From a9f27e074bbf085016f82e1b4802c87ede452283 Mon Sep 17 00:00:00 2001
From: Airat Arifullin <a.arifullin@yadro.com>
Date: Fri, 10 Jan 2025 16:27:08 +0300
Subject: [PATCH] [#1243] object: Look for X-Headers within origin before APE
 check

* X-Headers can be found in `origin` field of `MetaHeader` if the request
  has been forwarded from non-container node.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
---
 pkg/services/object/ape/service.go | 56 +++++++++++++++++++++++++-----
 1 file changed, 48 insertions(+), 8 deletions(-)

diff --git a/pkg/services/object/ape/service.go b/pkg/services/object/ape/service.go
index c6d152e0f..d9594a3fc 100644
--- a/pkg/services/object/ape/service.go
+++ b/pkg/services/object/ape/service.go
@@ -150,6 +150,11 @@ type putStreamBasicChecker struct {
 }
 
 func (p *putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutRequest) error {
+	meta := request.GetMetaHeader()
+	for origin := meta.GetOrigin(); origin != nil; origin = meta.GetOrigin() {
+		meta = origin
+	}
+
 	if partInit, ok := request.GetBody().GetObjectPart().(*objectV2.PutObjectPartInit); ok {
 		reqCtx, err := requestContext(ctx)
 		if err != nil {
@@ -171,7 +176,7 @@ func (p *putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutR
 			ContainerOwner: reqCtx.ContainerOwner,
 			Role:           nativeSchemaRole(reqCtx.Role),
 			BearerToken:    reqCtx.BearerToken,
-			XHeaders:       request.GetMetaHeader().GetXHeaders(),
+			XHeaders:       meta.GetXHeaders(),
 		}
 
 		if err := p.apeChecker.CheckAPE(ctx, prm); err != nil {
@@ -204,6 +209,11 @@ type patchStreamBasicChecker struct {
 }
 
 func (p *patchStreamBasicChecker) Send(ctx context.Context, request *objectV2.PatchRequest) error {
+	meta := request.GetMetaHeader()
+	for origin := meta.GetOrigin(); origin != nil; origin = meta.GetOrigin() {
+		meta = origin
+	}
+
 	if !p.nonFirstSend {
 		p.nonFirstSend = true
 
@@ -226,7 +236,7 @@ func (p *patchStreamBasicChecker) Send(ctx context.Context, request *objectV2.Pa
 			ContainerOwner: reqCtx.ContainerOwner,
 			Role:           nativeSchemaRole(reqCtx.Role),
 			BearerToken:    reqCtx.BearerToken,
-			XHeaders:       request.GetMetaHeader().GetXHeaders(),
+			XHeaders:       meta.GetXHeaders(),
 		}
 
 		if err := p.apeChecker.CheckAPE(ctx, prm); err != nil {
@@ -251,6 +261,11 @@ func (c *Service) Patch(ctx context.Context) (objectSvc.PatchObjectStream, error
 }
 
 func (c *Service) Head(ctx context.Context, request *objectV2.HeadRequest) (*objectV2.HeadResponse, error) {
+	meta := request.GetMetaHeader()
+	for origin := meta.GetOrigin(); origin != nil; origin = meta.GetOrigin() {
+		meta = origin
+	}
+
 	cnrID, objID, err := getAddressParamsSDK(request.GetBody().GetAddress().GetContainerID(), request.GetBody().GetAddress().GetObjectID())
 	if err != nil {
 		return nil, err
@@ -295,7 +310,7 @@ func (c *Service) Head(ctx context.Context, request *objectV2.HeadRequest) (*obj
 		SenderKey:      hex.EncodeToString(reqCtx.SenderKey),
 		ContainerOwner: reqCtx.ContainerOwner,
 		BearerToken:    reqCtx.BearerToken,
-		XHeaders:       request.GetMetaHeader().GetXHeaders(),
+		XHeaders:       meta.GetXHeaders(),
 	})
 	if err != nil {
 		return nil, toStatusErr(err)
@@ -304,6 +319,11 @@ func (c *Service) Head(ctx context.Context, request *objectV2.HeadRequest) (*obj
 }
 
 func (c *Service) Search(request *objectV2.SearchRequest, stream objectSvc.SearchStream) error {
+	meta := request.GetMetaHeader()
+	for origin := meta.GetOrigin(); origin != nil; origin = meta.GetOrigin() {
+		meta = origin
+	}
+
 	var cnrID cid.ID
 	if cnrV2 := request.GetBody().GetContainerID(); cnrV2 != nil {
 		if err := cnrID.ReadFromV2(*cnrV2); err != nil {
@@ -324,7 +344,7 @@ func (c *Service) Search(request *objectV2.SearchRequest, stream objectSvc.Searc
 		SenderKey:      hex.EncodeToString(reqCtx.SenderKey),
 		ContainerOwner: reqCtx.ContainerOwner,
 		BearerToken:    reqCtx.BearerToken,
-		XHeaders:       request.GetMetaHeader().GetXHeaders(),
+		XHeaders:       meta.GetXHeaders(),
 	})
 	if err != nil {
 		return toStatusErr(err)
@@ -334,6 +354,11 @@ func (c *Service) Search(request *objectV2.SearchRequest, stream objectSvc.Searc
 }
 
 func (c *Service) Delete(ctx context.Context, request *objectV2.DeleteRequest) (*objectV2.DeleteResponse, error) {
+	meta := request.GetMetaHeader()
+	for origin := meta.GetOrigin(); origin != nil; origin = meta.GetOrigin() {
+		meta = origin
+	}
+
 	cnrID, objID, err := getAddressParamsSDK(request.GetBody().GetAddress().GetContainerID(), request.GetBody().GetAddress().GetObjectID())
 	if err != nil {
 		return nil, err
@@ -353,7 +378,7 @@ func (c *Service) Delete(ctx context.Context, request *objectV2.DeleteRequest) (
 		SenderKey:      hex.EncodeToString(reqCtx.SenderKey),
 		ContainerOwner: reqCtx.ContainerOwner,
 		BearerToken:    reqCtx.BearerToken,
-		XHeaders:       request.GetMetaHeader().GetXHeaders(),
+		XHeaders:       meta.GetXHeaders(),
 	})
 	if err != nil {
 		return nil, toStatusErr(err)
@@ -368,6 +393,11 @@ func (c *Service) Delete(ctx context.Context, request *objectV2.DeleteRequest) (
 }
 
 func (c *Service) GetRange(request *objectV2.GetRangeRequest, stream objectSvc.GetObjectRangeStream) error {
+	meta := request.GetMetaHeader()
+	for origin := meta.GetOrigin(); origin != nil; origin = meta.GetOrigin() {
+		meta = origin
+	}
+
 	cnrID, objID, err := getAddressParamsSDK(request.GetBody().GetAddress().GetContainerID(), request.GetBody().GetAddress().GetObjectID())
 	if err != nil {
 		return toStatusErr(err)
@@ -387,7 +417,7 @@ func (c *Service) GetRange(request *objectV2.GetRangeRequest, stream objectSvc.G
 		SenderKey:      hex.EncodeToString(reqCtx.SenderKey),
 		ContainerOwner: reqCtx.ContainerOwner,
 		BearerToken:    reqCtx.BearerToken,
-		XHeaders:       request.GetMetaHeader().GetXHeaders(),
+		XHeaders:       meta.GetXHeaders(),
 	})
 	if err != nil {
 		return toStatusErr(err)
@@ -397,6 +427,11 @@ func (c *Service) GetRange(request *objectV2.GetRangeRequest, stream objectSvc.G
 }
 
 func (c *Service) GetRangeHash(ctx context.Context, request *objectV2.GetRangeHashRequest) (*objectV2.GetRangeHashResponse, error) {
+	meta := request.GetMetaHeader()
+	for origin := meta.GetOrigin(); origin != nil; origin = meta.GetOrigin() {
+		meta = origin
+	}
+
 	cnrID, objID, err := getAddressParamsSDK(request.GetBody().GetAddress().GetContainerID(), request.GetBody().GetAddress().GetObjectID())
 	if err != nil {
 		return nil, err
@@ -416,7 +451,7 @@ func (c *Service) GetRangeHash(ctx context.Context, request *objectV2.GetRangeHa
 		SenderKey:      hex.EncodeToString(reqCtx.SenderKey),
 		ContainerOwner: reqCtx.ContainerOwner,
 		BearerToken:    reqCtx.BearerToken,
-		XHeaders:       request.GetMetaHeader().GetXHeaders(),
+		XHeaders:       meta.GetXHeaders(),
 	}
 
 	resp, err := c.next.GetRangeHash(ctx, request)
@@ -431,6 +466,11 @@ func (c *Service) GetRangeHash(ctx context.Context, request *objectV2.GetRangeHa
 }
 
 func (c *Service) PutSingle(ctx context.Context, request *objectV2.PutSingleRequest) (*objectV2.PutSingleResponse, error) {
+	meta := request.GetMetaHeader()
+	for origin := meta.GetOrigin(); origin != nil; origin = meta.GetOrigin() {
+		meta = origin
+	}
+
 	cnrID, objID, err := getAddressParamsSDK(request.GetBody().GetObject().GetHeader().GetContainerID(), request.GetBody().GetObject().GetObjectID())
 	if err != nil {
 		return nil, err
@@ -451,7 +491,7 @@ func (c *Service) PutSingle(ctx context.Context, request *objectV2.PutSingleRequ
 		SenderKey:      hex.EncodeToString(reqCtx.SenderKey),
 		ContainerOwner: reqCtx.ContainerOwner,
 		BearerToken:    reqCtx.BearerToken,
-		XHeaders:       request.GetMetaHeader().GetXHeaders(),
+		XHeaders:       meta.GetXHeaders(),
 	}
 
 	if err = c.apeChecker.CheckAPE(ctx, prm); err != nil {