[#13] Add bearer token usage in receive/upload methods
This commit is contained in:
parent
e45e5ed6f9
commit
237c247ec4
5 changed files with 65 additions and 18 deletions
32
bearer.go
32
bearer.go
|
@ -4,32 +4,33 @@ import (
|
|||
"bytes"
|
||||
"encoding/base64"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/token"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/valyala/fasthttp"
|
||||
)
|
||||
|
||||
type fromHandler = func(h *fasthttp.RequestHeader) []byte
|
||||
|
||||
const bearerToken = "Bearer"
|
||||
const (
|
||||
bearerTokenHdr = "Bearer"
|
||||
bearerTokenKey = "__context_bearer_token_key"
|
||||
)
|
||||
|
||||
// BearerToken usage:
|
||||
//
|
||||
// if tkn, err = BearerToken(c); err != nil && tkn == nil {
|
||||
// if err = checkAndPropagateBearerToken(ctx); err != nil {
|
||||
// log.Error("could not fetch bearer token", zap.Error(err))
|
||||
// c.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
|
||||
// return
|
||||
// }
|
||||
var _ = BearerToken
|
||||
|
||||
func fromHeader(h *fasthttp.RequestHeader) []byte {
|
||||
auth := h.Peek(fasthttp.HeaderAuthorization)
|
||||
if auth == nil || !bytes.HasPrefix(auth, []byte(bearerToken)) {
|
||||
if auth == nil || !bytes.HasPrefix(auth, []byte(bearerTokenHdr)) {
|
||||
return nil
|
||||
}
|
||||
|
||||
if auth = bytes.TrimPrefix(auth, []byte(bearerToken+" ")); len(auth) == 0 {
|
||||
if auth = bytes.TrimPrefix(auth, []byte(bearerTokenHdr+" ")); len(auth) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -37,7 +38,7 @@ func fromHeader(h *fasthttp.RequestHeader) []byte {
|
|||
}
|
||||
|
||||
func fromCookie(h *fasthttp.RequestHeader) []byte {
|
||||
auth := h.Cookie(bearerToken)
|
||||
auth := h.Cookie(bearerTokenHdr)
|
||||
if len(auth) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
@ -45,10 +46,21 @@ func fromCookie(h *fasthttp.RequestHeader) []byte {
|
|||
return auth
|
||||
}
|
||||
|
||||
func BearerToken(ctx *fasthttp.RequestCtx) (*token.BearerToken, error) {
|
||||
func checkAndPropagateBearerToken(ctx *fasthttp.RequestCtx) error {
|
||||
tkn, err := fetchBearerToken(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// This is an analog of context.WithValue.
|
||||
ctx.SetUserValue(bearerTokenKey, tkn)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func fetchBearerToken(ctx *fasthttp.RequestCtx) (*token.BearerToken, error) {
|
||||
// ignore empty value
|
||||
if ctx == nil {
|
||||
panic(nil)
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -4,24 +4,23 @@ import (
|
|||
"encoding/base64"
|
||||
"testing"
|
||||
|
||||
sdk "github.com/nspcc-dev/cdn-sdk"
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/owner"
|
||||
|
||||
"github.com/nspcc-dev/neofs-api-go/pkg/token"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/valyala/fasthttp"
|
||||
)
|
||||
|
||||
func makeTestCookie(value []byte) *fasthttp.RequestHeader {
|
||||
header := new(fasthttp.RequestHeader)
|
||||
header.SetCookie(bearerToken, string(value))
|
||||
header.SetCookie(bearerTokenHdr, string(value))
|
||||
return header
|
||||
}
|
||||
|
||||
func makeTestHeader(value []byte) *fasthttp.RequestHeader {
|
||||
header := new(fasthttp.RequestHeader)
|
||||
if value != nil {
|
||||
header.Set(fasthttp.HeaderAuthorization, bearerToken+" "+string(value))
