From 237c247ec4c2d929d0041343c8767f4ace7efe43 Mon Sep 17 00:00:00 2001 From: Pavel Korotkov Date: Tue, 16 Feb 2021 18:20:15 +0300 Subject: [PATCH] [#13] Add bearer token usage in receive/upload methods --- bearer.go | 32 ++++++++++++++++++++++---------- bearer_test.go | 38 ++++++++++++++++++++++++++++++-------- go.mod | 1 + receive.go | 6 ++++++ upload.go | 6 ++++++ 5 files changed, 65 insertions(+), 18 deletions(-) diff --git a/bearer.go b/bearer.go index f98b41d..ee01fee 100644 --- a/bearer.go +++ b/bearer.go @@ -4,32 +4,33 @@ import ( "bytes" "encoding/base64" - "github.com/pkg/errors" - "github.com/nspcc-dev/neofs-api-go/pkg/token" + "github.com/pkg/errors" "github.com/valyala/fasthttp" ) type fromHandler = func(h *fasthttp.RequestHeader) []byte -const bearerToken = "Bearer" +const ( + bearerTokenHdr = "Bearer" + bearerTokenKey = "__context_bearer_token_key" +) // BearerToken usage: // -// if tkn, err = BearerToken(c); err != nil && tkn == nil { +// if err = checkAndPropagateBearerToken(ctx); err != nil { // log.Error("could not fetch bearer token", zap.Error(err)) // c.Error("could not fetch bearer token", fasthttp.StatusBadRequest) // return // } -var _ = BearerToken func fromHeader(h *fasthttp.RequestHeader) []byte { auth := h.Peek(fasthttp.HeaderAuthorization) - if auth == nil || !bytes.HasPrefix(auth, []byte(bearerToken)) { + if auth == nil || !bytes.HasPrefix(auth, []byte(bearerTokenHdr)) { return nil } - if auth = bytes.TrimPrefix(auth, []byte(bearerToken+" ")); len(auth) == 0 { + if auth = bytes.TrimPrefix(auth, []byte(bearerTokenHdr+" ")); len(auth) == 0 { return nil } @@ -37,7 +38,7 @@ func fromHeader(h *fasthttp.RequestHeader) []byte { } func fromCookie(h *fasthttp.RequestHeader) []byte { - auth := h.Cookie(bearerToken) + auth := h.Cookie(bearerTokenHdr) if len(auth) == 0 { return nil } @@ -45,10 +46,21 @@ func fromCookie(h *fasthttp.RequestHeader) []byte { return auth } -func BearerToken(ctx *fasthttp.RequestCtx) (*token.BearerToken, error) { +func checkAndPropagateBearerToken(ctx *fasthttp.RequestCtx) error { + tkn, err := fetchBearerToken(ctx) + if err != nil { + return err + } + + // This is an analog of context.WithValue. + ctx.SetUserValue(bearerTokenKey, tkn) + + return nil +} + +func fetchBearerToken(ctx *fasthttp.RequestCtx) (*token.BearerToken, error) { // ignore empty value if ctx == nil { - panic(nil) return nil, nil } diff --git a/bearer_test.go b/bearer_test.go index f9d998d..4ae7b20 100644 --- a/bearer_test.go +++ b/bearer_test.go @@ -4,24 +4,23 @@ import ( "encoding/base64" "testing" + sdk "github.com/nspcc-dev/cdn-sdk" "github.com/nspcc-dev/neofs-api-go/pkg/owner" - "github.com/nspcc-dev/neofs-api-go/pkg/token" - "github.com/stretchr/testify/require" "github.com/valyala/fasthttp" ) func makeTestCookie(value []byte) *fasthttp.RequestHeader { header := new(fasthttp.RequestHeader) - header.SetCookie(bearerToken, string(value)) + header.SetCookie(bearerTokenHdr, string(value)) return header } func makeTestHeader(value []byte) *fasthttp.RequestHeader { header := new(fasthttp.RequestHeader) if value != nil { - header.Set(fasthttp.HeaderAuthorization, bearerToken+" "+string(value)) + header.Set(fasthttp.HeaderAuthorization, bearerTokenHdr+" "+string(value)) } return header } @@ -60,7 +59,7 @@ func Test_fromHeader(t *testing.T) { } } -func TestBearerToken(t *testing.T) { +func Test_fetchBearerToken(t *testing.T) { uid := owner.NewID() tkn := new(token.BearerToken) @@ -111,7 +110,7 @@ func TestBearerToken(t *testing.T) { for _, tt := range cases { t.Run(tt.name, func(t *testing.T) { ctx := makeTestRequest(tt.cookie, tt.header) - actual, err := BearerToken(ctx) + actual, err := fetchBearerToken(ctx) if tt.error == "" { require.NoError(t, err) @@ -129,11 +128,34 @@ func makeTestRequest(cookie, header string) *fasthttp.RequestCtx { ctx := new(fasthttp.RequestCtx) if cookie != "" { - ctx.Request.Header.SetCookie(bearerToken, cookie) + ctx.Request.Header.SetCookie(bearerTokenHdr, cookie) } if header != "" { - ctx.Request.Header.Set(fasthttp.HeaderAuthorization, bearerToken+" "+header) + ctx.Request.Header.Set(fasthttp.HeaderAuthorization, bearerTokenHdr+" "+header) } return ctx } + +func Test_checkAndPropagateBearerToken(t *testing.T) { + uid := owner.NewID() + + tkn := new(token.BearerToken) + tkn.SetOwner(uid) + + data, err := tkn.Marshal() + require.NoError(t, err) + + t64 := base64.StdEncoding.EncodeToString(data) + require.NotEmpty(t, t64) + + ctx := makeTestRequest(t64, "") + + // Expect to see the token within the context. + require.NoError(t, checkAndPropagateBearerToken(ctx)) + + // Expect to see the same token without errors. + actual, err := sdk.BearerToken(ctx) + require.NoError(t, err) + require.Equal(t, tkn, actual) +} diff --git a/go.mod b/go.mod index f8e4e05..6e7828b 100644 --- a/go.mod +++ b/go.mod @@ -11,6 +11,7 @@ require ( github.com/prometheus/common v0.15.0 github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.7.1 + github.com/stretchr/testify v1.7.0 github.com/valyala/fasthttp v1.20.0 go.uber.org/zap v1.16.0 google.golang.org/grpc v1.35.0 diff --git a/receive.go b/receive.go index 5139252..ae1b555 100644 --- a/receive.go +++ b/receive.go @@ -57,6 +57,12 @@ func (r *request) receiveFile(address *object.Address) { filename string ) + if err = checkAndPropagateBearerToken(r.RequestCtx); err != nil { + r.log.Error("could not fetch bearer token", zap.Error(err)) + r.Error("could not fetch bearer token", fasthttp.StatusBadRequest) + return + } + writer := newDetector(r.Response.BodyWriter()) obj, err := r.obj.Get(r, address, sdk.WithGetWriter(writer)) if err != nil { diff --git a/upload.go b/upload.go index 0bf99b2..3124e26 100644 --- a/upload.go +++ b/upload.go @@ -44,6 +44,12 @@ func (a *app) upload(c *fasthttp.RequestCtx) { log = a.log.With(zap.String("cid", sCID)) ) + if err = checkAndPropagateBearerToken(c); err != nil { + log.Error("could not fetch bearer token", zap.Error(err)) + c.Error("could not fetch bearer token", fasthttp.StatusBadRequest) + return + } + if err = cid.Parse(sCID); err != nil { log.Error("wrong container id", zap.Error(err)) c.Error("wrong container id", fasthttp.StatusBadRequest)