[#247] object/eacl: Use object ID from session token context
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
parent
168dcbdccd
commit
8654458b19
2 changed files with 65 additions and 21 deletions
|
@ -143,9 +143,11 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sTok := request.GetMetaHeader().GetSessionToken()
|
||||||
|
|
||||||
req := metaWithToken{
|
req := metaWithToken{
|
||||||
vheader: request.GetVerificationHeader(),
|
vheader: request.GetVerificationHeader(),
|
||||||
token: request.GetMetaHeader().GetSessionToken(),
|
token: sTok,
|
||||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
bearer: request.GetMetaHeader().GetBearerToken(),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -155,6 +157,7 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
|
||||||
}
|
}
|
||||||
|
|
||||||
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
||||||
|
useObjectIDFromSession(&reqInfo, sTok)
|
||||||
|
|
||||||
if !basicACLCheck(reqInfo) {
|
if !basicACLCheck(reqInfo) {
|
||||||
return basicACLErr(reqInfo)
|
return basicACLErr(reqInfo)
|
||||||
|
@ -188,9 +191,11 @@ func (b Service) Head(
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sTok := request.GetMetaHeader().GetSessionToken()
|
||||||
|
|
||||||
req := metaWithToken{
|
req := metaWithToken{
|
||||||
vheader: request.GetVerificationHeader(),
|
vheader: request.GetVerificationHeader(),
|
||||||
token: request.GetMetaHeader().GetSessionToken(),
|
token: sTok,
|
||||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
bearer: request.GetMetaHeader().GetBearerToken(),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -200,6 +205,7 @@ func (b Service) Head(
|
||||||
}
|
}
|
||||||
|
|
||||||
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
||||||
|
useObjectIDFromSession(&reqInfo, sTok)
|
||||||
|
|
||||||
if !basicACLCheck(reqInfo) {
|
if !basicACLCheck(reqInfo) {
|
||||||
return nil, basicACLErr(reqInfo)
|
return nil, basicACLErr(reqInfo)
|
||||||
|
@ -260,9 +266,11 @@ func (b Service) Delete(
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sTok := request.GetMetaHeader().GetSessionToken()
|
||||||
|
|
||||||
req := metaWithToken{
|
req := metaWithToken{
|
||||||
vheader: request.GetVerificationHeader(),
|
vheader: request.GetVerificationHeader(),
|
||||||
token: request.GetMetaHeader().GetSessionToken(),
|
token: sTok,
|
||||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
bearer: request.GetMetaHeader().GetBearerToken(),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -272,6 +280,7 @@ func (b Service) Delete(
|
||||||
}
|
}
|
||||||
|
|
||||||
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
||||||
|
useObjectIDFromSession(&reqInfo, sTok)
|
||||||
|
|
||||||
if !basicACLCheck(reqInfo) {
|
if !basicACLCheck(reqInfo) {
|
||||||
return nil, basicACLErr(reqInfo)
|
return nil, basicACLErr(reqInfo)
|
||||||
|
@ -288,9 +297,11 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sTok := request.GetMetaHeader().GetSessionToken()
|
||||||
|
|
||||||
req := metaWithToken{
|
req := metaWithToken{
|
||||||
vheader: request.GetVerificationHeader(),
|
vheader: request.GetVerificationHeader(),
|
||||||
token: request.GetMetaHeader().GetSessionToken(),
|
token: sTok,
|
||||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
bearer: request.GetMetaHeader().GetBearerToken(),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -300,6 +311,7 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
|
||||||
}
|
}
|
||||||
|
|
||||||
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
||||||
|
useObjectIDFromSession(&reqInfo, sTok)
|
||||||
|
|
||||||
if !basicACLCheck(reqInfo) {
|
if !basicACLCheck(reqInfo) {
|
||||||
return basicACLErr(reqInfo)
|
return basicACLErr(reqInfo)
|
||||||
|
@ -323,9 +335,11 @@ func (b Service) GetRangeHash(
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sTok := request.GetMetaHeader().GetSessionToken()
|
||||||
|
|
||||||
req := metaWithToken{
|
req := metaWithToken{
|
||||||
vheader: request.GetVerificationHeader(),
|
vheader: request.GetVerificationHeader(),
|
||||||
token: request.GetMetaHeader().GetSessionToken(),
|
token: sTok,
|
||||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
bearer: request.GetMetaHeader().GetBearerToken(),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -335,6 +349,7 @@ func (b Service) GetRangeHash(
|
||||||
}
|
}
|
||||||
|
|
||||||
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
||||||
|
useObjectIDFromSession(&reqInfo, sTok)
|
||||||
|
|
||||||
if !basicACLCheck(reqInfo) {
|
if !basicACLCheck(reqInfo) {
|
||||||
return nil, basicACLErr(reqInfo)
|
return nil, basicACLErr(reqInfo)
|
||||||
|
@ -363,9 +378,11 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sTok := part.GetHeader().GetSessionToken()
|
||||||
|
|
||||||
req := metaWithToken{
|
req := metaWithToken{
|
||||||
vheader: request.GetVerificationHeader(),
|
vheader: request.GetVerificationHeader(),
|
||||||
token: part.GetHeader().GetSessionToken(),
|
token: sTok,
|
||||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
bearer: request.GetMetaHeader().GetBearerToken(),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -375,6 +392,7 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
reqInfo.oid = getObjectIDFromRequestBody(part)
|
reqInfo.oid = getObjectIDFromRequestBody(part)
|
||||||
|
useObjectIDFromSession(&reqInfo, sTok)
|
||||||
|
|
||||||
if !basicACLCheck(reqInfo) || !stickyBitCheck(reqInfo, ownerID) {
|
if !basicACLCheck(reqInfo) || !stickyBitCheck(reqInfo, ownerID) {
|
||||||
return basicACLErr(reqInfo)
|
return basicACLErr(reqInfo)
|
||||||
|
@ -484,6 +502,21 @@ func getContainerIDFromRequest(req interface{}) (id *container.ID, err error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func useObjectIDFromSession(req *requestInfo, token *session.SessionToken) {
|
||||||
|
if token == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
objCtx, ok := token.GetBody().GetContext().(*session.ObjectSessionContext)
|
||||||
|
if !ok {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
req.oid = objectSDK.NewIDFromV2(
|
||||||
|
objCtx.GetAddress().GetObjectID(),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
func getObjectIDFromRequestBody(body interface{}) *objectSDK.ID {
|
func getObjectIDFromRequestBody(body interface{}) *objectSDK.ID {
|
||||||
switch v := body.(type) {
|
switch v := body.(type) {
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -64,7 +64,7 @@ func (h *headerSource) HeadersOfType(typ eaclSDK.FilterHeaderType) ([]eacl.Heade
|
||||||
case eaclSDK.HeaderFromRequest:
|
case eaclSDK.HeaderFromRequest:
|
||||||
return requestHeaders(h.msg), true
|
return requestHeaders(h.msg), true
|
||||||
case eaclSDK.HeaderFromObject:
|
case eaclSDK.HeaderFromObject:
|
||||||
return h.objectHeaders(), true
|
return h.objectHeaders()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -80,7 +80,7 @@ func requestHeaders(msg xHeaderSource) []eacl.Header {
|
||||||
return res
|
return res
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *headerSource) objectHeaders() []eacl.Header {
|
func (h *headerSource) objectHeaders() ([]eacl.Header, bool) {
|
||||||
switch m := h.msg.(type) {
|
switch m := h.msg.(type) {
|
||||||
default:
|
default:
|
||||||
panic(fmt.Sprintf("unexpected message type %T", h.msg))
|
panic(fmt.Sprintf("unexpected message type %T", h.msg))
|
||||||
|
@ -89,39 +89,50 @@ func (h *headerSource) objectHeaders() []eacl.Header {
|
||||||
case *objectV2.GetRequest:
|
case *objectV2.GetRequest:
|
||||||
return h.localObjectHeaders(req.GetBody().GetAddress())
|
return h.localObjectHeaders(req.GetBody().GetAddress())
|
||||||
case *objectV2.DeleteRequest:
|
case *objectV2.DeleteRequest:
|
||||||
return h.localObjectHeaders(req.GetBody().GetAddress())
|
hs, _ := h.localObjectHeaders(req.GetBody().GetAddress())
|
||||||
|
return hs, true
|
||||||
case *objectV2.HeadRequest:
|
case *objectV2.HeadRequest:
|
||||||
return h.localObjectHeaders(req.GetBody().GetAddress())
|
return h.localObjectHeaders(req.GetBody().GetAddress())
|
||||||
case *objectV2.GetRangeRequest:
|
case *objectV2.GetRangeRequest:
|
||||||
return h.localObjectHeaders(req.GetBody().GetAddress())
|
hs, _ := h.localObjectHeaders(req.GetBody().GetAddress())
|
||||||
|
return hs, true
|
||||||
case *objectV2.GetRangeHashRequest:
|
case *objectV2.GetRangeHashRequest:
|
||||||
return h.localObjectHeaders(req.GetBody().GetAddress())
|
hs, _ := h.localObjectHeaders(req.GetBody().GetAddress())
|
||||||
|
return hs, true
|
||||||
case *objectV2.PutRequest:
|
case *objectV2.PutRequest:
|
||||||
if v, ok := req.GetBody().GetObjectPart().(*objectV2.PutObjectPartInit); ok {
|
if v, ok := req.GetBody().GetObjectPart().(*objectV2.PutObjectPartInit); ok {
|
||||||
oV2 := new(objectV2.Object)
|
oV2 := new(objectV2.Object)
|
||||||
oV2.SetObjectID(v.GetObjectID())
|
oV2.SetObjectID(v.GetObjectID())
|
||||||
oV2.SetHeader(v.GetHeader())
|
oV2.SetHeader(v.GetHeader())
|
||||||
|
|
||||||
return headersFromObject(object.NewFromV2(oV2))
|
hs := headersFromObject(object.NewFromV2(oV2))
|
||||||
|
if tok := oV2.GetHeader().GetSessionToken(); tok != nil {
|
||||||
|
objCtx, ok := tok.GetBody().GetContext().(*session.ObjectSessionContext)
|
||||||
|
if ok {
|
||||||
|
hs = append(hs, addressHeaders(objectSDK.NewAddressFromV2(objCtx.GetAddress()))...)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return hs, true
|
||||||
}
|
}
|
||||||
case *objectV2.SearchRequest:
|
case *objectV2.SearchRequest:
|
||||||
return []eacl.Header{cidHeader(
|
return []eacl.Header{cidHeader(
|
||||||
container.NewIDFromV2(
|
container.NewIDFromV2(
|
||||||
req.GetBody().GetContainerID()),
|
req.GetBody().GetContainerID()),
|
||||||
),
|
)}, true
|
||||||
}
|
|
||||||
}
|
}
|
||||||
case *responseXHeaderSource:
|
case *responseXHeaderSource:
|
||||||
switch resp := m.resp.(type) {
|
switch resp := m.resp.(type) {
|
||||||
default:
|
default:
|
||||||
return h.localObjectHeaders(m.addr)
|
hs, _ := h.localObjectHeaders(m.addr)
|
||||||
|
return hs, true
|
||||||
case *objectV2.GetResponse:
|
case *objectV2.GetResponse:
|
||||||
if v, ok := resp.GetBody().GetObjectPart().(*objectV2.GetObjectPartInit); ok {
|
if v, ok := resp.GetBody().GetObjectPart().(*objectV2.GetObjectPartInit); ok {
|
||||||
oV2 := new(objectV2.Object)
|
oV2 := new(objectV2.Object)
|
||||||
oV2.SetObjectID(v.GetObjectID())
|
oV2.SetObjectID(v.GetObjectID())
|
||||||
oV2.SetHeader(v.GetHeader())
|
oV2.SetHeader(v.GetHeader())
|
||||||
|
|
||||||
return headersFromObject(object.NewFromV2(oV2))
|
return headersFromObject(object.NewFromV2(oV2)), true
|
||||||
}
|
}
|
||||||
case *objectV2.HeadResponse:
|
case *objectV2.HeadResponse:
|
||||||
oV2 := new(objectV2.Object)
|
oV2 := new(objectV2.Object)
|
||||||
|
@ -147,22 +158,22 @@ func (h *headerSource) objectHeaders() []eacl.Header {
|
||||||
return append(
|
return append(
|
||||||
headersFromObject(object.NewFromV2(oV2)),
|
headersFromObject(object.NewFromV2(oV2)),
|
||||||
oidHeader(objectSDK.NewIDFromV2(m.addr.GetObjectID())),
|
oidHeader(objectSDK.NewIDFromV2(m.addr.GetObjectID())),
|
||||||
)
|
), true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil, true
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *headerSource) localObjectHeaders(addrV2 *refs.Address) []eacl.Header {
|
func (h *headerSource) localObjectHeaders(addrV2 *refs.Address) ([]eacl.Header, bool) {
|
||||||
addr := objectSDK.NewAddressFromV2(addrV2)
|
addr := objectSDK.NewAddressFromV2(addrV2)
|
||||||
|
|
||||||
obj, err := h.storage.Head(addr)
|
obj, err := h.storage.Head(addr)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
return headersFromObject(obj)
|
return append(headersFromObject(obj), addressHeaders(addr)...), true
|
||||||
}
|
}
|
||||||
|
|
||||||
return addressHeaders(addr)
|
return addressHeaders(addr), false
|
||||||
}
|
}
|
||||||
|
|
||||||
func cidHeader(cid *container.ID) eacl.Header {
|
func cidHeader(cid *container.ID) eacl.Header {
|
||||||
|
|
Loading…
Reference in a new issue