acid-ant/frostfs-contract
1
0
Fork 0
forked from TrueCloudLab/frostfs-contract
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#78] container: Support session token

Browse source 
Container now stored the same way as ExtendedACL: with
signature and session token. This is required for signature
checks when session token presented.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2021-05-21 16:27:01 +03:00 committed by Alex Vanin
parent ccafbcbdcd
commit de255b0a43
2 changed files with 57 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
container/config.yml
View file

@ -9,12 +9,16 @@ events:
type: ByteArray type: ByteArray
- name: publicKey - name: publicKey
type: ByteArray type: ByteArray
- name: token
type: ByteArray
- name: containerDelete - name: containerDelete
parameters: parameters:
- name: containerID - name: containerID
type: ByteArray type: ByteArray
- name: signature - name: signature
type: ByteArray type: ByteArray
- name: token
type: ByteArray
- name: setEACL - name: setEACL
parameters: parameters:
- name: eACL - name: eACL
@ -23,6 +27,8 @@ events:
type: ByteArray type: ByteArray
- name: publicKey - name: publicKey
type: ByteArray type: ByteArray
- name: token
type: ByteArray
- name: StartEstimation - name: StartEstimation
parameters: parameters:
- name: epoch - name: epoch

75
container/container_contract.go
View file

@ -17,10 +17,18 @@ type (
info []byte info []byte
} }
extendedACL struct { Container struct {
val []byte value []byte
sig []byte sig interop.Signature
pub interop.PublicKey pub interop.PublicKey
token []byte
}
ExtendedACL struct {
value []byte
sig interop.Signature
pub interop.PublicKey
token []byte
} }
estimation struct { estimation struct {
@ -102,7 +110,7 @@ func Migrate(script []byte, manifest []byte) bool {
return true return true
} }
func Put(container []byte, signature interop.Signature, publicKey interop.PublicKey) bool { func Put(container []byte, signature interop.Signature, publicKey interop.PublicKey, token []byte) bool {
ctx := storage.GetContext() ctx := storage.GetContext()
notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool) notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool)
@ -111,6 +119,12 @@ func Put(container []byte, signature interop.Signature, publicKey interop.Public
ownerID := container[offset : offset+25] // offset + size of owner ownerID := container[offset : offset+25] // offset + size of owner
containerID := crypto.Sha256(container) containerID := crypto.Sha256(container)
neofsIDContractAddr := storage.Get(ctx, neofsIDContractKey).(interop.Hash160) neofsIDContractAddr := storage.Get(ctx, neofsIDContractKey).(interop.Hash160)
cnr := Container{
value: container,
sig: signature,
pub: publicKey,
token: token,
}
var ( // for invocation collection without notary var ( // for invocation collection without notary
alphabet = common.AlphabetNodes() alphabet = common.AlphabetNodes()
@ -127,7 +141,7 @@ func Put(container []byte, signature interop.Signature, publicKey interop.Public
} }
if !alphabetCall { if !alphabetCall {
runtime.Notify("containerPut", container, signature, publicKey) runtime.Notify("containerPut", container, signature, publicKey, token)
return true return true
} }
@ -167,15 +181,18 @@ func Put(container []byte, signature interop.Signature, publicKey interop.Public
} }
} }
addContainer(ctx, containerID, ownerID, container) addContainer(ctx, containerID, ownerID, cnr)
contract.Call(neofsIDContractAddr, "addKey", contract.All, ownerID, [][]byte{publicKey})
if len(token) == 0 { // if container created directly without session
contract.Call(neofsIDContractAddr, "addKey", contract.All, ownerID, [][]byte{publicKey})
}
runtime.Log("put: added new container") runtime.Log("put: added new container")
return true return true
} }
func Delete(containerID, signature []byte) bool { func Delete(containerID []byte, signature interop.Signature, token []byte) bool {
ctx := storage.GetContext() ctx := storage.GetContext()
notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool) notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool)
@ -200,7 +217,7 @@ func Delete(containerID, signature []byte) bool {
} }
if !alphabetCall { if !alphabetCall {
runtime.Notify("containerDelete", containerID, signature) runtime.Notify("containerDelete", containerID, signature, token)
return true return true
} }
@ -222,9 +239,9 @@ func Delete(containerID, signature []byte) bool {
return true return true
} }
func Get(containerID []byte) []byte { func Get(containerID []byte) Container {
ctx := storage.GetReadOnlyContext() ctx := storage.GetReadOnlyContext()
return storage.Get(ctx, containerID).([]byte) return getContainer(ctx, containerID)
} }
func Owner(containerID []byte) []byte { func Owner(containerID []byte) []byte {
@ -259,7 +276,7 @@ func List(owner []byte) [][]byte {
return list return list
} }
func SetEACL(eACL, signature, publicKey []byte) bool { func SetEACL(eACL []byte, signature interop.Signature, publicKey interop.PublicKey, token []byte) bool {
ctx := storage.GetContext() ctx := storage.GetContext()
notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool) notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool)
@ -289,14 +306,15 @@ func SetEACL(eACL, signature, publicKey []byte) bool {
} }
if !alphabetCall { if !alphabetCall {
runtime.Notify("setEACL", eACL, signature, publicKey) runtime.Notify("setEACL", eACL, signature, publicKey, token)
return true return true
} }
rule := extendedACL{ rule := ExtendedACL{
val: eACL, value: eACL,
sig: signature, sig: signature,
pub: publicKey, pub: publicKey,
token: token,
} }
key := append(eACLPrefix, containerID...) key := append(eACLPrefix, containerID...)
@ -320,7 +338,7 @@ func SetEACL(eACL, signature, publicKey []byte) bool {
return true return true
} }
func EACL(containerID []byte) extendedACL { func EACL(containerID []byte) ExtendedACL {
ctx := storage.GetReadOnlyContext() ctx := storage.GetReadOnlyContext()
ownerID := getOwnerByID(ctx, containerID) ownerID := getOwnerByID(ctx, containerID)
@ -500,10 +518,10 @@ func Version() int {
return version return version
} }
func addContainer(ctx storage.Context, id []byte, owner []byte, container []byte) { func addContainer(ctx storage.Context, id, owner []byte, container Container) {
addOrAppend(ctx, ownersKey, owner) addOrAppend(ctx, ownersKey, owner)
addOrAppend(ctx, owner, id) addOrAppend(ctx, owner, id)
storage.Put(ctx, id, container) common.SetSerialized(ctx, id, container)
} }
func removeContainer(ctx storage.Context, id []byte, owner []byte) { func removeContainer(ctx storage.Context, id []byte, owner []byte) {
@ -571,14 +589,23 @@ func getAllContainers(ctx storage.Context) [][]byte {
return list return list
} }
func getEACL(ctx storage.Context, cid []byte) extendedACL { func getEACL(ctx storage.Context, cid []byte) ExtendedACL {
key := append(eACLPrefix, cid...) key := append(eACLPrefix, cid...)
data := storage.Get(ctx, key) data := storage.Get(ctx, key)
if data != nil { if data != nil {
return std.Deserialize(data.([]byte)).(extendedACL) return std.Deserialize(data.([]byte)).(ExtendedACL)
} }
return extendedACL{val: []byte{}, sig: interop.Signature{}, pub: interop.PublicKey{}} return ExtendedACL{value: []byte{}, sig: interop.Signature{}, pub: interop.PublicKey{}, token: []byte{}}
}
func getContainer(ctx storage.Context, cid []byte) Container {
data := storage.Get(ctx, cid)
if data != nil {
return std.Deserialize(data.([]byte)).(Container)
}
return Container{value: []byte{}, sig: interop.Signature{}, pub: interop.PublicKey{}, token: []byte{}}
} }
func getOwnerByID(ctx storage.Context, id []byte) []byte { func getOwnerByID(ctx storage.Context, id []byte) []byte {