[#32] Support full bearer token for object routes

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov 2022-08-18 18:41:33 +03:00 committed by Kirillov Denis
parent e68cda7f9c
commit 8d5d19f3c4
15 changed files with 434 additions and 228 deletions

View file

@ -526,6 +526,9 @@ func init() {
{ {
"$ref": "#/parameters/signatureScheme" "$ref": "#/parameters/signatureScheme"
}, },
{
"$ref": "#/parameters/fullBearerToken"
},
{ {
"description": "Object info to upload", "description": "Object info to upload",
"name": "object", "name": "object",
@ -591,6 +594,9 @@ func init() {
{ {
"$ref": "#/parameters/signatureScheme" "$ref": "#/parameters/signatureScheme"
}, },
{
"$ref": "#/parameters/fullBearerToken"
},
{ {
"type": "integer", "type": "integer",
"default": 0, "default": 0,
@ -674,6 +680,9 @@ func init() {
{ {
"$ref": "#/parameters/signatureScheme" "$ref": "#/parameters/signatureScheme"
}, },
{
"$ref": "#/parameters/fullBearerToken"
},
{ {
"type": "integer", "type": "integer",
"description": "Range offset to start reading data.", "description": "Range offset to start reading data.",
@ -728,6 +737,9 @@ func init() {
}, },
{ {
"$ref": "#/parameters/signatureScheme" "$ref": "#/parameters/signatureScheme"
},
{
"$ref": "#/parameters/fullBearerToken"
} }
], ],
"responses": { "responses": {
@ -1575,6 +1587,13 @@ func init() {
"in": "path", "in": "path",
"required": true "required": true
}, },
"fullBearerToken": {
"type": "boolean",
"default": false,
"description": "Provided bearer token is final or gate should assemble it using signature.",
"name": "fullBearer",
"in": "query"
},
"objectId": { "objectId": {
"type": "string", "type": "string",
"description": "Base58 encoded object id.", "description": "Base58 encoded object id.",
@ -1586,15 +1605,13 @@ func init() {
"type": "string", "type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.", "description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key", "name": "X-Bearer-Signature-Key",
"in": "header", "in": "header"
"required": true
}, },
"signatureParam": { "signatureParam": {
"type": "string", "type": "string",
"description": "Base64 encoded signature for bearer token.", "description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature", "name": "X-Bearer-Signature",
"in": "header", "in": "header"
"required": true
}, },
"signatureScheme": { "signatureScheme": {
"type": "boolean", "type": "boolean",
@ -1769,15 +1786,13 @@ func init() {
"type": "string", "type": "string",
"description": "Base64 encoded signature for bearer token.", "description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature", "name": "X-Bearer-Signature",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "string", "type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.", "description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key", "name": "X-Bearer-Signature-Key",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "boolean", "type": "boolean",
@ -1867,15 +1882,13 @@ func init() {
"type": "string", "type": "string",
"description": "Base64 encoded signature for bearer token.", "description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature", "name": "X-Bearer-Signature",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "string", "type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.", "description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key", "name": "X-Bearer-Signature-Key",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "boolean", "type": "boolean",
@ -1986,15 +1999,13 @@ func init() {
"type": "string", "type": "string",
"description": "Base64 encoded signature for bearer token.", "description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature", "name": "X-Bearer-Signature",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "string", "type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.", "description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key", "name": "X-Bearer-Signature-Key",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "boolean", "type": "boolean",
@ -2087,15 +2098,13 @@ func init() {
"type": "string", "type": "string",
"description": "Base64 encoded signature for bearer token.", "description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature", "name": "X-Bearer-Signature",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "string", "type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.", "description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key", "name": "X-Bearer-Signature-Key",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "boolean", "type": "boolean",
@ -2179,15 +2188,13 @@ func init() {
"type": "string", "type": "string",
"description": "Base64 encoded signature for bearer token.", "description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature", "name": "X-Bearer-Signature",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "string", "type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.", "description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key", "name": "X-Bearer-Signature-Key",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "boolean", "type": "boolean",
@ -2196,6 +2203,13 @@ func init() {
"name": "walletConnect", "name": "walletConnect",
"in": "query" "in": "query"
}, },
{
"type": "boolean",
"default": false,
"description": "Provided bearer token is final or gate should assemble it using signature.",
"name": "fullBearer",
"in": "query"
},
{ {
"description": "Object info to upload", "description": "Object info to upload",
"name": "object", "name": "object",
@ -2256,15 +2270,13 @@ func init() {
"type": "string", "type": "string",
"description": "Base64 encoded signature for bearer token.", "description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature", "name": "X-Bearer-Signature",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "string", "type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.", "description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key", "name": "X-Bearer-Signature-Key",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "boolean", "type": "boolean",
@ -2273,6 +2285,13 @@ func init() {
"name": "walletConnect", "name": "walletConnect",
"in": "query" "in": "query"
}, },
{
"type": "boolean",
"default": false,
"description": "Provided bearer token is final or gate should assemble it using signature.",
"name": "fullBearer",
"in": "query"
},
{ {
"minimum": 0, "minimum": 0,
"type": "integer", "type": "integer",
@ -2356,15 +2375,13 @@ func init() {
"type": "string", "type": "string",
"description": "Base64 encoded signature for bearer token.", "description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature", "name": "X-Bearer-Signature",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "string", "type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.", "description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key", "name": "X-Bearer-Signature-Key",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "boolean", "type": "boolean",
@ -2373,6 +2390,13 @@ func init() {
"name": "walletConnect", "name": "walletConnect",
"in": "query" "in": "query"
}, },
{
"type": "boolean",
"default": false,
"description": "Provided bearer token is final or gate should assemble it using signature.",
"name": "fullBearer",
"in": "query"
},
{ {
"minimum": 0, "minimum": 0,
"type": "integer", "type": "integer",
@ -2425,15 +2449,13 @@ func init() {
"type": "string", "type": "string",
"description": "Base64 encoded signature for bearer token.", "description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature", "name": "X-Bearer-Signature",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "string", "type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.", "description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key", "name": "X-Bearer-Signature-Key",
"in": "header", "in": "header"
"required": true
}, },
{ {
"type": "boolean", "type": "boolean",
@ -2441,6 +2463,13 @@ func init() {
"description": "Use wallet connect signature scheme or native NeoFS signature.", "description": "Use wallet connect signature scheme or native NeoFS signature.",
"name": "walletConnect", "name": "walletConnect",
"in": "query" "in": "query"
},
{
"type": "boolean",
"default": false,
"description": "Provided bearer token is final or gate should assemble it using signature.",
"name": "fullBearer",
"in": "query"
} }
], ],
"responses": { "responses": {
@ -3296,6 +3325,13 @@ func init() {
"in": "path", "in": "path",
"required": true "required": true
}, },
"fullBearerToken": {
"type": "boolean",
"default": false,
"description": "Provided bearer token is final or gate should assemble it using signature.",
"name": "fullBearer",
"in": "query"
},
"objectId": { "objectId": {
"type": "string", "type": "string",
"description": "Base58 encoded object id.", "description": "Base58 encoded object id.",
@ -3307,15 +3343,13 @@ func init() {
"type": "string", "type": "string",
"description": "Hex encoded the public part of the key that signed the bearer token.", "description": "Hex encoded the public part of the key that signed the bearer token.",
"name": "X-Bearer-Signature-Key", "name": "X-Bearer-Signature-Key",
"in": "header", "in": "header"
"required": true
}, },
"signatureParam": { "signatureParam": {
"type": "string", "type": "string",
"description": "Base64 encoded signature for bearer token.", "description": "Base64 encoded signature for bearer token.",
"name": "X-Bearer-Signature", "name": "X-Bearer-Signature",
"in": "header", "in": "header"
"required": true
}, },
"signatureScheme": { "signatureScheme": {
"type": "boolean", "type": "boolean",

View file

@ -13,7 +13,6 @@ import (
"github.com/go-openapi/runtime/middleware" "github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt" "github.com/go-openapi/strfmt"
"github.com/go-openapi/swag" "github.com/go-openapi/swag"
"github.com/go-openapi/validate"
) )
// NewDeleteContainerParams creates a new DeleteContainerParams object // NewDeleteContainerParams creates a new DeleteContainerParams object
@ -41,15 +40,13 @@ type DeleteContainerParams struct {
HTTPRequest *http.Request `json:"-"` HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token. /*Base64 encoded signature for bearer token.
Required: true
In: header In: header
*/ */
XBearerSignature string XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token. /*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header In: header
*/ */
XBearerSignatureKey string XBearerSignatureKey *string
/*Base58 encoded container id. /*Base58 encoded container id.
Required: true Required: true
In: path In: path
@ -98,40 +95,34 @@ func (o *DeleteContainerParams) BindRequest(r *http.Request, route *middleware.M
// bindXBearerSignature binds and validates parameter XBearerSignature from header. // bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *DeleteContainerParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *DeleteContainerParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignature = raw o.XBearerSignature = &raw
return nil return nil
} }
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header. // bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *DeleteContainerParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *DeleteContainerParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignatureKey = raw o.XBearerSignatureKey = &raw
return nil return nil
} }

View file

@ -13,7 +13,6 @@ import (
"github.com/go-openapi/runtime/middleware" "github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt" "github.com/go-openapi/strfmt"
"github.com/go-openapi/swag" "github.com/go-openapi/swag"
"github.com/go-openapi/validate"
) )
// NewDeleteObjectParams creates a new DeleteObjectParams object // NewDeleteObjectParams creates a new DeleteObjectParams object
@ -23,10 +22,14 @@ func NewDeleteObjectParams() DeleteObjectParams {
var ( var (
// initialize parameters with default values // initialize parameters with default values
fullBearerDefault = bool(false)
walletConnectDefault = bool(false) walletConnectDefault = bool(false)
) )
return DeleteObjectParams{ return DeleteObjectParams{
FullBearer: &fullBearerDefault,
WalletConnect: &walletConnectDefault, WalletConnect: &walletConnectDefault,
} }
} }
@ -41,20 +44,23 @@ type DeleteObjectParams struct {
HTTPRequest *http.Request `json:"-"` HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token. /*Base64 encoded signature for bearer token.
Required: true
In: header In: header
*/ */
XBearerSignature string XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token. /*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header In: header
*/ */
XBearerSignatureKey string XBearerSignatureKey *string
/*Base58 encoded container id. /*Base58 encoded container id.
Required: true Required: true
In: path In: path
*/ */
ContainerID string ContainerID string
/*Provided bearer token is final or gate should assemble it using signature.
In: query
Default: false
*/
FullBearer *bool
/*Base58 encoded object id. /*Base58 encoded object id.
Required: true Required: true
In: path In: path
@ -91,6 +97,11 @@ func (o *DeleteObjectParams) BindRequest(r *http.Request, route *middleware.Matc
res = append(res, err) res = append(res, err)
} }
qFullBearer, qhkFullBearer, _ := qs.GetOK("fullBearer")
if err := o.bindFullBearer(qFullBearer, qhkFullBearer, route.Formats); err != nil {
res = append(res, err)
}
rObjectID, rhkObjectID, _ := route.Params.GetOK("objectId") rObjectID, rhkObjectID, _ := route.Params.GetOK("objectId")
if err := o.bindObjectID(rObjectID, rhkObjectID, route.Formats); err != nil { if err := o.bindObjectID(rObjectID, rhkObjectID, route.Formats); err != nil {
res = append(res, err) res = append(res, err)
@ -108,40 +119,34 @@ func (o *DeleteObjectParams) BindRequest(r *http.Request, route *middleware.Matc
// bindXBearerSignature binds and validates parameter XBearerSignature from header. // bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *DeleteObjectParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *DeleteObjectParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignature = raw o.XBearerSignature = &raw
return nil return nil
} }
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header. // bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *DeleteObjectParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *DeleteObjectParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignatureKey = raw o.XBearerSignatureKey = &raw
return nil return nil
} }
@ -160,6 +165,30 @@ func (o *DeleteObjectParams) bindContainerID(rawData []string, hasKey bool, form
return nil return nil
} }
// bindFullBearer binds and validates parameter FullBearer from query.
func (o *DeleteObjectParams) bindFullBearer(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
// AllowEmptyValue: false
if raw == "" { // empty values pass all other validations
// Default values have been previously initialized by NewDeleteObjectParams()
return nil
}
value, err := swag.ConvertBool(raw)
if err != nil {
return errors.InvalidType("fullBearer", "query", "bool", raw)
}
o.FullBearer = &value
return nil
}
// bindObjectID binds and validates parameter ObjectID from path. // bindObjectID binds and validates parameter ObjectID from path.
func (o *DeleteObjectParams) bindObjectID(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *DeleteObjectParams) bindObjectID(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string var raw string

View file

@ -13,7 +13,6 @@ import (
"github.com/go-openapi/runtime/middleware" "github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt" "github.com/go-openapi/strfmt"
"github.com/go-openapi/swag" "github.com/go-openapi/swag"
"github.com/go-openapi/validate"
) )
// NewFormBinaryBearerParams creates a new FormBinaryBearerParams object // NewFormBinaryBearerParams creates a new FormBinaryBearerParams object
@ -41,15 +40,13 @@ type FormBinaryBearerParams struct {
HTTPRequest *http.Request `json:"-"` HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token. /*Base64 encoded signature for bearer token.
Required: true
In: header In: header
*/ */
XBearerSignature string XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token. /*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header In: header
*/ */
XBearerSignatureKey string XBearerSignatureKey *string
/*Use wallet connect signature scheme or native NeoFS signature. /*Use wallet connect signature scheme or native NeoFS signature.
In: query In: query
Default: false Default: false
@ -88,40 +85,34 @@ func (o *FormBinaryBearerParams) BindRequest(r *http.Request, route *middleware.
// bindXBearerSignature binds and validates parameter XBearerSignature from header. // bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *FormBinaryBearerParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *FormBinaryBearerParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignature = raw o.XBearerSignature = &raw
return nil return nil
} }
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header. // bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *FormBinaryBearerParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *FormBinaryBearerParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignatureKey = raw o.XBearerSignatureKey = &raw
return nil return nil
} }

View file

@ -23,12 +23,15 @@ func NewGetObjectInfoParams() GetObjectInfoParams {
var ( var (
// initialize parameters with default values // initialize parameters with default values
fullBearerDefault = bool(false)
maxPayloadSizeDefault = int64(4.194304e+06) maxPayloadSizeDefault = int64(4.194304e+06)
walletConnectDefault = bool(false) walletConnectDefault = bool(false)
) )
return GetObjectInfoParams{ return GetObjectInfoParams{
FullBearer: &fullBearerDefault,
MaxPayloadSize: &maxPayloadSizeDefault, MaxPayloadSize: &maxPayloadSizeDefault,
WalletConnect: &walletConnectDefault, WalletConnect: &walletConnectDefault,
@ -45,20 +48,23 @@ type GetObjectInfoParams struct {
HTTPRequest *http.Request `json:"-"` HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token. /*Base64 encoded signature for bearer token.
Required: true
In: header In: header
*/ */
XBearerSignature string XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token. /*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header In: header
*/ */
XBearerSignatureKey string XBearerSignatureKey *string
/*Base58 encoded container id. /*Base58 encoded container id.
Required: true Required: true
In: path In: path
*/ */
ContainerID string ContainerID string
/*Provided bearer token is final or gate should assemble it using signature.
In: query
Default: false
*/
FullBearer *bool
/*Max payload size (in bytes) that can be included in the response. /*Max payload size (in bytes) that can be included in the response.
If the actual size is greater than this params the payload won't be included in the response. If the actual size is greater than this params the payload won't be included in the response.
@ -114,6 +120,11 @@ func (o *GetObjectInfoParams) BindRequest(r *http.Request, route *middleware.Mat
res = append(res, err) res = append(res, err)
} }
qFullBearer, qhkFullBearer, _ := qs.GetOK("fullBearer")
if err := o.bindFullBearer(qFullBearer, qhkFullBearer, route.Formats); err != nil {
res = append(res, err)
}
qMaxPayloadSize, qhkMaxPayloadSize, _ := qs.GetOK("max-payload-size") qMaxPayloadSize, qhkMaxPayloadSize, _ := qs.GetOK("max-payload-size")
if err := o.bindMaxPayloadSize(qMaxPayloadSize, qhkMaxPayloadSize, route.Formats); err != nil { if err := o.bindMaxPayloadSize(qMaxPayloadSize, qhkMaxPayloadSize, route.Formats); err != nil {
res = append(res, err) res = append(res, err)
@ -146,40 +157,34 @@ func (o *GetObjectInfoParams) BindRequest(r *http.Request, route *middleware.Mat
// bindXBearerSignature binds and validates parameter XBearerSignature from header. // bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *GetObjectInfoParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *GetObjectInfoParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignature = raw o.XBearerSignature = &raw
return nil return nil
} }
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header. // bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *GetObjectInfoParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *GetObjectInfoParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignatureKey = raw o.XBearerSignatureKey = &raw
return nil return nil
} }
@ -198,6 +203,30 @@ func (o *GetObjectInfoParams) bindContainerID(rawData []string, hasKey bool, for
return nil return nil
} }
// bindFullBearer binds and validates parameter FullBearer from query.
func (o *GetObjectInfoParams) bindFullBearer(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
// AllowEmptyValue: false
if raw == "" { // empty values pass all other validations
// Default values have been previously initialized by NewGetObjectInfoParams()
return nil
}
value, err := swag.ConvertBool(raw)
if err != nil {
return errors.InvalidType("fullBearer", "query", "bool", raw)
}
o.FullBearer = &value
return nil
}
// bindMaxPayloadSize binds and validates parameter MaxPayloadSize from query. // bindMaxPayloadSize binds and validates parameter MaxPayloadSize from query.
func (o *GetObjectInfoParams) bindMaxPayloadSize(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *GetObjectInfoParams) bindMaxPayloadSize(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string var raw string

View file

@ -45,15 +45,13 @@ type PutContainerEACLParams struct {
HTTPRequest *http.Request `json:"-"` HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token. /*Base64 encoded signature for bearer token.
Required: true
In: header In: header
*/ */
XBearerSignature string XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token. /*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header In: header
*/ */
XBearerSignatureKey string XBearerSignatureKey *string
/*Base58 encoded container id. /*Base58 encoded container id.
Required: true Required: true
In: path In: path
@ -135,40 +133,34 @@ func (o *PutContainerEACLParams) BindRequest(r *http.Request, route *middleware.
// bindXBearerSignature binds and validates parameter XBearerSignature from header. // bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *PutContainerEACLParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *PutContainerEACLParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignature = raw o.XBearerSignature = &raw
return nil return nil
} }
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header. // bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *PutContainerEACLParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *PutContainerEACLParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignatureKey = raw o.XBearerSignatureKey = &raw
return nil return nil
} }

View file

@ -48,15 +48,13 @@ type PutContainerParams struct {
HTTPRequest *http.Request `json:"-"` HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token. /*Base64 encoded signature for bearer token.
Required: true
In: header In: header
*/ */
XBearerSignature string XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token. /*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header In: header
*/ */
XBearerSignatureKey string XBearerSignatureKey *string
/*Container info /*Container info
Required: true Required: true
In: body In: body
@ -138,40 +136,34 @@ func (o *PutContainerParams) BindRequest(r *http.Request, route *middleware.Matc
// bindXBearerSignature binds and validates parameter XBearerSignature from header. // bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *PutContainerParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *PutContainerParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignature = raw o.XBearerSignature = &raw
return nil return nil
} }
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header. // bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *PutContainerParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *PutContainerParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignatureKey = raw o.XBearerSignatureKey = &raw
return nil return nil
} }

View file

@ -27,10 +27,14 @@ func NewPutObjectParams() PutObjectParams {
var ( var (
// initialize parameters with default values // initialize parameters with default values
fullBearerDefault = bool(false)
walletConnectDefault = bool(false) walletConnectDefault = bool(false)
) )
return PutObjectParams{ return PutObjectParams{
FullBearer: &fullBearerDefault,
WalletConnect: &walletConnectDefault, WalletConnect: &walletConnectDefault,
} }
} }
@ -45,15 +49,18 @@ type PutObjectParams struct {
HTTPRequest *http.Request `json:"-"` HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token. /*Base64 encoded signature for bearer token.
Required: true
In: header In: header
*/ */
XBearerSignature string XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token. /*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header In: header
*/ */
XBearerSignatureKey string XBearerSignatureKey *string
/*Provided bearer token is final or gate should assemble it using signature.
In: query
Default: false
*/
FullBearer *bool
/*Object info to upload /*Object info to upload
Required: true Required: true
In: body In: body
@ -85,6 +92,11 @@ func (o *PutObjectParams) BindRequest(r *http.Request, route *middleware.Matched
res = append(res, err) res = append(res, err)
} }
qFullBearer, qhkFullBearer, _ := qs.GetOK("fullBearer")
if err := o.bindFullBearer(qFullBearer, qhkFullBearer, route.Formats); err != nil {
res = append(res, err)
}
if runtime.HasBody(r) { if runtime.HasBody(r) {
defer r.Body.Close() defer r.Body.Close()
var body models.ObjectUpload var body models.ObjectUpload
@ -125,40 +137,58 @@ func (o *PutObjectParams) BindRequest(r *http.Request, route *middleware.Matched
// bindXBearerSignature binds and validates parameter XBearerSignature from header. // bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *PutObjectParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *PutObjectParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignature = raw o.XBearerSignature = &raw
return nil return nil
} }
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header. // bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *PutObjectParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *PutObjectParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignatureKey = raw o.XBearerSignatureKey = &raw
return nil
}
// bindFullBearer binds and validates parameter FullBearer from query.
func (o *PutObjectParams) bindFullBearer(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
// AllowEmptyValue: false
if raw == "" { // empty values pass all other validations
// Default values have been previously initialized by NewPutObjectParams()
return nil
}
value, err := swag.ConvertBool(raw)
if err != nil {
return errors.InvalidType("fullBearer", "query", "bool", raw)
}
o.FullBearer = &value
return nil return nil
} }

View file

@ -27,6 +27,7 @@ func NewSearchObjectsParams() SearchObjectsParams {
var ( var (
// initialize parameters with default values // initialize parameters with default values
fullBearerDefault = bool(false)
limitDefault = int64(100) limitDefault = int64(100)
offsetDefault = int64(0) offsetDefault = int64(0)
@ -34,6 +35,8 @@ func NewSearchObjectsParams() SearchObjectsParams {
) )
return SearchObjectsParams{ return SearchObjectsParams{
FullBearer: &fullBearerDefault,
Limit: &limitDefault, Limit: &limitDefault,
Offset: &offsetDefault, Offset: &offsetDefault,
@ -52,20 +55,23 @@ type SearchObjectsParams struct {
HTTPRequest *http.Request `json:"-"` HTTPRequest *http.Request `json:"-"`
/*Base64 encoded signature for bearer token. /*Base64 encoded signature for bearer token.
Required: true
In: header In: header
*/ */
XBearerSignature string XBearerSignature *string
/*Hex encoded the public part of the key that signed the bearer token. /*Hex encoded the public part of the key that signed the bearer token.
Required: true
In: header In: header
*/ */
XBearerSignatureKey string XBearerSignatureKey *string
/*Base58 encoded container id. /*Base58 encoded container id.
Required: true Required: true
In: path In: path
*/ */
ContainerID string ContainerID string
/*Provided bearer token is final or gate should assemble it using signature.
In: query
Default: false
*/
FullBearer *bool
/*The numbers of containers to return. /*The numbers of containers to return.
Maximum: 10000 Maximum: 10000
Minimum: 1 Minimum: 1
@ -115,6 +121,11 @@ func (o *SearchObjectsParams) BindRequest(r *http.Request, route *middleware.Mat
res = append(res, err) res = append(res, err)
} }
qFullBearer, qhkFullBearer, _ := qs.GetOK("fullBearer")
if err := o.bindFullBearer(qFullBearer, qhkFullBearer, route.Formats); err != nil {
res = append(res, err)
}
qLimit, qhkLimit, _ := qs.GetOK("limit") qLimit, qhkLimit, _ := qs.GetOK("limit")
if err := o.bindLimit(qLimit, qhkLimit, route.Formats); err != nil { if err := o.bindLimit(qLimit, qhkLimit, route.Formats); err != nil {
res = append(res, err) res = append(res, err)
@ -165,40 +176,34 @@ func (o *SearchObjectsParams) BindRequest(r *http.Request, route *middleware.Mat
// bindXBearerSignature binds and validates parameter XBearerSignature from header. // bindXBearerSignature binds and validates parameter XBearerSignature from header.
func (o *SearchObjectsParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *SearchObjectsParams) bindXBearerSignature(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignature = raw o.XBearerSignature = &raw
return nil return nil
} }
// bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header. // bindXBearerSignatureKey binds and validates parameter XBearerSignatureKey from header.
func (o *SearchObjectsParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *SearchObjectsParams) bindXBearerSignatureKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("X-Bearer-Signature-Key", "header", rawData)
}
var raw string var raw string
if len(rawData) > 0 { if len(rawData) > 0 {
raw = rawData[len(rawData)-1] raw = rawData[len(rawData)-1]
} }
// Required: true // Required: false
if err := validate.RequiredString("X-Bearer-Signature-Key", "header", raw); err != nil { if raw == "" { // empty values pass all other validations
return err return nil
} }
o.XBearerSignatureKey = raw o.XBearerSignatureKey = &raw
return nil return nil
} }
@ -217,6 +222,30 @@ func (o *SearchObjectsParams) bindContainerID(rawData []string, hasKey bool, for
return nil return nil
} }
// bindFullBearer binds and validates parameter FullBearer from query.
func (o *SearchObjectsParams) bindFullBearer(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
// AllowEmptyValue: false
if raw == "" { // empty values pass all other validations
// Default values have been previously initialized by NewSearchObjectsParams()
return nil
}
value, err := swag.ConvertBool(raw)
if err != nil {
return errors.InvalidType("fullBearer", "query", "bool", raw)
}
o.FullBearer = &value
return nil
}
// bindLimit binds and validates parameter Limit from query. // bindLimit binds and validates parameter Limit from query.
func (o *SearchObjectsParams) bindLimit(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *SearchObjectsParams) bindLimit(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string var raw string

View file

@ -106,7 +106,13 @@ func (a *API) PostAuth(params operations.AuthParams) middleware.Responder {
// FormBinaryBearer handler that forms binary bearer token using headers with body and signature. // FormBinaryBearer handler that forms binary bearer token using headers with body and signature.
func (a *API) FormBinaryBearer(params operations.FormBinaryBearerParams, principal *models.Principal) middleware.Responder { func (a *API) FormBinaryBearer(params operations.FormBinaryBearerParams, principal *models.Principal) middleware.Responder {
btoken, err := getBearerToken(principal, params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect) bearerHeaders, err := prepareBearerTokenHeaders(params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect, false)
if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer headers", err)
return operations.NewFormBinaryBearerBadRequest().WithPayload(resp)
}
btoken, err := getBearerToken(principal, bearerHeaders)
if err != nil { if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer token", err) resp := a.logAndGetErrorResponse("invalid bearer token", err)
return operations.NewFormBinaryBearerBadRequest().WithPayload(resp) return operations.NewFormBinaryBearerBadRequest().WithPayload(resp)

View file

@ -70,7 +70,7 @@ func TestSign(t *testing.T) {
Key: pubKeyHex, Key: pubKeyHex,
} }
_, err = prepareBearerToken(bt, false) _, err = prepareBearerToken(bt, false, false)
require.NoError(t, err) require.NoError(t, err)
} }

View file

@ -37,14 +37,12 @@ const (
// PutContainers handler that creates container in NeoFS. // PutContainers handler that creates container in NeoFS.
func (a *API) PutContainers(params operations.PutContainerParams, principal *models.Principal) middleware.Responder { func (a *API) PutContainers(params operations.PutContainerParams, principal *models.Principal) middleware.Responder {
st := &SessionToken{ st, err := formSessionTokenFromHeaders(principal, params.XBearerSignature, params.XBearerSignatureKey, sessionv2.ContainerVerbPut)
BearerToken: BearerToken{ if err != nil {
Token: string(*principal), resp := a.logAndGetErrorResponse("invalid session token headers", err)
Signature: params.XBearerSignature, return operations.NewPutContainerBadRequest().WithPayload(resp)
Key: params.XBearerSignatureKey,
},
Verb: sessionv2.ContainerVerbPut,
} }
stoken, err := prepareSessionToken(st, *params.WalletConnect) stoken, err := prepareSessionToken(st, *params.WalletConnect)
if err != nil { if err != nil {
resp := a.logAndGetErrorResponse("invalid session token", err) resp := a.logAndGetErrorResponse("invalid session token", err)
@ -92,14 +90,12 @@ func (a *API) PutContainerEACL(params operations.PutContainerEACLParams, princip
return operations.NewPutContainerEACLBadRequest().WithPayload(resp) return operations.NewPutContainerEACLBadRequest().WithPayload(resp)
} }
st := &SessionToken{ st, err := formSessionTokenFromHeaders(principal, params.XBearerSignature, params.XBearerSignatureKey, sessionv2.ContainerVerbSetEACL)
BearerToken: BearerToken{ if err != nil {
Token: string(*principal), resp := a.logAndGetErrorResponse("invalid session token headers", err)
Signature: params.XBearerSignature, return operations.NewPutContainerEACLBadRequest().WithPayload(resp)
Key: params.XBearerSignatureKey,
},
Verb: sessionv2.ContainerVerbSetEACL,
} }
stoken, err := prepareSessionToken(st, *params.WalletConnect) stoken, err := prepareSessionToken(st, *params.WalletConnect)
if err != nil { if err != nil {
resp := a.logAndGetErrorResponse("invalid session token", err) resp := a.logAndGetErrorResponse("invalid session token", err)
@ -192,14 +188,12 @@ func (a *API) ListContainer(params operations.ListContainersParams) middleware.R
// DeleteContainer handler that returns container info. // DeleteContainer handler that returns container info.
func (a *API) DeleteContainer(params operations.DeleteContainerParams, principal *models.Principal) middleware.Responder { func (a *API) DeleteContainer(params operations.DeleteContainerParams, principal *models.Principal) middleware.Responder {
st := &SessionToken{ st, err := formSessionTokenFromHeaders(principal, params.XBearerSignature, params.XBearerSignatureKey, sessionv2.ContainerVerbDelete)
BearerToken: BearerToken{ if err != nil {
Token: string(*principal), resp := a.logAndGetErrorResponse("invalid session token headers", err)
Signature: params.XBearerSignature, return operations.NewDeleteContainerBadRequest().WithPayload(resp)
Key: params.XBearerSignatureKey,
},
Verb: sessionv2.ContainerVerbDelete,
} }
stoken, err := prepareSessionToken(st, *params.WalletConnect) stoken, err := prepareSessionToken(st, *params.WalletConnect)
if err != nil { if err != nil {
resp := a.logAndGetErrorResponse("invalid session token", err) resp := a.logAndGetErrorResponse("invalid session token", err)

View file

@ -33,7 +33,13 @@ func (a *API) PutObjects(params operations.PutObjectParams, principal *models.Pr
errorResponse := operations.NewPutObjectBadRequest() errorResponse := operations.NewPutObjectBadRequest()
ctx := params.HTTPRequest.Context() ctx := params.HTTPRequest.Context()
btoken, err := getBearerToken(principal, params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect) bearerHeaders, err := prepareBearerTokenHeaders(params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect, *params.FullBearer)
if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer headers", err)
return errorResponse.WithPayload(resp)
}
btoken, err := getBearerToken(principal, bearerHeaders)
if err != nil { if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer token", err) resp := a.logAndGetErrorResponse("invalid bearer token", err)
return errorResponse.WithPayload(resp) return errorResponse.WithPayload(resp)
@ -99,7 +105,13 @@ func (a *API) GetObjectInfo(params operations.GetObjectInfoParams, principal *mo
return errorResponse.WithPayload(resp) return errorResponse.WithPayload(resp)
} }
btoken, err := getBearerToken(principal, params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect) bearerHeaders, err := prepareBearerTokenHeaders(params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect, *params.FullBearer)
if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer headers", err)
return errorResponse.WithPayload(resp)
}
btoken, err := getBearerToken(principal, bearerHeaders)
if err != nil { if err != nil {
resp := a.logAndGetErrorResponse("get bearer token", err) resp := a.logAndGetErrorResponse("get bearer token", err)
return errorResponse.WithPayload(resp) return errorResponse.WithPayload(resp)
@ -195,7 +207,13 @@ func (a *API) DeleteObject(params operations.DeleteObjectParams, principal *mode
return errorResponse.WithPayload(resp) return errorResponse.WithPayload(resp)
} }
btoken, err := getBearerToken(principal, params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect) bearerHeaders, err := prepareBearerTokenHeaders(params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect, *params.FullBearer)
if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer headers", err)
return errorResponse.WithPayload(resp)
}
btoken, err := getBearerToken(principal, bearerHeaders)
if err != nil { if err != nil {
resp := a.logAndGetErrorResponse("failed to get bearer token", err) resp := a.logAndGetErrorResponse("failed to get bearer token", err)
return errorResponse.WithPayload(resp) return errorResponse.WithPayload(resp)
@ -226,7 +244,13 @@ func (a *API) SearchObjects(params operations.SearchObjectsParams, principal *mo
return errorResponse.WithPayload(resp) return errorResponse.WithPayload(resp)
} }
btoken, err := getBearerToken(principal, params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect) bearerHeaders, err := prepareBearerTokenHeaders(params.XBearerSignature, params.XBearerSignatureKey, *params.WalletConnect, *params.FullBearer)
if err != nil {
resp := a.logAndGetErrorResponse("invalid bearer headers", err)
return errorResponse.WithPayload(resp)
}
btoken, err := getBearerToken(principal, bearerHeaders)
if err != nil { if err != nil {
resp := a.logAndGetErrorResponse("failed to get bearer token", err) resp := a.logAndGetErrorResponse("failed to get bearer token", err)
return errorResponse.WithPayload(resp) return errorResponse.WithPayload(resp)
@ -339,22 +363,41 @@ func parseAddress(containerID, objectID string) (oid.Address, error) {
return addr, nil return addr, nil
} }
func getBearerToken(token *models.Principal, signature, key string, isWalletConnect bool) (bearer.Token, error) { type BearerTokenHeaders struct {
bt := &BearerToken{ Signature string
Token: string(*token), Key string
Signature: signature, IsWalletConnect bool
Key: key, IsFullToken bool
}
return prepareBearerToken(bt, isWalletConnect)
} }
func prepareBearerToken(bt *BearerToken, isWalletConnect bool) (bearer.Token, error) { func getBearerToken(token *models.Principal, hdr *BearerTokenHeaders) (bearer.Token, error) {
bt := &BearerToken{
Token: string(*token),
Signature: hdr.Signature,
Key: hdr.Key,
}
return prepareBearerToken(bt, hdr.IsWalletConnect, hdr.IsFullToken)
}
func prepareBearerToken(bt *BearerToken, isWalletConnect, isFullToken bool) (bearer.Token, error) {
data, err := base64.StdEncoding.DecodeString(bt.Token) data, err := base64.StdEncoding.DecodeString(bt.Token)
if err != nil { if err != nil {
return bearer.Token{}, fmt.Errorf("can't base64-decode bearer token: %w", err) return bearer.Token{}, fmt.Errorf("can't base64-decode bearer token: %w", err)
} }
if isFullToken {
var btoken bearer.Token
if err = btoken.Unmarshal(data); err != nil {
return bearer.Token{}, fmt.Errorf("couldn't unmarshall bearer token: %w", err)
}
if !btoken.VerifySignature() {
return bearer.Token{}, fmt.Errorf("invalid signature")
}
return btoken, nil
}
signature, err := hex.DecodeString(bt.Signature) signature, err := hex.DecodeString(bt.Signature)
if err != nil { if err != nil {
return bearer.Token{}, fmt.Errorf("couldn't decode bearer signature: %w", err) return bearer.Token{}, fmt.Errorf("couldn't decode bearer signature: %w", err)
@ -367,7 +410,7 @@ func prepareBearerToken(bt *BearerToken, isWalletConnect bool) (bearer.Token, er
body := new(acl.BearerTokenBody) body := new(acl.BearerTokenBody)
if err = body.Unmarshal(data); err != nil { if err = body.Unmarshal(data); err != nil {
return bearer.Token{}, fmt.Errorf("can't unmarshal bearer token: %w", err) return bearer.Token{}, fmt.Errorf("can't unmarshal bearer token body: %w", err)
} }
v2signature := new(refs.Signature) v2signature := new(refs.Signature)

