forked from TrueCloudLab/frostfs-node
[#106] Put simplest bearer token check first
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
parent
23ec33e821
commit
7464254680
1 changed files with 8 additions and 8 deletions
|
@ -618,7 +618,12 @@ func isValidBearer(reqInfo requestInfo, st netmap.State) bool {
|
|||
return true
|
||||
}
|
||||
|
||||
// 1. First check if bearer token is signed correctly.
|
||||
// 1. First check token lifetime. Simplest verification.
|
||||
if !isValidLifetime(token.GetBody().GetLifetime(), st.CurrentEpoch()) {
|
||||
return false
|
||||
}
|
||||
|
||||
// 2. Then check if bearer token is signed correctly.
|
||||
signWrapper := v2signature.StableMarshalerWrapper{SM: token.GetBody()}
|
||||
if err := signature.VerifyDataWithSource(signWrapper, func() (key, sig []byte) {
|
||||
tokenSignature := token.GetSignature()
|
||||
|
@ -627,7 +632,7 @@ func isValidBearer(reqInfo requestInfo, st netmap.State) bool {
|
|||
return false // invalid signature
|
||||
}
|
||||
|
||||
// 2. Then check if container owner signed this token.
|
||||
// 3. Then check if container owner signed this token.
|
||||
tokenIssuerKey := crypto.UnmarshalPublicKey(token.GetSignature().GetKey())
|
||||
tokenIssuerWallet, err := owner.NEO3WalletFromPublicKey(tokenIssuerKey)
|
||||
if err != nil {
|
||||
|
@ -642,7 +647,7 @@ func isValidBearer(reqInfo requestInfo, st netmap.State) bool {
|
|||
return false
|
||||
}
|
||||
|
||||
// 3. Then check if request sender has rights to use this token.
|
||||
// 4. Then check if request sender has rights to use this token.
|
||||
tokenOwnerField := token.GetBody().GetOwnerID()
|
||||
if tokenOwnerField != nil { // see bearer token owner field description
|
||||
requestSenderKey := crypto.UnmarshalPublicKey(reqInfo.senderKey)
|
||||
|
@ -656,11 +661,6 @@ func isValidBearer(reqInfo requestInfo, st netmap.State) bool {
|
|||
}
|
||||
}
|
||||
|
||||
// 4. Then check token lifetime.
|
||||
if !isValidLifetime(token.GetBody().GetLifetime(), st.CurrentEpoch()) {
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue