TrueCloudLab
/
frostfs-s3-gw
15
2
Fork 14
Code Issues 20 Pull Requests 5 Actions Packages Releases 6 Activity

authmate: drop creds/s3 dependency 

Signed-off-by: Roman Khimov <roman@nspcc.ru>
remotes/KirillovDenis/bugfix/681-fix_acl_parsing
Roman Khimov 2021-05-25 19:52:29 +03:00
parent 69e3e22dbc
commit ce7c8932d4
2 changed files with 17 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/auth/center.go
View File

@ -15,9 +15,9 @@ import (
sdk "github.com/nspcc-dev/cdn-sdk"
"github.com/nspcc-dev/cdn-sdk/creds/bearer"
"github.com/nspcc-dev/cdn-sdk/creds/hcs"
"github.com/nspcc-dev/cdn-sdk/creds/s3"
"github.com/nspcc-dev/neofs-api-go/pkg/object"
"github.com/nspcc-dev/neofs-api-go/pkg/token"
"github.com/nspcc-dev/neofs-s3-gw/authmate"
"go.uber.org/zap"
)
@ -100,7 +100,7 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) {
return nil, err
}
secret, err := s3.SecretAccessKey(tkn)
secret, err := authmate.BearerToAccessKey(tkn)
if err != nil {
return nil, err
}

18
authmate/authmate.go
View File

@ -3,6 +3,8 @@ package authmate
import (
"context"
"crypto/ecdsa"
"crypto/sha256"
"encoding/hex"
"encoding/json"
"fmt"
"io"
@ -14,7 +16,6 @@ import (
"github.com/nspcc-dev/cdn-sdk/creds/bearer"
"github.com/nspcc-dev/cdn-sdk/creds/hcs"
"github.com/nspcc-dev/cdn-sdk/creds/neofs"
"github.com/nspcc-dev/cdn-sdk/creds/s3"
"github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl"
"github.com/nspcc-dev/neofs-api-go/pkg/container"
"github.com/nspcc-dev/neofs-api-go/pkg/netmap"
@ -127,7 +128,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
return fmt.Errorf("failed to put bearer token: %w", err)
}
secret, err := s3.SecretAccessKey(tkn)
secret, err := BearerToAccessKey(tkn)
if err != nil {
return fmt.Errorf("failed to get bearer token secret key: %w", err)
}
@ -157,7 +158,7 @@ func (a *Agent) ObtainSecret(ctx context.Context, w io.Writer, options *ObtainSe
return fmt.Errorf("failed to get bearer token: %w", err)
}
secret, err := s3.SecretAccessKey(tkn)
secret, err := BearerToAccessKey(tkn)
if err != nil {
return fmt.Errorf("failed to get bearer token secret key: %w", err)
}
@ -234,3 +235,14 @@ func buildBearerToken(key *ecdsa.PrivateKey, oid *owner.ID, table *eacl.Table) (
return bearerToken, bearerToken.SignToken(key)
}
// BearerToAccessKey returns secret access key generated from given BearerToken.
func BearerToAccessKey(tkn *token.BearerToken) (string, error) {
data, err := tkn.Marshal()
if err != nil {
return "", err
}
hash := sha256.Sum256(data)
return hex.EncodeToString(hash[:]), nil
}