Refactor ACL service #207
1 changed files with 31 additions and 22 deletions
|
@ -443,7 +443,6 @@ func (b Service) GetRangeHash(
|
|||
return b.next.GetRangeHash(ctx, request)
|
||||
}
|
||||
|
||||
// nolint: funlen
|
||||
func (p putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutRequest) error {
|
||||
body := request.GetBody()
|
||||
if body == nil {
|
||||
|
@ -482,28 +481,10 @@ func (p putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutRe
|
|||
}
|
||||
|
||||
var sTok *sessionSDK.Object
|
||||
|
||||
if tokV2 := request.GetMetaHeader().GetSessionToken(); tokV2 != nil {
|
||||
sTok = new(sessionSDK.Object)
|
||||
|
||||
err = sTok.ReadFromV2(*tokV2)
|
||||
if err != nil {
|
||||
return fmt.Errorf("invalid session token: %w", err)
|
||||
}
|
||||
|
||||
if sTok.AssertVerb(sessionSDK.VerbObjectDelete) {
|
||||
// if session relates to object's removal, we don't check
|
||||
// relation of the tombstone to the session here since user
|
||||
// can't predict tomb's ID.
|
||||
err = assertSessionRelation(*sTok, cnr, nil)
|
||||
} else {
|
||||
err = assertSessionRelation(*sTok, cnr, obj)
|
||||
}
|
||||
|
||||
sTok, err = p.readSessionToken(cnr, obj, request)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
bTok, err := originalBearerToken(request.GetMetaHeader())
|
||||
if err != nil {
|
||||
|
@ -534,6 +515,34 @@ func (p putStreamBasicChecker) Send(ctx context.Context, request *objectV2.PutRe
|
|||
return p.next.Send(ctx, request)
|
||||
}
|
||||
|
||||
func (p putStreamBasicChecker) readSessionToken(cnr cid.ID, obj *oid.ID, request *objectV2.PutRequest) (*sessionSDK.Object, error) {
|
||||
var sTok *sessionSDK.Object
|
||||
|
||||
if tokV2 := request.GetMetaHeader().GetSessionToken(); tokV2 != nil {
|
||||
sTok = new(sessionSDK.Object)
|
||||
|
||||
err := sTok.ReadFromV2(*tokV2)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("invalid session token: %w", err)
|
||||
}
|
||||
|
||||
if sTok.AssertVerb(sessionSDK.VerbObjectDelete) {
|
||||
// if session relates to object's removal, we don't check
|
||||
// relation of the tombstone to the session here since user
|
||||
// can't predict tomb's ID.
|
||||
err = assertSessionRelation(*sTok, cnr, nil)
|
||||
} else {
|
||||
err = assertSessionRelation(*sTok, cnr, obj)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
return sTok, nil
|
||||
}
|
||||
|
||||
func (p putStreamBasicChecker) CloseAndRecv(ctx context.Context) (*objectV2.PutResponse, error) {
|
||||
return p.next.CloseAndRecv(ctx)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue