[#13] Add bearer token usage in receive/upload methods

This commit is contained in:
Pavel Korotkov 2021-02-16 18:20:15 +03:00 committed by pkorotkov
parent e45e5ed6f9
commit 237c247ec4
5 changed files with 65 additions and 18 deletions

View file

@ -4,32 +4,33 @@ import (
"bytes" "bytes"
"encoding/base64" "encoding/base64"
"github.com/pkg/errors"
"github.com/nspcc-dev/neofs-api-go/pkg/token" "github.com/nspcc-dev/neofs-api-go/pkg/token"
"github.com/pkg/errors"
"github.com/valyala/fasthttp" "github.com/valyala/fasthttp"
) )
type fromHandler = func(h *fasthttp.RequestHeader) []byte type fromHandler = func(h *fasthttp.RequestHeader) []byte
const bearerToken = "Bearer" const (
bearerTokenHdr = "Bearer"
bearerTokenKey = "__context_bearer_token_key"
)
// BearerToken usage: // BearerToken usage:
// //
// if tkn, err = BearerToken(c); err != nil && tkn == nil { // if err = checkAndPropagateBearerToken(ctx); err != nil {
// log.Error("could not fetch bearer token", zap.Error(err)) // log.Error("could not fetch bearer token", zap.Error(err))
// c.Error("could not fetch bearer token", fasthttp.StatusBadRequest) // c.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
// return // return
// } // }
var _ = BearerToken
func fromHeader(h *fasthttp.RequestHeader) []byte { func fromHeader(h *fasthttp.RequestHeader) []byte {
auth := h.Peek(fasthttp.HeaderAuthorization) auth := h.Peek(fasthttp.HeaderAuthorization)
if auth == nil || !bytes.HasPrefix(auth, []byte(bearerToken)) { if auth == nil || !bytes.HasPrefix(auth, []byte(bearerTokenHdr)) {
return nil return nil
} }
if auth = bytes.TrimPrefix(auth, []byte(bearerToken+" ")); len(auth) == 0 { if auth = bytes.TrimPrefix(auth, []byte(bearerTokenHdr+" ")); len(auth) == 0 {
return nil return nil
} }
@ -37,7 +38,7 @@ func fromHeader(h *fasthttp.RequestHeader) []byte {
} }
func fromCookie(h *fasthttp.RequestHeader) []byte { func fromCookie(h *fasthttp.RequestHeader) []byte {
auth := h.Cookie(bearerToken) auth := h.Cookie(bearerTokenHdr)
if len(auth) == 0 { if len(auth) == 0 {
return nil return nil
} }
@ -45,10 +46,21 @@ func fromCookie(h *fasthttp.RequestHeader) []byte {
return auth return auth
} }
func BearerToken(ctx *fasthttp.RequestCtx) (*token.BearerToken, error) { func checkAndPropagateBearerToken(ctx *fasthttp.RequestCtx) error {
tkn, err := fetchBearerToken(ctx)
if err != nil {
return err
}
// This is an analog of context.WithValue.
ctx.SetUserValue(bearerTokenKey, tkn)
return nil
}
func fetchBearerToken(ctx *fasthttp.RequestCtx) (*token.BearerToken, error) {
// ignore empty value // ignore empty value
if ctx == nil { if ctx == nil {
panic(nil)
return nil, nil return nil, nil
} }

View file

@ -4,24 +4,23 @@ import (
"encoding/base64" "encoding/base64"
"testing" "testing"
sdk "github.com/nspcc-dev/cdn-sdk"
"github.com/nspcc-dev/neofs-api-go/pkg/owner" "github.com/nspcc-dev/neofs-api-go/pkg/owner"
"github.com/nspcc-dev/neofs-api-go/pkg/token" "github.com/nspcc-dev/neofs-api-go/pkg/token"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/valyala/fasthttp" "github.com/valyala/fasthttp"
) )
func makeTestCookie(value []byte) *fasthttp.RequestHeader { func makeTestCookie(value []byte) *fasthttp.RequestHeader {
header := new(fasthttp.RequestHeader) header := new(fasthttp.RequestHeader)
header.SetCookie(bearerToken, string(value)) header.SetCookie(bearerTokenHdr, string(value))
return header return header
} }
func makeTestHeader(value []byte) *fasthttp.RequestHeader { func makeTestHeader(value []byte) *fasthttp.RequestHeader {
header := new(fasthttp.RequestHeader) header := new(fasthttp.RequestHeader)
if value != nil { if value != nil {
header.Set(fasthttp.HeaderAuthorization, bearerToken+" "+string(value)) header.Set(fasthttp.HeaderAuthorization, bearerTokenHdr+" "+string(value))
} }
return header return header
} }
@ -60,7 +59,7 @@ func Test_fromHeader(t *testing.T) {
} }
} }
func TestBearerToken(t *testing.T) { func Test_fetchBearerToken(t *testing.T) {
uid := owner.NewID() uid := owner.NewID()
tkn := new(token.BearerToken) tkn := new(token.BearerToken)
@ -111,7 +110,7 @@ func TestBearerToken(t *testing.T) {
for _, tt := range cases { for _, tt := range cases {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
ctx := makeTestRequest(tt.cookie, tt.header) ctx := makeTestRequest(tt.cookie, tt.header)
actual, err := BearerToken(ctx) actual, err := fetchBearerToken(ctx)
if tt.error == "" { if tt.error == "" {
require.NoError(t, err) require.NoError(t, err)
@ -129,11 +128,34 @@ func makeTestRequest(cookie, header string) *fasthttp.RequestCtx {
ctx := new(fasthttp.RequestCtx) ctx := new(fasthttp.RequestCtx)
if cookie != "" { if cookie != "" {
ctx.Request.Header.SetCookie(bearerToken, cookie) ctx.Request.Header.SetCookie(bearerTokenHdr, cookie)
} }
if header != "" { if header != "" {
ctx.Request.Header.Set(fasthttp.HeaderAuthorization, bearerToken+" "+header) ctx.Request.Header.Set(fasthttp.HeaderAuthorization, bearerTokenHdr+" "+header)
} }
return ctx return ctx
} }
func Test_checkAndPropagateBearerToken(t *testing.T) {
uid := owner.NewID()
tkn := new(token.BearerToken)
tkn.SetOwner(uid)
data, err := tkn.Marshal()
require.NoError(t, err)
t64 := base64.StdEncoding.EncodeToString(data)
require.NotEmpty(t, t64)
ctx := makeTestRequest(t64, "")
// Expect to see the token within the context.
require.NoError(t, checkAndPropagateBearerToken(ctx))
// Expect to see the same token without errors.
actual, err := sdk.BearerToken(ctx)
require.NoError(t, err)
require.Equal(t, tkn, actual)
}

1
go.mod
View file

@ -11,6 +11,7 @@ require (
github.com/prometheus/common v0.15.0 github.com/prometheus/common v0.15.0
github.com/spf13/pflag v1.0.5 github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.7.1 github.com/spf13/viper v1.7.1
github.com/stretchr/testify v1.7.0
github.com/valyala/fasthttp v1.20.0 github.com/valyala/fasthttp v1.20.0
go.uber.org/zap v1.16.0 go.uber.org/zap v1.16.0
google.golang.org/grpc v1.35.0 google.golang.org/grpc v1.35.0

View file

@ -57,6 +57,12 @@ func (r *request) receiveFile(address *object.Address) {
filename string filename string
) )
if err = checkAndPropagateBearerToken(r.RequestCtx); err != nil {
r.log.Error("could not fetch bearer token", zap.Error(err))
r.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
return
}
writer := newDetector(r.Response.BodyWriter()) writer := newDetector(r.Response.BodyWriter())
obj, err := r.obj.Get(r, address, sdk.WithGetWriter(writer)) obj, err := r.obj.Get(r, address, sdk.WithGetWriter(writer))
if err != nil { if err != nil {

View file

@ -44,6 +44,12 @@ func (a *app) upload(c *fasthttp.RequestCtx) {
log = a.log.With(zap.String("cid", sCID)) log = a.log.With(zap.String("cid", sCID))
) )
if err = checkAndPropagateBearerToken(c); err != nil {
log.Error("could not fetch bearer token", zap.Error(err))
c.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
return
}
if err = cid.Parse(sCID); err != nil { if err = cid.Parse(sCID); err != nil {
log.Error("wrong container id", zap.Error(err)) log.Error("wrong container id", zap.Error(err))
c.Error("wrong container id", fasthttp.StatusBadRequest) c.Error("wrong container id", fasthttp.StatusBadRequest)