[#1423] session: Get session issuer from token structure

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
2022-05-25 19:09:12 +03:00 · 2022-05-25 19:09:12 +03:00 · 2bcc0051ab
parent 2dec3a0a93
commit 2bcc0051ab
9 changed files with 24 additions and 64 deletions
--- a/go.mod
+++ b/go.mod
@ -19,7 +19,7 @@ require (
 	github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220321144137-d5a9af5860af // indirect
 	github.com/nspcc-dev/neofs-api-go/v2 v2.12.1
 	github.com/nspcc-dev/neofs-contract v0.15.1
-	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220525080251-1f7fe6864d34
+	github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220526065457-bef4618cd6b9
 	github.com/nspcc-dev/tzhash v1.5.2
 	github.com/panjf2000/ants/v2 v2.4.0
 	github.com/paulmach/orb v0.2.2
--- a/go.sum
+++ b/go.sum
@ -407,8 +407,8 @@ github.com/nspcc-dev/neofs-crypto v0.3.0 h1:zlr3pgoxuzrmGCxc5W8dGVfA9Rro8diFvVnB
 github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
 github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4=
 github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40=
-github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220525080251-1f7fe6864d34 h1:s9+ckFRFDVJfYh/QezTUE4g1JP3pyU5NaNxBfUIyGh8=
-github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220525080251-1f7fe6864d34/go.mod h1:u567oWTnAyGXbPWMrbcN0NB5zCPF+PqkaKg+vcijcho=
+github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220526065457-bef4618cd6b9 h1:TV2/sp/2CY7h7R2MJfU7HYDvXjKGAcOMJvpmV/w4lFk=
+github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220526065457-bef4618cd6b9/go.mod h1:u567oWTnAyGXbPWMrbcN0NB5zCPF+PqkaKg+vcijcho=
 github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
 github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
 github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
--- a/pkg/services/object/acl/v2/util.go
+++ b/pkg/services/object/acl/v2/util.go
@ -164,29 +164,19 @@ func ownerFromToken(token *sessionSDK.Object) (*user.ID, *keys.PublicKey, error)
 	var tokV2 sessionV2.Token
 	token.WriteToV2(&tokV2)

-	ownerSessionV2 := tokV2.GetBody().GetOwnerID()
-	if ownerSessionV2 == nil {
-		return nil, nil, errors.New("missing session owner")
-	}
-
-	var ownerSession user.ID
-
-	err := ownerSession.ReadFromV2(*ownerSessionV2)
-	if err != nil {
-		return nil, nil, fmt.Errorf("invalid session token: %w", err)
-	}
-
 	tokenIssuerKey, err := unmarshalPublicKey(tokV2.GetSignature().GetKey())
 	if err != nil {
 		return nil, nil, fmt.Errorf("invalid key in session token signature: %w", err)
 	}

-	if !isOwnerFromKey(&ownerSession, tokenIssuerKey) {
+	tokenIssuer := token.Issuer()
+
+	if !isOwnerFromKey(&tokenIssuer, tokenIssuerKey) {
 		// TODO: #767 in this case we can issue all owner keys from neofs.id and check once again
 		return nil, nil, fmt.Errorf("%w: invalid session token owner", ErrMalformedRequest)
 	}

-	return &ownerSession, tokenIssuerKey, nil
+	return &tokenIssuer, tokenIssuerKey, nil
 }

 func originalBodySignature(v *sessionV2.RequestVerificationHeader) *refsV2.Signature {
--- a/pkg/services/object/delete/exec.go
+++ b/pkg/services/object/delete/exec.go
@ -243,18 +243,20 @@ func (exec *execCtx) initTombstoneObject() bool {
 		return false
 	}

-	tombOwnerID, ok := exec.commonParameters().SessionOwner()
-	if !ok {
-		// make local node a tombstone object owner
-		tombOwnerID = *exec.svc.netInfo.LocalNodeID()
-	}
-
 	exec.tombstoneObj = object.New()
 	exec.tombstoneObj.SetContainerID(*exec.containerID())
-	exec.tombstoneObj.SetOwnerID(&tombOwnerID)
 	exec.tombstoneObj.SetType(object.TypeTombstone)
 	exec.tombstoneObj.SetPayload(payload)

+	tokenSession := exec.commonParameters().SessionToken()
+	if tokenSession != nil {
+		issuer := tokenSession.Issuer()
+		exec.tombstoneObj.SetOwnerID(&issuer)
+	} else {
+		// make local node a tombstone object owner
+		exec.tombstoneObj.SetOwnerID(exec.svc.netInfo.LocalNodeID())
+	}
+
 	var a object.Attribute
 	a.SetKey(objectV2.SysAttributeExpEpoch)
 	a.SetValue(strconv.FormatUint(exec.tombstone.ExpirationEpoch(), 10))
--- a/pkg/services/object/get/exec.go
+++ b/pkg/services/object/get/exec.go
@ -109,11 +109,9 @@ func (exec execCtx) key() (*ecdsa.PrivateKey, error) {
 	var sessionInfo *util.SessionInfo

 	if tok := exec.prm.common.SessionToken(); tok != nil {
-		ownerSession, _ := exec.prm.common.SessionOwner()
-
 		sessionInfo = &util.SessionInfo{
 			ID:    tok.ID(),
-			Owner: ownerSession,
+			Owner: tok.Issuer(),
 		}
 	}

