frostfs-http-gw/tokens/bearer-token.go

package tokens

import (
	"bytes"
	"context"
	"encoding/base64"
	"errors"
	"fmt"

	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
	"github.com/valyala/fasthttp"
)

type fromHandler = func(h *fasthttp.RequestHeader) []byte

type ctxKey string

const (
	bearerTokenHdr        = "Bearer"
	bearerTokenKey ctxKey = "__context_bearer_token_key"
)

// BearerToken usage:
//
// if err = storeBearerToken(ctx); err != nil {
// 	log.Error("could not fetch bearer token", zap.Error(err))
// 	c.Error("could not fetch bearer token", fasthttp.StatusBadRequest)
// 	return
// }

// BearerTokenFromHeader extracts a bearer token from Authorization request header.
func BearerTokenFromHeader(h *fasthttp.RequestHeader) []byte {
	auth := h.Peek(fasthttp.HeaderAuthorization)
	if auth == nil || !bytes.HasPrefix(auth, []byte(bearerTokenHdr)) {
		return nil
	}
	if auth = bytes.TrimPrefix(auth, []byte(bearerTokenHdr+" ")); len(auth) == 0 {
		return nil
	}
	return auth
}

// BearerTokenFromCookie extracts a bearer token from cookies.
func BearerTokenFromCookie(h *fasthttp.RequestHeader) []byte {
	auth := h.Cookie(bearerTokenHdr)
	if len(auth) == 0 {
		return nil
	}

	return auth
}

// StoreBearerTokenAppCtx extracts a bearer token from the header or cookie and stores
// it in the application context.
func StoreBearerTokenAppCtx(ctx context.Context, req *fasthttp.RequestCtx) (context.Context, error) {
	tkn, err := fetchBearerToken(req)
	if err != nil {
		return nil, err
	}
	newCtx := context.WithValue(ctx, bearerTokenKey, tkn)
	return newCtx, nil
}

// LoadBearerToken returns a bearer token stored in the context given (if it's
// present there).
func LoadBearerToken(ctx context.Context) (*bearer.Token, error) {
	if tkn, ok := ctx.Value(bearerTokenKey).(*bearer.Token); ok && tkn != nil {
		return tkn, nil
	}
	return nil, errors.New("found empty bearer token")
}

func fetchBearerToken(ctx *fasthttp.RequestCtx) (*bearer.Token, error) {
	// ignore empty value
	if ctx == nil {
		return nil, nil
	}
	var (
		lastErr error

		buf []byte
		tkn = new(bearer.Token)
	)
	for _, parse := range []fromHandler{BearerTokenFromHeader, BearerTokenFromCookie} {
		if buf = parse(&ctx.Request.Header); buf == nil {
			continue
		} else if data, err := base64.StdEncoding.DecodeString(string(buf)); err != nil {
			lastErr = fmt.Errorf("can't base64-decode bearer token: %w", err)
			continue
		} else if err = tkn.Unmarshal(data); err != nil {
			lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err)
			continue
		}

		return tkn, nil
	}

	return nil, lastErr
}
[#19] Extract uploading logic into a separate package Signed-off-by: Pavel Korotkov <pavel@nspcc.ru> 2021-03-31 16:58:42 +00:00			`package tokens`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00
			`import (`
			`"bytes"`
[#19] Add a version with no cdn-sdk deps Signed-off-by: Pavel Korotkov <pavel@nspcc.ru> 2021-03-30 22:46:33 +00:00			`"context"`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00			`"encoding/base64"`
*: drop github.com/pkg/errors dependency Use standard error wrapping/unwrapping instead. The conversion is mostly straightforward, but see grpc/grpc-go#2934 for GRPC `status.FromError`, it doesn't currently support unwrapping/errors.As(), so we're unwrapping manually here. 2021-04-29 15:32:01 +00:00			`"errors"`
			`"fmt"`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00
Rename package name Due to source code relocation from GitHub. Signed-off-by: Alex Vanin <a.vanin@yadro.com> 2023-03-07 14:08:53 +00:00			`"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00			`"github.com/valyala/fasthttp"`
			`)`

			`type fromHandler = func(h *fasthttp.RequestHeader) []byte`

[#54] Fix linter warnings Signed-off-by: Alex Vanin <a.vanin@yadro.com> 2023-05-31 13:34:04 +00:00			`type ctxKey string`

[#13] Add bearer token usage in receive/upload methods 2021-02-16 15:20:15 +00:00			`const (`
[#54] Fix linter warnings Signed-off-by: Alex Vanin <a.vanin@yadro.com> 2023-05-31 13:34:04 +00:00			`bearerTokenHdr = "Bearer"`
			`bearerTokenKey ctxKey = "__context_bearer_token_key"`
[#13] Add bearer token usage in receive/upload methods 2021-02-16 15:20:15 +00:00			`)`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00
			`// BearerToken usage:`
			`//`
[#19] Add a version with no cdn-sdk deps Signed-off-by: Pavel Korotkov <pavel@nspcc.ru> 2021-03-30 22:46:33 +00:00			`// if err = storeBearerToken(ctx); err != nil {`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00			`// log.Error("could not fetch bearer token", zap.Error(err))`
			`// c.Error("could not fetch bearer token", fasthttp.StatusBadRequest)`
			`// return`
			`// }`

[#153] English Check Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru> 2022-04-21 08:35:57 +00:00			`// BearerTokenFromHeader extracts a bearer token from Authorization request header.`
[#19] Extract uploading logic into a separate package Signed-off-by: Pavel Korotkov <pavel@nspcc.ru> 2021-03-31 16:58:42 +00:00			`func BearerTokenFromHeader(h *fasthttp.RequestHeader) []byte {`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00			`auth := h.Peek(fasthttp.HeaderAuthorization)`
[#13] Add bearer token usage in receive/upload methods 2021-02-16 15:20:15 +00:00			`if auth == nil \|\| !bytes.HasPrefix(auth, []byte(bearerTokenHdr)) {`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00			`return nil`
			`}`
[#13] Add bearer token usage in receive/upload methods 2021-02-16 15:20:15 +00:00			`if auth = bytes.TrimPrefix(auth, []byte(bearerTokenHdr+" ")); len(auth) == 0 {`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00			`return nil`
			`}`
			`return auth`
			`}`

[#153] English Check Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru> 2022-04-21 08:35:57 +00:00			`// BearerTokenFromCookie extracts a bearer token from cookies.`
[#19] Extract uploading logic into a separate package Signed-off-by: Pavel Korotkov <pavel@nspcc.ru> 2021-03-31 16:58:42 +00:00			`func BearerTokenFromCookie(h *fasthttp.RequestHeader) []byte {`
[#13] Add bearer token usage in receive/upload methods 2021-02-16 15:20:15 +00:00			`auth := h.Cookie(bearerTokenHdr)`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00			`if len(auth) == 0 {`
			`return nil`
			`}`

			`return auth`
			`}`

[#30] add object name resolving Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com> 2023-05-05 08:19:35 +00:00			`// StoreBearerTokenAppCtx extracts a bearer token from the header or cookie and stores`
			`// it in the application context.`
[#54] Fix linter warnings Signed-off-by: Alex Vanin <a.vanin@yadro.com> 2023-05-31 13:34:04 +00:00			`func StoreBearerTokenAppCtx(ctx context.Context, req *fasthttp.RequestCtx) (context.Context, error) {`
			`tkn, err := fetchBearerToken(req)`
[#30] add object name resolving Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com> 2023-05-05 08:19:35 +00:00			`if err != nil {`
			`return nil, err`
			`}`
[#54] Fix linter warnings Signed-off-by: Alex Vanin <a.vanin@yadro.com> 2023-05-31 13:34:04 +00:00			`newCtx := context.WithValue(ctx, bearerTokenKey, tkn)`
[#30] add object name resolving Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com> 2023-05-05 08:19:35 +00:00			`return newCtx, nil`
			`}`

[#153] English Check Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru> 2022-04-21 08:35:57 +00:00			`// LoadBearerToken returns a bearer token stored in the context given (if it's`
*: fix all comment-related golint warnings Some of this code is going to be moved to SDK library, so it's important. Signed-off-by: Roman Khimov <roman@nspcc.ru> 2021-05-13 12:22:03 +00:00			`// present there).`
[#142] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2022-04-19 15:46:51 +00:00			`func LoadBearerToken(ctx context.Context) (*bearer.Token, error) {`
			`if tkn, ok := ctx.Value(bearerTokenKey).(*bearer.Token); ok && tkn != nil {`
[#19] Extract uploading logic into a separate package Signed-off-by: Pavel Korotkov <pavel@nspcc.ru> 2021-03-31 16:58:42 +00:00			`return tkn, nil`
			`}`
			`return nil, errors.New("found empty bearer token")`
			`}`

[#142] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2022-04-19 15:46:51 +00:00			`func fetchBearerToken(ctx fasthttp.RequestCtx) (bearer.Token, error) {`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00			`// ignore empty value`
			`if ctx == nil {`
			`return nil, nil`
			`}`
			`var (`
			`lastErr error`

			`buf []byte`
[#142] Update SDK Signed-off-by: Denis Kirillov <denis@nspcc.ru> 2022-04-19 15:46:51 +00:00			`tkn = new(bearer.Token)`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00			`)`
[#19] Extract uploading logic into a separate package Signed-off-by: Pavel Korotkov <pavel@nspcc.ru> 2021-03-31 16:58:42 +00:00			`for _, parse := range []fromHandler{BearerTokenFromHeader, BearerTokenFromCookie} {`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00			`if buf = parse(&ctx.Request.Header); buf == nil {`
			`continue`
			`} else if data, err := base64.StdEncoding.DecodeString(string(buf)); err != nil {`
*: drop github.com/pkg/errors dependency Use standard error wrapping/unwrapping instead. The conversion is mostly straightforward, but see grpc/grpc-go#2934 for GRPC `status.FromError`, it doesn't currently support unwrapping/errors.As(), so we're unwrapping manually here. 2021-04-29 15:32:01 +00:00			`lastErr = fmt.Errorf("can't base64-decode bearer token: %w", err)`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00			`continue`
			`} else if err = tkn.Unmarshal(data); err != nil {`
*: drop github.com/pkg/errors dependency Use standard error wrapping/unwrapping instead. The conversion is mostly straightforward, but see grpc/grpc-go#2934 for GRPC `status.FromError`, it doesn't currently support unwrapping/errors.As(), so we're unwrapping manually here. 2021-04-29 15:32:01 +00:00			`lastErr = fmt.Errorf("can't unmarshal bearer token: %w", err)`
Refactoring and add tests - rename `header.go` to `bearer.go` - simplify header / cookie fetching of bearer token value - simplify `BearerToken` method - increase tests Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru> 2021-01-25 14:26:08 +00:00			`continue`
			`}`

			`return tkn, nil`
			`}`

			`return nil, lastErr`
			`}`