[#1423] session: Get session issuer from token structure

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2022-05-25 19:09:12 +03:00 committed by LeL
parent 2dec3a0a93
commit 2bcc0051ab
9 changed files with 24 additions and 64 deletions

2
go.mod
View file

@ -19,7 +19,7 @@ require (
github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220321144137-d5a9af5860af // indirect github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220321144137-d5a9af5860af // indirect
github.com/nspcc-dev/neofs-api-go/v2 v2.12.1 github.com/nspcc-dev/neofs-api-go/v2 v2.12.1
github.com/nspcc-dev/neofs-contract v0.15.1 github.com/nspcc-dev/neofs-contract v0.15.1
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220525080251-1f7fe6864d34 github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220526065457-bef4618cd6b9
github.com/nspcc-dev/tzhash v1.5.2 github.com/nspcc-dev/tzhash v1.5.2
github.com/panjf2000/ants/v2 v2.4.0 github.com/panjf2000/ants/v2 v2.4.0
github.com/paulmach/orb v0.2.2 github.com/paulmach/orb v0.2.2

4
go.sum
View file

@ -407,8 +407,8 @@ github.com/nspcc-dev/neofs-crypto v0.3.0 h1:zlr3pgoxuzrmGCxc5W8dGVfA9Rro8diFvVnB
github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw= github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4= github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4=
github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40= github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40=
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220525080251-1f7fe6864d34 h1:s9+ckFRFDVJfYh/QezTUE4g1JP3pyU5NaNxBfUIyGh8= github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220526065457-bef4618cd6b9 h1:TV2/sp/2CY7h7R2MJfU7HYDvXjKGAcOMJvpmV/w4lFk=
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220525080251-1f7fe6864d34/go.mod h1:u567oWTnAyGXbPWMrbcN0NB5zCPF+PqkaKg+vcijcho= github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220526065457-bef4618cd6b9/go.mod h1:u567oWTnAyGXbPWMrbcN0NB5zCPF+PqkaKg+vcijcho=
github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso= github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE= github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso= github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=

View file

@ -164,29 +164,19 @@ func ownerFromToken(token *sessionSDK.Object) (*user.ID, *keys.PublicKey, error)
var tokV2 sessionV2.Token var tokV2 sessionV2.Token
token.WriteToV2(&tokV2) token.WriteToV2(&tokV2)
ownerSessionV2 := tokV2.GetBody().GetOwnerID()
if ownerSessionV2 == nil {
return nil, nil, errors.New("missing session owner")
}
var ownerSession user.ID
err := ownerSession.ReadFromV2(*ownerSessionV2)
if err != nil {
return nil, nil, fmt.Errorf("invalid session token: %w", err)
}
tokenIssuerKey, err := unmarshalPublicKey(tokV2.GetSignature().GetKey()) tokenIssuerKey, err := unmarshalPublicKey(tokV2.GetSignature().GetKey())
if err != nil { if err != nil {
return nil, nil, fmt.Errorf("invalid key in session token signature: %w", err) return nil, nil, fmt.Errorf("invalid key in session token signature: %w", err)
} }
if !isOwnerFromKey(&ownerSession, tokenIssuerKey) { tokenIssuer := token.Issuer()
if !isOwnerFromKey(&tokenIssuer, tokenIssuerKey) {
// TODO: #767 in this case we can issue all owner keys from neofs.id and check once again // TODO: #767 in this case we can issue all owner keys from neofs.id and check once again
return nil, nil, fmt.Errorf("%w: invalid session token owner", ErrMalformedRequest) return nil, nil, fmt.Errorf("%w: invalid session token owner", ErrMalformedRequest)
} }
return &ownerSession, tokenIssuerKey, nil return &tokenIssuer, tokenIssuerKey, nil
} }
func originalBodySignature(v *sessionV2.RequestVerificationHeader) *refsV2.Signature { func originalBodySignature(v *sessionV2.RequestVerificationHeader) *refsV2.Signature {

View file

@ -243,18 +243,20 @@ func (exec *execCtx) initTombstoneObject() bool {
return false return false
} }
tombOwnerID, ok := exec.commonParameters().SessionOwner()
if !ok {
// make local node a tombstone object owner
tombOwnerID = *exec.svc.netInfo.LocalNodeID()
}
exec.tombstoneObj = object.New() exec.tombstoneObj = object.New()
exec.tombstoneObj.SetContainerID(*exec.containerID()) exec.tombstoneObj.SetContainerID(*exec.containerID())
exec.tombstoneObj.SetOwnerID(&tombOwnerID)
exec.tombstoneObj.SetType(object.TypeTombstone) exec.tombstoneObj.SetType(object.TypeTombstone)
exec.tombstoneObj.SetPayload(payload) exec.tombstoneObj.SetPayload(payload)
tokenSession := exec.commonParameters().SessionToken()
if tokenSession != nil {
issuer := tokenSession.Issuer()
exec.tombstoneObj.SetOwnerID(&issuer)
} else {
// make local node a tombstone object owner
exec.tombstoneObj.SetOwnerID(exec.svc.netInfo.LocalNodeID())
}
var a object.Attribute var a object.Attribute
a.SetKey(objectV2.SysAttributeExpEpoch) a.SetKey(objectV2.SysAttributeExpEpoch)
a.SetValue(strconv.FormatUint(exec.tombstone.ExpirationEpoch(), 10)) a.SetValue(strconv.FormatUint(exec.tombstone.ExpirationEpoch(), 10))

View file

@ -109,11 +109,9 @@ func (exec execCtx) key() (*ecdsa.PrivateKey, error) {
var sessionInfo *util.SessionInfo var sessionInfo *util.SessionInfo
if tok := exec.prm.common.SessionToken(); tok != nil { if tok := exec.prm.common.SessionToken(); tok != nil {
ownerSession, _ := exec.prm.common.SessionOwner()
sessionInfo = &util.SessionInfo{ sessionInfo = &util.SessionInfo{
ID: tok.ID(), ID: tok.ID(),
Owner: ownerSession, Owner: tok.Issuer(),
} }
} }

View file

@ -51,11 +51,9 @@ func (t *remoteTarget) Close() (*transformer.AccessIdentifiers, error) {
var sessionInfo *util.SessionInfo var sessionInfo *util.SessionInfo
if tok := t.commonPrm.SessionToken(); tok != nil { if tok := t.commonPrm.SessionToken(); tok != nil {
ownerSession, _ := t.commonPrm.SessionOwner()
sessionInfo = &util.SessionInfo{ sessionInfo = &util.SessionInfo{
ID: tok.ID(), ID: tok.ID(),
Owner: ownerSession, Owner: tok.Issuer(),
} }
} }

View file

@ -87,11 +87,9 @@ func (p *Streamer) initTarget(prm *PutInitPrm) error {
var sessionInfo *util.SessionInfo var sessionInfo *util.SessionInfo
if sToken != nil { if sToken != nil {
ownerSession, _ := prm.common.SessionOwner()
sessionInfo = &util.SessionInfo{ sessionInfo = &util.SessionInfo{
ID: sToken.ID(), ID: sToken.ID(),
Owner: ownerSession, Owner: sToken.Issuer(),
} }
} }

View file

@ -88,11 +88,9 @@ func (c *clientWrapper) searchObjects(exec *execCtx, info client.NodeInfo) ([]oi
var sessionInfo *util.SessionInfo var sessionInfo *util.SessionInfo
if tok := exec.prm.common.SessionToken(); tok != nil { if tok := exec.prm.common.SessionToken(); tok != nil {
ownerSession, _ := exec.prm.common.SessionOwner()
sessionInfo = &util.SessionInfo{ sessionInfo = &util.SessionInfo{
ID: tok.ID(), ID: tok.ID(),
Owner: ownerSession, Owner: tok.Issuer(),
} }
} }

View file

@ -1,14 +1,12 @@
package util package util
import ( import (
"errors"
"fmt" "fmt"
"strconv" "strconv"
"github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/nspcc-dev/neofs-api-go/v2/session"
"github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/bearer"
sessionsdk "github.com/nspcc-dev/neofs-sdk-go/session" sessionsdk "github.com/nspcc-dev/neofs-sdk-go/session"
"github.com/nspcc-dev/neofs-sdk-go/user"
) )
// maxLocalTTL is maximum TTL for an operation to be considered local. // maxLocalTTL is maximum TTL for an operation to be considered local.
@ -26,8 +24,6 @@ type CommonPrm struct {
ttl uint32 ttl uint32
xhdrs []string xhdrs []string
ownerSession user.ID
} }
// TTL returns TTL for new requests. // TTL returns TTL for new requests.
@ -72,14 +68,6 @@ func (p *CommonPrm) SessionToken() *sessionsdk.Object {
return nil return nil
} }
func (p *CommonPrm) SessionOwner() (user.ID, bool) {
if p != nil && p.token != nil {
return p.ownerSession, true
}
return user.ID{}, false
}
func (p *CommonPrm) BearerToken() *bearer.Token { func (p *CommonPrm) BearerToken() *bearer.Token {
if p != nil { if p != nil {
return p.bearer return p.bearer
@ -117,19 +105,8 @@ func CommonPrmFromV2(req interface {
var tokenSession *sessionsdk.Object var tokenSession *sessionsdk.Object
var err error var err error
var ownerSession user.ID
if tokenSessionV2 := meta.GetSessionToken(); tokenSessionV2 != nil { if tokenSessionV2 := meta.GetSessionToken(); tokenSessionV2 != nil {
ownerSessionV2 := tokenSessionV2.GetBody().GetOwnerID()
if ownerSessionV2 == nil {
return nil, errors.New("missing session owner")
}
err = ownerSession.ReadFromV2(*ownerSessionV2)
if err != nil {
return nil, fmt.Errorf("invalid session token: %w", err)
}
tokenSession = new(sessionsdk.Object) tokenSession = new(sessionsdk.Object)
err = tokenSession.ReadFromV2(*tokenSessionV2) err = tokenSession.ReadFromV2(*tokenSessionV2)
@ -142,11 +119,10 @@ func CommonPrmFromV2(req interface {
ttl := meta.GetTTL() ttl := meta.GetTTL()
prm := &CommonPrm{ prm := &CommonPrm{
local: ttl <= maxLocalTTL, local: ttl <= maxLocalTTL,
token: tokenSession, token: tokenSession,
ttl: ttl - 1, // decrease TTL for new requests ttl: ttl - 1, // decrease TTL for new requests
xhdrs: make([]string, 0, 2*len(xHdrs)), xhdrs: make([]string, 0, 2*len(xHdrs)),
ownerSession: ownerSession,
} }
if tok := meta.GetBearerToken(); tok != nil { if tok := meta.GetBearerToken(); tok != nil {