forked from TrueCloudLab/frostfs-http-gw
[#13] Add bearer token usage in receive/upload methods
This commit is contained in:
parent
e45e5ed6f9
commit
237c247ec4
5 changed files with 65 additions and 18 deletions
32
bearer.go
32
bearer.go
|
@ -4,32 +4,33 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
|
|
||||||
"github.com/pkg/errors"
|
|
||||||
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/token"
|
"github.com/nspcc-dev/neofs-api-go/pkg/token"
|
||||||
|
"github.com/pkg/errors"
|
||||||
"github.com/valyala/fasthttp"
|
"github.com/valyala/fasthttp"
|
||||||
)
|
)
|
||||||
|
|
||||||
type fromHandler = func(h *fasthttp.RequestHeader) []byte
|
type fromHandler = func(h *fasthttp.RequestHeader) []byte
|
||||||
|
|
||||||
const bearerToken = "Bearer"
|
const (
|
||||||
|
bearerTokenHdr = "Bearer"
|
||||||
|
bearerTokenKey = "__context_bearer_token_key"
|
||||||
|
)
|
||||||
|
|
||||||
// BearerToken usage:
|
// BearerToken usage:
|
||||||
//
|
//
|
||||||
// if tkn, err = BearerToken(c); err != nil && tkn == nil {
|
// if err = checkAndPropagateBearerToken(ctx); err != nil {
|
||||||
// log.Error("could not fetch bearer token", zap.Error(err))
|
// log.Error("could not fetch bearer token", zap.Error(err))
|
||||||
// c.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
|
// c.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
|
||||||
// return
|
// return
|
||||||
// }
|
// }
|
||||||
var _ = BearerToken
|
|
||||||
|
|
||||||
func fromHeader(h *fasthttp.RequestHeader) []byte {
|
func fromHeader(h *fasthttp.RequestHeader) []byte {
|
||||||
auth := h.Peek(fasthttp.HeaderAuthorization)
|
auth := h.Peek(fasthttp.HeaderAuthorization)
|
||||||
if auth == nil || !bytes.HasPrefix(auth, []byte(bearerToken)) {
|
if auth == nil || !bytes.HasPrefix(auth, []byte(bearerTokenHdr)) {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
if auth = bytes.TrimPrefix(auth, []byte(bearerToken+" ")); len(auth) == 0 {
|
if auth = bytes.TrimPrefix(auth, []byte(bearerTokenHdr+" ")); len(auth) == 0 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -37,7 +38,7 @@ func fromHeader(h *fasthttp.RequestHeader) []byte {
|
||||||
}
|
}
|
||||||
|
|
||||||
func fromCookie(h *fasthttp.RequestHeader) []byte {
|
func fromCookie(h *fasthttp.RequestHeader) []byte {
|
||||||
auth := h.Cookie(bearerToken)
|
auth := h.Cookie(bearerTokenHdr)
|
||||||
if len(auth) == 0 {
|
if len(auth) == 0 {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -45,10 +46,21 @@ func fromCookie(h *fasthttp.RequestHeader) []byte {
|
||||||
return auth
|
return auth
|
||||||
}
|
}
|
||||||
|
|
||||||
func BearerToken(ctx *fasthttp.RequestCtx) (*token.BearerToken, error) {
|
func checkAndPropagateBearerToken(ctx *fasthttp.RequestCtx) error {
|
||||||
|
tkn, err := fetchBearerToken(ctx)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// This is an analog of context.WithValue.
|
||||||
|
ctx.SetUserValue(bearerTokenKey, tkn)
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func fetchBearerToken(ctx *fasthttp.RequestCtx) (*token.BearerToken, error) {
|
||||||
// ignore empty value
|
// ignore empty value
|
||||||
if ctx == nil {
|
if ctx == nil {
|
||||||
panic(nil)
|
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,24 +4,23 @@ import (
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
sdk "github.com/nspcc-dev/cdn-sdk"
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
||||||
|
|
||||||
"github.com/nspcc-dev/neofs-api-go/pkg/token"
|
"github.com/nspcc-dev/neofs-api-go/pkg/token"
|
||||||
|
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
"github.com/valyala/fasthttp"
|
"github.com/valyala/fasthttp"
|
||||||
)
|
)
|
||||||
|
|
||||||
func makeTestCookie(value []byte) *fasthttp.RequestHeader {
|
func makeTestCookie(value []byte) *fasthttp.RequestHeader {
|
||||||
header := new(fasthttp.RequestHeader)
|
header := new(fasthttp.RequestHeader)
|
||||||
header.SetCookie(bearerToken, string(value))
|
header.SetCookie(bearerTokenHdr, string(value))
|
||||||
return header
|
return header
|
||||||
}
|
}
|
||||||
|
|
||||||
func makeTestHeader(value []byte) *fasthttp.RequestHeader {
|
func makeTestHeader(value []byte) *fasthttp.RequestHeader {
|
||||||
header := new(fasthttp.RequestHeader)
|
header := new(fasthttp.RequestHeader)
|
||||||
if value != nil {
|
if value != nil {
|
||||||
header.Set(fasthttp.HeaderAuthorization, bearerToken+" "+string(value))
|
header.Set(fasthttp.HeaderAuthorization, bearerTokenHdr+" "+string(value))
|
||||||
}
|
}
|
||||||
return header
|
return header
|
||||||
}
|
}
|
||||||
|
@ -60,7 +59,7 @@ func Test_fromHeader(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestBearerToken(t *testing.T) {
|
func Test_fetchBearerToken(t *testing.T) {
|
||||||
uid := owner.NewID()
|
uid := owner.NewID()
|
||||||
|
|
||||||
tkn := new(token.BearerToken)
|
tkn := new(token.BearerToken)
|
||||||
|
@ -111,7 +110,7 @@ func TestBearerToken(t *testing.T) {
|
||||||
for _, tt := range cases {
|
for _, tt := range cases {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
ctx := makeTestRequest(tt.cookie, tt.header)
|
ctx := makeTestRequest(tt.cookie, tt.header)
|
||||||
actual, err := BearerToken(ctx)
|
actual, err := fetchBearerToken(ctx)
|
||||||
|
|
||||||
if tt.error == "" {
|
if tt.error == "" {
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
@ -129,11 +128,34 @@ func makeTestRequest(cookie, header string) *fasthttp.RequestCtx {
|
||||||
ctx := new(fasthttp.RequestCtx)
|
ctx := new(fasthttp.RequestCtx)
|
||||||
|
|
||||||
if cookie != "" {
|
if cookie != "" {
|
||||||
ctx.Request.Header.SetCookie(bearerToken, cookie)
|
ctx.Request.Header.SetCookie(bearerTokenHdr, cookie)
|
||||||
}
|
}
|
||||||
|
|
||||||
if header != "" {
|
if header != "" {
|
||||||
ctx.Request.Header.Set(fasthttp.HeaderAuthorization, bearerToken+" "+header)
|
ctx.Request.Header.Set(fasthttp.HeaderAuthorization, bearerTokenHdr+" "+header)
|
||||||
}
|
}
|
||||||
return ctx
|
return ctx
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func Test_checkAndPropagateBearerToken(t *testing.T) {
|
||||||
|
uid := owner.NewID()
|
||||||
|
|
||||||
|
tkn := new(token.BearerToken)
|
||||||
|
tkn.SetOwner(uid)
|
||||||
|
|
||||||
|
data, err := tkn.Marshal()
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
t64 := base64.StdEncoding.EncodeToString(data)
|
||||||
|
require.NotEmpty(t, t64)
|
||||||
|
|
||||||
|
ctx := makeTestRequest(t64, "")
|
||||||
|
|
||||||
|
// Expect to see the token within the context.
|
||||||
|
require.NoError(t, checkAndPropagateBearerToken(ctx))
|
||||||
|
|
||||||
|
// Expect to see the same token without errors.
|
||||||
|
actual, err := sdk.BearerToken(ctx)
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.Equal(t, tkn, actual)
|
||||||
|
}
|
||||||
|
|
1
go.mod
1
go.mod
|
@ -11,6 +11,7 @@ require (
|
||||||
github.com/prometheus/common v0.15.0
|
github.com/prometheus/common v0.15.0
|
||||||
github.com/spf13/pflag v1.0.5
|
github.com/spf13/pflag v1.0.5
|
||||||
github.com/spf13/viper v1.7.1
|
github.com/spf13/viper v1.7.1
|
||||||
|
github.com/stretchr/testify v1.7.0
|
||||||
github.com/valyala/fasthttp v1.20.0
|
github.com/valyala/fasthttp v1.20.0
|
||||||
go.uber.org/zap v1.16.0
|
go.uber.org/zap v1.16.0
|
||||||
google.golang.org/grpc v1.35.0
|
google.golang.org/grpc v1.35.0
|
||||||
|
|
|
@ -57,6 +57,12 @@ func (r *request) receiveFile(address *object.Address) {
|
||||||
filename string
|
filename string
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if err = checkAndPropagateBearerToken(r.RequestCtx); err != nil {
|
||||||
|
r.log.Error("could not fetch bearer token", zap.Error(err))
|
||||||
|
r.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
writer := newDetector(r.Response.BodyWriter())
|
writer := newDetector(r.Response.BodyWriter())
|
||||||
obj, err := r.obj.Get(r, address, sdk.WithGetWriter(writer))
|
obj, err := r.obj.Get(r, address, sdk.WithGetWriter(writer))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -44,6 +44,12 @@ func (a *app) upload(c *fasthttp.RequestCtx) {
|
||||||
log = a.log.With(zap.String("cid", sCID))
|
log = a.log.With(zap.String("cid", sCID))
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if err = checkAndPropagateBearerToken(c); err != nil {
|
||||||
|
log.Error("could not fetch bearer token", zap.Error(err))
|
||||||
|
c.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if err = cid.Parse(sCID); err != nil {
|
if err = cid.Parse(sCID); err != nil {
|
||||||
log.Error("wrong container id", zap.Error(err))
|
log.Error("wrong container id", zap.Error(err))
|
||||||
c.Error("wrong container id", fasthttp.StatusBadRequest)
|
c.Error("wrong container id", fasthttp.StatusBadRequest)
|
||||||
|
|
Loading…
Reference in a new issue