From 3a188bb2e52be55561fa4f509a6c65f83f483285 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Thu, 12 May 2022 10:22:02 +0300 Subject: [PATCH] [#1371] bearer: Upgrade SDK package Signed-off-by: Leonard Lyubich --- cmd/neofs-cli/internal/client/prm.go | 6 +-- cmd/neofs-cli/modules/bearer/create.go | 20 ++++---- cmd/neofs-cli/modules/object.go | 8 +-- cmd/neofs-cli/modules/root.go | 4 +- cmd/neofs-cli/modules/util.go | 27 +--------- go.mod | 2 +- go.sum | Bin 98319 -> 98574 bytes pkg/services/object/acl/acl.go | 48 +++++++++--------- pkg/services/object/acl/v2/request.go | 8 +-- pkg/services/object/acl/v2/util.go | 14 +++-- pkg/services/object/acl/v2/util_test.go | 11 ++-- pkg/services/object/internal/client/client.go | 6 +-- pkg/services/object/util/prm.go | 9 ++-- 13 files changed, 78 insertions(+), 85 deletions(-) diff --git a/cmd/neofs-cli/internal/client/prm.go b/cmd/neofs-cli/internal/client/prm.go index 391e40f10..5b81e06db 100644 --- a/cmd/neofs-cli/internal/client/prm.go +++ b/cmd/neofs-cli/internal/client/prm.go @@ -3,11 +3,11 @@ package internal import ( "io" + "github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/client" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address" "github.com/nspcc-dev/neofs-sdk-go/session" - "github.com/nspcc-dev/neofs-sdk-go/token" ) // here are small structures with public setters to share between parameter structures @@ -40,11 +40,11 @@ func (x *sessionTokenPrm) SetSessionToken(tok *session.Token) { } type bearerTokenPrm struct { - bearerToken *token.BearerToken + bearerToken *bearer.Token } // SetBearerToken sets the bearer token to be attached to the request. -func (x *bearerTokenPrm) SetBearerToken(tok *token.BearerToken) { +func (x *bearerTokenPrm) SetBearerToken(tok *bearer.Token) { x.bearerToken = tok } diff --git a/cmd/neofs-cli/modules/bearer/create.go b/cmd/neofs-cli/modules/bearer/create.go index 4f9f8a69a..f9df51d19 100644 --- a/cmd/neofs-cli/modules/bearer/create.go +++ b/cmd/neofs-cli/modules/bearer/create.go @@ -13,10 +13,10 @@ import ( internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client" "github.com/nspcc-dev/neofs-node/pkg/network" + "github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/client" eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl" "github.com/nspcc-dev/neofs-sdk-go/owner" - "github.com/nspcc-dev/neofs-sdk-go/token" "github.com/spf13/cobra" ) @@ -101,9 +101,11 @@ func createToken(cmd *cobra.Command, _ []string) error { return fmt.Errorf("can't parse recipient: %w", err) } - b := token.NewBearerToken() - b.SetLifetime(exp, nvb, iat) - b.SetOwner(ownerID) + var b bearer.Token + b.SetExpiration(exp) + b.SetNotBefore(nvb) + b.SetIssuedAt(iat) + b.SetOwnerID(*ownerID) eaclPath, _ := cmd.Flags().GetString(eaclFlag) if eaclPath != "" { @@ -115,7 +117,7 @@ func createToken(cmd *cobra.Command, _ []string) error { if err := json.Unmarshal(raw, table); err != nil { return fmt.Errorf("can't parse extended ACL: %w", err) } - b.SetEACLTable(table) + b.SetEACLTable(*table) } var data []byte @@ -123,11 +125,11 @@ func createToken(cmd *cobra.Command, _ []string) error { toJSON, _ := cmd.Flags().GetBool(jsonFlag) if toJSON { data, err = json.Marshal(b) + if err != nil { + return fmt.Errorf("can't mashal token to JSON: %w", err) + } } else { - data, err = b.Marshal(nil) - } - if err != nil { - return fmt.Errorf("can't mashal token: %w", err) + data = b.Marshal() } out, _ := cmd.Flags().GetString(outFlag) diff --git a/cmd/neofs-cli/modules/object.go b/cmd/neofs-cli/modules/object.go index c16d115af..b4ff8abb2 100644 --- a/cmd/neofs-cli/modules/object.go +++ b/cmd/neofs-cli/modules/object.go @@ -18,6 +18,7 @@ import ( objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object" internalclient "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/internal/client" sessionCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/session" + "github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/checksum" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" "github.com/nspcc-dev/neofs-sdk-go/object" @@ -25,7 +26,6 @@ import ( oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id" "github.com/nspcc-dev/neofs-sdk-go/owner" "github.com/nspcc-dev/neofs-sdk-go/session" - "github.com/nspcc-dev/neofs-sdk-go/token" "github.com/spf13/cobra" ) @@ -1056,7 +1056,7 @@ func marshalHeader(cmd *cobra.Command, hdr *object.Object) ([]byte, error) { } } -func getBearerToken(cmd *cobra.Command, flagname string) (*token.BearerToken, error) { +func getBearerToken(cmd *cobra.Command, flagname string) (*bearer.Token, error) { path, err := cmd.Flags().GetString(flagname) if err != nil || len(path) == 0 { return nil, nil @@ -1067,7 +1067,7 @@ func getBearerToken(cmd *cobra.Command, flagname string) (*token.BearerToken, er return nil, fmt.Errorf("can't read bearer token file: %w", err) } - tok := token.NewBearerToken() + var tok bearer.Token if err := tok.UnmarshalJSON(data); err != nil { if err = tok.Unmarshal(data); err != nil { return nil, fmt.Errorf("can't decode bearer token: %w", err) @@ -1078,7 +1078,7 @@ func getBearerToken(cmd *cobra.Command, flagname string) (*token.BearerToken, er printVerbose("Using JSON encoded bearer token") } - return tok, nil + return &tok, nil } func getObjectRange(cmd *cobra.Command, _ []string) { diff --git a/cmd/neofs-cli/modules/root.go b/cmd/neofs-cli/modules/root.go index 3d27e38ec..940daeeab 100644 --- a/cmd/neofs-cli/modules/root.go +++ b/cmd/neofs-cli/modules/root.go @@ -17,10 +17,10 @@ import ( sessionCli "github.com/nspcc-dev/neofs-node/cmd/neofs-cli/modules/session" "github.com/nspcc-dev/neofs-node/misc" "github.com/nspcc-dev/neofs-node/pkg/network" + "github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/client" "github.com/nspcc-dev/neofs-sdk-go/owner" "github.com/nspcc-dev/neofs-sdk-go/session" - "github.com/nspcc-dev/neofs-sdk-go/token" "github.com/spf13/cobra" "github.com/spf13/viper" ) @@ -217,7 +217,7 @@ func prepareAPIClientWithKey(cmd *cobra.Command, key *ecdsa.PrivateKey, dst ...c } type bearerPrm interface { - SetBearerToken(prm *token.BearerToken) + SetBearerToken(prm *bearer.Token) } func prepareBearerPrm(cmd *cobra.Command, prm bearerPrm) { diff --git a/cmd/neofs-cli/modules/util.go b/cmd/neofs-cli/modules/util.go index c9c730eff..a42f76caf 100644 --- a/cmd/neofs-cli/modules/util.go +++ b/cmd/neofs-cli/modules/util.go @@ -10,7 +10,6 @@ import ( "strconv" "time" - "github.com/nspcc-dev/neofs-api-go/v2/refs" "github.com/nspcc-dev/neofs-node/pkg/util/keyer" locodedb "github.com/nspcc-dev/neofs-node/pkg/util/locode/db" airportsdb "github.com/nspcc-dev/neofs-node/pkg/util/locode/db/airports" @@ -18,8 +17,6 @@ import ( continentsdb "github.com/nspcc-dev/neofs-node/pkg/util/locode/db/continents/geojson" csvlocode "github.com/nspcc-dev/neofs-node/pkg/util/locode/table/csv" sdkstatus "github.com/nspcc-dev/neofs-sdk-go/client/status" - "github.com/nspcc-dev/neofs-sdk-go/token" - "github.com/nspcc-dev/neofs-sdk-go/version" "github.com/spf13/cobra" "github.com/spf13/viper" ) @@ -296,10 +293,7 @@ func signBearerToken(cmd *cobra.Command, _ []string) { key, err := getKey() exitOnErr(cmd, err) - err = completeBearerToken(btok) - exitOnErr(cmd, err) - - err = btok.SignToken(key) + err = btok.Sign(*key) exitOnErr(cmd, err) to := cmd.Flag("to").Value.String() @@ -310,8 +304,7 @@ func signBearerToken(cmd *cobra.Command, _ []string) { data, err = btok.MarshalJSON() exitOnErr(cmd, errf("can't JSON encode bearer token: %w", err)) } else { - data, err = btok.Marshal() - exitOnErr(cmd, errf("can't binary encode bearer token: %w", err)) + data = btok.Marshal() } if len(to) == 0 { @@ -424,22 +417,6 @@ func processKeyer(cmd *cobra.Command, args []string) { result.PrettyPrint(uncompressed, useHex) } -func completeBearerToken(btok *token.BearerToken) error { - if v2 := btok.ToV2(); v2 != nil { - // set eACL table version, because it usually omitted - table := v2.GetBody().GetEACL() - - var ver refs.Version - version.Current().WriteToV2(&ver) - - table.SetVersion(&ver) - } else { - return errors.New("unsupported bearer token version") - } - - return nil -} - func prettyPrintJSON(cmd *cobra.Command, data []byte) { buf := new(bytes.Buffer) if err := json.Indent(buf, data, "", " "); err != nil { diff --git a/go.mod b/go.mod index 9edabaab2..d9cc422a6 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220321144137-d5a9af5860af // indirect github.com/nspcc-dev/neofs-api-go/v2 v2.12.1 github.com/nspcc-dev/neofs-contract v0.14.2 - github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413075357-96892d7bc4a8 + github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220413082415-24d6c2221f6b github.com/nspcc-dev/tzhash v1.5.2 github.com/panjf2000/ants/v2 v2.4.0 github.com/paulmach/orb v0.2.2 diff --git a/go.sum b/go.sum index 909203424cd24c721634ca1d00a7346a079b4cf7..2ae3cce22bf91370c3d30250ebe280c739297faa 100644 GIT binary patch delta 119 zcmeBgVC!pQ+u%BPvi~f;$rt8`Ia(N*7@F!DnWUH{8yOiHrkN!vWEfgyhL-AA<@;v3 zmgkf>S)_P)1-fRqrsR0#1sbK98|USQh8X%p26>ef6`M@nI8hvCnh>UGn}5s^e+&R~ CdnnHU delta 18 acmeBcV(V{U+u%BP^89(+oBikQe*^$a#0c5| diff --git a/pkg/services/object/acl/acl.go b/pkg/services/object/acl/acl.go index 64d76daaf..4c707656c 100644 --- a/pkg/services/object/acl/acl.go +++ b/pkg/services/object/acl/acl.go @@ -13,10 +13,10 @@ import ( "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl" eaclV2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/eacl/v2" v2 "github.com/nspcc-dev/neofs-node/pkg/services/object/acl/v2" + bearerSDK "github.com/nspcc-dev/neofs-sdk-go/bearer" eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl" addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address" "github.com/nspcc-dev/neofs-sdk-go/owner" - bearerSDK "github.com/nspcc-dev/neofs-sdk-go/token" ) // CheckerPrm groups parameters for Checker @@ -143,21 +143,21 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error { reqInfo.CleanBearer() } - var ( - table *eaclSDK.Table - err error - ) + var table eaclSDK.Table - if reqInfo.Bearer().Empty() { - table, err = c.eaclSrc.GetEACL(reqInfo.ContainerID()) + bearerTok := reqInfo.Bearer() + if bearerTok == nil { + pTable, err := c.eaclSrc.GetEACL(reqInfo.ContainerID()) if err != nil { if errors.Is(err, container.ErrEACLNotFound) { return nil } return err } + + table = *pTable } else { - table = reqInfo.Bearer().EACLTable() + table = bearerTok.EACLTable() } // if bearer token is not present, isValidBearer returns true @@ -195,7 +195,7 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error { WithHeaderSource( eaclV2.NewMessageHeaderSource(hdrSrcOpts...), ). - WithEACLTable(table), + WithEACLTable(&table), ) if action != eaclSDK.ActionAllow { @@ -210,9 +210,8 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error { func isValidBearer(reqInfo v2.RequestInfo, st netmap.State) error { token := reqInfo.Bearer() - // 0. Check if bearer token is present in reqInfo. It might be non nil - // empty structure. - if token == nil || token.Empty() { + // 0. Check if bearer token is present in reqInfo. + if token == nil { return nil } @@ -227,32 +226,35 @@ func isValidBearer(reqInfo v2.RequestInfo, st netmap.State) error { } // 3. Then check if container owner signed this token. - tokenIssuerKey := unmarshalPublicKey(token.Signature().Key()) - if !isOwnerFromKey(reqInfo.ContainerOwner(), tokenIssuerKey) { + issuer, ok := token.Issuer() + if !ok { + panic("unexpected false return from Issuer method on signed bearer token") + } + + if !issuer.Equal(reqInfo.ContainerOwner()) { // TODO: #767 in this case we can issue all owner keys from neofs.id and check once again return errBearerNotSignedByOwner } // 4. Then check if request sender has rights to use this token. - tokenOwnerField := token.OwnerID() - if tokenOwnerField != nil { // see bearer token owner field description - requestSenderKey := unmarshalPublicKey(reqInfo.SenderKey()) - if !isOwnerFromKey(tokenOwnerField, requestSenderKey) { - // TODO: #767 in this case we can issue all owner keys from neofs.id and check once again - return errBearerInvalidOwner - } + tokenOwner := token.OwnerID() + requestSenderKey := unmarshalPublicKey(reqInfo.SenderKey()) + + if !isOwnerFromKey(&tokenOwner, requestSenderKey) { + // TODO: #767 in this case we can issue all owner keys from neofs.id and check once again + return errBearerInvalidOwner } return nil } -func isValidLifetime(t *bearerSDK.BearerToken, epoch uint64) bool { +func isValidLifetime(t *bearerSDK.Token, epoch uint64) bool { // The "exp" (expiration time) claim identifies the expiration time on // or after which the JWT MUST NOT be accepted for processing. // The "nbf" (not before) claim identifies the time before which the JWT // MUST NOT be accepted for processing // RFC 7519 sections 4.1.4, 4.1.5 - return epoch >= t.NotBeforeTime() && epoch <= t.Expiration() + return epoch >= t.NotBefore() && epoch <= t.Expiration() } func isOwnerFromKey(id *owner.ID, key *keys.PublicKey) bool { diff --git a/pkg/services/object/acl/v2/request.go b/pkg/services/object/acl/v2/request.go index 2910d8bbe..3c85bb725 100644 --- a/pkg/services/object/acl/v2/request.go +++ b/pkg/services/object/acl/v2/request.go @@ -6,12 +6,12 @@ import ( "github.com/nspcc-dev/neo-go/pkg/crypto/keys" sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session" + "github.com/nspcc-dev/neofs-sdk-go/bearer" containerIDSDK "github.com/nspcc-dev/neofs-sdk-go/container/id" eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl" oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id" "github.com/nspcc-dev/neofs-sdk-go/owner" sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session" - bearerSDK "github.com/nspcc-dev/neofs-sdk-go/token" ) // RequestInfo groups parsed version-independent (from SDK library) @@ -29,7 +29,7 @@ type RequestInfo struct { senderKey []byte - bearer *bearerSDK.BearerToken // bearer token of request + bearer *bearer.Token // bearer token of request srcRequest interface{} } @@ -72,7 +72,7 @@ func (r *RequestInfo) CleanBearer() { } // Bearer returns bearer token of the request. -func (r RequestInfo) Bearer() *bearerSDK.BearerToken { +func (r RequestInfo) Bearer() *bearer.Token { return r.bearer } @@ -106,7 +106,7 @@ func (r RequestInfo) RequestRole() eaclSDK.Role { type MetaWithToken struct { vheader *sessionV2.RequestVerificationHeader token *sessionSDK.Token - bearer *bearerSDK.BearerToken + bearer *bearer.Token src interface{} } diff --git a/pkg/services/object/acl/v2/util.go b/pkg/services/object/acl/v2/util.go index 1f683c8d1..0150af63a 100644 --- a/pkg/services/object/acl/v2/util.go +++ b/pkg/services/object/acl/v2/util.go @@ -10,13 +10,13 @@ import ( objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object" refsV2 "github.com/nspcc-dev/neofs-api-go/v2/refs" sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session" + "github.com/nspcc-dev/neofs-sdk-go/bearer" containerIDSDK "github.com/nspcc-dev/neofs-sdk-go/container/id" eaclSDK "github.com/nspcc-dev/neofs-sdk-go/eacl" oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id" "github.com/nspcc-dev/neofs-sdk-go/owner" sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session" "github.com/nspcc-dev/neofs-sdk-go/signature" - bearerSDK "github.com/nspcc-dev/neofs-sdk-go/token" ) func getContainerIDFromRequest(req interface{}) (id *containerIDSDK.ID, err error) { @@ -47,12 +47,20 @@ func getContainerIDFromRequest(req interface{}) (id *containerIDSDK.ID, err erro // originalBearerToken goes down to original request meta header and fetches // bearer token from there. -func originalBearerToken(header *sessionV2.RequestMetaHeader) *bearerSDK.BearerToken { +func originalBearerToken(header *sessionV2.RequestMetaHeader) *bearer.Token { for header.GetOrigin() != nil { header = header.GetOrigin() } - return bearerSDK.NewBearerTokenFromV2(header.GetBearerToken()) + tokV2 := header.GetBearerToken() + if tokV2 == nil { + return nil + } + + var tok bearer.Token + tok.ReadFromV2(*tokV2) + + return &tok } // originalSessionToken goes down to original request meta header and fetches diff --git a/pkg/services/object/acl/v2/util_test.go b/pkg/services/object/acl/v2/util_test.go index a16aca9f2..2095f6993 100644 --- a/pkg/services/object/acl/v2/util_test.go +++ b/pkg/services/object/acl/v2/util_test.go @@ -7,20 +7,23 @@ import ( acltest "github.com/nspcc-dev/neofs-api-go/v2/acl/test" "github.com/nspcc-dev/neofs-api-go/v2/session" sessiontest "github.com/nspcc-dev/neofs-api-go/v2/session/test" + "github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/eacl" sessionSDK "github.com/nspcc-dev/neofs-sdk-go/session" - bearerSDK "github.com/nspcc-dev/neofs-sdk-go/token" "github.com/stretchr/testify/require" ) func TestOriginalTokens(t *testing.T) { sToken := sessiontest.GenerateSessionToken(false) - bToken := acltest.GenerateBearerToken(false) + bTokenV2 := acltest.GenerateBearerToken(false) + + var bToken bearer.Token + bToken.ReadFromV2(*bTokenV2) for i := 0; i < 10; i++ { - metaHeaders := testGenerateMetaHeader(uint32(i), bToken, sToken) + metaHeaders := testGenerateMetaHeader(uint32(i), bTokenV2, sToken) require.Equal(t, sessionSDK.NewTokenFromV2(sToken), originalSessionToken(metaHeaders), i) - require.Equal(t, bearerSDK.NewBearerTokenFromV2(bToken), originalBearerToken(metaHeaders), i) + require.Equal(t, &bToken, originalBearerToken(metaHeaders), i) } } diff --git a/pkg/services/object/internal/client/client.go b/pkg/services/object/internal/client/client.go index 40e23a7ca..ecea36b8d 100644 --- a/pkg/services/object/internal/client/client.go +++ b/pkg/services/object/internal/client/client.go @@ -8,6 +8,7 @@ import ( "io" coreclient "github.com/nspcc-dev/neofs-node/pkg/core/client" + "github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/client" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" @@ -15,7 +16,6 @@ import ( addressSDK "github.com/nspcc-dev/neofs-sdk-go/object/address" oidSDK "github.com/nspcc-dev/neofs-sdk-go/object/id" "github.com/nspcc-dev/neofs-sdk-go/session" - "github.com/nspcc-dev/neofs-sdk-go/token" ) type commonPrm struct { @@ -27,7 +27,7 @@ type commonPrm struct { tokenSession *session.Token - tokenBearer *token.BearerToken + tokenBearer *bearer.Token local bool @@ -65,7 +65,7 @@ func (x *commonPrm) SetSessionToken(tok *session.Token) { // SetBearerToken sets bearer token to be attached to the request. // // By default token is not attached to the request. -func (x *commonPrm) SetBearerToken(tok *token.BearerToken) { +func (x *commonPrm) SetBearerToken(tok *bearer.Token) { x.tokenBearer = tok } diff --git a/pkg/services/object/util/prm.go b/pkg/services/object/util/prm.go index 9c93c6fbb..8baa85496 100644 --- a/pkg/services/object/util/prm.go +++ b/pkg/services/object/util/prm.go @@ -4,8 +4,8 @@ import ( "strconv" "github.com/nspcc-dev/neofs-api-go/v2/session" + "github.com/nspcc-dev/neofs-sdk-go/bearer" sessionsdk "github.com/nspcc-dev/neofs-sdk-go/session" - "github.com/nspcc-dev/neofs-sdk-go/token" ) // maxLocalTTL is maximum TTL for an operation to be considered local. @@ -18,7 +18,7 @@ type CommonPrm struct { token *sessionsdk.Token - bearer *token.BearerToken + bearer *bearer.Token ttl uint32 @@ -67,7 +67,7 @@ func (p *CommonPrm) SessionToken() *sessionsdk.Token { return nil } -func (p *CommonPrm) BearerToken() *token.BearerToken { +func (p *CommonPrm) BearerToken() *bearer.Token { if p != nil { return p.bearer } @@ -116,7 +116,8 @@ func CommonPrmFromV2(req interface { } if tok := meta.GetBearerToken(); tok != nil { - prm.bearer = token.NewBearerTokenFromV2(tok) + prm.bearer = new(bearer.Token) + prm.bearer.ReadFromV2(*tok) } for i := range xHdrs {