[#368] object: Reject expired objects

The lifetime of an object can be limited by specifying a correspondin
well-known attribute. Node should refuse to save expired objects.

Checking objects in FormatValidator is extended with an expiration attribute
parsing step.

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2021-02-15 11:28:42 +03:00 committed by Alex Vanin
parent a2c2241356
commit 38727c2930
3 changed files with 94 additions and 1 deletions

View file

@ -2,11 +2,14 @@ package object
import ( import (
"bytes" "bytes"
"strconv"
"github.com/nspcc-dev/neofs-api-go/pkg/object" "github.com/nspcc-dev/neofs-api-go/pkg/object"
"github.com/nspcc-dev/neofs-api-go/pkg/owner" "github.com/nspcc-dev/neofs-api-go/pkg/owner"
"github.com/nspcc-dev/neofs-api-go/pkg/storagegroup" "github.com/nspcc-dev/neofs-api-go/pkg/storagegroup"
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
crypto "github.com/nspcc-dev/neofs-crypto" crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
@ -20,6 +23,8 @@ type FormatValidatorOption func(*cfg)
type cfg struct { type cfg struct {
deleteHandler DeleteHandler deleteHandler DeleteHandler
netState netmap.State
} }
// DeleteHandler is an interface of delete queue processor. // DeleteHandler is an interface of delete queue processor.
@ -69,6 +74,11 @@ func (v *FormatValidator) Validate(obj *Object) error {
return errors.Wrapf(err, "(%T) could not validate signature key", v) return errors.Wrapf(err, "(%T) could not validate signature key", v)
} }
// TODO: combine small checks
if err := v.checkExpiration(obj); err != nil {
return errors.Wrapf(err, "object did not pass expiration check")
}
if err := object.CheckHeaderVerificationFields(obj.SDK()); err != nil { if err := object.CheckHeaderVerificationFields(obj.SDK()); err != nil {
return errors.Wrapf(err, "(%T) could not validate header fields", v) return errors.Wrapf(err, "(%T) could not validate header fields", v)
} }
@ -164,6 +174,38 @@ func (v *FormatValidator) ValidateContent(o *Object) error {
return nil return nil
} }
var errExpired = errors.New("object has expired")
func (v *FormatValidator) checkExpiration(obj *Object) error {
for _, a := range obj.Attributes() {
if a.Key() != objectV2.SysAttributeExpEpoch {
continue
}
exp, err := strconv.ParseUint(a.Value(), 10, 64)
if err != nil {
return err
}
if exp < v.netState.CurrentEpoch() {
return errExpired
}
break
}
return nil
}
// WithNetState returns options to set network state interface.
//
// FIXME: network state is a required parameter.
func WithNetState(netState netmap.State) FormatValidatorOption {
return func(c *cfg) {
c.netState = netState
}
}
// WithDeleteHandler returns option to set delete queue processor. // WithDeleteHandler returns option to set delete queue processor.
func WithDeleteHandler(v DeleteHandler) FormatValidatorOption { func WithDeleteHandler(v DeleteHandler) FormatValidatorOption {
return func(c *cfg) { return func(c *cfg) {

View file

@ -4,6 +4,7 @@ import (
"crypto/ecdsa" "crypto/ecdsa"
"crypto/rand" "crypto/rand"
"crypto/sha256" "crypto/sha256"
"strconv"
"testing" "testing"
"github.com/nspcc-dev/neofs-api-go/pkg/container" "github.com/nspcc-dev/neofs-api-go/pkg/container"
@ -11,6 +12,7 @@ import (
"github.com/nspcc-dev/neofs-api-go/pkg/owner" "github.com/nspcc-dev/neofs-api-go/pkg/owner"
"github.com/nspcc-dev/neofs-api-go/pkg/storagegroup" "github.com/nspcc-dev/neofs-api-go/pkg/storagegroup"
"github.com/nspcc-dev/neofs-api-go/pkg/token" "github.com/nspcc-dev/neofs-api-go/pkg/token"
objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
crypto "github.com/nspcc-dev/neofs-crypto" crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-node/pkg/util/test" "github.com/nspcc-dev/neofs-node/pkg/util/test"
"github.com/pkg/errors" "github.com/pkg/errors"
@ -54,8 +56,22 @@ func blankValidObject(t *testing.T, key *ecdsa.PrivateKey) *RawObject {
return obj return obj
} }
type testNetState struct {
epoch uint64
}
func (s testNetState) CurrentEpoch() uint64 {
return s.epoch
}
func TestFormatValidator_Validate(t *testing.T) { func TestFormatValidator_Validate(t *testing.T) {
v := NewFormatValidator() const curEpoch = 13
v := NewFormatValidator(
WithNetState(testNetState{
epoch: curEpoch,
}),
)
ownerKey := test.DecodeKey(-1) ownerKey := test.DecodeKey(-1)
@ -156,4 +172,38 @@ func TestFormatValidator_Validate(t *testing.T) {
require.NoError(t, v.ValidateContent(obj.Object())) require.NoError(t, v.ValidateContent(obj.Object()))
}) })
t.Run("expiration", func(t *testing.T) {
fn := func(val string) *Object {
obj := blankValidObject(t, ownerKey)
a := object.NewAttribute()
a.SetKey(objectV2.SysAttributeExpEpoch)
a.SetValue(val)
obj.SetAttributes(a)
require.NoError(t, object.SetIDWithSignature(ownerKey, obj.SDK()))
return obj.Object()
}
t.Run("invalid attribute value", func(t *testing.T) {
val := "text"
err := v.Validate(fn(val))
require.Error(t, err)
})
t.Run("expired object", func(t *testing.T) {
val := strconv.FormatUint(curEpoch-1, 10)
err := v.Validate(fn(val))
require.True(t, errors.Is(err, errExpired))
})
t.Run("alive object", func(t *testing.T) {
val := strconv.FormatUint(curEpoch, 10)
err := v.Validate(fn(val))
require.NoError(t, err)
})
})
} }

View file

@ -137,6 +137,7 @@ func WithFormatValidatorOpts(v ...object.FormatValidatorOption) Option {
func WithNetworkState(v netmap.State) Option { func WithNetworkState(v netmap.State) Option {
return func(c *cfg) { return func(c *cfg) {
c.networkState = v c.networkState = v
c.fmtValidatorOpts = append(c.fmtValidatorOpts, object.WithNetState(v))
} }
} }