--- a/pkg/services/object/put/remote.go
+++ b/pkg/services/object/put/remote.go
@ -51,11 +51,9 @@ func (t *remoteTarget) Close() (*transformer.AccessIdentifiers, error) {
 	var sessionInfo *util.SessionInfo

 	if tok := t.commonPrm.SessionToken(); tok != nil {
-		ownerSession, _ := t.commonPrm.SessionOwner()
-
 		sessionInfo = &util.SessionInfo{
 			ID:    tok.ID(),
-			Owner: ownerSession,
+			Owner: tok.Issuer(),
 		}
 	}

--- a/pkg/services/object/put/streamer.go
+++ b/pkg/services/object/put/streamer.go
@ -87,11 +87,9 @@ func (p *Streamer) initTarget(prm *PutInitPrm) error {
 	var sessionInfo *util.SessionInfo

 	if sToken != nil {
-		ownerSession, _ := prm.common.SessionOwner()
-
 		sessionInfo = &util.SessionInfo{
 			ID:    sToken.ID(),
-			Owner: ownerSession,
+			Owner: sToken.Issuer(),
 		}
 	}

--- a/pkg/services/object/search/util.go
+++ b/pkg/services/object/search/util.go
@ -88,11 +88,9 @@ func (c *clientWrapper) searchObjects(exec *execCtx, info client.NodeInfo) ([]oi
 	var sessionInfo *util.SessionInfo

 	if tok := exec.prm.common.SessionToken(); tok != nil {
-		ownerSession, _ := exec.prm.common.SessionOwner()
-
 		sessionInfo = &util.SessionInfo{
 			ID:    tok.ID(),
-			Owner: ownerSession,
+			Owner: tok.Issuer(),
 		}
 	}

--- a/pkg/services/object/util/prm.go
+++ b/pkg/services/object/util/prm.go
@ -1,14 +1,12 @@
 package util

 import (
-	"errors"
 	"fmt"
 	"strconv"

 	"github.com/nspcc-dev/neofs-api-go/v2/session"
 	"github.com/nspcc-dev/neofs-sdk-go/bearer"
 	sessionsdk "github.com/nspcc-dev/neofs-sdk-go/session"
-	"github.com/nspcc-dev/neofs-sdk-go/user"
 )

 // maxLocalTTL is maximum TTL for an operation to be considered local.
@ -26,8 +24,6 @@ type CommonPrm struct {
 	ttl uint32

 	xhdrs []string
-
-	ownerSession user.ID
 }

 // TTL returns TTL for new requests.
@ -72,14 +68,6 @@ func (p *CommonPrm) SessionToken() *sessionsdk.Object {
 	return nil
 }

-func (p *CommonPrm) SessionOwner() (user.ID, bool) {
-	if p != nil && p.token != nil {
-		return p.ownerSession, true
-	}
-
-	return user.ID{}, false
-}
-
 func (p *CommonPrm) BearerToken() *bearer.Token {
 	if p != nil {
 		return p.bearer
@ -117,19 +105,8 @@ func CommonPrmFromV2(req interface {

 	var tokenSession *sessionsdk.Object
 	var err error
-	var ownerSession user.ID

 	if tokenSessionV2 := meta.GetSessionToken(); tokenSessionV2 != nil {
-		ownerSessionV2 := tokenSessionV2.GetBody().GetOwnerID()
-		if ownerSessionV2 == nil {
-			return nil, errors.New("missing session owner")
-		}
-
-		err = ownerSession.ReadFromV2(*ownerSessionV2)
-		if err != nil {
-			return nil, fmt.Errorf("invalid session token: %w", err)
-		}
-
 		tokenSession = new(sessionsdk.Object)

 		err = tokenSession.ReadFromV2(*tokenSessionV2)
@ -142,11 +119,10 @@ func CommonPrmFromV2(req interface {
 	ttl := meta.GetTTL()

 	prm := &CommonPrm{
-		local:        ttl <= maxLocalTTL,
-		token:        tokenSession,
-		ttl:          ttl - 1, // decrease TTL for new requests
-		xhdrs:        make([]string, 0, 2*len(xHdrs)),
-		ownerSession: ownerSession,
+		local: ttl <= maxLocalTTL,
+		token: tokenSession,
+		ttl:   ttl - 1, // decrease TTL for new requests
+		xhdrs: make([]string, 0, 2*len(xHdrs)),
 	}

 	if tok := meta.GetBearerToken(); tok != nil {