Refactor ACL service #207
1 changed files with 31 additions and 22 deletions
|
|
@ -443,7 +443,6 @@ func (b Service) GetRangeHash(
|
||||||
return b.next.GetRangeHash(ctx, request)
|
return b.next.GetRangeHash(ctx, request)
|
||||||
}
|
}
|
||||||
|
|
||||||
// nolint: funlen
|
|
||||||
func (p putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutRequest) error {
|
func (p putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutRequest) error {
|
||||||
body := request.GetBody()
|
body := request.GetBody()
|
||||||
if body == nil {
|
if body == nil {
|
||||||
|
|
@ -482,27 +481,9 @@ func (p putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutRe
|
||||||
}
|
}
|
||||||
|
|
||||||
var sTok *sessionSDK.Object
|
var sTok *sessionSDK.Object
|
||||||
|
sTok, err = p.readSessionToken(cnr, obj, request)
|
||||||
if tokV2 := request.GetMetaHeader().GetSessionToken(); tokV2 != nil {
|
if err != nil {
|
||||||
sTok = new(sessionSDK.Object)
|
return err
|
||||||
|
|
||||||
err = sTok.ReadFromV2(*tokV2)
|
|
||||||
if err != nil {
|
|
||||||
return fmt.Errorf("invalid session token: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
if sTok.AssertVerb(sessionSDK.VerbObjectDelete) {
|
|
||||||
// if session relates to object's removal, we don't check
|
|
||||||
// relation of the tombstone to the session here since user
|
|
||||||
// can't predict tomb's ID.
|
|
||||||
err = assertSessionRelation(*sTok, cnr, nil)
|
|
||||||
} else {
|
|
||||||
err = assertSessionRelation(*sTok, cnr, obj)
|
|
||||||
}
|
|
||||||
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
bTok, err := originalBearerToken(request.GetMetaHeader())
|
bTok, err := originalBearerToken(request.GetMetaHeader())
|
||||||
|
|
@ -534,6 +515,34 @@ func (p putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutRe
|
||||||
return p.next.Send(ctx, request)
|
return p.next.Send(ctx, request)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (p putStreamBasicChecker) readSessionToken(cnr cid.ID, obj *oid.ID, request *objectV2.PutRequest) (*sessionSDK.Object, error) {
|
||||||
|
var sTok *sessionSDK.Object
|
||||||
|
|
||||||
|
if tokV2 := request.GetMetaHeader().GetSessionToken(); tokV2 != nil {
|
||||||
|
sTok = new(sessionSDK.Object)
|
||||||
|
|
||||||
|
err := sTok.ReadFromV2(*tokV2)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("invalid session token: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if sTok.AssertVerb(sessionSDK.VerbObjectDelete) {
|
||||||
|
// if session relates to object's removal, we don't check
|
||||||
|
// relation of the tombstone to the session here since user
|
||||||
|
// can't predict tomb's ID.
|
||||||
|
err = assertSessionRelation(*sTok, cnr, nil)
|
||||||
|
} else {
|
||||||
|
err = assertSessionRelation(*sTok, cnr, obj)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return sTok, nil
|
||||||
|
}
|
||||||
|
|
||||||
func (p putStreamBasicChecker) CloseAndRecv(ctx context.Context) (*objectV2.PutResponse, error) {
|
func (p putStreamBasicChecker) CloseAndRecv(ctx context.Context) (*objectV2.PutResponse, error) {
|
||||||
return p.next.CloseAndRecv(ctx)
|
return p.next.CloseAndRecv(ctx)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue