frostfs-s3-gw/api/user-auth.go

package api

import (
	"context"
	"net/http"

	"github.com/gorilla/mux"
	"github.com/nspcc-dev/neofs-s3-gw/api/auth"
	"go.uber.org/zap"
)

// KeyWrapper is wrapper for context keys.
type KeyWrapper string

// GateData is an ID used to store GateData in a context.
var GateData = KeyWrapper("__context_gate_data_key")

// AttachUserAuth adds user authentication via center to router using log for logging.
func AttachUserAuth(router *mux.Router, center auth.Center, log *zap.Logger) {
	router.Use(func(h http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			var ctx context.Context
			tokens, err := center.Authenticate(r)
			if err != nil {
				if err == auth.ErrNoAuthorizationHeader {
					log.Debug("couldn't receive bearer token, using neofs-key")
					ctx = r.Context()
				} else {
					log.Error("failed to pass authentication", zap.Error(err))
					WriteErrorResponse(r.Context(), w, GetAPIError(ErrAccessDenied), r.URL)
					return
				}
			} else {
				ctx = context.WithValue(r.Context(), GateData, tokens)
			}

			h.ServeHTTP(w, r.WithContext(ctx))
		})
	})
}
Move user auth procedure to S3 API router; activate overall setting bearer tokens in neofs objects 2020-07-22 19:48:34 +00:00			`package api`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00
			`import (`
*: drop old sdk dependecies, bump neofs-api-go version I'm not sure it works, but it's enough code-wise for now. We're reusing some http-gw components here that are to be moved into sdk-go in future. Signed-off-by: Roman Khimov <roman@nspcc.ru> 2021-05-26 16:48:27 +00:00			`"context"`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`"net/http"`

			`"github.com/gorilla/mux"`
Replace s3-gate by s3-gw Signed-off-by: Angira Kekteeva <kira@nspcc.ru> 2021-05-18 11:10:08 +00:00			`"github.com/nspcc-dev/neofs-s3-gw/api/auth"`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`"go.uber.org/zap"`
			`)`

api: fix golint suggestion for proper context usage api/user-auth.go:27:5 golint should not use basic type string as key in context.WithValue Signed-off-by: Roman Khimov <roman@nspcc.ru> 2021-05-26 18:25:05 +00:00			`// KeyWrapper is wrapper for context keys.`
			`type KeyWrapper string`

[#47] Add session token to context Signed-off-by: Angira Kekteeva <kira@nspcc.ru> 2021-06-21 10:54:57 +00:00			`// GateData is an ID used to store GateData in a context.`
			`var GateData = KeyWrapper("__context_gate_data_key")`
*: drop old sdk dependecies, bump neofs-api-go version I'm not sure it works, but it's enough code-wise for now. We're reusing some http-gw components here that are to be moved into sdk-go in future. Signed-off-by: Roman Khimov <roman@nspcc.ru> 2021-05-26 16:48:27 +00:00
*: fix golint warnings about comments to exported things. 2021-05-13 20:25:31 +00:00			`// AttachUserAuth adds user authentication via center to router using log for logging.`
Fixes of usage auth package Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2020-11-24 07:00:49 +00:00			`func AttachUserAuth(router mux.Router, center auth.Center, log zap.Logger) {`
			`router.Use(func(h http.Handler) http.Handler {`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
[#65] Added NoAuthorizationHeader error Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-06-11 16:29:55 +00:00			`var ctx context.Context`
[#47] Add session token to context Signed-off-by: Angira Kekteeva <kira@nspcc.ru> 2021-06-21 10:54:57 +00:00			`tokens, err := center.Authenticate(r)`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`if err != nil {`
[#65] Added NoAuthorizationHeader error Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-06-11 16:29:55 +00:00			`if err == auth.ErrNoAuthorizationHeader {`
			`log.Debug("couldn't receive bearer token, using neofs-key")`
			`ctx = r.Context()`
			`} else {`
			`log.Error("failed to pass authentication", zap.Error(err))`
			`WriteErrorResponse(r.Context(), w, GetAPIError(ErrAccessDenied), r.URL)`
			`return`
			`}`
[#65] Allow no sign requests Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-06-11 11:52:03 +00:00			`} else {`
[#47] Add session token to context Signed-off-by: Angira Kekteeva <kira@nspcc.ru> 2021-06-21 10:54:57 +00:00			`ctx = context.WithValue(r.Context(), GateData, tokens)`
[#65] Allow no sign requests Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-06-11 11:52:03 +00:00			`}`

			`h.ServeHTTP(w, r.WithContext(ctx))`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`})`
Fixes of usage auth package Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2020-11-24 07:00:49 +00:00			`})`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`}`