[#943] service/object: Check session token expiration

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2021-10-25 15:19:50 +03:00 committed by Alex Vanin
parent 508a28fdc0
commit 2fbdcbdee1
4 changed files with 36 additions and 7 deletions

View file

@ -177,7 +177,7 @@ func (x *coreClientConstructor) Get(info coreclient.NodeInfo) (coreclient.Client
func initObjectService(c *cfg) {
ls := c.cfgObject.cfgLocalStorage.localStorage
keyStorage := util.NewKeyStorage(&c.key.PrivateKey, c.privateTokenStore)
keyStorage := util.NewKeyStorage(&c.key.PrivateKey, c.privateTokenStore, c.cfgNetmap.state)
nodeOwner := owner.NewID()
neo3Wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(c.key.PublicKey()))

View file

@ -5,24 +5,31 @@ import (
"errors"
"github.com/nspcc-dev/neofs-api-go/pkg/session"
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
"github.com/nspcc-dev/neofs-node/pkg/services/session/storage"
)
// todo(alexvanin): should be a part of status API
var errNoSessionToken = errors.New("session token does not exist")
var (
// todo(alexvanin): should be a part of status API
errNoSessionToken = errors.New("session token does not exist")
errSessionTokenExpired = errors.New("session token has been expired")
)
// KeyStorage represents private key storage of the local node.
type KeyStorage struct {
key *ecdsa.PrivateKey
tokenStore *storage.TokenStore
networkState netmap.State
}
// NewKeyStorage creates, initializes and returns new KeyStorage instance.
func NewKeyStorage(localKey *ecdsa.PrivateKey, tokenStore *storage.TokenStore) *KeyStorage {
func NewKeyStorage(localKey *ecdsa.PrivateKey, tokenStore *storage.TokenStore, net netmap.State) *KeyStorage {
return &KeyStorage{
key: localKey,
tokenStore: tokenStore,
networkState: net,
}
}
@ -34,6 +41,9 @@ func (s *KeyStorage) GetKey(token *session.Token) (*ecdsa.PrivateKey, error) {
if token != nil {
pToken := s.tokenStore.Get(token.OwnerID(), token.ID())
if pToken != nil {
if pToken.ExpiredAt() <= s.networkState.CurrentEpoch() {
return nil, errSessionTokenExpired
}
return pToken.SessionKey(), nil
}
return nil, errNoSessionToken

View file

@ -19,7 +19,7 @@ func TestNewKeyStorage(t *testing.T) {
require.NoError(t, err)
tokenStor := tokenStorage.New()
stor := util.NewKeyStorage(&nodeKey.PrivateKey, tokenStor)
stor := util.NewKeyStorage(&nodeKey.PrivateKey, tokenStor, mockedNetworkState{42})
t.Run("node key", func(t *testing.T) {
key, err := stor.GetKey(nil)
@ -43,6 +43,12 @@ func TestNewKeyStorage(t *testing.T) {
require.Equal(t, pubKey.X, key.PublicKey.X)
require.Equal(t, pubKey.Y, key.PublicKey.Y)
})
t.Run("expired token", func(t *testing.T) {
tok := createToken(t, tokenStor, 30)
_, err := stor.GetKey(tok)
require.Error(t, err)
})
}
func generateToken(t *testing.T) *session.Token {
@ -74,3 +80,11 @@ func createToken(t *testing.T, store *tokenStorage.TokenStore, exp uint64) *sess
return tok
}
type mockedNetworkState struct {
value uint64
}
func (m mockedNetworkState) CurrentEpoch() uint64 {
return m.value
}

View file

@ -15,3 +15,8 @@ type PrivateToken struct {
func (t *PrivateToken) SessionKey() *ecdsa.PrivateKey {
return t.sessionKey
}
// ExpiredAt returns epoch number until token is valid.
func (t *PrivateToken) ExpiredAt() uint64 {
return t.exp
}