frostfs-s3-gw/authmate/session_tokens.go

85 lines
1.9 KiB
Go
Raw Normal View History

package authmate
import (
"encoding/json"
"fmt"
apisession "github.com/nspcc-dev/neofs-api-go/v2/session"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
"github.com/nspcc-dev/neofs-sdk-go/session"
)
type (
sessionTokenModel struct {
Verb string `json:"verb"`
ContainerID string `json:"ContainerID"`
}
sessionTokenContext struct {
verb session.ContainerVerb
containerID *cid.ID
}
)
func (c *sessionTokenContext) UnmarshalJSON(data []byte) (err error) {
var m sessionTokenModel
if err = json.Unmarshal(data, &m); err != nil {
return fmt.Errorf("unmarshal session token context: %w", err)
}
switch m.Verb {
case apisession.ContainerVerbPut.String():
c.verb = session.VerbContainerPut
case apisession.ContainerVerbSetEACL.String():
c.verb = session.VerbContainerSetEACL
case apisession.ContainerVerbDelete.String():
c.verb = session.VerbContainerDelete
default:
return fmt.Errorf("unknown container token verb %s", m.Verb)
}
if len(m.ContainerID) > 0 {
c.containerID = new(cid.ID)
return c.containerID.DecodeString(m.ContainerID)
}
return nil
}
func buildContext(rules []byte) ([]sessionTokenContext, error) {
var sessionCtxs []sessionTokenContext
if len(rules) != 0 {
err := json.Unmarshal(rules, &sessionCtxs)
if err != nil {
return nil, fmt.Errorf("failed to unmarshal rules for session token: %w", err)
}
var (
containsPut = false
containsSetEACL = false
)
for _, d := range sessionCtxs {
if d.verb == session.VerbContainerPut {
containsPut = true
} else if d.verb == session.VerbContainerSetEACL {
containsSetEACL = true
}
}
if containsPut && !containsSetEACL {
sessionCtxs = append(sessionCtxs, sessionTokenContext{
verb: session.VerbContainerSetEACL,
})
}
return sessionCtxs, nil
}
return []sessionTokenContext{
{verb: session.VerbContainerPut},
{verb: session.VerbContainerDelete},
{verb: session.VerbContainerSetEACL},
}, nil
}