frostfs-node/cmd/neofs-cli/modules/bearer/create.go

package bearer

import (
	"context"
	"encoding/json"
	"fmt"
	"io/ioutil"
	"time"

	internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"
	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"
	"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"
	"github.com/nspcc-dev/neofs-sdk-go/bearer"
	eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"
	"github.com/nspcc-dev/neofs-sdk-go/user"
	"github.com/spf13/cobra"
)

const (
	eaclFlag           = "eacl"
	issuedAtFlag       = "issued-at"
	notValidBeforeFlag = "not-valid-before"
	expireAtFlag       = "expire-at"
	ownerFlag          = "owner"
	outFlag            = "out"
	jsonFlag           = commonflags.JSON
)

var createCmd = &cobra.Command{
	Use:   "create",
	Short: "Create bearer token",
	Long: `Create bearer token.

All epoch flags can be specified relative to the current epoch with the +n syntax.
In this case --` + commonflags.RPC + ` flag should be specified and the epoch in bearer token
is set to current epoch + n.
`,
	RunE: createToken,
}

func init() {
	createCmd.Flags().StringP(eaclFlag, "e", "", "path to the extended ACL table")
	createCmd.Flags().StringP(issuedAtFlag, "i", "", "epoch to issue token at")
	createCmd.Flags().StringP(notValidBeforeFlag, "n", "", "not valid before epoch")
	createCmd.Flags().StringP(expireAtFlag, "x", "", "expiration epoch")
	createCmd.Flags().StringP(ownerFlag, "o", "", "token owner")
	createCmd.Flags().String(outFlag, "", "file to write token to")
	createCmd.Flags().Bool(jsonFlag, false, "output token in JSON")
	createCmd.Flags().StringP(commonflags.RPC, commonflags.RPCShorthand, commonflags.RPCDefault, commonflags.RPCUsage)

	_ = cobra.MarkFlagFilename(createCmd.Flags(), eaclFlag)

	_ = cobra.MarkFlagRequired(createCmd.Flags(), issuedAtFlag)
	_ = cobra.MarkFlagRequired(createCmd.Flags(), notValidBeforeFlag)
	_ = cobra.MarkFlagRequired(createCmd.Flags(), expireAtFlag)
	_ = cobra.MarkFlagRequired(createCmd.Flags(), ownerFlag)
	_ = cobra.MarkFlagRequired(createCmd.Flags(), outFlag)
}

func createToken(cmd *cobra.Command, _ []string) error {
	iat, iatRelative, err := common.ParseEpoch(cmd, issuedAtFlag)
	if err != nil {
		return err
	}
	exp, expRelative, err := common.ParseEpoch(cmd, expireAtFlag)
	if err != nil {
		return err
	}
	nvb, nvbRelative, err := common.ParseEpoch(cmd, notValidBeforeFlag)
	if err != nil {
		return err
	}
	if iatRelative || expRelative || nvbRelative {
		ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
		defer cancel()

		endpoint, _ := cmd.Flags().GetString(commonflags.RPC)
		currEpoch, err := internalclient.GetCurrentEpoch(ctx, endpoint)
		if err != nil {
			return err
		}
		if iatRelative {
			iat += currEpoch
		}
		if expRelative {
			exp += currEpoch
		}
		if nvbRelative {
			nvb += currEpoch
		}
	}
	if exp < nvb {
		return fmt.Errorf("expiration epoch is less than not-valid-before epoch: %d < %d", exp, nvb)
	}

	ownerStr, _ := cmd.Flags().GetString(ownerFlag)

	var ownerID user.ID
	if err := ownerID.DecodeString(ownerStr); err != nil {
		return fmt.Errorf("can't parse recipient: %w", err)
	}

	var b bearer.Token
	b.SetExp(exp)
	b.SetNbf(nvb)
	b.SetIat(iat)
	b.ForUser(ownerID)

	eaclPath, _ := cmd.Flags().GetString(eaclFlag)
	if eaclPath != "" {
		table := eaclSDK.NewTable()
		raw, err := ioutil.ReadFile(eaclPath)
		if err != nil {
			return fmt.Errorf("can't read extended ACL file: %w", err)
		}
		if err := json.Unmarshal(raw, table); err != nil {
			return fmt.Errorf("can't parse extended ACL: %w", err)
		}
		b.SetEACLTable(*table)
	}

	var data []byte

	toJSON, _ := cmd.Flags().GetBool(jsonFlag)
	if toJSON {
		data, err = json.Marshal(b)
		if err != nil {
			return fmt.Errorf("can't mashal token to JSON: %w", err)
		}
	} else {
		data = b.Marshal()
	}

	out, _ := cmd.Flags().GetString(outFlag)
	if err := ioutil.WriteFile(out, data, 0644); err != nil {
		return fmt.Errorf("can't write token to file: %w", err)
	}

	return nil
}
[#1216] neofs-cli: Rename `token` subcommand to `bearer` It works only with the bearer token. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-28 09:09:49 +00:00			`package bearer`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00
			`import (`
[#1461] cli: Add context to `GetCurrentEpoch` helper Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-17 07:36:23 +00:00			`"context"`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`"encoding/json"`
			`"fmt"`
			`"io/ioutil"`
[#1461] cli: Add context to `GetCurrentEpoch` helper Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-17 07:36:23 +00:00			`"time"`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00
[#1216] neofs-cli: Reuse `GetSDKClient` between CLI modules Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-28 09:36:04 +00:00			`internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client"`
[#1461] cli: Reorganize common functions Make `ParseEpoch` and `GetCurrentEpoch` funcs public and move the first one to the `common` package. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-08 10:13:44 +00:00			`"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/common"`
[#1379] neofs-cli: Move common flags to a separate package Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-05-18 09:22:02 +00:00			`"github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/commonflags"`
[#1371] bearer: Upgrade SDK package Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-12 07:22:02 +00:00			`"github.com/nspcc-dev/neofs-sdk-go/bearer"`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl"`
[#1400] owner: Upgrade SDK package Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-17 13:59:46 +00:00			`"github.com/nspcc-dev/neofs-sdk-go/user"`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`"github.com/spf13/cobra"`
			`)`

			`const (`
			`eaclFlag = "eacl"`
			`issuedAtFlag = "issued-at"`
			`notValidBeforeFlag = "not-valid-before"`
			`expireAtFlag = "expire-at"`
			`ownerFlag = "owner"`
			`outFlag = "out"`
[#1323] neofs-cli: Reuse JSON flag for multiple commands Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-06-23 13:52:47 +00:00			`jsonFlag = commonflags.JSON`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`)`

			`var createCmd = &cobra.Command{`
			`Use: "create",`
			`Short: "Create bearer token",`
[#1261] neofs-cli: Allow to use relative epoch for bearer token Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 13:22:09 +00:00			Long: `Create bearer token.

			`All epoch flags can be specified relative to the current epoch with the +n syntax.`
[#1379] neofs-cli: Move common flags to a separate package Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-05-18 09:22:02 +00:00			In this case --` + commonflags.RPC + ` flag should be specified and the epoch in bearer token
[#1261] neofs-cli: Allow to use relative epoch for bearer token Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 13:22:09 +00:00			`is set to current epoch + n.`
			`,
			`RunE: createToken,`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`}`

			`func init() {`
			`createCmd.Flags().StringP(eaclFlag, "e", "", "path to the extended ACL table")`
[#1261] neofs-cli: Allow to use relative epoch for bearer token Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 13:22:09 +00:00			`createCmd.Flags().StringP(issuedAtFlag, "i", "", "epoch to issue token at")`
			`createCmd.Flags().StringP(notValidBeforeFlag, "n", "", "not valid before epoch")`
			`createCmd.Flags().StringP(expireAtFlag, "x", "", "expiration epoch")`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`createCmd.Flags().StringP(ownerFlag, "o", "", "token owner")`
			`createCmd.Flags().String(outFlag, "", "file to write token to")`
			`createCmd.Flags().Bool(jsonFlag, false, "output token in JSON")`
[#1379] neofs-cli: Move common flags to a separate package Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-05-18 09:22:02 +00:00			`createCmd.Flags().StringP(commonflags.RPC, commonflags.RPCShorthand, commonflags.RPCDefault, commonflags.RPCUsage)`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00
			`_ = cobra.MarkFlagFilename(createCmd.Flags(), eaclFlag)`

			`_ = cobra.MarkFlagRequired(createCmd.Flags(), issuedAtFlag)`
			`_ = cobra.MarkFlagRequired(createCmd.Flags(), notValidBeforeFlag)`
			`_ = cobra.MarkFlagRequired(createCmd.Flags(), expireAtFlag)`
			`_ = cobra.MarkFlagRequired(createCmd.Flags(), ownerFlag)`
			`_ = cobra.MarkFlagRequired(createCmd.Flags(), outFlag)`
			`}`

			`func createToken(cmd *cobra.Command, _ []string) error {`
[#1461] cli: Reorganize common functions Make `ParseEpoch` and `GetCurrentEpoch` funcs public and move the first one to the `common` package. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-08 10:13:44 +00:00			`iat, iatRelative, err := common.ParseEpoch(cmd, issuedAtFlag)`
[#1261] neofs-cli: Allow to use relative epoch for bearer token Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 13:22:09 +00:00			`if err != nil {`
			`return err`
			`}`
[#1461] cli: Reorganize common functions Make `ParseEpoch` and `GetCurrentEpoch` funcs public and move the first one to the `common` package. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-08 10:13:44 +00:00			`exp, expRelative, err := common.ParseEpoch(cmd, expireAtFlag)`
[#1261] neofs-cli: Allow to use relative epoch for bearer token Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 13:22:09 +00:00			`if err != nil {`
			`return err`
			`}`
[#1461] cli: Reorganize common functions Make `ParseEpoch` and `GetCurrentEpoch` funcs public and move the first one to the `common` package. Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-08 10:13:44 +00:00			`nvb, nvbRelative, err := common.ParseEpoch(cmd, notValidBeforeFlag)`
[#1261] neofs-cli: Allow to use relative epoch for bearer token Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 13:22:09 +00:00			`if err != nil {`
			`return err`
			`}`
			`if iatRelative \|\| expRelative \|\| nvbRelative {`
[#1461] cli: Add context to `GetCurrentEpoch` helper Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-17 07:36:23 +00:00			`ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)`
			`defer cancel()`

[#1379] neofs-cli: Move common flags to a separate package Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-05-18 09:22:02 +00:00			`endpoint, _ := cmd.Flags().GetString(commonflags.RPC)`
[#1461] cli: Add context to `GetCurrentEpoch` helper Signed-off-by: Pavel Karpy <carpawell@nspcc.ru> 2022-06-17 07:36:23 +00:00			`currEpoch, err := internalclient.GetCurrentEpoch(ctx, endpoint)`
[#1261] neofs-cli: Allow to use relative epoch for bearer token Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 13:22:09 +00:00			`if err != nil {`
			`return err`
			`}`
			`if iatRelative {`
			`iat += currEpoch`
			`}`
			`if expRelative {`
			`exp += currEpoch`
			`}`
			`if nvbRelative {`
			`nvb += currEpoch`
			`}`
			`}`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`if exp < nvb {`
			`return fmt.Errorf("expiration epoch is less than not-valid-before epoch: %d < %d", exp, nvb)`
			`}`

			`ownerStr, _ := cmd.Flags().GetString(ownerFlag)`
[#1400] owner: Upgrade SDK package Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-17 13:59:46 +00:00
			`var ownerID user.ID`
			`if err := ownerID.DecodeString(ownerStr); err != nil {`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`return fmt.Errorf("can't parse recipient: %w", err)`
			`}`

[#1371] bearer: Upgrade SDK package Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-12 07:22:02 +00:00			`var b bearer.Token`
Upgrade NeoFS SDK Go to v1.0.0-rc.4 and NeoFS API Go to v2.12.2 Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-06-03 14:12:55 +00:00			`b.SetExp(exp)`
			`b.SetNbf(nvb)`
			`b.SetIat(iat)`
			`b.ForUser(ownerID)`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00
			`eaclPath, _ := cmd.Flags().GetString(eaclFlag)`
			`if eaclPath != "" {`
			`table := eaclSDK.NewTable()`
			`raw, err := ioutil.ReadFile(eaclPath)`
			`if err != nil {`
			`return fmt.Errorf("can't read extended ACL file: %w", err)`
			`}`
			`if err := json.Unmarshal(raw, table); err != nil {`
			`return fmt.Errorf("can't parse extended ACL: %w", err)`
			`}`
[#1371] bearer: Upgrade SDK package Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-12 07:22:02 +00:00			`b.SetEACLTable(*table)`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`}`

			`var data []byte`

			`toJSON, _ := cmd.Flags().GetBool(jsonFlag)`
			`if toJSON {`
			`data, err = json.Marshal(b)`
[#1371] bearer: Upgrade SDK package Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-12 07:22:02 +00:00			`if err != nil {`
			`return fmt.Errorf("can't mashal token to JSON: %w", err)`
			`}`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`} else {`
[#1371] bearer: Upgrade SDK package Signed-off-by: Leonard Lyubich <leonard@nspcc.ru> 2022-05-12 07:22:02 +00:00			`data = b.Marshal()`
[#1261] neofs-cli: Allow to create bearer tokens Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru> 2022-03-23 12:47:34 +00:00			`}`

			`out, _ := cmd.Flags().GetString(outFlag)`
			`if err := ioutil.WriteFile(out, data, 0644); err != nil {`
			`return fmt.Errorf("can't write token to file: %w", err)`
			`}`

			`return nil`
			`}`