[#32] Support bearer token for all users

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov 2022-08-18 17:51:18 +03:00 committed by Kirillov Denis
parent 07786dd94b
commit e68cda7f9c
4 changed files with 64 additions and 5 deletions

View file

@ -95,6 +95,13 @@ func init() {
"name": "X-Bearer-Lifetime", "name": "X-Bearer-Lifetime",
"in": "header" "in": "header"
}, },
{
"type": "boolean",
"default": false,
"description": "Form token for all users or only for this gate.",
"name": "X-Bearer-For-All-Users",
"in": "header"
},
{ {
"description": "Bearer tokens to form.", "description": "Bearer tokens to form.",
"name": "tokens", "name": "tokens",
@ -1689,6 +1696,13 @@ func init() {
"name": "X-Bearer-Lifetime", "name": "X-Bearer-Lifetime",
"in": "header" "in": "header"
}, },
{
"type": "boolean",
"default": false,
"description": "Form token for all users or only for this gate.",
"name": "X-Bearer-For-All-Users",
"in": "header"
},
{ {
"description": "Bearer tokens to form.", "description": "Bearer tokens to form.",
"name": "tokens", "name": "tokens",

View file

@ -26,10 +26,13 @@ func NewAuthParams() AuthParams {
var ( var (
// initialize parameters with default values // initialize parameters with default values
xBearerForAllUsersDefault = bool(false)
xBearerLifetimeDefault = int64(100) xBearerLifetimeDefault = int64(100)
) )
return AuthParams{ return AuthParams{
XBearerForAllUsers: &xBearerForAllUsersDefault,
XBearerLifetime: &xBearerLifetimeDefault, XBearerLifetime: &xBearerLifetimeDefault,
} }
} }
@ -43,6 +46,11 @@ type AuthParams struct {
// HTTP Request Object // HTTP Request Object
HTTPRequest *http.Request `json:"-"` HTTPRequest *http.Request `json:"-"`
/*Form token for all users or only for this gate.
In: header
Default: false
*/
XBearerForAllUsers *bool
/*Token lifetime in epoch. /*Token lifetime in epoch.
In: header In: header
Default: 100 Default: 100
@ -69,6 +77,10 @@ func (o *AuthParams) BindRequest(r *http.Request, route *middleware.MatchedRoute
o.HTTPRequest = r o.HTTPRequest = r
if err := o.bindXBearerForAllUsers(r.Header[http.CanonicalHeaderKey("X-Bearer-For-All-Users")], true, route.Formats); err != nil {
res = append(res, err)
}
if err := o.bindXBearerLifetime(r.Header[http.CanonicalHeaderKey("X-Bearer-Lifetime")], true, route.Formats); err != nil { if err := o.bindXBearerLifetime(r.Header[http.CanonicalHeaderKey("X-Bearer-Lifetime")], true, route.Formats); err != nil {
res = append(res, err) res = append(res, err)
} }
@ -112,6 +124,29 @@ func (o *AuthParams) BindRequest(r *http.Request, route *middleware.MatchedRoute
return nil return nil
} }
// bindXBearerForAllUsers binds and validates parameter XBearerForAllUsers from header.
func (o *AuthParams) bindXBearerForAllUsers(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
if raw == "" { // empty values pass all other validations
// Default values have been previously initialized by NewAuthParams()
return nil
}
value, err := swag.ConvertBool(raw)
if err != nil {
return errors.InvalidType("X-Bearer-For-All-Users", "header", "bool", raw)
}
o.XBearerForAllUsers = &value
return nil
}
// bindXBearerLifetime binds and validates parameter XBearerLifetime from header. // bindXBearerLifetime binds and validates parameter XBearerLifetime from header.
func (o *AuthParams) bindXBearerLifetime(rawData []string, hasKey bool, formats strfmt.Registry) error { func (o *AuthParams) bindXBearerLifetime(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string var raw string

View file

@ -24,6 +24,7 @@ const defaultTokenExpDuration = 100 // in epoch
type headersParams struct { type headersParams struct {
XBearerLifetime uint64 XBearerLifetime uint64
XBearerOwnerID string XBearerOwnerID string
XBearerForAllUsers bool
} }
type objectTokenParams struct { type objectTokenParams struct {
@ -41,6 +42,7 @@ type containerTokenParams struct {
func newHeaderParams(params operations.AuthParams) headersParams { func newHeaderParams(params operations.AuthParams) headersParams {
prm := headersParams{ prm := headersParams{
XBearerOwnerID: params.XBearerOwnerID, XBearerOwnerID: params.XBearerOwnerID,
XBearerForAllUsers: *params.XBearerForAllUsers,
} }
if params.XBearerLifetime != nil && *params.XBearerLifetime > 0 { if params.XBearerLifetime != nil && *params.XBearerLifetime > 0 {
@ -122,7 +124,10 @@ func prepareObjectToken(ctx context.Context, params objectTokenParams, pool *poo
if err != nil { if err != nil {
return nil, fmt.Errorf("couldn't transform token to native: %w", err) return nil, fmt.Errorf("couldn't transform token to native: %w", err)
} }
if !params.XBearerForAllUsers {
btoken.ForUser(owner) btoken.ForUser(owner)
}
iat, exp, err := getTokenLifetime(ctx, pool, params.XBearerLifetime) iat, exp, err := getTokenLifetime(ctx, pool, params.XBearerLifetime)
if err != nil { if err != nil {

View file

@ -79,6 +79,11 @@ paths:
name: X-Bearer-Lifetime name: X-Bearer-Lifetime
type: integer type: integer
default: 100 default: 100
- in: header
description: Form token for all users or only for this gate.
name: X-Bearer-For-All-Users
type: boolean
default: false
- in: body - in: body
name: tokens name: tokens
required: true required: true