From cbe07120daf4b532fa4853a5dc7ad0a892df564b Mon Sep 17 00:00:00 2001
From: Evgenii Stratonikov <evgeniy@nspcc.ru>
Date: Wed, 23 Mar 2022 16:22:09 +0300
Subject: [PATCH] [#1261] neofs-cli: Allow to use relative epoch for bearer
 token

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
---
 cmd/neofs-cli/modules/token/create.go | 119 ++++++++++++++++++++++++--
 1 file changed, 111 insertions(+), 8 deletions(-)

diff --git a/cmd/neofs-cli/modules/token/create.go b/cmd/neofs-cli/modules/token/create.go
index 1f9489d8..23bb170c 100644
--- a/cmd/neofs-cli/modules/token/create.go
+++ b/cmd/neofs-cli/modules/token/create.go
@@ -1,10 +1,19 @@
 package token
 
 import (
+	"context"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
+	"strconv"
+	"time"
 
+	"github.com/nspcc-dev/neofs-node/pkg/network"
+	"github.com/nspcc-dev/neofs-sdk-go/client"
 	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
 	"github.com/nspcc-dev/neofs-sdk-go/owner"
 	"github.com/nspcc-dev/neofs-sdk-go/token"
@@ -19,22 +28,30 @@ const (
 	ownerFlag          = "owner"
 	outFlag            = "out"
 	jsonFlag           = "json"
+	rpcFlag            = "rpc-endpoint"
 )
 
 var createCmd = &cobra.Command{
 	Use:   "create",
 	Short: "Create bearer token",
-	RunE:  createToken,
+	Long: `Create bearer token.
+
+All epoch flags can be specified relative to the current epoch with the +n syntax.
+In this case --` + rpcFlag + ` flag should be specified and the epoch in bearer token
+is set to current epoch + n.
+`,
+	RunE: createToken,
 }
 
 func init() {
 	createCmd.Flags().StringP(eaclFlag, "e", "", "path to the extended ACL table")
-	createCmd.Flags().Uint64P(issuedAtFlag, "i", 0, "epoch to issue token at")
-	createCmd.Flags().Uint64P(notValidBeforeFlag, "n", 0, "not valid before epoch")
-	createCmd.Flags().Uint64P(expireAtFlag, "x", 0, "expiration epoch")
+	createCmd.Flags().StringP(issuedAtFlag, "i", "", "epoch to issue token at")
+	createCmd.Flags().StringP(notValidBeforeFlag, "n", "", "not valid before epoch")
+	createCmd.Flags().StringP(expireAtFlag, "x", "", "expiration epoch")
 	createCmd.Flags().StringP(ownerFlag, "o", "", "token owner")
 	createCmd.Flags().String(outFlag, "", "file to write token to")
 	createCmd.Flags().Bool(jsonFlag, false, "output token in JSON")
+	createCmd.Flags().StringP(rpcFlag, "r", "", "rpc-endpoint")
 
 	_ = cobra.MarkFlagFilename(createCmd.Flags(), eaclFlag)
 
@@ -46,9 +63,34 @@ func init() {
 }
 
 func createToken(cmd *cobra.Command, _ []string) error {
-	iat, _ := cmd.Flags().GetUint64(issuedAtFlag)
-	exp, _ := cmd.Flags().GetUint64(expireAtFlag)
-	nvb, _ := cmd.Flags().GetUint64(notValidBeforeFlag)
+	iat, iatRelative, err := parseEpoch(cmd, issuedAtFlag)
+	if err != nil {
+		return err
+	}
+	exp, expRelative, err := parseEpoch(cmd, expireAtFlag)
+	if err != nil {
+		return err
+	}
+	nvb, nvbRelative, err := parseEpoch(cmd, notValidBeforeFlag)
+	if err != nil {
+		return err
+	}
+	if iatRelative || expRelative || nvbRelative {
+		endpoint, _ := cmd.Flags().GetString(rpcFlag)
+		currEpoch, err := getCurrentEpoch(endpoint)
+		if err != nil {
+			return err
+		}
+		if iatRelative {
+			iat += currEpoch
+		}
+		if expRelative {
+			exp += currEpoch
+		}
+		if nvbRelative {
+			nvb += currEpoch
+		}
+	}
 	if exp < nvb {
 		return fmt.Errorf("expiration epoch is less than not-valid-before epoch: %d < %d", exp, nvb)
 	}
@@ -77,7 +119,6 @@ func createToken(cmd *cobra.Command, _ []string) error {
 	}
 
 	var data []byte
-	var err error
 
 	toJSON, _ := cmd.Flags().GetBool(jsonFlag)
 	if toJSON {
@@ -96,3 +137,65 @@ func createToken(cmd *cobra.Command, _ []string) error {
 
 	return nil
 }
+
+// parseEpoch parses epoch argument. Second return value is true if
+// the specified epoch is relative, and false otherwise.
+func parseEpoch(cmd *cobra.Command, flag string) (uint64, bool, error) {
+	s, _ := cmd.Flags().GetString(flag)
+	if len(s) == 0 {
+		return 0, false, nil
+	}
+
+	relative := s[0] == '+'
+	if relative {
+		s = s[1:]
+	}
+
+	epoch, err := strconv.ParseUint(s, 10, 64)
+	if err != nil {
+		return 0, relative, fmt.Errorf("can't parse epoch for %s argument: %w", flag, err)
+	}
+	return epoch, relative, nil
+}
+
+// getCurrentEpoch returns current epoch.
+func getCurrentEpoch(endpoint string) (uint64, error) {
+	var (
+		c       client.Client
+		prmInit client.PrmInit
+		prmDial client.PrmDial
+		addr    network.Address
+	)
+
+	if err := addr.FromString(endpoint); err != nil {
+		return 0, fmt.Errorf("can't parse RPC endpoint: %w", err)
+	}
+
+	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		return 0, fmt.Errorf("can't generate key to sign query: %w", err)
+	}
+
+	prmInit.SetDefaultPrivateKey(*key)
+	prmInit.ResolveNeoFSFailures()
+	c.Init(prmInit)
+
+	prmDial.SetServerURI(addr.HostAddr())
+	if addr.TLSEnabled() {
+		prmDial.SetTLSConfig(&tls.Config{})
+	}
+
+	if err := c.Dial(prmDial); err != nil {
+		return 0, fmt.Errorf("can't initialize client: %w", err)
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
+	defer cancel()
+
+	ni, err := c.NetworkInfo(ctx, client.PrmNetworkInfo{})
+	if err != nil {
+		return 0, err
+	}
+
+	return ni.Info().CurrentEpoch(), nil
+}