[#561] acl: Fetch bearer token from original request meta header

Request meta headers are organized in a layers, where
upper layers re-sign down layers. Bearer token should be
a part of original meta header and it can be omitted in
upper layers. Therefore we need to traverse over linked list
of meta header to the original meta header to get bearer token.

Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2021-05-26 19:49:42 +03:00 committed by Alex Vanin
parent 8448207854
commit d368afffe5

View file

@ -149,7 +149,7 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
req := metaWithToken{ req := metaWithToken{
vheader: request.GetVerificationHeader(), vheader: request.GetVerificationHeader(),
token: sTok, token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(), bearer: originalBearerToken(request.GetMetaHeader()),
src: request, src: request,
} }
@ -197,7 +197,7 @@ func (b Service) Head(
req := metaWithToken{ req := metaWithToken{
vheader: request.GetVerificationHeader(), vheader: request.GetVerificationHeader(),
token: sTok, token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(), bearer: originalBearerToken(request.GetMetaHeader()),
src: request, src: request,
} }
@ -236,7 +236,7 @@ func (b Service) Search(request *object.SearchRequest, stream objectSvc.SearchSt
req := metaWithToken{ req := metaWithToken{
vheader: request.GetVerificationHeader(), vheader: request.GetVerificationHeader(),
token: request.GetMetaHeader().GetSessionToken(), token: request.GetMetaHeader().GetSessionToken(),
bearer: request.GetMetaHeader().GetBearerToken(), bearer: originalBearerToken(request.GetMetaHeader()),
src: request, src: request,
} }
@ -273,7 +273,7 @@ func (b Service) Delete(
req := metaWithToken{ req := metaWithToken{
vheader: request.GetVerificationHeader(), vheader: request.GetVerificationHeader(),
token: sTok, token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(), bearer: originalBearerToken(request.GetMetaHeader()),
src: request, src: request,
} }
@ -305,7 +305,7 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
req := metaWithToken{ req := metaWithToken{
vheader: request.GetVerificationHeader(), vheader: request.GetVerificationHeader(),
token: sTok, token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(), bearer: originalBearerToken(request.GetMetaHeader()),
src: request, src: request,
} }
@ -343,7 +343,7 @@ func (b Service) GetRangeHash(
req := metaWithToken{ req := metaWithToken{
vheader: request.GetVerificationHeader(), vheader: request.GetVerificationHeader(),
token: sTok, token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(), bearer: originalBearerToken(request.GetMetaHeader()),
src: request, src: request,
} }
@ -387,7 +387,7 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
req := metaWithToken{ req := metaWithToken{
vheader: request.GetVerificationHeader(), vheader: request.GetVerificationHeader(),
token: sTok, token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(), bearer: originalBearerToken(request.GetMetaHeader()),
src: request, src: request,
} }
@ -771,3 +771,13 @@ func isOwnerFromKey(id *owner.ID, key *ecdsa.PublicKey) bool {
// binary comparison is better but MarshalBinary is more expensive // binary comparison is better but MarshalBinary is more expensive
return bytes.Equal(id.ToV2().GetValue(), wallet.Bytes()) return bytes.Equal(id.ToV2().GetValue(), wallet.Bytes())
} }
// originalBearerToken goes down to original request meta header and fetches
// bearer token from there.
func originalBearerToken(header *session.RequestMetaHeader) *bearer.BearerToken {
for header.GetOrigin() != nil {
header = header.GetOrigin()
}
return header.GetBearerToken()
}