forked from TrueCloudLab/frostfs-node
123 lines
2.5 KiB
Go
123 lines
2.5 KiB
Go
|
package cmd
|
||
|
|
||
|
import (
|
||
|
"bytes"
|
||
|
"encoding/json"
|
||
|
"errors"
|
||
|
"fmt"
|
||
|
"io/ioutil"
|
||
|
|
||
|
"github.com/nspcc-dev/neofs-api-go/pkg"
|
||
|
"github.com/nspcc-dev/neofs-api-go/pkg/token"
|
||
|
v2ACL "github.com/nspcc-dev/neofs-api-go/v2/acl"
|
||
|
"github.com/spf13/cobra"
|
||
|
)
|
||
|
|
||
|
var (
|
||
|
utilCmd = &cobra.Command{
|
||
|
Use: "util",
|
||
|
Short: "Utility operations",
|
||
|
}
|
||
|
|
||
|
signCmd = &cobra.Command{
|
||
|
Use: "sign",
|
||
|
Short: "sign NeoFS structure",
|
||
|
}
|
||
|
|
||
|
signBearerCmd = &cobra.Command{
|
||
|
Use: "bearer-token",
|
||
|
Short: "sign bearer token to use it in requests",
|
||
|
RunE: signBearerToken,
|
||
|
}
|
||
|
)
|
||
|
|
||
|
func init() {
|
||
|
rootCmd.AddCommand(utilCmd)
|
||
|
|
||
|
utilCmd.AddCommand(signCmd)
|
||
|
|
||
|
signCmd.AddCommand(signBearerCmd)
|
||
|
signBearerCmd.Flags().String("from", "", "File with JSON or binary encoded bearer token to sign")
|
||
|
_ = signBearerCmd.MarkFlagFilename("from")
|
||
|
_ = signBearerCmd.MarkFlagRequired("from")
|
||
|
signBearerCmd.Flags().String("to", "", "File to dump signed bearer token")
|
||
|
signBearerCmd.Flags().Bool("json", false, "Dump bearer token in JSON encoding")
|
||
|
}
|
||
|
|
||
|
func signBearerToken(cmd *cobra.Command, _ []string) error {
|
||
|
btok, err := getBearerToken(cmd, "from")
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
key, err := getKey()
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
err = completeBearerToken(btok)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
err = btok.SignToken(key)
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
to := cmd.Flag("to").Value.String()
|
||
|
jsonFlag, _ := cmd.Flags().GetBool("json")
|
||
|
|
||
|
var data []byte
|
||
|
if jsonFlag || len(to) == 0 {
|
||
|
data = v2ACL.BearerTokenToJSON(btok.ToV2())
|
||
|
if len(data) == 0 {
|
||
|
return errors.New("can't JSON encode bearer token")
|
||
|
}
|
||
|
} else {
|
||
|
data, err = btok.ToV2().StableMarshal(nil)
|
||
|
if err != nil {
|
||
|
return errors.New("can't binary encode bearer token")
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if len(to) == 0 {
|
||
|
prettyPrintJSON(cmd, data)
|
||
|
|
||
|
return nil
|
||
|
}
|
||
|
|
||
|
err = ioutil.WriteFile(to, data, 0644)
|
||
|
if err != nil {
|
||
|
return fmt.Errorf("can't write signed bearer token to file: %w", err)
|
||
|
}
|
||
|
|
||
|
cmd.Printf("signed bearer token was successfully dumped to %s\n", to)
|
||
|
|
||
|
return nil
|
||
|
}
|
||
|
|
||
|
func completeBearerToken(btok *token.BearerToken) error {
|
||
|
if v2 := btok.ToV2(); v2 != nil {
|
||
|
// set eACL table version, because it usually omitted
|
||
|
table := v2.GetBody().GetEACL()
|
||
|
table.SetVersion(pkg.SDKVersion().ToV2())
|
||
|
|
||
|
// back to SDK token
|
||
|
btok = token.NewBearerTokenFromV2(v2)
|
||
|
} else {
|
||
|
return errors.New("unsupported bearer token version")
|
||
|
}
|
||
|
|
||
|
return nil
|
||
|
}
|
||
|
|
||
|
func prettyPrintJSON(cmd *cobra.Command, data []byte) {
|
||
|
buf := new(bytes.Buffer)
|
||
|
if err := json.Indent(buf, data, "", " "); err != nil {
|
||
|
printVerbose("Can't pretty print json: %w", err)
|
||
|
}
|
||
|
|
||
|
cmd.Println(buf)
|
||
|
}
|