View file

@ -2,11 +2,13 @@ package handlers
import ( import (
"context" "context"
"errors"
"fmt" "fmt"
"strconv" "strconv"
"time" "time"
objectv2 "github.com/nspcc-dev/neofs-api-go/v2/object" objectv2 "github.com/nspcc-dev/neofs-api-go/v2/object"
sessionv2 "github.com/nspcc-dev/neofs-api-go/v2/session"
"github.com/nspcc-dev/neofs-rest-gw/gen/models" "github.com/nspcc-dev/neofs-rest-gw/gen/models"
"github.com/nspcc-dev/neofs-sdk-go/object" "github.com/nspcc-dev/neofs-sdk-go/object"
"github.com/nspcc-dev/neofs-sdk-go/pool" "github.com/nspcc-dev/neofs-sdk-go/pool"
@ -171,3 +173,37 @@ func IsObjectToken(token *models.Bearer) (bool, error) {
return isObject, nil return isObject, nil
} }
func prepareBearerTokenHeaders(signature, key *string, isWalletConnect, isFullToken bool) (*BearerTokenHeaders, error) {
bearerHeaders := &BearerTokenHeaders{
IsWalletConnect: isWalletConnect,
IsFullToken: isFullToken,
}
if isFullToken {
return bearerHeaders, nil
}
if signature == nil || key == nil {
return nil, errors.New("missed signature or key header")
}
bearerHeaders.Signature = *signature
bearerHeaders.Key = *key
return bearerHeaders, nil
}
func formSessionTokenFromHeaders(principal *models.Principal, signature, key *string, verb sessionv2.ContainerSessionVerb) (*SessionToken, error) {
if signature == nil || key == nil {
return nil, errors.New("missed signature or key header")
}
return &SessionToken{
BearerToken: BearerToken{
Token: string(*principal),
Signature: *signature,
Key: *key,
},
Verb: verb,
}, nil
}

View file

@ -25,19 +25,25 @@ parameters:
name: X-Bearer-Signature name: X-Bearer-Signature
description: Base64 encoded signature for bearer token. description: Base64 encoded signature for bearer token.
type: string type: string
required: true required: false
signatureKeyParam: signatureKeyParam:
in: header in: header
name: X-Bearer-Signature-Key name: X-Bearer-Signature-Key
description: Hex encoded the public part of the key that signed the bearer token. description: Hex encoded the public part of the key that signed the bearer token.
type: string type: string
required: true required: false
signatureScheme: signatureScheme:
in: query in: query
name: walletConnect name: walletConnect
description: Use wallet connect signature scheme or native NeoFS signature. description: Use wallet connect signature scheme or native NeoFS signature.
type: boolean type: boolean
default: false default: false
fullBearerToken:
in: query
name: fullBearer
description: Provided bearer token is final or gate should assemble it using signature.
type: boolean
default: false
containerId: containerId:
in: path in: path
name: containerId name: containerId
@ -182,6 +188,7 @@ paths:
- $ref: '#/parameters/signatureParam' - $ref: '#/parameters/signatureParam'
- $ref: '#/parameters/signatureKeyParam' - $ref: '#/parameters/signatureKeyParam'
- $ref: '#/parameters/signatureScheme' - $ref: '#/parameters/signatureScheme'
- $ref: '#/parameters/fullBearerToken'
- in: body - in: body
required: true required: true
name: object name: object
@ -226,6 +233,7 @@ paths:
- $ref: '#/parameters/signatureParam' - $ref: '#/parameters/signatureParam'
- $ref: '#/parameters/signatureKeyParam' - $ref: '#/parameters/signatureKeyParam'
- $ref: '#/parameters/signatureScheme' - $ref: '#/parameters/signatureScheme'
- $ref: '#/parameters/fullBearerToken'
- in: query - in: query
name: offset name: offset
type: integer type: integer
@ -282,6 +290,7 @@ paths:
- $ref: '#/parameters/signatureParam' - $ref: '#/parameters/signatureParam'
- $ref: '#/parameters/signatureKeyParam' - $ref: '#/parameters/signatureKeyParam'
- $ref: '#/parameters/signatureScheme' - $ref: '#/parameters/signatureScheme'
- $ref: '#/parameters/fullBearerToken'
- in: query - in: query
name: range-offset name: range-offset
type: integer type: integer
@ -320,6 +329,7 @@ paths:
- $ref: '#/parameters/signatureParam' - $ref: '#/parameters/signatureParam'
- $ref: '#/parameters/signatureKeyParam' - $ref: '#/parameters/signatureKeyParam'
- $ref: '#/parameters/signatureScheme' - $ref: '#/parameters/signatureScheme'
- $ref: '#/parameters/fullBearerToken'
responses: responses:
200: 200:
headers: headers: