[#247] object/eacl: Use object ID from session token context

Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
Leonard Lyubich 2020-12-14 16:50:45 +03:00 committed by Leonard Lyubich
parent 168dcbdccd
commit 8654458b19
2 changed files with 65 additions and 21 deletions

View file

@ -143,9 +143,11 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
return err return err
} }
sTok := request.GetMetaHeader().GetSessionToken()
req := metaWithToken{ req := metaWithToken{
vheader: request.GetVerificationHeader(), vheader: request.GetVerificationHeader(),
token: request.GetMetaHeader().GetSessionToken(), token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(), bearer: request.GetMetaHeader().GetBearerToken(),
} }
@ -155,6 +157,7 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
} }
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody()) reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
useObjectIDFromSession(&reqInfo, sTok)
if !basicACLCheck(reqInfo) { if !basicACLCheck(reqInfo) {
return basicACLErr(reqInfo) return basicACLErr(reqInfo)
@ -188,9 +191,11 @@ func (b Service) Head(
return nil, err return nil, err
} }
sTok := request.GetMetaHeader().GetSessionToken()
req := metaWithToken{ req := metaWithToken{
vheader: request.GetVerificationHeader(), vheader: request.GetVerificationHeader(),
token: request.GetMetaHeader().GetSessionToken(), token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(), bearer: request.GetMetaHeader().GetBearerToken(),
} }
@ -200,6 +205,7 @@ func (b Service) Head(
} }
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody()) reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
useObjectIDFromSession(&reqInfo, sTok)
if !basicACLCheck(reqInfo) { if !basicACLCheck(reqInfo) {
return nil, basicACLErr(reqInfo) return nil, basicACLErr(reqInfo)
@ -260,9 +266,11 @@ func (b Service) Delete(
return nil, err return nil, err
} }
sTok := request.GetMetaHeader().GetSessionToken()
req := metaWithToken{ req := metaWithToken{
vheader: request.GetVerificationHeader(), vheader: request.GetVerificationHeader(),
token: request.GetMetaHeader().GetSessionToken(), token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(), bearer: request.GetMetaHeader().GetBearerToken(),
} }
@ -272,6 +280,7 @@ func (b Service) Delete(
} }
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody()) reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
useObjectIDFromSession(&reqInfo, sTok)
if !basicACLCheck(reqInfo) { if !basicACLCheck(reqInfo) {
return nil, basicACLErr(reqInfo) return nil, basicACLErr(reqInfo)
@ -288,9 +297,11 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
return err return err
} }
sTok := request.GetMetaHeader().GetSessionToken()
req := metaWithToken{ req := metaWithToken{
vheader: request.GetVerificationHeader(), vheader: request.GetVerificationHeader(),
token: request.GetMetaHeader().GetSessionToken(), token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(), bearer: request.GetMetaHeader().GetBearerToken(),
} }
@ -300,6 +311,7 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
} }
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody()) reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
useObjectIDFromSession(&reqInfo, sTok)
if !basicACLCheck(reqInfo) { if !basicACLCheck(reqInfo) {
return basicACLErr(reqInfo) return basicACLErr(reqInfo)
@ -323,9 +335,11 @@ func (b Service) GetRangeHash(
return nil, err return nil, err
} }
sTok := request.GetMetaHeader().GetSessionToken()
req := metaWithToken{ req := metaWithToken{
vheader: request.GetVerificationHeader(), vheader: request.GetVerificationHeader(),
token: request.GetMetaHeader().GetSessionToken(), token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(), bearer: request.GetMetaHeader().GetBearerToken(),
} }
@ -335,6 +349,7 @@ func (b Service) GetRangeHash(
} }
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody()) reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
useObjectIDFromSession(&reqInfo, sTok)
if !basicACLCheck(reqInfo) { if !basicACLCheck(reqInfo) {
return nil, basicACLErr(reqInfo) return nil, basicACLErr(reqInfo)
@ -363,9 +378,11 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
return err return err
} }
sTok := part.GetHeader().GetSessionToken()
req := metaWithToken{ req := metaWithToken{
vheader: request.GetVerificationHeader(), vheader: request.GetVerificationHeader(),
token: part.GetHeader().GetSessionToken(), token: sTok,
bearer: request.GetMetaHeader().GetBearerToken(), bearer: request.GetMetaHeader().GetBearerToken(),
} }
@ -375,6 +392,7 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
} }
reqInfo.oid = getObjectIDFromRequestBody(part) reqInfo.oid = getObjectIDFromRequestBody(part)
useObjectIDFromSession(&reqInfo, sTok)
if !basicACLCheck(reqInfo) || !stickyBitCheck(reqInfo, ownerID) { if !basicACLCheck(reqInfo) || !stickyBitCheck(reqInfo, ownerID) {
return basicACLErr(reqInfo) return basicACLErr(reqInfo)
@ -484,6 +502,21 @@ func getContainerIDFromRequest(req interface{}) (id *container.ID, err error) {
} }
} }
func useObjectIDFromSession(req *requestInfo, token *session.SessionToken) {
if token == nil {
return
}
objCtx, ok := token.GetBody().GetContext().(*session.ObjectSessionContext)
if !ok {
return
}
req.oid = objectSDK.NewIDFromV2(
objCtx.GetAddress().GetObjectID(),
)
}
func getObjectIDFromRequestBody(body interface{}) *objectSDK.ID { func getObjectIDFromRequestBody(body interface{}) *objectSDK.ID {
switch v := body.(type) { switch v := body.(type) {
default: default:

