2022-01-25 16:21:35 +00:00
|
|
|
package session
|
|
|
|
|
|
|
|
import (
|
2022-04-07 16:09:15 +00:00
|
|
|
"crypto/ecdsa"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
|
2022-12-13 14:36:35 +00:00
|
|
|
"github.com/TrueCloudLab/frostfs-api-go/v2/refs"
|
|
|
|
"github.com/TrueCloudLab/frostfs-api-go/v2/session"
|
|
|
|
cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
|
|
|
|
oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
|
2022-01-25 16:21:35 +00:00
|
|
|
)
|
|
|
|
|
2022-04-07 16:09:15 +00:00
|
|
|
// Object represents token of the NeoFS Object session. A session is opened
|
|
|
|
// between any two sides of the system, and implements a mechanism for transferring
|
|
|
|
// the power of attorney of actions to another network member. The session has a
|
|
|
|
// limited validity period, and applies to a strictly defined set of operations.
|
|
|
|
// See methods for details.
|
2022-01-25 16:21:35 +00:00
|
|
|
//
|
2022-12-13 14:36:35 +00:00
|
|
|
// Object is mutually compatible with github.com/TrueCloudLab/frostfs-api-go/v2/session.Token
|
2022-04-07 16:09:15 +00:00
|
|
|
// message. See ReadFromV2 / WriteToV2 methods.
|
2022-01-25 16:21:35 +00:00
|
|
|
//
|
2022-04-07 16:09:15 +00:00
|
|
|
// Instances can be created using built-in var declaration.
|
|
|
|
type Object struct {
|
2022-06-02 08:28:20 +00:00
|
|
|
commonData
|
2022-01-25 16:21:35 +00:00
|
|
|
|
2022-06-02 08:28:20 +00:00
|
|
|
verb ObjectVerb
|
2022-01-25 16:21:35 +00:00
|
|
|
|
2022-06-02 08:28:20 +00:00
|
|
|
cnrSet bool
|
|
|
|
cnr cid.ID
|
2022-04-07 16:09:15 +00:00
|
|
|
|
2022-09-16 14:13:57 +00:00
|
|
|
objs []oid.ID
|
2022-01-25 16:21:35 +00:00
|
|
|
}
|
|
|
|
|
2022-06-02 08:28:20 +00:00
|
|
|
func (x *Object) readContext(c session.TokenContext, checkFieldPresence bool) error {
|
|
|
|
cObj, ok := c.(*session.ObjectSessionContext)
|
|
|
|
if !ok || cObj == nil {
|
|
|
|
return fmt.Errorf("invalid context %T", c)
|
2022-04-07 16:09:15 +00:00
|
|
|
}
|
2022-01-25 16:21:35 +00:00
|
|
|
|
2022-06-02 08:28:20 +00:00
|
|
|
var err error
|
2022-04-07 16:09:15 +00:00
|
|
|
|
2022-09-16 14:13:57 +00:00
|
|
|
cnr := cObj.GetContainer()
|
2022-06-02 08:28:20 +00:00
|
|
|
if x.cnrSet = cnr != nil; x.cnrSet {
|
|
|
|
err := x.cnr.ReadFromV2(*cnr)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("invalid container ID: %w", err)
|
|
|
|
}
|
|
|
|
} else if checkFieldPresence {
|
2022-09-16 14:13:57 +00:00
|
|
|
return errors.New("missing target container")
|
2022-04-07 16:09:15 +00:00
|
|
|
}
|
|
|
|
|
2022-09-16 14:13:57 +00:00
|
|
|
objs := cObj.GetObjects()
|
|
|
|
if objs != nil {
|
|
|
|
x.objs = make([]oid.ID, len(objs))
|
|
|
|
|
|
|
|
for i := range objs {
|
|
|
|
err = x.objs[i].ReadFromV2(objs[i])
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("invalid target object: %w", err)
|
|
|
|
}
|
2022-06-02 08:28:20 +00:00
|
|
|
}
|
2022-09-16 14:13:57 +00:00
|
|
|
} else {
|
|
|
|
x.objs = nil
|
2022-04-07 16:09:15 +00:00
|
|
|
}
|
2022-01-25 16:21:35 +00:00
|
|
|
|
2022-06-02 08:28:20 +00:00
|
|
|
x.verb = ObjectVerb(cObj.GetVerb())
|
2022-01-25 16:21:35 +00:00
|
|
|
|
2022-06-02 08:28:20 +00:00
|
|
|
return nil
|
|
|
|
}
|
2022-04-07 16:09:15 +00:00
|
|
|
|
2022-06-02 08:28:20 +00:00
|
|
|
func (x *Object) readFromV2(m session.Token, checkFieldPresence bool) error {
|
|
|
|
return x.commonData.readFromV2(m, checkFieldPresence, x.readContext)
|
|
|
|
}
|
2022-05-25 09:03:22 +00:00
|
|
|
|
2022-06-02 08:28:20 +00:00
|
|
|
// ReadFromV2 reads Object from the session.Token message. Checks if the
|
|
|
|
// message conforms to NeoFS API V2 protocol.
