[#943] service/object: Do not sign put service message with session token

This is invalid operation for storage nodes that receive part of split object. While object is signed by session token, the message itself should be signed by the node key. Signed-off-by: Alex Vanin <alexey@nspcc.ru>
2021-10-25 15:13:36 +03:00 · 2021-10-25 15:13:36 +03:00 · 508a28fdc0
commit 508a28fdc0
parent 46fa07b7cc
1 changed files with 4 additions and 3 deletions
--- a/pkg/services/object/put/v2/streamer.go
+++ b/pkg/services/object/put/v2/streamer.go
@ -4,7 +4,6 @@ import (
 	"errors"
 	"fmt"

-	"github.com/nspcc-dev/neofs-api-go/pkg/session"
 	"github.com/nspcc-dev/neofs-api-go/v2/object"
 	"github.com/nspcc-dev/neofs-api-go/v2/rpc"
 	sessionV2 "github.com/nspcc-dev/neofs-api-go/v2/session"
@ -97,13 +96,15 @@ func (s *streamer) Send(req *object.PutRequest) (err error) {

 	metaHdr := new(sessionV2.RequestMetaHeader)
 	meta := req.GetMetaHeader()
-	st := session.NewTokenFromV2(meta.GetSessionToken())

 	metaHdr.SetTTL(meta.GetTTL() - 1)
 	metaHdr.SetOrigin(meta)
 	req.SetMetaHeader(metaHdr)

-	key, err := s.keyStorage.GetKey(st)
+	// session token should not be used there
+	// otherwise remote nodes won't be able to
+	// process received part of split object
+	key, err := s.keyStorage.GetKey(nil)
 	if err != nil {
 		return err
 	}