diff --git a/api/auth/center.go b/api/auth/center.go index 1b572a86f..72ca7677a 100644 --- a/api/auth/center.go +++ b/api/auth/center.go @@ -14,7 +14,7 @@ import ( "github.com/aws/aws-sdk-go/aws/credentials" v4 "github.com/aws/aws-sdk-go/aws/signer/v4" "github.com/nspcc-dev/neofs-api-go/pkg/object" - "github.com/nspcc-dev/neofs-api-go/pkg/token" + "github.com/nspcc-dev/neofs-s3-gw/creds/accessbox" "github.com/nspcc-dev/neofs-s3-gw/creds/tokens" "github.com/nspcc-dev/neofs-sdk-go/pkg/pool" "go.uber.org/zap" @@ -25,7 +25,7 @@ var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=( type ( // Center is a user authentication interface. Center interface { - Authenticate(request *http.Request) (*token.BearerToken, error) + Authenticate(request *http.Request) (*accessbox.GateData, error) } center struct { @@ -63,7 +63,7 @@ func New(conns pool.Pool, key *ecdsa.PrivateKey) Center { } } -func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) { +func (c *center) Authenticate(r *http.Request) (*accessbox.GateData, error) { queryValues := r.URL.Query() if queryValues.Get("X-Amz-Algorithm") == "AWS4-HMAC-SHA256" { return nil, errors.New("pre-signed form of request is not supported") @@ -127,5 +127,5 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) { return nil, errors.New("failed to pass authentication procedure") } - return tkns.BearerToken, nil + return tkns, nil } diff --git a/api/layer/layer.go b/api/layer/layer.go index 4f81afb4a..d5d550504 100644 --- a/api/layer/layer.go +++ b/api/layer/layer.go @@ -13,8 +13,8 @@ import ( cid "github.com/nspcc-dev/neofs-api-go/pkg/container/id" "github.com/nspcc-dev/neofs-api-go/pkg/object" "github.com/nspcc-dev/neofs-api-go/pkg/owner" - "github.com/nspcc-dev/neofs-api-go/pkg/token" "github.com/nspcc-dev/neofs-s3-gw/api" + "github.com/nspcc-dev/neofs-s3-gw/creds/accessbox" "github.com/nspcc-dev/neofs-sdk-go/pkg/pool" "go.uber.org/zap" "google.golang.org/grpc/codes" @@ -106,8 +106,8 @@ func NewLayer(log *zap.Logger, conns pool.Pool) Client { // Owner returns owner id from BearerToken (context) or from client owner. func (n *layer) Owner(ctx context.Context) *owner.ID { - if tkn, ok := ctx.Value(api.BearerTokenKey).(*token.BearerToken); ok && tkn != nil { - return tkn.Issuer() + if data, ok := ctx.Value(api.GateData).(*accessbox.GateData); ok && data != nil { + return data.BearerToken.Issuer() } return n.pool.OwnerID() @@ -115,13 +115,22 @@ func (n *layer) Owner(ctx context.Context) *owner.ID { // BearerOpt returns client.WithBearer call option with token from context or with nil token. func (n *layer) BearerOpt(ctx context.Context) client.CallOption { - if tkn, ok := ctx.Value(api.BearerTokenKey).(*token.BearerToken); ok && tkn != nil { - return client.WithBearer(tkn) + if data, ok := ctx.Value(api.GateData).(*accessbox.GateData); ok && data != nil { + return client.WithBearer(data.BearerToken) } return client.WithBearer(nil) } +// SessionOpt returns client.WithSession call option with token from context or with nil token. +func (n *layer) SessionOpt(ctx context.Context) client.CallOption { + if data, ok := ctx.Value(api.GateData).(*accessbox.GateData); ok && data != nil { + return client.WithSession(data.SessionToken) + } + + return client.WithSession(nil) +} + // Get NeoFS Object by refs.Address (should be used by auth.Center). func (n *layer) Get(ctx context.Context, address *object.Address) (*object.Object, error) { ops := new(client.GetObjectParams).WithAddress(address) diff --git a/api/user-auth.go b/api/user-auth.go index df150a498..6b4d5437e 100644 --- a/api/user-auth.go +++ b/api/user-auth.go @@ -12,15 +12,15 @@ import ( // KeyWrapper is wrapper for context keys. type KeyWrapper string -// BearerTokenKey is an ID used to store bearer token in a context. -var BearerTokenKey = KeyWrapper("__context_bearer_token_key") +// GateData is an ID used to store GateData in a context. +var GateData = KeyWrapper("__context_gate_data_key") // AttachUserAuth adds user authentication via center to router using log for logging. func AttachUserAuth(router *mux.Router, center auth.Center, log *zap.Logger) { router.Use(func(h http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { var ctx context.Context - token, err := center.Authenticate(r) + tokens, err := center.Authenticate(r) if err != nil { if err == auth.ErrNoAuthorizationHeader { log.Debug("couldn't receive bearer token, using neofs-key") @@ -31,7 +31,7 @@ func AttachUserAuth(router *mux.Router, center auth.Center, log *zap.Logger) { return } } else { - ctx = context.WithValue(r.Context(), BearerTokenKey, token) + ctx = context.WithValue(r.Context(), GateData, tokens) } h.ServeHTTP(w, r.WithContext(ctx))