|
|
|
|
//
|
|
|
|
// See also WriteToV2.
|
|
|
|
func (x *Object) ReadFromV2(m session.Token) error {
|
|
|
|
return x.readFromV2(m, true)
|
|
|
|
}
|
2022-04-07 16:09:15 +00:00
|
|
|
|
2022-06-02 08:28:20 +00:00
|
|
|
func (x Object) writeContext() session.TokenContext {
|
|
|
|
var c session.ObjectSessionContext
|
|
|
|
c.SetVerb(session.ObjectSessionVerb(x.verb))
|
2022-05-25 09:03:22 +00:00
|
|
|
|
2022-09-16 14:13:57 +00:00
|
|
|
if x.cnrSet || len(x.objs) > 0 {
|
|
|
|
var cnr *refs.ContainerID
|
2022-06-02 08:28:20 +00:00
|
|
|
|
|
|
|
if x.cnrSet {
|
2022-09-16 14:13:57 +00:00
|
|
|
cnr = new(refs.ContainerID)
|
|
|
|
x.cnr.WriteToV2(cnr)
|
2022-06-02 08:28:20 +00:00
|
|
|
}
|
|
|
|
|
2022-09-16 14:13:57 +00:00
|
|
|
var objs []refs.ObjectID
|
|
|
|
|
|
|
|
if x.objs != nil {
|
|
|
|
objs = make([]refs.ObjectID, len(x.objs))
|
2022-06-02 08:28:20 +00:00
|
|
|
|
2022-09-16 14:13:57 +00:00
|
|
|
for i := range x.objs {
|
|
|
|
x.objs[i].WriteToV2(&objs[i])
|
|
|
|
}
|
2022-06-02 08:28:20 +00:00
|
|
|
}
|
2022-04-07 16:09:15 +00:00
|
|
|
|
2022-09-16 14:13:57 +00:00
|
|
|
c.SetTarget(cnr, objs...)
|
2022-04-07 16:09:15 +00:00
|
|
|
}
|
|
|
|
|
2022-06-02 08:28:20 +00:00
|
|
|
return &c
|
2022-01-25 16:21:35 +00:00
|
|
|
}
|
|
|
|
|
2022-04-07 16:09:15 +00:00
|
|
|
// WriteToV2 writes Object to the session.Token message.
|
|
|
|
// The message must not be nil.
|
|
|
|
//
|
|
|
|
// See also ReadFromV2.
|
|
|
|
func (x Object) WriteToV2(m *session.Token) {
|
2022-06-02 08:28:20 +00:00
|
|
|
x.writeToV2(m, x.writeContext)
|
2022-01-25 16:21:35 +00:00
|
|
|
}
|
|
|
|
|
2022-04-07 16:09:15 +00:00
|
|
|
// Marshal encodes Object into a binary format of the NeoFS API protocol
|
|
|
|
// (Protocol Buffers with direct field order).
|
|
|
|
//
|
|
|
|
// See also Unmarshal.
|
|
|
|
func (x Object) Marshal() []byte {
|
|
|
|
var m session.Token
|
|
|
|
x.WriteToV2(&m)
|
|
|
|
|
2022-06-02 08:28:20 +00:00
|
|
|
return x.marshal(x.writeContext)
|
2022-01-25 16:21:35 +00:00
|
|
|
}
|
|
|
|
|
2022-04-07 16:09:15 +00:00
|
|
|
// Unmarshal decodes NeoFS API protocol binary format into the Object
|
|
|
|
// (Protocol Buffers with direct field order). Returns an error describing
|
|
|
|
// a format violation.
|
|
|
|
//
|
|
|
|
// See also Marshal.
|
|
|
|
func (x *Object) Unmarshal(data []byte) error {
|
2022-06-02 08:28:20 +00:00
|
|
|
return x.unmarshal(data, x.readContext)
|
2022-01-25 16:21:35 +00:00
|
|
|
}
|
|
|
|
|
2022-04-07 16:09:15 +00:00
|
|
|
// MarshalJSON encodes Object into a JSON format of the NeoFS API protocol
|
|
|
|
// (Protocol Buffers JSON).
|
|
|
|
//
|
|
|
|
// See also UnmarshalJSON.
|
|
|
|
func (x Object) MarshalJSON() ([]byte, error) {
|
2022-06-02 08:28:20 +00:00
|
|
|
return x.marshalJSON(x.writeContext)
|
2022-01-25 16:21:35 +00:00
|
|
|
}
|
|
|
|
|
2022-04-07 16:09:15 +00:00
|
|
|
// UnmarshalJSON decodes NeoFS API protocol JSON format into the Object
|
|
|
|
// (Protocol Buffers JSON). Returns an error describing a format violation.
|
|
|
|
//
|
|
|
|
// See also MarshalJSON.
|
|
|
|
func (x *Object) UnmarshalJSON(data []byte) error {
|
2022-06-02 08:28:20 +00:00
|
|
|
return x.unmarshalJSON(data, x.readContext)
|
2022-01-25 16:21:35 +00:00
|
|
|
}
|
|
|
|
|
2022-04-07 16:09:15 +00:00
|
|
|
// Sign calculates and writes signature of the Object data.
|
|
|
|
// Returns signature calculation errors.
|
|
|
|
//
|
|
|
|
// Zero Object is unsigned.
|
|
|
|
//
|
|
|
|
// Note that any Object mutation is likely to break the signature, so it is
|
|
|
|
// expected to be calculated as a final stage of Object formation.
|
|
|
|
//
|
|
|
|
// See also VerifySignature.
|
|
|
|
func (x *Object) Sign(key ecdsa.PrivateKey) error {
|
2022-06-02 08:28:20 +00:00
|
|
|
return x.sign(key, x.writeContext)
|
2022-01-25 16:21:35 +00:00
|
|
|
}
|
|
|
|
|
2022-04-07 16:09:15 +00:00
|
|
|
// VerifySignature checks if Object signature is presented and valid.
|
|
|
|
//
|
|
|
|
// Zero Object fails the check.
|
|
|
|
//
|
|
|
|
// See also Sign.
|
|
|
|
func (x Object) VerifySignature() bool {
|
2022-04-27 07:41:09 +00:00
|
|
|
// TODO: (#233) check owner<->key relation
|
2022-06-02 08:28:20 +00:00
|
|
|
return x.verifySignature(x.writeContext)
|
2022-01-25 16:21:35 +00:00
|
|
|
}
|
|
|
|
|
2022-05-25 09:03:22 +00:00
|
|
|
// BindContainer binds the Object session to a given container. Each session
|
|
|
|
// MUST be bound to exactly one container.
|
2022-04-07 16:09:15 +00:00
|
|
|
//
|
2022-05-25 09:03:22 +00:00
|
|
|
// See also AssertContainer.
|
|
|
|
func (x *Object) BindContainer(cnr cid.ID) {
|
2022-06-02 08:28:20 +00:00
|
|
|
x.cnr = cnr
|
|
|
|
x.cnrSet = true
|
2022-01-25 16:21:35 +00:00
|
|
|
}
|
|
|
|
|
2022-05-25 09:03:22 +00:00
|
|
|
// AssertContainer checks if Object session bound to a given container.
|
2022-04-07 16:09:15 +00:00
|
|
|
//
|
2022-05-25 09:03:22 +00:00
|
|
|
// Zero Object isn't bound to any container which is incorrect according to
|
|
|
|
// NeoFS API protocol.
|
2022-04-07 16:09:15 +00:00
|
|
|
//
|
2022-05-25 09:03:22 +00:00
|
|
|
// See also BindContainer.
|
|
|
|
func (x Object) AssertContainer(cnr cid.ID) bool {
|
2022-06-02 08:28:20 +00:00
|
|
|
return x.cnr.Equals(cnr)
|
2022-05-25 09:03:22 +00:00
|
|
|
}
|
|
|
|
|
2022-09-16 14:13:57 +00:00
|
|
|
// LimitByObjects limits session scope to the given objects from the container
|
2022-05-25 09:03:22 +00:00
|
|
|
// to which Object session is bound.
|
|
|
|
//
|
2022-09-16 14:13:57 +00:00
|
|
|
// Argument MUST NOT be mutated, make a copy first.
|
|
|
|
//
|
2022-05-25 09:03:22 +00:00
|
|
|
// See also AssertObject.
|
2022-09-16 14:13:57 +00:00
|
|
|
func (x *Object) LimitByObjects(objs ...oid.ID) {
|
|
|
|
x.objs = objs
|
2022-05-25 09:03:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// AssertObject checks if Object session is applied to a given object.
|
|
|
|
//
|
|
|
|
// Zero Object is applied to all objects in the container.
|
|
|
|
//
|
2022-09-16 14:13:57 +00:00
|
|
|
// See also LimitByObjects.
|
2022-05-25 09:03:22 +00:00
|
|
|
func (x Object) AssertObject(obj oid.ID) bool {
|
2022-09-16 14:13:57 +00:00
|
|
|
if len(x.objs) == 0 {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
for i := range x.objs {
|
|
|
|
if x.objs[i].Equals(obj) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
2022-01-25 16:21:35 +00:00
|
|
|
}
|
|
|
|
|
2022-04-07 16:09:15 +00:00
|
|
|
// ObjectVerb enumerates object operations.
|
|
|
|
type ObjectVerb int8
|
|
|
|
|
|
|
|
const (
|
|
|
|
_ ObjectVerb = iota
|
|
|
|
|
|
|
|
VerbObjectPut // Put rpc
|
|
|
|
VerbObjectGet // Get rpc
|
|
|
|
VerbObjectHead // Head rpc
|
|
|
|
VerbObjectSearch // Search rpc
|
|
|
|
VerbObjectDelete // Delete rpc
|
|
|
|
VerbObjectRange // GetRange rpc
|
|
|
|
VerbObjectRangeHash // GetRangeHash rpc
|
|
|
|
)
|
|
|
|
|
|
|
|
// ForVerb specifies the object operation of the session scope. Each
|
|
|
|
// Object is related to the single operation.
|
|
|
|
//
|
|
|
|
// See also AssertVerb.
|
|
|
|
func (x *Object) ForVerb(verb ObjectVerb) {
|
2022-06-02 08:28:20 +00:00
|
|
|
x.verb = verb
|
2022-01-25 16:21:35 +00:00
|
|
|
}
|
|
|
|
|
2022-04-07 16:09:15 +00:00
|
|
|
// AssertVerb checks if Object relates to one of the given object operations.
|
|
|
|
//
|
|
|
|
// Zero Object relates to zero (unspecified) verb.
|
|
|
|
//
|
|
|
|
// See also ForVerb.
|
|
|
|
func (x Object) AssertVerb(verbs ...ObjectVerb) bool {
|
|
|
|
for i := range verbs {
|
2022-06-02 08:28:20 +00:00
|
|
|
if verbs[i] == x.verb {
|
2022-04-07 16:09:15 +00:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
2022-01-25 16:21:35 +00:00
|
|
|
}
|
|
|
|
|
2022-04-07 16:09:15 +00:00
|
|
|
// ExpiredAt asserts "exp" claim.
|
|
|
|
//
|
|
|
|
// Zero Object is expired in any epoch.
|
|
|
|
//
|
|
|
|
// See also SetExp.
|
|
|
|
func (x Object) ExpiredAt(epoch uint64) bool {
|
2022-06-02 08:28:20 +00:00
|
|
|
return x.expiredAt(epoch)
|
2022-05-25 16:04:09 +00:00
|
|
|
}
|