|
||||
header.Set(fasthttp.HeaderAuthorization, bearerTokenHdr+" "+string(value))
|
||||
}
|
||||
return header
|
||||
}
|
||||
|
@ -60,7 +59,7 @@ func Test_fromHeader(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestBearerToken(t *testing.T) {
|
||||
func Test_fetchBearerToken(t *testing.T) {
|
||||
uid := owner.NewID()
|
||||
|
||||
tkn := new(token.BearerToken)
|
||||
|
@ -111,7 +110,7 @@ func TestBearerToken(t *testing.T) {
|
|||
for _, tt := range cases {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
ctx := makeTestRequest(tt.cookie, tt.header)
|
||||
actual, err := BearerToken(ctx)
|
||||
actual, err := fetchBearerToken(ctx)
|
||||
|
||||
if tt.error == "" {
|
||||
require.NoError(t, err)
|
||||
|
@ -129,11 +128,34 @@ func makeTestRequest(cookie, header string) *fasthttp.RequestCtx {
|
|||
ctx := new(fasthttp.RequestCtx)
|
||||
|
||||
if cookie != "" {
|
||||
ctx.Request.Header.SetCookie(bearerToken, cookie)
|
||||
ctx.Request.Header.SetCookie(bearerTokenHdr, cookie)
|
||||
}
|
||||
|
||||
if header != "" {
|
||||
ctx.Request.Header.Set(fasthttp.HeaderAuthorization, bearerToken+" "+header)
|
||||
ctx.Request.Header.Set(fasthttp.HeaderAuthorization, bearerTokenHdr+" "+header)
|
||||
}
|
||||
return ctx
|
||||
}
|
||||
|
||||
func Test_checkAndPropagateBearerToken(t *testing.T) {
|
||||
uid := owner.NewID()
|
||||
|
||||
tkn := new(token.BearerToken)
|
||||
tkn.SetOwner(uid)
|
||||
|
||||
data, err := tkn.Marshal()
|
||||
require.NoError(t, err)
|
||||
|
||||
t64 := base64.StdEncoding.EncodeToString(data)
|
||||
require.NotEmpty(t, t64)
|
||||
|
||||
ctx := makeTestRequest(t64, "")
|
||||
|
||||
// Expect to see the token within the context.
|
||||
require.NoError(t, checkAndPropagateBearerToken(ctx))
|
||||
|
||||
// Expect to see the same token without errors.
|
||||
actual, err := sdk.BearerToken(ctx)
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, tkn, actual)
|
||||
}
|
||||
|
|
1
go.mod
1
go.mod
|
@ -11,6 +11,7 @@ require (
|
|||
github.com/prometheus/common v0.15.0
|
||||
github.com/spf13/pflag v1.0.5
|
||||
github.com/spf13/viper v1.7.1
|
||||
github.com/stretchr/testify v1.7.0
|
||||
github.com/valyala/fasthttp v1.20.0
|
||||
go.uber.org/zap v1.16.0
|
||||
google.golang.org/grpc v1.35.0
|
||||
|
|
|
@ -57,6 +57,12 @@ func (r *request) receiveFile(address *object.Address) {
|
|||
filename string
|
||||
)
|
||||
|
||||
if err = checkAndPropagateBearerToken(r.RequestCtx); err != nil {
|
||||
r.log.Error("could not fetch bearer token", zap.Error(err))
|
||||
r.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
writer := newDetector(r.Response.BodyWriter())
|
||||
obj, err := r.obj.Get(r, address, sdk.WithGetWriter(writer))
|
||||
if err != nil {
|
||||
|
|
|
@ -44,6 +44,12 @@ func (a *app) upload(c *fasthttp.RequestCtx) {
|
|||
log = a.log.With(zap.String("cid", sCID))
|
||||
)
|
||||
|
||||
if err = checkAndPropagateBearerToken(c); err != nil {
|
||||
log.Error("could not fetch bearer token", zap.Error(err))
|
||||
c.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
if err = cid.Parse(sCID); err != nil {
|
||||
log.Error("wrong container id", zap.Error(err))
|
||||
c.Error("wrong container id", fasthttp.StatusBadRequest)
|
||||
|
|
Loading…
Reference in a new issue