2023-07-05 14:04:52 +00:00
|
|
|
package middleware
|
2020-07-16 15:33:47 +00:00
|
|
|
|
|
|
|
import (
|
2023-10-05 08:05:21 +00:00
|
|
|
stderrors "errors"
|
2020-07-16 15:33:47 +00:00
|
|
|
"net/http"
|
2023-10-05 08:05:21 +00:00
|
|
|
"time"
|
2020-07-16 15:33:47 +00:00
|
|
|
|
2023-03-07 14:38:08 +00:00
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
|
2023-10-05 08:05:21 +00:00
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
|
2023-08-23 11:07:52 +00:00
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
|
2020-07-16 15:33:47 +00:00
|
|
|
"go.uber.org/zap"
|
|
|
|
)
|
|
|
|
|
2023-10-05 08:05:21 +00:00
|
|
|
type (
|
|
|
|
// Box contains access box and additional info.
|
|
|
|
Box struct {
|
|
|
|
AccessBox *accessbox.Box
|
|
|
|
ClientTime time.Time
|
|
|
|
AuthHeaders *AuthHeader
|
|
|
|
}
|
|
|
|
|
|
|
|
// Center is a user authentication interface.
|
|
|
|
Center interface {
|
|
|
|
// Authenticate validate and authenticate request.
|
|
|
|
// Must return ErrNoAuthorizationHeader if auth header is missed.
|
|
|
|
Authenticate(request *http.Request) (*Box, error)
|
|
|
|
}
|
|
|
|
|
|
|
|
//nolint:revive
|
|
|
|
AuthHeader struct {
|
|
|
|
AccessKeyID string
|
|
|
|
Region string
|
|
|
|
SignatureV4 string
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
// ErrNoAuthorizationHeader is returned for unauthenticated requests.
|
|
|
|
var ErrNoAuthorizationHeader = stderrors.New("no authorization header")
|
|
|
|
|
|
|
|
func Auth(center Center, log *zap.Logger) Func {
|
2022-12-27 12:30:11 +00:00
|
|
|
return func(h http.Handler) http.Handler {
|
2020-07-16 15:33:47 +00:00
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
2023-07-06 09:13:45 +00:00
|
|
|
ctx := r.Context()
|
2021-07-16 12:35:07 +00:00
|
|
|
box, err := center.Authenticate(r)
|
2020-07-16 15:33:47 +00:00
|
|
|
if err != nil {
|
2023-10-05 08:05:21 +00:00
|
|
|
if err == ErrNoAuthorizationHeader {
|
2023-08-23 11:07:52 +00:00
|
|
|
reqLogOrDefault(ctx, log).Debug(logs.CouldntReceiveAccessBoxForGateKeyRandomKeyWillBeUsed)
|
2021-06-11 16:29:55 +00:00
|
|
|
} else {
|
2023-08-23 11:07:52 +00:00
|
|
|
reqLogOrDefault(ctx, log).Error(logs.FailedToPassAuthentication, zap.Error(err))
|
2021-08-09 08:53:58 +00:00
|
|
|
if _, ok := err.(errors.Error); !ok {
|
|
|
|
err = errors.GetAPIError(errors.ErrAccessDenied)
|
|
|
|
}
|
|
|
|
WriteErrorResponse(w, GetReqInfo(r.Context()), err)
|
2021-06-11 16:29:55 +00:00
|
|
|
return
|
|
|
|
}
|
2021-06-11 11:52:03 +00:00
|
|
|
} else {
|
2023-08-14 15:34:41 +00:00
|
|
|
ctx = SetBoxData(ctx, box.AccessBox)
|
2022-11-08 09:12:55 +00:00
|
|
|
if !box.ClientTime.IsZero() {
|
2023-08-14 15:34:41 +00:00
|
|
|
ctx = SetClientTime(ctx, box.ClientTime)
|
2022-11-08 09:12:55 +00:00
|
|
|
}
|
2023-08-14 15:34:41 +00:00
|
|
|
ctx = SetAuthHeaders(ctx, box.AuthHeaders)
|
2021-06-11 11:52:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
h.ServeHTTP(w, r.WithContext(ctx))
|
2020-07-16 15:33:47 +00:00
|
|
|
})
|
2022-12-27 12:30:11 +00:00
|
|
|
}
|
2020-07-16 15:33:47 +00:00
|
|
|
}
|