From ed808c3f1b5577f5758fd6685e714239f4841973 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Thu, 4 Mar 2021 11:09:23 +0300 Subject: [PATCH] [#419] eacl: Replace eACL storage implementation to app-side Replace `eacl.Storage` interface implementation from eACL lib to neofs-node app package. Remove `eacl.WithMorphClient` option in order to abstract eACL validator from eACL storage implementation. Signed-off-by: Leonard Lyubich --- cmd/neofs-node/object.go | 43 ++++++++++++++++++++++++- pkg/services/object/acl/eacl/opts.go | 47 ---------------------------- 2 files changed, 42 insertions(+), 48 deletions(-) diff --git a/cmd/neofs-node/object.go b/cmd/neofs-node/object.go index e79ed874..78a4b481 100644 --- a/cmd/neofs-node/object.go +++ b/cmd/neofs-node/object.go @@ -3,14 +3,18 @@ package main import ( "context" + eaclSDK "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" "github.com/nspcc-dev/neofs-api-go/pkg/client" + "github.com/nspcc-dev/neofs-api-go/pkg/container" objectSDK "github.com/nspcc-dev/neofs-api-go/pkg/object" "github.com/nspcc-dev/neofs-api-go/pkg/owner" + "github.com/nspcc-dev/neofs-api-go/util/signature" "github.com/nspcc-dev/neofs-api-go/v2/object" objectGRPC "github.com/nspcc-dev/neofs-api-go/v2/object/grpc" "github.com/nspcc-dev/neofs-node/pkg/core/netmap" objectCore "github.com/nspcc-dev/neofs-node/pkg/core/object" "github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine" + "github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper" "github.com/nspcc-dev/neofs-node/pkg/morph/event" "github.com/nspcc-dev/neofs-node/pkg/network/cache" objectTransportGRPC "github.com/nspcc-dev/neofs-node/pkg/network/transport/object/grpc" @@ -32,6 +36,7 @@ import ( "github.com/nspcc-dev/neofs-node/pkg/services/policer" "github.com/nspcc-dev/neofs-node/pkg/services/replicator" "github.com/nspcc-dev/neofs-node/pkg/util/logger" + "github.com/pkg/errors" "go.uber.org/zap" ) @@ -338,7 +343,9 @@ func initObjectService(c *cfg) { ), acl.WithLocalStorage(ls), acl.WithEACLValidatorOptions( - eacl.WithMorphClient(c.cfgObject.cnrClient), + eacl.WithEACLStorage(&morphEACLStorage{ + w: c.cfgObject.cnrClient, + }), eacl.WithLogger(c.log), ), acl.WithNetmapState(c.cfgNetmap.state), @@ -346,3 +353,37 @@ func initObjectService(c *cfg) { ), ) } + +type morphEACLStorage struct { + w *wrapper.Wrapper +} + +type signedEACLTable eaclSDK.Table + +func (s *signedEACLTable) ReadSignedData(buf []byte) ([]byte, error) { + return (*eaclSDK.Table)(s).Marshal(buf) +} + +func (s *signedEACLTable) SignedDataSize() int { + // TODO: add eacl.Table.Size method + return (*eaclSDK.Table)(s).ToV2().StableSize() +} + +func (s *morphEACLStorage) GetEACL(cid *container.ID) (*eaclSDK.Table, error) { + table, sig, err := s.w.GetEACL(cid) + if err != nil { + return nil, err + } + + if err := signature.VerifyDataWithSource( + (*signedEACLTable)(table), + func() ([]byte, []byte) { + return sig.Key(), sig.Sign() + }, + signature.SignWithRFC6979(), + ); err != nil { + return nil, errors.Wrap(err, "incorrect signature") + } + + return table, nil +} diff --git a/pkg/services/object/acl/eacl/opts.go b/pkg/services/object/acl/eacl/opts.go index 41199847..4cc0a318 100644 --- a/pkg/services/object/acl/eacl/opts.go +++ b/pkg/services/object/acl/eacl/opts.go @@ -1,48 +1,9 @@ package eacl import ( - "github.com/nspcc-dev/neofs-api-go/pkg/acl/eacl" - "github.com/nspcc-dev/neofs-api-go/pkg/container" - "github.com/nspcc-dev/neofs-api-go/util/signature" - "github.com/nspcc-dev/neofs-node/pkg/morph/client/container/wrapper" "github.com/nspcc-dev/neofs-node/pkg/util/logger" - "github.com/pkg/errors" ) -type morphStorage struct { - w *wrapper.Wrapper -} - -type signedEACLTable eacl.Table - -func (s *signedEACLTable) ReadSignedData(buf []byte) ([]byte, error) { - return (*eacl.Table)(s).Marshal(buf) -} - -func (s *signedEACLTable) SignedDataSize() int { - // TODO: add eacl.Table.Size method - return (*eacl.Table)(s).ToV2().StableSize() -} - -func (s *morphStorage) GetEACL(cid *container.ID) (*eacl.Table, error) { - table, sig, err := s.w.GetEACL(cid) - if err != nil { - return nil, err - } - - if err := signature.VerifyDataWithSource( - (*signedEACLTable)(table), - func() ([]byte, []byte) { - return sig.Key(), sig.Sign() - }, - signature.SignWithRFC6979(), - ); err != nil { - return nil, errors.Wrap(err, "incorrect signature") - } - - return table, nil -} - func WithLogger(v *logger.Logger) Option { return func(c *cfg) { c.logger = v @@ -54,11 +15,3 @@ func WithEACLStorage(v Storage) Option { c.storage = v } } - -func WithMorphClient(v *wrapper.Wrapper) Option { - return func(c *cfg) { - c.storage = &morphStorage{ - w: v, - } - } -}