[#2207] object/acl: Return status error for expired session token

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
This commit is contained in:
Evgenii Stratonikov 2023-01-20 12:57:53 +03:00 committed by fyrchik
parent 6451f019d2
commit 0d8366f475
2 changed files with 5 additions and 0 deletions

View file

@ -10,6 +10,7 @@ Changelog for FrostFS Node
### Fixed ### Fixed
- Big object removal with non-local parts (#1978) - Big object removal with non-local parts (#1978)
- Disable pilorama when moving to degraded mode (#2197) - Disable pilorama when moving to degraded mode (#2197)
- Correct status error for expired session token (#2207)
### Removed ### Removed
### Updated ### Updated

View file

@ -10,6 +10,7 @@ import (
"github.com/TrueCloudLab/frostfs-node/pkg/core/netmap" "github.com/TrueCloudLab/frostfs-node/pkg/core/netmap"
"github.com/TrueCloudLab/frostfs-node/pkg/services/object" "github.com/TrueCloudLab/frostfs-node/pkg/services/object"
"github.com/TrueCloudLab/frostfs-node/pkg/util/logger" "github.com/TrueCloudLab/frostfs-node/pkg/util/logger"
apistatus "github.com/TrueCloudLab/frostfs-sdk-go/client/status"
"github.com/TrueCloudLab/frostfs-sdk-go/container/acl" "github.com/TrueCloudLab/frostfs-sdk-go/container/acl"
cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id" cid "github.com/TrueCloudLab/frostfs-sdk-go/container/id"
oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id" oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
@ -573,6 +574,9 @@ func (b Service) findRequestInfo(req MetaWithToken, idCnr cid.ID, op acl.Op) (in
if err != nil { if err != nil {
return info, errors.New("can't fetch current epoch") return info, errors.New("can't fetch current epoch")
} }
if req.token.ExpiredAt(currentEpoch) {
return info, apistatus.SessionTokenExpired{}
}
if req.token.InvalidAt(currentEpoch) { if req.token.InvalidAt(currentEpoch) {
return info, fmt.Errorf("%s: token is invalid at %d epoch)", return info, fmt.Errorf("%s: token is invalid at %d epoch)",
invalidRequestMessage, currentEpoch) invalidRequestMessage, currentEpoch)