forked from TrueCloudLab/frostfs-contract
[#78] container: Support session token
Container now stored the same way as ExtendedACL: with signature and session token. This is required for signature checks when session token presented. Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
parent
ccafbcbdcd
commit
de255b0a43
2 changed files with 57 additions and 24 deletions
|
@ -9,12 +9,16 @@ events:
|
||||||
type: ByteArray
|
type: ByteArray
|
||||||
- name: publicKey
|
- name: publicKey
|
||||||
type: ByteArray
|
type: ByteArray
|
||||||
|
- name: token
|
||||||
|
type: ByteArray
|
||||||
- name: containerDelete
|
- name: containerDelete
|
||||||
parameters:
|
parameters:
|
||||||
- name: containerID
|
- name: containerID
|
||||||
type: ByteArray
|
type: ByteArray
|
||||||
- name: signature
|
- name: signature
|
||||||
type: ByteArray
|
type: ByteArray
|
||||||
|
- name: token
|
||||||
|
type: ByteArray
|
||||||
- name: setEACL
|
- name: setEACL
|
||||||
parameters:
|
parameters:
|
||||||
- name: eACL
|
- name: eACL
|
||||||
|
@ -23,6 +27,8 @@ events:
|
||||||
type: ByteArray
|
type: ByteArray
|
||||||
- name: publicKey
|
- name: publicKey
|
||||||
type: ByteArray
|
type: ByteArray
|
||||||
|
- name: token
|
||||||
|
type: ByteArray
|
||||||
- name: StartEstimation
|
- name: StartEstimation
|
||||||
parameters:
|
parameters:
|
||||||
- name: epoch
|
- name: epoch
|
||||||
|
|
|
@ -17,10 +17,18 @@ type (
|
||||||
info []byte
|
info []byte
|
||||||
}
|
}
|
||||||
|
|
||||||
extendedACL struct {
|
Container struct {
|
||||||
val []byte
|
value []byte
|
||||||
sig []byte
|
sig interop.Signature
|
||||||
pub interop.PublicKey
|
pub interop.PublicKey
|
||||||
|
token []byte
|
||||||
|
}
|
||||||
|
|
||||||
|
ExtendedACL struct {
|
||||||
|
value []byte
|
||||||
|
sig interop.Signature
|
||||||
|
pub interop.PublicKey
|
||||||
|
token []byte
|
||||||
}
|
}
|
||||||
|
|
||||||
estimation struct {
|
estimation struct {
|
||||||
|
@ -102,7 +110,7 @@ func Migrate(script []byte, manifest []byte) bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
func Put(container []byte, signature interop.Signature, publicKey interop.PublicKey) bool {
|
func Put(container []byte, signature interop.Signature, publicKey interop.PublicKey, token []byte) bool {
|
||||||
ctx := storage.GetContext()
|
ctx := storage.GetContext()
|
||||||
notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool)
|
notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool)
|
||||||
|
|
||||||
|
@ -111,6 +119,12 @@ func Put(container []byte, signature interop.Signature, publicKey interop.Public
|
||||||
ownerID := container[offset : offset+25] // offset + size of owner
|
ownerID := container[offset : offset+25] // offset + size of owner
|
||||||
containerID := crypto.Sha256(container)
|
containerID := crypto.Sha256(container)
|
||||||
neofsIDContractAddr := storage.Get(ctx, neofsIDContractKey).(interop.Hash160)
|
neofsIDContractAddr := storage.Get(ctx, neofsIDContractKey).(interop.Hash160)
|
||||||
|
cnr := Container{
|
||||||
|
value: container,
|
||||||
|
sig: signature,
|
||||||
|
pub: publicKey,
|
||||||
|
token: token,
|
||||||
|
}
|
||||||
|
|
||||||
var ( // for invocation collection without notary
|
var ( // for invocation collection without notary
|
||||||
alphabet = common.AlphabetNodes()
|
alphabet = common.AlphabetNodes()
|
||||||
|
@ -127,7 +141,7 @@ func Put(container []byte, signature interop.Signature, publicKey interop.Public
|
||||||
}
|
}
|
||||||
|
|
||||||
if !alphabetCall {
|
if !alphabetCall {
|
||||||
runtime.Notify("containerPut", container, signature, publicKey)
|
runtime.Notify("containerPut", container, signature, publicKey, token)
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -167,15 +181,18 @@ func Put(container []byte, signature interop.Signature, publicKey interop.Public
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
addContainer(ctx, containerID, ownerID, container)
|
addContainer(ctx, containerID, ownerID, cnr)
|
||||||
|
|
||||||
|
if len(token) == 0 { // if container created directly without session
|
||||||
contract.Call(neofsIDContractAddr, "addKey", contract.All, ownerID, [][]byte{publicKey})
|
contract.Call(neofsIDContractAddr, "addKey", contract.All, ownerID, [][]byte{publicKey})
|
||||||
|
}
|
||||||
|
|
||||||
runtime.Log("put: added new container")
|
runtime.Log("put: added new container")
|
||||||
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
func Delete(containerID, signature []byte) bool {
|
func Delete(containerID []byte, signature interop.Signature, token []byte) bool {
|
||||||
ctx := storage.GetContext()
|
ctx := storage.GetContext()
|
||||||
notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool)
|
notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool)
|
||||||
|
|
||||||
|
@ -200,7 +217,7 @@ func Delete(containerID, signature []byte) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
if !alphabetCall {
|
if !alphabetCall {
|
||||||
runtime.Notify("containerDelete", containerID, signature)
|
runtime.Notify("containerDelete", containerID, signature, token)
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -222,9 +239,9 @@ func Delete(containerID, signature []byte) bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
func Get(containerID []byte) []byte {
|
func Get(containerID []byte) Container {
|
||||||
ctx := storage.GetReadOnlyContext()
|
ctx := storage.GetReadOnlyContext()
|
||||||
return storage.Get(ctx, containerID).([]byte)
|
return getContainer(ctx, containerID)
|
||||||
}
|
}
|
||||||
|
|
||||||
func Owner(containerID []byte) []byte {
|
func Owner(containerID []byte) []byte {
|
||||||
|
@ -259,7 +276,7 @@ func List(owner []byte) [][]byte {
|
||||||
return list
|
return list
|
||||||
}
|
}
|
||||||
|
|
||||||
func SetEACL(eACL, signature, publicKey []byte) bool {
|
func SetEACL(eACL []byte, signature interop.Signature, publicKey interop.PublicKey, token []byte) bool {
|
||||||
ctx := storage.GetContext()
|
ctx := storage.GetContext()
|
||||||
notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool)
|
notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool)
|
||||||
|
|
||||||
|
@ -289,14 +306,15 @@ func SetEACL(eACL, signature, publicKey []byte) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
if !alphabetCall {
|
if !alphabetCall {
|
||||||
runtime.Notify("setEACL", eACL, signature, publicKey)
|
runtime.Notify("setEACL", eACL, signature, publicKey, token)
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
rule := extendedACL{
|
rule := ExtendedACL{
|
||||||
val: eACL,
|
value: eACL,
|
||||||
sig: signature,
|
sig: signature,
|
||||||
pub: publicKey,
|
pub: publicKey,
|
||||||
|
token: token,
|
||||||
}
|
}
|
||||||
|
|
||||||
key := append(eACLPrefix, containerID...)
|
key := append(eACLPrefix, containerID...)
|
||||||
|
@ -320,7 +338,7 @@ func SetEACL(eACL, signature, publicKey []byte) bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
func EACL(containerID []byte) extendedACL {
|
func EACL(containerID []byte) ExtendedACL {
|
||||||
ctx := storage.GetReadOnlyContext()
|
ctx := storage.GetReadOnlyContext()
|
||||||
|
|
||||||
ownerID := getOwnerByID(ctx, containerID)
|
ownerID := getOwnerByID(ctx, containerID)
|
||||||
|
@ -500,10 +518,10 @@ func Version() int {
|
||||||
return version
|
return version
|
||||||
}
|
}
|
||||||
|
|
||||||
func addContainer(ctx storage.Context, id []byte, owner []byte, container []byte) {
|
func addContainer(ctx storage.Context, id, owner []byte, container Container) {
|
||||||
addOrAppend(ctx, ownersKey, owner)
|
addOrAppend(ctx, ownersKey, owner)
|
||||||
addOrAppend(ctx, owner, id)
|
addOrAppend(ctx, owner, id)
|
||||||
storage.Put(ctx, id, container)
|
common.SetSerialized(ctx, id, container)
|
||||||
}
|
}
|
||||||
|
|
||||||
func removeContainer(ctx storage.Context, id []byte, owner []byte) {
|
func removeContainer(ctx storage.Context, id []byte, owner []byte) {
|
||||||
|
@ -571,14 +589,23 @@ func getAllContainers(ctx storage.Context) [][]byte {
|
||||||
return list
|
return list
|
||||||
}
|
}
|
||||||
|
|
||||||
func getEACL(ctx storage.Context, cid []byte) extendedACL {
|
func getEACL(ctx storage.Context, cid []byte) ExtendedACL {
|
||||||
key := append(eACLPrefix, cid...)
|
key := append(eACLPrefix, cid...)
|
||||||
data := storage.Get(ctx, key)
|
data := storage.Get(ctx, key)
|
||||||
if data != nil {
|
if data != nil {
|
||||||
return std.Deserialize(data.([]byte)).(extendedACL)
|
return std.Deserialize(data.([]byte)).(ExtendedACL)
|
||||||
}
|
}
|
||||||
|
|
||||||
return extendedACL{val: []byte{}, sig: interop.Signature{}, pub: interop.PublicKey{}}
|
return ExtendedACL{value: []byte{}, sig: interop.Signature{}, pub: interop.PublicKey{}, token: []byte{}}
|
||||||
|
}
|
||||||
|
|
||||||
|
func getContainer(ctx storage.Context, cid []byte) Container {
|
||||||
|
data := storage.Get(ctx, cid)
|
||||||
|
if data != nil {
|
||||||
|
return std.Deserialize(data.([]byte)).(Container)
|
||||||
|
}
|
||||||
|
|
||||||
|
return Container{value: []byte{}, sig: interop.Signature{}, pub: interop.PublicKey{}, token: []byte{}}
|
||||||
}
|
}
|
||||||
|
|
||||||
func getOwnerByID(ctx storage.Context, id []byte) []byte {
|
func getOwnerByID(ctx storage.Context, id []byte) []byte {
|
||||||
|
|
Loading…
Reference in a new issue