[#255] Create session token using arbitrary key
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
parent
85e3c7b087
commit
3953c2166e
2 changed files with 38 additions and 8 deletions
|
@ -2,6 +2,7 @@ package client
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"crypto/ecdsa"
|
||||||
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
"github.com/nspcc-dev/neofs-api-go/v2/refs"
|
||||||
rpcapi "github.com/nspcc-dev/neofs-api-go/v2/rpc"
|
rpcapi "github.com/nspcc-dev/neofs-api-go/v2/rpc"
|
||||||
|
@ -15,6 +16,9 @@ type PrmSessionCreate struct {
|
||||||
prmCommonMeta
|
prmCommonMeta
|
||||||
|
|
||||||
exp uint64
|
exp uint64
|
||||||
|
|
||||||
|
keySet bool
|
||||||
|
key ecdsa.PrivateKey
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetExp sets number of the last NepFS epoch in the lifetime of the session after which it will be expired.
|
// SetExp sets number of the last NepFS epoch in the lifetime of the session after which it will be expired.
|
||||||
|
@ -22,6 +26,13 @@ func (x *PrmSessionCreate) SetExp(exp uint64) {
|
||||||
x.exp = exp
|
x.exp = exp
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// UseKey specifies private key to sign the requests and compute token owner.
|
||||||
|
// If key is not provided, then Client default key is used.
|
||||||
|
func (x *PrmSessionCreate) UseKey(key ecdsa.PrivateKey) {
|
||||||
|
x.keySet = true
|
||||||
|
x.key = key
|
||||||
|
}
|
||||||
|
|
||||||
// ResSessionCreate groups resulting values of SessionCreate operation.
|
// ResSessionCreate groups resulting values of SessionCreate operation.
|
||||||
type ResSessionCreate struct {
|
type ResSessionCreate struct {
|
||||||
statusRes
|
statusRes
|
||||||
|
@ -72,8 +83,12 @@ func (c *Client) SessionCreate(ctx context.Context, prm PrmSessionCreate) (*ResS
|
||||||
panic(panicMsgMissingContext)
|
panic(panicMsgMissingContext)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ownerKey := c.prm.key.PublicKey
|
||||||
|
if prm.keySet {
|
||||||
|
ownerKey = prm.key.PublicKey
|
||||||
|
}
|
||||||
var ownerID user.ID
|
var ownerID user.ID
|
||||||
user.IDFromKey(&ownerID, c.prm.key.PublicKey)
|
user.IDFromKey(&ownerID, ownerKey)
|
||||||
|
|
||||||
var ownerIDV2 refs.OwnerID
|
var ownerIDV2 refs.OwnerID
|
||||||
ownerID.WriteToV2(&ownerIDV2)
|
ownerID.WriteToV2(&ownerIDV2)
|
||||||
|
@ -95,7 +110,13 @@ func (c *Client) SessionCreate(ctx context.Context, prm PrmSessionCreate) (*ResS
|
||||||
res ResSessionCreate
|
res ResSessionCreate
|
||||||
)
|
)
|
||||||
|
|
||||||
c.initCallContext(&cc)
|
if prm.keySet {
|
||||||
|
c.initCallContextWithoutKey(&cc)
|
||||||
|
cc.key = prm.key
|
||||||
|
} else {
|
||||||
|
c.initCallContext(&cc)
|
||||||
|
}
|
||||||
|
|
||||||
cc.meta = prm.prmCommonMeta
|
cc.meta = prm.prmCommonMeta
|
||||||
cc.req = &req
|
cc.req = &req
|
||||||
cc.statusRes = &res
|
cc.statusRes = &res
|
||||||
|
|
21
pool/pool.go
21
pool/pool.go
|
@ -428,6 +428,7 @@ func (c *clientWrapper) objectSearch(ctx context.Context, prm PrmObjectSearch) (
|
||||||
func (c *clientWrapper) sessionCreate(ctx context.Context, prm prmCreateSession) (*resCreateSession, error) {
|
func (c *clientWrapper) sessionCreate(ctx context.Context, prm prmCreateSession) (*resCreateSession, error) {
|
||||||
var cliPrm sdkClient.PrmSessionCreate
|
var cliPrm sdkClient.PrmSessionCreate
|
||||||
cliPrm.SetExp(prm.exp)
|
cliPrm.SetExp(prm.exp)
|
||||||
|
cliPrm.UseKey(prm.key)
|
||||||
|
|
||||||
res, err := c.client.SessionCreate(ctx, cliPrm)
|
res, err := c.client.SessionCreate(ctx, cliPrm)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -835,13 +836,20 @@ func (x *PrmBalanceGet) SetAccount(id user.ID) {
|
||||||
// prmEndpointInfo groups parameters of sessionCreate operation.
|
// prmEndpointInfo groups parameters of sessionCreate operation.
|
||||||
type prmCreateSession struct {
|
type prmCreateSession struct {
|
||||||
exp uint64
|
exp uint64
|
||||||
|
key ecdsa.PrivateKey
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetExp sets number of the last NeoFS epoch in the lifetime of the session after which it will be expired.
|
// setExp sets number of the last NeoFS epoch in the lifetime of the session after which it will be expired.
|
||||||
func (x *prmCreateSession) SetExp(exp uint64) {
|
func (x *prmCreateSession) setExp(exp uint64) {
|
||||||
x.exp = exp
|
x.exp = exp
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// useKey specifies owner private key for session token.
|
||||||
|
// If key is not provided, then Pool default key is used.
|
||||||
|
func (x *prmCreateSession) useKey(key ecdsa.PrivateKey) {
|
||||||
|
x.key = key
|
||||||
|
}
|
||||||
|
|
||||||
// prmEndpointInfo groups parameters of endpointInfo operation.
|
// prmEndpointInfo groups parameters of endpointInfo operation.
|
||||||
type prmEndpointInfo struct{}
|
type prmEndpointInfo struct{}
|
||||||
|
|
||||||
|
@ -957,7 +965,7 @@ func (p *Pool) Dial(ctx context.Context) error {
|
||||||
}
|
}
|
||||||
var healthy bool
|
var healthy bool
|
||||||
var st session.Object
|
var st session.Object
|
||||||
err = initSessionForDuration(ctx, &st, c, p.rebalanceParams.sessionExpirationDuration)
|
err = initSessionForDuration(ctx, &st, c, p.rebalanceParams.sessionExpirationDuration, *p.key)
|
||||||
if err != nil && p.logger != nil {
|
if err != nil && p.logger != nil {
|
||||||
p.logger.Warn("failed to create neofs session token for client",
|
p.logger.Warn("failed to create neofs session token for client",
|
||||||
zap.String("Address", addr),
|
zap.String("Address", addr),
|
||||||
|
@ -1199,7 +1207,7 @@ func (p *Pool) checkSessionTokenErr(err error, address string) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func initSessionForDuration(ctx context.Context, dst *session.Object, c client, dur uint64) error {
|
func initSessionForDuration(ctx context.Context, dst *session.Object, c client, dur uint64, ownerKey ecdsa.PrivateKey) error {
|
||||||
ni, err := c.networkInfo(ctx, prmNetworkInfo{})
|
ni, err := c.networkInfo(ctx, prmNetworkInfo{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -1214,7 +1222,8 @@ func initSessionForDuration(ctx context.Context, dst *session.Object, c client,
|
||||||
exp = epoch + dur
|
exp = epoch + dur
|
||||||
}
|
}
|
||||||
var prm prmCreateSession
|
var prm prmCreateSession
|
||||||
prm.SetExp(exp)
|
prm.setExp(exp)
|
||||||
|
prm.useKey(ownerKey)
|
||||||
|
|
||||||
res, err := c.sessionCreate(ctx, prm)
|
res, err := c.sessionCreate(ctx, prm)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -1302,7 +1311,7 @@ func (p *Pool) openDefaultSession(ctx *callContext) error {
|
||||||
tok, ok := p.cache.Get(cacheKey)
|
tok, ok := p.cache.Get(cacheKey)
|
||||||
if !ok {
|
if !ok {
|
||||||
// init new session
|
// init new session
|
||||||
err := initSessionForDuration(ctx, &tok, ctx.client, p.stokenDuration)
|
err := initSessionForDuration(ctx, &tok, ctx.client, p.stokenDuration, *ctx.key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("session API client: %w", err)
|
return fmt.Errorf("session API client: %w", err)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue