frostfs-s3-gw/api/user_auth.go

package api

import (
	"context"
	"net/http"

	"github.com/gorilla/mux"
	"github.com/nspcc-dev/neofs-s3-gw/api/auth"
	"github.com/nspcc-dev/neofs-s3-gw/api/errors"
	"go.uber.org/zap"
)

// KeyWrapper is wrapper for context keys.
type KeyWrapper string

// BoxData is an ID used to store accessbox.Box in a context.
var BoxData = KeyWrapper("__context_box_key")

// AttachUserAuth adds user authentication via center to router using log for logging.
func AttachUserAuth(router *mux.Router, center auth.Center, log *zap.Logger) {
	router.Use(func(h http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			var ctx context.Context
			box, err := center.Authenticate(r)
			if err != nil {
				if err == auth.ErrNoAuthorizationHeader {
					log.Debug("couldn't receive bearer token, using neofs-key")
					ctx = r.Context()
				} else {
					log.Error("failed to pass authentication", zap.Error(err))
					if _, ok := err.(errors.Error); !ok {
						err = errors.GetAPIError(errors.ErrAccessDenied)
					}
					WriteErrorResponse(w, GetReqInfo(r.Context()), err)
					return
				}
			} else {
				ctx = context.WithValue(r.Context(), BoxData, box)
			}

			h.ServeHTTP(w, r.WithContext(ctx))
		})
	})
}
Move user auth procedure to S3 API router; activate overall setting bearer tokens in neofs objects 2020-07-22 19:48:34 +00:00			`package api`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00
			`import (`
*: drop old sdk dependecies, bump neofs-api-go version I'm not sure it works, but it's enough code-wise for now. We're reusing some http-gw components here that are to be moved into sdk-go in future. Signed-off-by: Roman Khimov <roman@nspcc.ru> 2021-05-26 16:48:27 +00:00			`"context"`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`"net/http"`

			`"github.com/gorilla/mux"`
Replace s3-gate by s3-gw Signed-off-by: Angira Kekteeva <kira@nspcc.ru> 2021-05-18 11:10:08 +00:00			`"github.com/nspcc-dev/neofs-s3-gw/api/auth"`
[#199] Refactor Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-08-09 08:53:58 +00:00			`"github.com/nspcc-dev/neofs-s3-gw/api/errors"`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`"go.uber.org/zap"`
			`)`

api: fix golint suggestion for proper context usage api/user-auth.go:27:5 golint should not use basic type string as key in context.WithValue Signed-off-by: Roman Khimov <roman@nspcc.ru> 2021-05-26 18:25:05 +00:00			`// KeyWrapper is wrapper for context keys.`
			`type KeyWrapper string`

[#89] Add placement policy Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-07-16 12:35:07 +00:00			`// BoxData is an ID used to store accessbox.Box in a context.`
			`var BoxData = KeyWrapper("__context_box_key")`
*: drop old sdk dependecies, bump neofs-api-go version I'm not sure it works, but it's enough code-wise for now. We're reusing some http-gw components here that are to be moved into sdk-go in future. Signed-off-by: Roman Khimov <roman@nspcc.ru> 2021-05-26 16:48:27 +00:00
*: fix golint warnings about comments to exported things. 2021-05-13 20:25:31 +00:00			`// AttachUserAuth adds user authentication via center to router using log for logging.`
Fixes of usage auth package Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2020-11-24 07:00:49 +00:00			`func AttachUserAuth(router mux.Router, center auth.Center, log zap.Logger) {`
			`router.Use(func(h http.Handler) http.Handler {`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
[#65] Added NoAuthorizationHeader error Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-06-11 16:29:55 +00:00			`var ctx context.Context`
[#89] Add placement policy Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-07-16 12:35:07 +00:00			`box, err := center.Authenticate(r)`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`if err != nil {`
[#65] Added NoAuthorizationHeader error Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-06-11 16:29:55 +00:00			`if err == auth.ErrNoAuthorizationHeader {`
			`log.Debug("couldn't receive bearer token, using neofs-key")`
			`ctx = r.Context()`
			`} else {`
			`log.Error("failed to pass authentication", zap.Error(err))`
[#199] Refactor Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-08-09 08:53:58 +00:00			`if _, ok := err.(errors.Error); !ok {`
			`err = errors.GetAPIError(errors.ErrAccessDenied)`
			`}`
			`WriteErrorResponse(w, GetReqInfo(r.Context()), err)`
[#65] Added NoAuthorizationHeader error Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-06-11 16:29:55 +00:00			`return`
			`}`
[#65] Allow no sign requests Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-06-11 11:52:03 +00:00			`} else {`
[#89] Add placement policy Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-07-16 12:35:07 +00:00			`ctx = context.WithValue(r.Context(), BoxData, box)`
[#65] Allow no sign requests Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-06-11 11:52:03 +00:00			`}`

			`h.ServeHTTP(w, r.WithContext(ctx))`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`})`
Fixes of usage auth package Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2020-11-24 07:00:49 +00:00			`})`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`}`