View file

@ -64,7 +64,7 @@ func (h *headerSource) HeadersOfType(typ eaclSDK.FilterHeaderType) ([]eacl.Heade
case eaclSDK.HeaderFromRequest: case eaclSDK.HeaderFromRequest:
return requestHeaders(h.msg), true return requestHeaders(h.msg), true
case eaclSDK.HeaderFromObject: case eaclSDK.HeaderFromObject:
return h.objectHeaders(), true return h.objectHeaders()
} }
} }
@ -80,7 +80,7 @@ func requestHeaders(msg xHeaderSource) []eacl.Header {
return res return res
} }
func (h *headerSource) objectHeaders() []eacl.Header { func (h *headerSource) objectHeaders() ([]eacl.Header, bool) {
switch m := h.msg.(type) { switch m := h.msg.(type) {
default: default:
panic(fmt.Sprintf("unexpected message type %T", h.msg)) panic(fmt.Sprintf("unexpected message type %T", h.msg))
@ -89,39 +89,50 @@ func (h *headerSource) objectHeaders() []eacl.Header {
case *objectV2.GetRequest: case *objectV2.GetRequest:
return h.localObjectHeaders(req.GetBody().GetAddress()) return h.localObjectHeaders(req.GetBody().GetAddress())
case *objectV2.DeleteRequest: case *objectV2.DeleteRequest:
return h.localObjectHeaders(req.GetBody().GetAddress()) hs, _ := h.localObjectHeaders(req.GetBody().GetAddress())
return hs, true
case *objectV2.HeadRequest: case *objectV2.HeadRequest:
return h.localObjectHeaders(req.GetBody().GetAddress()) return h.localObjectHeaders(req.GetBody().GetAddress())
case *objectV2.GetRangeRequest: case *objectV2.GetRangeRequest:
return h.localObjectHeaders(req.GetBody().GetAddress()) hs, _ := h.localObjectHeaders(req.GetBody().GetAddress())
return hs, true
case *objectV2.GetRangeHashRequest: case *objectV2.GetRangeHashRequest:
return h.localObjectHeaders(req.GetBody().GetAddress()) hs, _ := h.localObjectHeaders(req.GetBody().GetAddress())
return hs, true
case *objectV2.PutRequest: case *objectV2.PutRequest:
if v, ok := req.GetBody().GetObjectPart().(*objectV2.PutObjectPartInit); ok { if v, ok := req.GetBody().GetObjectPart().(*objectV2.PutObjectPartInit); ok {
oV2 := new(objectV2.Object) oV2 := new(objectV2.Object)
oV2.SetObjectID(v.GetObjectID()) oV2.SetObjectID(v.GetObjectID())
oV2.SetHeader(v.GetHeader()) oV2.SetHeader(v.GetHeader())
return headersFromObject(object.NewFromV2(oV2)) hs := headersFromObject(object.NewFromV2(oV2))
if tok := oV2.GetHeader().GetSessionToken(); tok != nil {
objCtx, ok := tok.GetBody().GetContext().(*session.ObjectSessionContext)
if ok {
hs = append(hs, addressHeaders(objectSDK.NewAddressFromV2(objCtx.GetAddress()))...)
}
}
return hs, true
} }
case *objectV2.SearchRequest: case *objectV2.SearchRequest:
return []eacl.Header{cidHeader( return []eacl.Header{cidHeader(
container.NewIDFromV2( container.NewIDFromV2(
req.GetBody().GetContainerID()), req.GetBody().GetContainerID()),
), )}, true
}
} }
case *responseXHeaderSource: case *responseXHeaderSource:
switch resp := m.resp.(type) { switch resp := m.resp.(type) {
default: default:
return h.localObjectHeaders(m.addr) hs, _ := h.localObjectHeaders(m.addr)
return hs, true
case *objectV2.GetResponse: case *objectV2.GetResponse:
if v, ok := resp.GetBody().GetObjectPart().(*objectV2.GetObjectPartInit); ok { if v, ok := resp.GetBody().GetObjectPart().(*objectV2.GetObjectPartInit); ok {
oV2 := new(objectV2.Object) oV2 := new(objectV2.Object)
oV2.SetObjectID(v.GetObjectID()) oV2.SetObjectID(v.GetObjectID())
oV2.SetHeader(v.GetHeader()) oV2.SetHeader(v.GetHeader())
return headersFromObject(object.NewFromV2(oV2)) return headersFromObject(object.NewFromV2(oV2)), true
} }
case *objectV2.HeadResponse: case *objectV2.HeadResponse:
oV2 := new(objectV2.Object) oV2 := new(objectV2.Object)
@ -147,22 +158,22 @@ func (h *headerSource) objectHeaders() []eacl.Header {
return append( return append(
headersFromObject(object.NewFromV2(oV2)), headersFromObject(object.NewFromV2(oV2)),
oidHeader(objectSDK.NewIDFromV2(m.addr.GetObjectID())), oidHeader(objectSDK.NewIDFromV2(m.addr.GetObjectID())),
) ), true
} }
} }
return nil return nil, true
} }
func (h *headerSource) localObjectHeaders(addrV2 *refs.Address) []eacl.Header { func (h *headerSource) localObjectHeaders(addrV2 *refs.Address) ([]eacl.Header, bool) {
addr := objectSDK.NewAddressFromV2(addrV2) addr := objectSDK.NewAddressFromV2(addrV2)
obj, err := h.storage.Head(addr) obj, err := h.storage.Head(addr)
if err == nil { if err == nil {
return headersFromObject(obj) return append(headersFromObject(obj), addressHeaders(addr)...), true
} }
return addressHeaders(addr) return addressHeaders(addr), false
} }
func cidHeader(cid *container.ID) eacl.Header { func cidHeader(cid *container.ID) eacl.Header {