From aa935a4c40ab6e4159a7b1af2432ba7376a4e51b Mon Sep 17 00:00:00 2001
From: Evgenii Stratonikov <e.stratonikov@yadro.com>
Date: Wed, 12 Jul 2023 10:21:35 +0300
Subject: [PATCH 1/2] [#510] treesvc: Fix panic in bearer token processing

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
---
 pkg/services/tree/signature.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/services/tree/signature.go b/pkg/services/tree/signature.go
index 63485a70..b932f6de 100644
--- a/pkg/services/tree/signature.go
+++ b/pkg/services/tree/signature.go
@@ -110,7 +110,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
 		}
 		tb = *tbCore.Value
 
-		if bt.Impersonate() {
+		if tableFromBearer && bt.Impersonate() {
 			signer = bt.SigningKeyBytes()
 		}
 	}
-- 
2.40.1


From 32d92b8038fdb89d9c101cf67850931541332e3e Mon Sep 17 00:00:00 2001
From: Evgenii Stratonikov <e.stratonikov@yadro.com>
Date: Wed, 12 Jul 2023 10:26:18 +0300
Subject: [PATCH 2/2] [#510] treesvc: Rename `tableFromBearer` to `useBearer`

With impersonation, the old name is no longer descriptive.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
---
 pkg/services/tree/signature.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkg/services/tree/signature.go b/pkg/services/tree/signature.go
index b932f6de..7a466955 100644
--- a/pkg/services/tree/signature.go
+++ b/pkg/services/tree/signature.go
@@ -84,7 +84,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
 		return nil
 	}
 
-	var tableFromBearer bool
+	var useBearer bool
 	if len(rawBearer) != 0 {
 		if !basicACL.AllowedBearerRules(op) {
 			s.log.Debug(logs.TreeBearerPresentedButNotAllowedByACL,
@@ -92,13 +92,13 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
 				zap.String("op", op.String()),
 			)
 		} else {
-			tableFromBearer = true
+			useBearer = true
 		}
 	}
 
 	var tb eacl.Table
 	signer := req.GetSignature().GetKey()
-	if tableFromBearer && !bt.Impersonate() {
+	if useBearer && !bt.Impersonate() {
 		if !bearer.ResolveIssuer(*bt).Equals(cnr.Value.Owner()) {
 			return eACLErr(eaclOp, errBearerWrongOwner)
 		}
@@ -110,7 +110,7 @@ func (s *Service) verifyClient(req message, cid cidSDK.ID, rawBearer []byte, op
 		}
 		tb = *tbCore.Value
 
-		if tableFromBearer && bt.Impersonate() {
+		if useBearer && bt.Impersonate() {
 			signer = bt.SigningKeyBytes()
 		}
 	}
-- 
2.40.1