clientPool return clientPool
} }
func createContainer(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID) (cid.ID, error) { func createContainer(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, version string) (cid.ID, error) {
var policy netmap.PlacementPolicy var policy netmap.PlacementPolicy
err := policy.DecodeString("REP 1") err := policy.DecodeString("REP 1")
require.NoError(t, err) require.NoError(t, err)
@ -535,19 +526,7 @@ func putObject(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID
return id.ObjectID return id.ObjectID
} }
func registerUser(t *testing.T, ctx context.Context, aioContainer testcontainers.Container, pathToWallet string) { func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) string {
err := aioContainer.CopyFileToContainer(ctx, pathToWallet, "/usr/wallet.json", 644)
require.NoError(t, err)
_, err = aioContainer.Exec(ctx, []string{
"/usr/bin/frostfs-s3-authmate", "register-user",
"--wallet", "/usr/wallet.json",
"--rpc-endpoint", "http://localhost:30333",
"--contract-wallet", "/config/s3-gw-wallet.json"})
require.NoError(t, err)
}
func makeBearerTokens(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) (jsonTokenBase64, binaryTokenBase64 string) {
tkn := new(bearer.Token) tkn := new(bearer.Token)
tkn.ForUser(ownerID) tkn.ForUser(ownerID)
tkn.SetExp(10000) tkn.SetExp(10000)
@ -561,16 +540,10 @@ func makeBearerTokens(t *testing.T, key *keys.PrivateKey, ownerID user.ID, versi
err := tkn.Sign(key.PrivateKey) err := tkn.Sign(key.PrivateKey)
require.NoError(t, err) require.NoError(t, err)
jsonToken, err := tkn.MarshalJSON() t64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
require.NoError(t, err) require.NotEmpty(t, t64)
jsonTokenBase64 = base64.StdEncoding.EncodeToString(jsonToken) return t64
binaryTokenBase64 = base64.StdEncoding.EncodeToString(tkn.Marshal())
require.NotEmpty(t, jsonTokenBase64)
require.NotEmpty(t, binaryTokenBase64)
return
} }
func makeTempWallet(t *testing.T, key *keys.PrivateKey, path string) { func makeTempWallet(t *testing.T, key *keys.PrivateKey, path string) {

18
tokens/bearer-token.go
View file

@ -82,22 +82,14 @@ func fetchBearerToken(ctx *fasthttp.RequestCtx) (*bearer.Token, error) {
tkn = new(bearer.Token) tkn = new(bearer.Token)
) )
for _, parse := range []fromHandler{BearerTokenFromHeader, BearerTokenFromCookie} { for _, parse := range []fromHandler{BearerTokenFromHeader, BearerTokenFromCookie} {
buf = parse(&ctx.Request.Header) if buf = parse(&ctx.Request.Header); buf == nil {
if buf == nil {
continue continue
} } else if data, err := base64.StdEncoding.DecodeString(string(buf)); err != nil {
data, err := base64.StdEncoding.DecodeString(string(buf))
if err != nil {
lastErr = fmt.Errorf("can't base64-decode bearer token: %w", err) lastErr = fmt.Errorf("can't base64-decode bearer token: %w", err)
continue continue
} } else if err = tkn.Unmarshal(data); err != nil {
lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err)
if err = tkn.Unmarshal(data); err != nil { continue
if err = tkn.UnmarshalJSON(data); err != nil {
lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err)
continue
}
} }
return tkn, nil return tkn, nil

48
tokens/bearer-token_test.go
View file

@ -98,14 +98,8 @@ func TestFetchBearerToken(t *testing.T) {
tkn := new(bearer.Token) tkn := new(bearer.Token)
tkn.ForUser(uid) tkn.ForUser(uid)
jsonToken, err := tkn.MarshalJSON() t64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
require.NoError(t, err) require.NotEmpty(t, t64)
jsonTokenBase64 := base64.StdEncoding.EncodeToString(jsonToken)
binaryTokenBase64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
require.NotEmpty(t, jsonTokenBase64)
require.NotEmpty(t, binaryTokenBase64)
cases := []struct { cases := []struct {
name string name string
@ -149,47 +143,25 @@ func TestFetchBearerToken(t *testing.T) {
error: "can't unmarshal bearer token", error: "can't unmarshal bearer token",
}, },
{ {
name: "bad header, but good cookie with binary token", name: "bad header, but good cookie",
header: "dGVzdAo=", header: "dGVzdAo=",
cookie: binaryTokenBase64, cookie: t64,
expect: tkn, expect: tkn,
}, },
{ {
name: "bad cookie, but good header with binary token", name: "bad cookie, but good header",
header: binaryTokenBase64, header: t64,
cookie: "dGVzdAo=", cookie: "dGVzdAo=",
expect: tkn, expect: tkn,
}, },
{ {
name: "bad header, but good cookie with json token", name: "ok for header",
header: "dGVzdAo=", header: t64,
cookie: jsonTokenBase64,
expect: tkn, expect: tkn,
}, },
{ {
name: "bad cookie, but good header with json token", name: "ok for cookie",
header: jsonTokenBase64, cookie: t64,
cookie: "dGVzdAo=",
expect: tkn,
},
{
name: "ok for header with binary token",
header: binaryTokenBase64,
expect: tkn,
},
{
name: "ok for cookie with binary token",
cookie: binaryTokenBase64,
expect: tkn,
},
{
name: "ok for header with json token",
header: jsonTokenBase64,
expect: tkn,
},
{
name: "ok for cookie with json token",
cookie: jsonTokenBase64,
expect: tkn, expect: tkn,
}, },
} }