From 8185b714628554320cb15e2145bd8609d94cf42d Mon Sep 17 00:00:00 2001
From: Denis Kirillov <denis@nspcc.ru>
Date: Fri, 11 Jun 2021 14:52:03 +0300
Subject: [PATCH 1/3] [#65] Allow no sign requests

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
---
 api/auth/center.go |  2 +-
 api/layer/layer.go | 12 +++---------
 api/user-auth.go   | 11 +++++++++--
 3 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/api/auth/center.go b/api/auth/center.go
index 565f11f..aa3a501 100644
--- a/api/auth/center.go
+++ b/api/auth/center.go
@@ -70,7 +70,7 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) {
 
 	authHeaderField := r.Header["Authorization"]
 	if len(authHeaderField) != 1 {
-		return nil, errors.New("unsupported request: wrong length of Authorization header field")
+		return nil, nil
 	}
 
 	sms1 := c.reg.getSubmatches(authHeaderField[0])
diff --git a/api/layer/layer.go b/api/layer/layer.go
index e238b42..db11264 100644
--- a/api/layer/layer.go
+++ b/api/layer/layer.go
@@ -130,18 +130,12 @@ func (n *layer) GetBucketInfo(ctx context.Context, name string) (*BucketInfo, er
 		return nil, err
 	}
 
-	list, err := n.containerList(ctx)
-	if err != nil {
+	containerID := new(cid.ID)
+	if err := containerID.Parse(name); err != nil {
 		return nil, err
 	}
 
-	for _, bkt := range list {
-		if bkt.Name == name {
-			return bkt, nil
-		}
-	}
-
-	return nil, status.Error(codes.NotFound, "bucket not found")
+	return n.containerInfo(ctx, containerID)
 }
 
 // ListBuckets returns all user containers. Name of the bucket is a container
diff --git a/api/user-auth.go b/api/user-auth.go
index cb530e7..0d8f5a0 100644
--- a/api/user-auth.go
+++ b/api/user-auth.go
@@ -26,8 +26,15 @@ func AttachUserAuth(router *mux.Router, center auth.Center, log *zap.Logger) {
 				return
 			}
 
-			h.ServeHTTP(w, r.WithContext(
-				context.WithValue(r.Context(), BearerTokenKey, token)))
+			var ctx context.Context
+			if token == nil {
+				log.Info("couldn't receive bearer token, switch to use neofs-key")
+				ctx = r.Context()
+			} else {
+				ctx = context.WithValue(r.Context(), BearerTokenKey, token)
+			}
+
+			h.ServeHTTP(w, r.WithContext(ctx))
 		})
 	})
 }

From 4df647baac4fb06be53383b8e0bcdba72290228a Mon Sep 17 00:00:00 2001
From: Denis Kirillov <denis@nspcc.ru>
Date: Fri, 11 Jun 2021 19:29:55 +0300
Subject: [PATCH 2/3] [#65] Added NoAuthorizationHeader error

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
---
 api/auth/center.go |  4 +++-
 api/user-auth.go   | 18 +++++++++---------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/api/auth/center.go b/api/auth/center.go
index aa3a501..0d968af 100644
--- a/api/auth/center.go
+++ b/api/auth/center.go
@@ -44,6 +44,8 @@ type (
 	prs int
 )
 
+var ErrNoAuthorizationHeader = errors.New("no authorization header")
+
 func (p prs) Read(_ []byte) (n int, err error) {
 	panic("implement me")
 }
@@ -70,7 +72,7 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) {
 
 	authHeaderField := r.Header["Authorization"]
 	if len(authHeaderField) != 1 {
-		return nil, nil
+		return nil, ErrNoAuthorizationHeader
 	}
 
 	sms1 := c.reg.getSubmatches(authHeaderField[0])
diff --git a/api/user-auth.go b/api/user-auth.go
index 0d8f5a0..df150a4 100644
--- a/api/user-auth.go
+++ b/api/user-auth.go
@@ -19,17 +19,17 @@ var BearerTokenKey = KeyWrapper("__context_bearer_token_key")
 func AttachUserAuth(router *mux.Router, center auth.Center, log *zap.Logger) {
 	router.Use(func(h http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			var ctx context.Context
 			token, err := center.Authenticate(r)
 			if err != nil {
-				log.Error("failed to pass authentication", zap.Error(err))
-				WriteErrorResponse(r.Context(), w, GetAPIError(ErrAccessDenied), r.URL)
-				return
-			}
-
-			var ctx context.Context
-			if token == nil {
-				log.Info("couldn't receive bearer token, switch to use neofs-key")
-				ctx = r.Context()
+				if err == auth.ErrNoAuthorizationHeader {
+					log.Debug("couldn't receive bearer token, using neofs-key")
+					ctx = r.Context()
+				} else {
+					log.Error("failed to pass authentication", zap.Error(err))
+					WriteErrorResponse(r.Context(), w, GetAPIError(ErrAccessDenied), r.URL)
+					return
+				}
 			} else {
 				ctx = context.WithValue(r.Context(), BearerTokenKey, token)
 			}

From 47fc10a869de552415f8dfe4734a28e8c5489269 Mon Sep 17 00:00:00 2001
From: Denis Kirillov <denis@nspcc.ru>
Date: Sun, 13 Jun 2021 14:32:13 +0300
Subject: [PATCH 3/3] [#65] Using containerList falls back

Looking container up using the owner list if its name is not cid

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
---
 api/layer/layer.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/api/layer/layer.go b/api/layer/layer.go
index db11264..ee4ff48 100644
--- a/api/layer/layer.go
+++ b/api/layer/layer.go
@@ -132,7 +132,17 @@ func (n *layer) GetBucketInfo(ctx context.Context, name string) (*BucketInfo, er
 
 	containerID := new(cid.ID)
 	if err := containerID.Parse(name); err != nil {
-		return nil, err
+		list, err := n.containerList(ctx)
+		if err != nil {
+			return nil, err
+		}
+		for _, bkt := range list {
+			if bkt.Name == name {
+				return bkt, nil
+			}
+		}
+
+		return nil, status.Error(codes.NotFound, "bucket not found")
 	}
 
 	return n.containerInfo(ctx, containerID)