forked from TrueCloudLab/frostfs-s3-gw
85 lines
1.9 KiB
Go
85 lines
1.9 KiB
Go
|
package authmate
|
||
|
|
||
|
import (
|
||
|
"encoding/json"
|
||
|
"fmt"
|
||
|
|
||
|
apisession "github.com/nspcc-dev/neofs-api-go/v2/session"
|
||
|
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
|
||
|
"github.com/nspcc-dev/neofs-sdk-go/session"
|
||
|
)
|
||
|
|
||
|
type (
|
||
|
sessionTokenModel struct {
|
||
|
Verb string `json:"verb"`
|
||
|
ContainerID string `json:"ContainerID"`
|
||
|
}
|
||
|
|
||
|
sessionTokenContext struct {
|
||
|
verb session.ContainerVerb
|
||
|
containerID *cid.ID
|
||
|
}
|
||
|
)
|
||
|
|
||
|
func (c *sessionTokenContext) UnmarshalJSON(data []byte) (err error) {
|
||
|
var m sessionTokenModel
|
||
|
|
||
|
if err = json.Unmarshal(data, &m); err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
switch m.Verb {
|
||
|
case apisession.ContainerVerbPut.String():
|
||
|
c.verb = session.VerbContainerPut
|
||
|
case apisession.ContainerVerbSetEACL.String():
|
||
|
c.verb = session.VerbContainerSetEACL
|
||
|
case apisession.ContainerVerbDelete.String():
|
||
|
c.verb = session.VerbContainerDelete
|
||
|
default:
|
||
|
return fmt.Errorf("unknown container token verb %s", m.Verb)
|
||
|
}
|
||
|
|
||
|
if len(m.ContainerID) > 0 {
|
||
|
c.containerID = new(cid.ID)
|
||
|
return c.containerID.DecodeString(m.ContainerID)
|
||
|
}
|
||
|
|
||
|
return nil
|
||
|
}
|
||
|
|
||
|
func buildContext(rules []byte) ([]sessionTokenContext, error) {
|
||
|
var sessionCtxs []sessionTokenContext
|
||
|
|
||
|
if len(rules) != 0 {
|
||
|
err := json.Unmarshal(rules, &sessionCtxs)
|
||
|
if err != nil {
|
||
|
return nil, fmt.Errorf("failed to unmarshal rules for session token: %w", err)
|
||
|
}
|
||
|
|
||
|
var (
|
||
|
containsPut = false
|
||
|
containsSetEACL = false
|
||
|
)
|
||
|
for _, d := range sessionCtxs {
|
||
|
if d.verb == session.VerbContainerPut {
|
||
|
containsPut = true
|
||
|
} else if d.verb == session.VerbContainerSetEACL {
|
||
|
containsSetEACL = true
|
||
|
}
|
||
|
}
|
||
|
if containsPut && !containsSetEACL {
|
||
|
sessionCtxs = append(sessionCtxs, sessionTokenContext{
|
||
|
verb: session.VerbContainerSetEACL,
|
||
|
})
|
||
|
}
|
||
|
|
||
|
return sessionCtxs, nil
|
||
|
}
|
||
|
|
||
|
return []sessionTokenContext{
|
||
|
{verb: session.VerbContainerPut},
|
||
|
{verb: session.VerbContainerDelete},
|
||
|
{verb: session.VerbContainerSetEACL},
|
||
|
}, nil
|
||
|
}
|