frostfs-s3-gw/api/user-auth.go

package api

import (
	"context"
	"net/http"

	"github.com/gorilla/mux"
	"github.com/nspcc-dev/neofs-s3-gw/api/auth"
	"go.uber.org/zap"
)

// KeyWrapper is wrapper for context keys.
type KeyWrapper string

// BearerTokenKey is an ID used to store bearer token in a context.
var BearerTokenKey = KeyWrapper("__context_bearer_token_key")

// AttachUserAuth adds user authentication via center to router using log for logging.
func AttachUserAuth(router *mux.Router, center auth.Center, log *zap.Logger) {
	router.Use(func(h http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			token, err := center.Authenticate(r)
			if err != nil {
				log.Error("failed to pass authentication", zap.Error(err))
				WriteErrorResponse(r.Context(), w, GetAPIError(ErrAccessDenied), r.URL)
				return
			}

			var ctx context.Context
			if token == nil {
				log.Info("couldn't receive bearer token, switch to use neofs-key")
				ctx = r.Context()
			} else {
				ctx = context.WithValue(r.Context(), BearerTokenKey, token)
			}

			h.ServeHTTP(w, r.WithContext(ctx))
		})
	})
}
Move user auth procedure to S3 API router; activate overall setting bearer tokens in neofs objects 2020-07-22 19:48:34 +00:00			`package api`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00
			`import (`
*: drop old sdk dependecies, bump neofs-api-go version I'm not sure it works, but it's enough code-wise for now. We're reusing some http-gw components here that are to be moved into sdk-go in future. Signed-off-by: Roman Khimov <roman@nspcc.ru> 2021-05-26 16:48:27 +00:00			`"context"`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`"net/http"`

			`"github.com/gorilla/mux"`
Replace s3-gate by s3-gw Signed-off-by: Angira Kekteeva <kira@nspcc.ru> 2021-05-18 11:10:08 +00:00			`"github.com/nspcc-dev/neofs-s3-gw/api/auth"`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`"go.uber.org/zap"`
			`)`

api: fix golint suggestion for proper context usage api/user-auth.go:27:5 golint should not use basic type string as key in context.WithValue Signed-off-by: Roman Khimov <roman@nspcc.ru> 2021-05-26 18:25:05 +00:00			`// KeyWrapper is wrapper for context keys.`
			`type KeyWrapper string`

*: fix comments for golint Signed-off-by: Roman Khimov <roman@nspcc.ru> 2021-05-26 18:23:36 +00:00			`// BearerTokenKey is an ID used to store bearer token in a context.`
api: fix golint suggestion for proper context usage api/user-auth.go:27:5 golint should not use basic type string as key in context.WithValue Signed-off-by: Roman Khimov <roman@nspcc.ru> 2021-05-26 18:25:05 +00:00			`var BearerTokenKey = KeyWrapper("__context_bearer_token_key")`
*: drop old sdk dependecies, bump neofs-api-go version I'm not sure it works, but it's enough code-wise for now. We're reusing some http-gw components here that are to be moved into sdk-go in future. Signed-off-by: Roman Khimov <roman@nspcc.ru> 2021-05-26 16:48:27 +00:00
*: fix golint warnings about comments to exported things. 2021-05-13 20:25:31 +00:00			`// AttachUserAuth adds user authentication via center to router using log for logging.`
Fixes of usage auth package Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2020-11-24 07:00:49 +00:00			`func AttachUserAuth(router mux.Router, center auth.Center, log zap.Logger) {`
			`router.Use(func(h http.Handler) http.Handler {`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
Fixes of usage auth package Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2020-11-24 07:00:49 +00:00			`token, err := center.Authenticate(r)`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`if err != nil {`
			`log.Error("failed to pass authentication", zap.Error(err))`
NFSSVC-27 Fixes for auth middleware 2020-07-27 22:54:47 +00:00			`WriteErrorResponse(r.Context(), w, GetAPIError(ErrAccessDenied), r.URL)`
Add missing return 2020-07-24 14:05:33 +00:00			`return`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`}`
Fixes of usage auth package Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2020-11-24 07:00:49 +00:00
[#65] Allow no sign requests Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2021-06-11 11:52:03 +00:00			`var ctx context.Context`
			`if token == nil {`
			`log.Info("couldn't receive bearer token, switch to use neofs-key")`
			`ctx = r.Context()`
			`} else {`
			`ctx = context.WithValue(r.Context(), BearerTokenKey, token)`
			`}`

			`h.ServeHTTP(w, r.WithContext(ctx))`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`})`
Fixes of usage auth package Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2020-11-24 07:00:49 +00:00			`})`
Add early support of auth middleware 2020-07-16 15:33:47 +00:00			`}`