2021-05-19 12:18:07 +00:00
|
|
|
package container
|
|
|
|
|
|
|
|
import (
|
2021-05-19 12:26:41 +00:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
|
2022-01-31 13:34:01 +00:00
|
|
|
cntClient "github.com/nspcc-dev/neofs-node/pkg/morph/client/container"
|
2021-05-19 12:18:07 +00:00
|
|
|
"github.com/nspcc-dev/neofs-node/pkg/morph/event/container"
|
2021-11-10 07:08:33 +00:00
|
|
|
"github.com/nspcc-dev/neofs-sdk-go/eacl"
|
|
|
|
"github.com/nspcc-dev/neofs-sdk-go/session"
|
2021-05-19 12:18:07 +00:00
|
|
|
"go.uber.org/zap"
|
|
|
|
)
|
|
|
|
|
|
|
|
func (cp *Processor) processSetEACL(e container.SetEACL) {
|
|
|
|
if !cp.alphabetState.IsAlphabet() {
|
|
|
|
cp.log.Info("non alphabet mode, ignore set EACL")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
err := cp.checkSetEACL(e)
|
|
|
|
if err != nil {
|
|
|
|
cp.log.Error("set EACL check failed",
|
|
|
|
zap.String("error", err.Error()),
|
|
|
|
)
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
cp.approveSetEACL(e)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (cp *Processor) checkSetEACL(e container.SetEACL) error {
|
2021-05-27 12:07:39 +00:00
|
|
|
binTable := e.Table()
|
2021-05-19 12:28:10 +00:00
|
|
|
|
|
|
|
// unmarshal table
|
|
|
|
table := eacl.NewTable()
|
|
|
|
|
2022-05-18 15:20:08 +00:00
|
|
|
err := table.Unmarshal(binTable)
|
2021-05-19 12:28:10 +00:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("invalid binary table: %w", err)
|
|
|
|
}
|
|
|
|
|
2022-05-12 16:37:46 +00:00
|
|
|
idCnr, ok := table.CID()
|
|
|
|
if !ok {
|
|
|
|
return errors.New("missing container ID in eACL table")
|
|
|
|
}
|
|
|
|
|
2021-05-19 12:28:10 +00:00
|
|
|
// receive owner of the related container
|
2022-05-31 17:00:41 +00:00
|
|
|
cnr, err := cntClient.Get(cp.cnrClient, idCnr)
|
2021-05-19 12:28:10 +00:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("could not receive the container: %w", err)
|
|
|
|
}
|
|
|
|
|
2022-06-06 16:23:15 +00:00
|
|
|
// ACL extensions can be disabled by basic ACL, check it
|
2022-06-17 13:40:51 +00:00
|
|
|
if !cnr.Value.BasicACL().Extendable() {
|
2022-06-06 16:23:15 +00:00
|
|
|
return errors.New("ACL extension disabled by container basic ACL")
|
|
|
|
}
|
|
|
|
|
2022-05-18 15:20:08 +00:00
|
|
|
err = cp.verifySignature(signatureVerificationData{
|
2022-06-28 07:01:05 +00:00
|
|
|
ownerContainer: cnr.Value.Owner(),
|
2022-05-18 15:20:08 +00:00
|
|
|
verb: session.VerbContainerSetEACL,
|
|
|
|
idContainerSet: true,
|
|
|
|
idContainer: idCnr,
|
|
|
|
binTokenSession: e.SessionToken(),
|
|
|
|
binPublicKey: e.PublicKey(),
|
|
|
|
signature: e.Signature(),
|
|
|
|
signedData: binTable,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("auth eACL table setting: %w", err)
|
2021-05-28 12:39:27 +00:00
|
|
|
}
|
2021-05-27 12:07:39 +00:00
|
|
|
|
2022-05-18 15:20:08 +00:00
|
|
|
return nil
|
2021-05-19 12:18:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (cp *Processor) approveSetEACL(e container.SetEACL) {
|
2021-09-08 08:20:11 +00:00
|
|
|
var err error
|
|
|
|
|
2022-01-31 13:34:01 +00:00
|
|
|
prm := cntClient.PutEACLPrm{}
|
2021-11-12 15:19:05 +00:00
|
|
|
|
|
|
|
prm.SetTable(e.Table())
|
|
|
|
prm.SetKey(e.PublicKey())
|
|
|
|
prm.SetSignature(e.Signature())
|
|
|
|
prm.SetToken(e.SessionToken())
|
|
|
|
|
2021-09-08 08:20:11 +00:00
|
|
|
if nr := e.NotaryRequest(); nr != nil {
|
|
|
|
// setEACL event was received via Notary service
|
|
|
|
err = cp.cnrClient.Morph().NotarySignAndInvokeTX(nr.MainTransaction)
|
|
|
|
} else {
|
|
|
|
// setEACL event was received via notification service
|
2021-11-12 15:19:05 +00:00
|
|
|
err = cp.cnrClient.PutEACL(prm)
|
2021-09-08 08:20:11 +00:00
|
|
|
}
|
2021-05-19 12:18:07 +00:00
|
|
|
if err != nil {
|
|
|
|
cp.log.Error("could not approve set EACL",
|
|
|
|
zap.String("error", err.Error()),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
}
|