forked from TrueCloudLab/frostfs-node
[#561] acl: Fetch bearer token from original request meta header
Request meta headers are organized in a layers, where upper layers re-sign down layers. Bearer token should be a part of original meta header and it can be omitted in upper layers. Therefore we need to traverse over linked list of meta header to the original meta header to get bearer token. Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
parent
8448207854
commit
d368afffe5
1 changed files with 17 additions and 7 deletions
|
@ -149,7 +149,7 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
|
||||||
req := metaWithToken{
|
req := metaWithToken{
|
||||||
vheader: request.GetVerificationHeader(),
|
vheader: request.GetVerificationHeader(),
|
||||||
token: sTok,
|
token: sTok,
|
||||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
bearer: originalBearerToken(request.GetMetaHeader()),
|
||||||
src: request,
|
src: request,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -197,7 +197,7 @@ func (b Service) Head(
|
||||||
req := metaWithToken{
|
req := metaWithToken{
|
||||||
vheader: request.GetVerificationHeader(),
|
vheader: request.GetVerificationHeader(),
|
||||||
token: sTok,
|
token: sTok,
|
||||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
bearer: originalBearerToken(request.GetMetaHeader()),
|
||||||
src: request,
|
src: request,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -236,7 +236,7 @@ func (b Service) Search(request *object.SearchRequest, stream objectSvc.SearchSt
|
||||||
req := metaWithToken{
|
req := metaWithToken{
|
||||||
vheader: request.GetVerificationHeader(),
|
vheader: request.GetVerificationHeader(),
|
||||||
token: request.GetMetaHeader().GetSessionToken(),
|
token: request.GetMetaHeader().GetSessionToken(),
|
||||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
bearer: originalBearerToken(request.GetMetaHeader()),
|
||||||
src: request,
|
src: request,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -273,7 +273,7 @@ func (b Service) Delete(
|
||||||
req := metaWithToken{
|
req := metaWithToken{
|
||||||
vheader: request.GetVerificationHeader(),
|
vheader: request.GetVerificationHeader(),
|
||||||
token: sTok,
|
token: sTok,
|
||||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
bearer: originalBearerToken(request.GetMetaHeader()),
|
||||||
src: request,
|
src: request,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -305,7 +305,7 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
|
||||||
req := metaWithToken{
|
req := metaWithToken{
|
||||||
vheader: request.GetVerificationHeader(),
|
vheader: request.GetVerificationHeader(),
|
||||||
token: sTok,
|
token: sTok,
|
||||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
bearer: originalBearerToken(request.GetMetaHeader()),
|
||||||
src: request,
|
src: request,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -343,7 +343,7 @@ func (b Service) GetRangeHash(
|
||||||
req := metaWithToken{
|
req := metaWithToken{
|
||||||
vheader: request.GetVerificationHeader(),
|
vheader: request.GetVerificationHeader(),
|
||||||
token: sTok,
|
token: sTok,
|
||||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
bearer: originalBearerToken(request.GetMetaHeader()),
|
||||||
src: request,
|
src: request,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -387,7 +387,7 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
|
||||||
req := metaWithToken{
|
req := metaWithToken{
|
||||||
vheader: request.GetVerificationHeader(),
|
vheader: request.GetVerificationHeader(),
|
||||||
token: sTok,
|
token: sTok,
|
||||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
bearer: originalBearerToken(request.GetMetaHeader()),
|
||||||
src: request,
|
src: request,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -771,3 +771,13 @@ func isOwnerFromKey(id *owner.ID, key *ecdsa.PublicKey) bool {
|
||||||
// binary comparison is better but MarshalBinary is more expensive
|
// binary comparison is better but MarshalBinary is more expensive
|
||||||
return bytes.Equal(id.ToV2().GetValue(), wallet.Bytes())
|
return bytes.Equal(id.ToV2().GetValue(), wallet.Bytes())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// originalBearerToken goes down to original request meta header and fetches
|
||||||
|
// bearer token from there.
|
||||||
|
func originalBearerToken(header *session.RequestMetaHeader) *bearer.BearerToken {
|
||||||
|
for header.GetOrigin() != nil {
|
||||||
|
header = header.GetOrigin()
|
||||||
|
}
|
||||||
|
|
||||||
|
return header.GetBearerToken()
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue