[#134] Support percent-encoding

Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>

.docker/Dockerfile

@@ -1,9 +1,9 @@
-FROM golang:1.21-alpine as basebuilder
+FROM golang:1.22-alpine AS basebuilder
 RUN apk add --update make bash ca-certificates
 
-FROM basebuilder as builder
-ENV GOGC off
-ENV CGO_ENABLED 0
+FROM basebuilder AS builder
+ENV GOGC=off
+ENV CGO_ENABLED=0
 ARG BUILD=now
 ARG VERSION=dev
 ARG REPO=repository

.forgejo/workflows/builds.yml

@@ -6,7 +6,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go_versions: [ '1.20', '1.21' ]
+        go_versions: [ '1.22', '1.23' ]
       fail-fast: false
     steps:
       - uses: actions/checkout@v3
@@ -18,3 +18,6 @@ jobs:
 
       - name: Build binary
         run: make
+
+      - name: Check dirty suffix
+        run: if [[ $(make version) == *"dirty"* ]]; then echo "Version has dirty suffix" && exit 1; fi

.forgejo/workflows/dco.yml

@@ -12,9 +12,9 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.21'
+          go-version: '1.23'
 
       - name: Run commit format checker
-        uses: https://git.frostfs.info/TrueCloudLab/dco-go@v1
+        uses: https://git.frostfs.info/TrueCloudLab/dco-go@v3
         with:
-          from: adb95642d
+          from: 'origin/${{ github.event.pull_request.base.ref }}'

.forgejo/workflows/tests.yml

@@ -7,17 +7,24 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: golangci-lint
-        uses: https://github.com/golangci/golangci-lint-action@v2
+      - name: Set up Go
+        uses: actions/setup-go@v3
         with:
-          version: latest
+          go-version: '1.23'
+          cache: true
+
+      - name: Install linters
+        run: make lint-install
+
+      - name: Run linters
+        run: make lint
 
   tests:
     name: Tests
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go_versions: [ '1.20', '1.21' ]
+        go_versions: [ '1.22', '1.23' ]
       fail-fast: false
     steps:
       - uses: actions/checkout@v3
@@ -31,4 +38,4 @@ jobs:
         run: make dep
 
       - name: Run tests
-        run: make test
+        run: make test

.forgejo/workflows/vulncheck.yml

@@ -12,7 +12,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v3
         with:
-          go-version: '1.21'
+          go-version: '1.22'
 
       - name: Install govulncheck
         run: go install golang.org/x/vuln/cmd/govulncheck@latest

.golangci.yml

@@ -12,7 +12,8 @@ run:
 # output configuration options
 output:
   # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
-  format: tab
+  formats:
+  - format: tab
 
 # all available settings of specific linters
 linters-settings:
@@ -24,6 +25,16 @@ linters-settings:
   govet:
     # report about shadowed variables
     check-shadowing: false
+  custom:
+    truecloudlab-linters:
+      path: bin/external_linters.so
+      original-url: git.frostfs.info/TrueCloudLab/linters.git
+      settings:
+        noliteral:
+          enable: true
+          target-methods: ["Fatal"]
+          disable-packages: ["req", "r"]
+          constants-package: "git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
 
 linters:
   enable:
@@ -45,6 +56,7 @@ linters:
     - gofmt
     - whitespace
     - goimports
+    - truecloudlab-linters
   disable-all: true
   fast: false
 

.pre-commit-config.yaml

@@ -30,16 +30,23 @@ repos:
     hooks:
       - id: shellcheck
 
-  - repo: https://github.com/golangci/golangci-lint
-    rev: v1.51.2
-    hooks:
-      - id: golangci-lint
-
   - repo: local
     hooks:
-      -   id: go-unit-tests
-          name: go unit tests
-          entry: make test
-          pass_filenames: false
-          types: [go]
-          language: system
+      - id: make-lint-install
+        name: install linters
+        entry: make lint-install
+        language: system
+        pass_filenames: false
+
+      - id: make-lint
+        name: run linters
+        entry: make lint
+        language: system
+        pass_filenames: false
+
+      - id: go-unit-tests
+        name: go unit tests
+        entry: make test
+        pass_filenames: false
+        types: [go]
+        language: system

CHANGELOG.md

@@ -3,21 +3,80 @@
 This document outlines major changes between releases.
 
 ## [Unreleased]
+- Support percent-encoding for GET queries (#134)
+
+### Changed
+- Update go version to 1.22 (#132)
+
+## [0.30.0] - Kangshung - 2024-07-22
+
+### Fixed
+- Handle query unescape and invalid bearer token errors (#107)
+- Fix HTTP/2 requests (#110)
+
+### Added
+- Add new `reconnect_interval` config param (#100)
+- Erasure coding support in placement policy (#114)
+- HTTP Header canonicalizer for well-known headers (#121)
+
+### Changed
+- Improve test coverage (#112, #117)
+- Bumped vulnerable dependencies (#115)
+- Replace extended ACL examples with policies in README (#118)
+
+### Removed
+
+## [0.29.0] - Zemu - 2024-05-27
+
+### Fixed
+- Fix possibility of panic during SIGHUP (#99)
+- Handle query unescape and invalid bearer token errors (#108)
+- Fix log-level change on SIGHUP (#105)
+
+### Added
+- Support client side object cut (#70)
+  - Add `frostfs.client_cut` config param
+  - Add `frostfs.buffer_max_size_for_put` config param
+  - Add bucket/container caching
+  - Disable homomorphic hash for PUT if it's disabled in container itself
+- Add new `logger.destination` config param with journald support (#89, #104)
+- Add support namespaces (#91)
+
+### Changed
+- Replace atomics with mutex for reloadable params (#74)
+
+## [0.28.1] - 2024-01-24
+
+### Added
+- Tree pool traversal limit (#92)
+
+### Update from 0.28.0
+See new `frostfs.tree_pool_max_attempts` config parameter.
+
+## [0.28.0] - Academy of Sciences - 2023-12-07
 
 ### Fixed
 - `grpc` schemas in tree configuration (#62)
+- `GetSubTree` failures (#67)
+- Debian packaging (#69, #90)
+- Get latest version of tree node (#85)
 
 ### Added
 - Support dump metrics descriptions (#29)
 - Support impersonate bearer token (#40, #45)
 - Tracing support (#20, #44, #60)
 - Object name resolving with tree service (#30)
+- Metrics for current endpoint status (#77)
+- Soft memory limit with `runtime.soft_memory_limit` (#72)
+- Add selection of the node of the latest version of the object (#85)
 
 ### Changed
 - Update prometheus to v1.15.0 (#35)
 - Update go version to 1.19 (#50)
 - Finish rebranding (#2)
 - Use gate key to form object owner (#66)
+- Move log messages to constants (#36)
+- Uploader and downloader refactor (#73)
 
 ### Removed
 - Drop `tree.service` param (now endpoints from `peers` section are used) (#59)
@@ -61,4 +120,8 @@ This project is a fork of [NeoFS HTTP Gateway](https://github.com/nspcc-dev/neof
 To see CHANGELOG for older versions, refer to https://github.com/nspcc-dev/neofs-http-gw/blob/master/CHANGELOG.md.
 
 [0.27.0]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/72734ab4...v0.27.0
-[Unreleased]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.27.0...master
+[0.28.0]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.27.0...v0.28.0
+[0.28.1]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.28.0...v0.28.1
+[0.29.0]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.28.1...v0.29.0
+[0.30.0]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.29.0...v0.30.0
+[Unreleased]: https://git.frostfs.info/TrueCloudLab/frostfs-http-gw/compare/v0.30.0...master

Makefile

@@ -2,8 +2,9 @@
 
 REPO ?= $(shell go list -m)
 VERSION ?= $(shell git describe --tags --match "v*" --dirty --always --abbrev=8 2>/dev/null || cat VERSION 2>/dev/null || echo "develop")
-GO_VERSION ?= 1.20
-LINT_VERSION ?= 1.49.0
+GO_VERSION ?= 1.22
+LINT_VERSION ?= 1.60.3
+TRUECLOUDLAB_LINT_VERSION ?= 0.0.6
 BUILD ?= $(shell date -u --iso=seconds)
 
 HUB_IMAGE ?= truecloudlab/frostfs-http-gw
@@ -11,10 +12,14 @@ HUB_TAG ?= "$(shell echo ${VERSION} | sed 's/^v//')"
 
 METRICS_DUMP_OUT ?= ./metrics-dump.json
 
+OUTPUT_LINT_DIR ?= $(shell pwd)/bin
+LINT_DIR = $(OUTPUT_LINT_DIR)/golangci-lint-$(LINT_VERSION)-v$(TRUECLOUDLAB_LINT_VERSION)
+TMP_DIR := .cache
+
 # List of binaries to build. For now just one.
 BINDIR = bin
-DIRS = $(BINDIR)
-BINS = $(BINDIR)/frostfs-http-gw
+CMDS = $(addprefix frostfs-, $(notdir $(wildcard cmd/*)))
+BINS = $(addprefix $(BINDIR)/, $(CMDS))
 
 .PHONY: all $(BINS) $(DIRS) dep docker/ test cover fmt image image-push dirty-image lint docker/lint pre-commit unpre-commit version clean
 
@@ -25,6 +30,11 @@ PKG_VERSION ?= $(shell echo $(VERSION) | sed "s/^v//" | \
 			sed "s/-/~/")-${OS_RELEASE}
 .PHONY: debpackage debclean
 
+FUZZ_NGFUZZ_DIR ?= ""
+FUZZ_TIMEOUT ?= 30
+FUZZ_FUNCTIONS ?= "all"
+FUZZ_AUX ?= ""
+
 # Make all binaries
 all: $(BINS)
 $(BINS):  $(DIRS) dep
@@ -32,7 +42,7 @@ $(BINS):  $(DIRS) dep
 	CGO_ENABLED=0 \
 	go build -v -trimpath \
 	-ldflags "-X main.Version=$(VERSION)" \
-	-o $@ ./
+	-o $@ ./cmd/$(subst frostfs-,,$(notdir $@))
 
 $(DIRS):
 	@echo "⇒ Ensure dir: $@"
@@ -73,6 +83,35 @@ cover:
 	@go test -v -race ./... -coverprofile=coverage.txt -covermode=atomic
 	@go tool cover -html=coverage.txt -o coverage.html
 
+# Run fuzzing
+CLANG := $(shell which clang-17 2>/dev/null)
+.PHONY: check-clang all
+check-clang:
+ifeq ($(CLANG),)
+	@echo "clang-17 is not installed. Please install it before proceeding - https://apt.llvm.org/llvm.sh "
+	@exit 1
+endif
+
+.PHONY: check-ngfuzz all
+check-ngfuzz:
+	@if [ -z "$(FUZZ_NGFUZZ_DIR)" ]; then \
+		echo "Please set a variable FUZZ_NGFUZZ_DIR to specify path to the ngfuzz"; \
+		exit 1; \
+	fi
+
+.PHONY: install-fuzzing-deps
+install-fuzzing-deps: check-clang check-ngfuzz
+
+.PHONY: fuzz
+fuzz: install-fuzzing-deps  
+	@START_PATH=$$(pwd); \
+	ROOT_PATH=$$(realpath --relative-to=$(FUZZ_NGFUZZ_DIR) $$START_PATH) ; \
+	cd $(FUZZ_NGFUZZ_DIR) && \
+	./ngfuzz -clean && \
+	./ngfuzz -fuzz $(FUZZ_FUNCTIONS) -rootdir $$ROOT_PATH -timeout $(FUZZ_TIMEOUT) $(FUZZ_AUX) && \
+	./ngfuzz -report
+
+
 # Reformat code
 fmt:
 	@echo "⇒ Processing gofmt check"
@@ -85,7 +124,7 @@ image:
 		--build-arg REPO=$(REPO) \
 		--build-arg VERSION=$(VERSION) \
 		--rm \
-		-f Dockerfile \
+		-f .docker/Dockerfile \
 		-t $(HUB_IMAGE):$(HUB_TAG) .
 
 # Push Docker image to the hub
@@ -100,12 +139,26 @@ dirty-image:
 		--build-arg REPO=$(REPO) \
 		--build-arg VERSION=$(VERSION) \
 		--rm \
-		-f Dockerfile.dirty \
+		-f .docker/Dockerfile.dirty \
 		-t $(HUB_IMAGE)-dirty:$(HUB_TAG) .
 
+# Install linters
+ lint-install:
+	@mkdir -p $(TMP_DIR)
+	@rm -rf $(TMP_DIR)/linters
+	@git -c advice.detachedHead=false clone --branch v$(TRUECLOUDLAB_LINT_VERSION) https://git.frostfs.info/TrueCloudLab/linters.git $(TMP_DIR)/linters
+	@@make -C $(TMP_DIR)/linters lib CGO_ENABLED=1 OUT_DIR=$(OUTPUT_LINT_DIR)
+	@rm -rf $(TMP_DIR)/linters
+	@rmdir $(TMP_DIR) 2>/dev/null || true
+	@CGO_ENABLED=1 GOBIN=$(LINT_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v$(LINT_VERSION)
+
 # Run linters
 lint:
-	@golangci-lint --timeout=5m run
+	@if [ ! -d "$(LINT_DIR)" ]; then \
+ 		echo "Run make lint-install"; \
+ 		exit 1; \
+ 	fi
+	$(LINT_DIR)/golangci-lint --timeout=5m run
 
 # Run linters in Docker
 docker/lint:
@@ -130,7 +183,7 @@ version:
 # Clean up
 clean:
 	rm -rf vendor
-	rm -rf $(BINDIR)
+	rm -rf $(BINDIR) 
 
 # Package for Debian
 debpackage:

README.md

@@ -466,13 +466,13 @@ You can always upload files to public containers (open for anyone to put
 objects into), but for restricted containers you need to explicitly allow PUT
 operations for a request signed with your HTTP Gateway keys.
 
-If your don't want to manage gateway's secret keys and adjust eACL rules when
+If you don't want to manage gateway's secret keys and adjust policies when
 gateway configuration changes (new gate, key rotation, etc) or you plan to use
 public services, there is an option to let your application backend (or you) to
-issue Bearer Tokens ans pass them from the client via gate down to FrostFS level
+issue Bearer Tokens and pass them from the client via gate down to FrostFS level
 to grant access.
 
-FrostFS Bearer Token basically is a container owner-signed ACL data (refer to FrostFS
+FrostFS Bearer Token basically is a container owner-signed policy (refer to FrostFS
 documentation for more details). There are two options to pass them to gateway:
  * "Authorization" header with "Bearer" type and base64-encoded token in
    credentials field
@@ -482,33 +482,31 @@ For example, you have a mobile application frontend with a backend part storing
 data in FrostFS. When a user authorizes in the mobile app, the backend issues a FrostFS
 Bearer token and provides it to the frontend. Then, the mobile app may generate
 some data and upload it via any available FrostFS HTTP Gateway by adding
-the corresponding header to the upload request. Accessing the ACL protected data
+the corresponding header to the upload request. Accessing policy protected data
 works the same way.
 
 ##### Example
-In order to generate a bearer token, you need to have wallet (which will be used to sign the token) and
-the address of the sender who will do the request to FrostFS (in our case, it's a gateway wallet address).
+In order to generate a bearer token, you need to have wallet (which will be used to sign the token)
 
-Suppose we have:
-* **NhVtreTTCoqsMQV5Wp55fqnriiUCpEaKm3** (token owner (gateway address))
+1. Suppose you have a container with private policy for wallet key
 
-Firstly, we need to encode the container id and the sender address to base64 (now it's base58).
-So use **base58** and **base64** utils.
-
-1. Encoding token owner id:
 ```
-$ echo 'NhVtreTTCoqsMQV5Wp55fqnriiUCpEaKm3' | base58 --decode | base64
-# output: NezFK4ujidF+X7bB88uzREQzRQeAvdj3Gg==
+$ frostfs-cli container create -r <endpoint> --wallet <wallet> -policy <policy> --basic-acl 0 --await
+CID: 9dfzyvq82JnFqp5svxcREf2iy6XNuifYcJPusEDnGK9Z
+
+$ frostfs-cli ape-manager add -r <endpoint> --wallet <wallet> \
+  --target-type container --target-name 9dfzyvq82JnFqp5svxcREf2iy6XNuifYcJPusEDnGK9Z \
+  --rule "allow Object.* RequestCondition:"\$Actor:publicKey"=03b09baabff3f6107c7e9acb8721a6fc5618d45b50247a314d82e548702cce8cd5 *" \
+  --chain-id <chainID>
 ```
 
-2. Form a Bearer token (10000 is lifetime expiration in epoch) and save it to **bearer.json**:
+
+2. Form a Bearer token (10000 is lifetime expiration in epoch) to impersonate
+   HTTP Gateway request as wallet signed request and save it to **bearer.json**:
 ```
 {
     "body": {
         "allowImpersonate": true,
-        "ownerID": {
-            "value": "NezFK4ujidF+X7bB88uzREQzRQeAvdj3Gg=="
-        },
         "lifetime": {
             "exp": "10000",
             "nbf": "0",
@@ -521,7 +519,7 @@ $ echo 'NhVtreTTCoqsMQV5Wp55fqnriiUCpEaKm3' | base58 --decode | base64
 
 3. Sign it with the wallet:
 ```
-$ frostfs-cli util sign bearer-token --from bearer.json --to signed.json -w ./wallet.json
+$ frostfs-cli util sign bearer-token --from bearer.json --to signed.json -w <wallet>
 ```
 
 4. Encode to base64 to use in header:
@@ -542,47 +540,32 @@ $ curl -F 'file=@cat.jpeg;filename=cat.jpeg' -H "Authorization: Bearer Ck4KKgoEC
 # }
 ```
 
-##### Note
-For the token to work correctly, you need to create a container with a basic ACL that:
-1. Allow PUT operation to others
-2. Doesn't set "final" bit
+##### Note: Bearer Token owner
+
+You can specify exact key who can use Bearer Token (gateway wallet address).
+To do this, encode wallet address in base64 format
 
-For example:
 ```
-$ frostfs-cli -w ./wallet.json --basic-acl 0x0FFFCFFF -r 192.168.130.72:8080 container create --policy "REP 3"  --await
+$ echo 'NhVtreTTCoqsMQV5Wp55fqnriiUCpEaKm3' | base58 --decode | base64
+# output: NezFK4ujidF+X7bB88uzREQzRQeAvdj3Gg==
 ```
 
-To deny access to a container without a token, set the eACL rules:
-```
-$ frostfs-cli -w ./wallet.json -r 192.168.130.72:8080 container set-eacl --table eacl.json --await --cid BJeErH9MWmf52VsR1mLWKkgF3pRm3FkubYxM7TZkBP4K
-```
-
-File **eacl.json**:
+Then specify this value in Bearer Token Json
 ```
 {
-    "version": {
-        "major": 0,
-        "minor": 0
-    },
-    "containerID": {
-        "value": "mRnZWzewzxjzIPa7Fqlfqdl3TM1KpJ0YnsXsEhafJJg="
-    },
-    "records": [
-        {
-            "operation": "PUT",
-            "action": "DENY",
-            "filters": [],
-            "targets": [
-                {
-                    "role": "OTHERS",
-                    "keys": []
-                }
-            ]
-        }
-    ]
-}
+    "body": {
+        "ownerID": {
+            "value": "NezFK4ujidF+X7bB88uzREQzRQeAvdj3Gg=="
+        },
+        ...
 ```
 
+##### Note: Policy override
+
+Instead of impersonation, you can define the set of policies that will be applied
+to the request sender. This allows to restrict access to specific operation and
+specific objects without giving full impersonation control to the token user.
+
 ### Metrics and Pprof
 
 If enabled, Prometheus metrics are available at `localhost:8084` endpoint
@@ -592,3 +575,26 @@ See [configuration](./docs/gate-configuration.md).
 ## Credits
 
 Please see [CREDITS](CREDITS.md) for details.
+
+## Fuzzing
+
+To run fuzzing tests use the following command:
+
+```shell
+$ make fuzz
+```
+
+This command will install dependencies for the fuzzing process and run existing fuzzing tests.
+
+You can also use the following arguments:
+
+```
+FUZZ_TIMEOUT - time to run each fuzzing test (default 30) 
+FUZZ_FUNCTIONS - fuzzing tests that will be started (default "all")
+FUZZ_AUX - additional parameters for the fuzzer (for example, "-debug")
+FUZZ_NGFUZZ_DIR - path to ngfuzz tool
+````
+
+## Credits
+
+Please see [CREDITS](CREDITS.md) for details.

SECURITY.md

@@ -0,0 +1,26 @@
+# Security Policy
+
+
+## How To Report a Vulnerability
+
+If you think you have found a vulnerability in this repository, please report it to us through coordinated disclosure.
+
+**Please do not report security vulnerabilities through public issues, discussions, or change requests.**
+
+Instead, you can report it using one of the following ways:
+
+* Contact the [TrueCloudLab Security Team](mailto:security@frostfs.info) via email
+
+Please include as much of the information listed below as you can to help us better understand and resolve the issue:
+
+* The type of issue (e.g., buffer overflow, or cross-site scripting)
+* Affected version(s)
+* Impact of the issue, including how an attacker might exploit the issue
+* Step-by-step instructions to reproduce the issue
+* The location of the affected source code (tag/branch/commit or direct URL)
+* Full paths of source file(s) related to the manifestation of the issue
+* Any special configuration required to reproduce the issue
+* Any log files that are related to this issue (if possible)
+* Proof-of-concept or exploit code (if possible)
+
+This information will help us triage your report more quickly.

VERSION

@@ -1 +1 @@
-v0.27.0
+v0.30.0

cmd/http-gw/app.go

@@ -1,24 +1,32 @@
 package main
 
 import (
+	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"net/http"
 	"os"
 	"os/signal"
+	"runtime/debug"
+	"strconv"
+	"strings"
 	"sync"
 	"syscall"
 	"time"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/downloader"
+	v2container "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/cache"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/frostfs"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/frostfs/services"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/metrics"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tokens"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tree"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/uploader"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
 	"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
@@ -33,6 +41,7 @@ import (
 	"github.com/spf13/viper"
 	"github.com/valyala/fasthttp"
 	"go.uber.org/zap"
+	"golang.org/x/exp/slices"
 )
 
 type (
@@ -51,12 +60,10 @@ type (
 		metrics   *gateMetrics
 		services  []*metrics.Service
 		settings  *appSettings
-		servers   []Server
-	}
 
-	appSettings struct {
-		Uploader   *uploader.Settings
-		Downloader *downloader.Settings
+		servers       []Server
+		unbindServers []ServerInfo
+		mu            sync.RWMutex
 	}
 
 	// App is an interface for the main gateway function.
@@ -74,6 +81,19 @@ type (
 		mu       sync.RWMutex
 		enabled  bool
 	}
+
+	// appSettings stores reloading parameters, so it has to provide getters and setters which use RWMutex.
+	appSettings struct {
+		reconnectInterval time.Duration
+
+		mu                  sync.RWMutex
+		defaultTimestamp    bool
+		zipCompression      bool
+		clientCut           bool
+		bufferMaxSizeForPut uint64
+		namespaceHeader     string
+		defaultNamespaces   []string
+	}
 )
 
 // WithLogger returns Option to set a specific logger.
@@ -128,6 +148,8 @@ func newApp(ctx context.Context, opt ...Option) App {
 	user.IDFromKey(&owner, a.key.PrivateKey.PublicKey)
 	a.owner = &owner
 
+	a.setRuntimeParameters()
+
 	a.initAppSettings()
 	a.initResolver()
 	a.initMetrics()
@@ -136,12 +158,58 @@ func newApp(ctx context.Context, opt ...Option) App {
 	return a
 }
 
+func (s *appSettings) DefaultTimestamp() bool {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.defaultTimestamp
+}
+
+func (s *appSettings) setDefaultTimestamp(val bool) {
+	s.mu.Lock()
+	s.defaultTimestamp = val
+	s.mu.Unlock()
+}
+
+func (s *appSettings) ZipCompression() bool {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.zipCompression
+}
+
+func (s *appSettings) setZipCompression(val bool) {
+	s.mu.Lock()
+	s.zipCompression = val
+	s.mu.Unlock()
+}
+
+func (s *appSettings) ClientCut() bool {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.clientCut
+}
+
+func (s *appSettings) setClientCut(val bool) {
+	s.mu.Lock()
+	s.clientCut = val
+	s.mu.Unlock()
+}
+
+func (s *appSettings) BufferMaxSizeForPut() uint64 {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.bufferMaxSizeForPut
+}
+
+func (s *appSettings) setBufferMaxSizeForPut(val uint64) {
+	s.mu.Lock()
+	s.bufferMaxSizeForPut = val
+	s.mu.Unlock()
+}
+
 func (a *app) initAppSettings() {
 	a.settings = &appSettings{
-		Uploader:   &uploader.Settings{},
-		Downloader: &downloader.Settings{},
+		reconnectInterval: fetchReconnectInterval(a.cfg),
 	}
-
 	a.updateSettings()
 }
 
@@ -155,8 +223,9 @@ func (a *app) initResolver() {
 
 func (a *app) getResolverConfig() ([]string, *resolver.Config) {
 	resolveCfg := &resolver.Config{
-		FrostFS:    resolver.NewFrostFSResolver(a.pool),
+		FrostFS:    frostfs.NewResolverFrostFS(a.pool),
 		RPCAddress: a.cfg.GetString(cfgRPCEndpoint),
+		Settings:   a.settings,
 	}
 
 	order := a.cfg.GetStringSlice(cfgResolveOrder)
@@ -331,25 +400,30 @@ func (a *app) setHealthStatus() {
 }
 
 func (a *app) Serve() {
-	uploadRoutes := uploader.New(a.AppParams(), a.settings.Uploader)
-	downloadRoutes := downloader.New(a.AppParams(), a.settings.Downloader, tree.NewTree(services.NewPoolWrapper(a.treePool)))
+	handler := handler.New(a.AppParams(), a.settings, tree.NewTree(services.NewPoolWrapper(a.treePool)))
 
 	// Configure router.
-	a.configureRouter(uploadRoutes, downloadRoutes)
+	a.configureRouter(handler)
 
 	a.startServices()
 	a.initServers(a.ctx)
 
-	for i := range a.servers {
+	servs := a.getServers()
+
+	for i := range servs {
 		go func(i int) {
-			a.log.Info(logs.StartingServer, zap.String("address", a.servers[i].Address()))
-			if err := a.webServer.Serve(a.servers[i].Listener()); err != nil && err != http.ErrServerClosed {
-				a.metrics.MarkUnhealthy(a.servers[i].Address())
+			a.log.Info(logs.StartingServer, zap.String("address", servs[i].Address()))
+			if err := a.webServer.Serve(servs[i].Listener()); err != nil && err != http.ErrServerClosed {
+				a.metrics.MarkUnhealthy(servs[i].Address())
 				a.log.Fatal(logs.ListenAndServe, zap.Error(err))
 			}
 		}(i)
 	}
 
+	if len(a.unbindServers) != 0 {
+		a.scheduleReconnect(a.ctx, a.webServer)
+	}
+
 	sigs := make(chan os.Signal, 1)
 	signal.Notify(sigs, syscall.SIGHUP)
 
@@ -407,6 +481,8 @@ func (a *app) configReload(ctx context.Context) {
 		a.log.Warn(logs.FailedToReloadServerParameters, zap.Error(err))
 	}
 
+	a.setRuntimeParameters()
+
 	a.stopServices()
 	a.startServices()
 
@@ -420,8 +496,12 @@ func (a *app) configReload(ctx context.Context) {
 }
 
 func (a *app) updateSettings() {
-	a.settings.Uploader.SetDefaultTimestamp(a.cfg.GetBool(cfgUploaderHeaderEnableDefaultTimestamp))
-	a.settings.Downloader.SetZipCompression(a.cfg.GetBool(cfgZipCompression))
+	a.settings.setDefaultTimestamp(a.cfg.GetBool(cfgUploaderHeaderEnableDefaultTimestamp))
+	a.settings.setZipCompression(a.cfg.GetBool(cfgZipCompression))
+	a.settings.setClientCut(a.cfg.GetBool(cfgClientCut))
+	a.settings.setBufferMaxSizeForPut(a.cfg.GetUint64(cfgBufferMaxSizeForPut))
+	a.settings.setNamespaceHeader(a.cfg.GetString(cfgResolveNamespaceHeader))
+	a.settings.setDefaultNamespaces(a.cfg.GetStringSlice(cfgResolveDefaultNamespaces))
 }
 
 func (a *app) startServices() {
@@ -445,7 +525,7 @@ func (a *app) stopServices() {
 	}
 }
 
-func (a *app) configureRouter(uploadRoutes *uploader.Uploader, downloadRoutes *downloader.Downloader) {
+func (a *app) configureRouter(handler *handler.Handler) {
 	r := router.New()
 	r.RedirectTrailingSlash = true
 	r.NotFound = func(r *fasthttp.RequestCtx) {
@@ -454,15 +534,16 @@ func (a *app) configureRouter(uploadRoutes *uploader.Uploader, downloadRoutes *d
 	r.MethodNotAllowed = func(r *fasthttp.RequestCtx) {
 		response.Error(r, "Method Not Allowed", fasthttp.StatusMethodNotAllowed)
 	}
-	r.POST("/upload/{cid}", a.logger(a.tokenizer(a.tracer(uploadRoutes.Upload))))
+
+	r.POST("/upload/{cid}", a.logger(a.canonicalizer(a.tokenizer(a.tracer(a.reqNamespace(handler.Upload))))))
 	a.log.Info(logs.AddedPathUploadCid)
-	r.GET("/get/{cid}/{oid:*}", a.logger(a.tokenizer(a.tracer(downloadRoutes.DownloadByAddressOrBucketName))))
-	r.HEAD("/get/{cid}/{oid:*}", a.logger(a.tokenizer(a.tracer(downloadRoutes.HeadByAddressOrBucketName))))
+	r.GET("/get/{cid}/{oid:*}", a.logger(a.canonicalizer(a.tokenizer(a.tracer(a.reqNamespace(handler.DownloadByAddressOrBucketName))))))
+	r.HEAD("/get/{cid}/{oid:*}", a.logger(a.canonicalizer(a.tokenizer(a.tracer(a.reqNamespace(handler.HeadByAddressOrBucketName))))))
 	a.log.Info(logs.AddedPathGetCidOid)
-	r.GET("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.logger(a.tokenizer(a.tracer(downloadRoutes.DownloadByAttribute))))
-	r.HEAD("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.logger(a.tokenizer(a.tracer(downloadRoutes.HeadByAttribute))))
+	r.GET("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.logger(a.canonicalizer(a.tokenizer(a.tracer(a.reqNamespace(handler.DownloadByAttribute))))))
+	r.HEAD("/get_by_attribute/{cid}/{attr_key}/{attr_val:*}", a.logger(a.canonicalizer(a.tokenizer(a.tracer(a.reqNamespace(handler.HeadByAttribute))))))
 	a.log.Info(logs.AddedPathGetByAttributeCidAttrKeyAttrVal)
-	r.GET("/zip/{cid}/{prefix:*}", a.logger(a.tokenizer(a.tracer(downloadRoutes.DownloadZipped))))
+	r.GET("/zip/{cid}/{prefix:*}", a.logger(a.canonicalizer(a.tokenizer(a.tracer(a.reqNamespace(handler.DownloadZipped))))))
 	a.log.Info(logs.AddedPathZipCidPrefix)
 
 	a.webServer.Handler = r.Handler
@@ -479,12 +560,45 @@ func (a *app) logger(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 	}
 }
 
+func (a *app) canonicalizer(h fasthttp.RequestHandler) fasthttp.RequestHandler {
+	return func(req *fasthttp.RequestCtx) {
+		// regardless of DisableHeaderNamesNormalizing setting, some headers
+		// MUST be normalized in order to process execution. They are normalized
+		// here.
+
+		toAddKeys := make([][]byte, 0, 10)
+		toAddValues := make([][]byte, 0, 10)
+		prefix := []byte(utils.UserAttributeHeaderPrefix)
+
+		req.Request.Header.VisitAll(func(k, v []byte) {
+			if bytes.HasPrefix(k, prefix) {
+				return
+			}
+			toAddKeys = append(toAddKeys, k)
+			toAddValues = append(toAddValues, v)
+		})
+
+		// this is safe to do after all headers were read into header structure
+		req.Request.Header.EnableNormalizing()
+
+		for i := range toAddKeys {
+			req.Request.Header.SetBytesKV(toAddKeys[i], toAddValues[i])
+		}
+
+		// return normalization setting back
+		req.Request.Header.DisableNormalizing()
+
+		h(req)
+	}
+}
+
 func (a *app) tokenizer(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 	return func(req *fasthttp.RequestCtx) {
 		appCtx, err := tokens.StoreBearerTokenAppCtx(a.ctx, req)
 		if err != nil {
-			a.log.Error(logs.CouldNotFetchAndStoreBearerToken, zap.Error(err))
+			a.log.Error(logs.CouldNotFetchAndStoreBearerToken, zap.Uint64("id", req.ID()), zap.Error(err))
 			response.Error(req, "could not fetch and store bearer token: "+err.Error(), fasthttp.StatusBadRequest)
+			return
 		}
 		utils.SetContextToRequest(appCtx, req)
 		h(req)
@@ -501,22 +615,37 @@ func (a *app) tracer(h fasthttp.RequestHandler) fasthttp.RequestHandler {
 			span.End()
 		}()
 
+		appCtx = treepool.SetRequestID(appCtx, strconv.FormatUint(req.ID(), 10))
+
 		utils.SetContextToRequest(appCtx, req)
 		h(req)
 	}
 }
 
-func (a *app) AppParams() *utils.AppParams {
-	return &utils.AppParams{
+func (a *app) reqNamespace(h fasthttp.RequestHandler) fasthttp.RequestHandler {
+	return func(req *fasthttp.RequestCtx) {
+		appCtx := utils.GetContextFromRequest(req)
+
+		nsBytes := req.Request.Header.Peek(a.settings.NamespaceHeader())
+		appCtx = middleware.SetNamespace(appCtx, string(nsBytes))
+
+		utils.SetContextToRequest(appCtx, req)
+		h(req)
+	}
+}
+
+func (a *app) AppParams() *handler.AppParams {
+	return &handler.AppParams{
 		Logger:   a.log,
-		Pool:     a.pool,
+		FrostFS:  frostfs.NewFrostFS(a.pool),
 		Owner:    a.owner,
 		Resolver: a.resolver,
+		Cache:    cache.NewBucketCache(getCacheOptions(a.cfg, a.log)),
 	}
 }
 
 func (a *app) initServers(ctx context.Context) {
-	serversInfo := fetchServers(a.cfg)
+	serversInfo := fetchServers(a.cfg, a.log)
 
 	a.servers = make([]Server, 0, len(serversInfo))
 	for _, serverInfo := range serversInfo {
@@ -526,6 +655,7 @@ func (a *app) initServers(ctx context.Context) {
 		}
 		srv, err := newServer(ctx, serverInfo)
 		if err != nil {
+			a.unbindServers = append(a.unbindServers, serverInfo)
 			a.metrics.MarkUnhealthy(serverInfo.Address)
 			a.log.Warn(logs.FailedToAddServer, append(fields, zap.Error(err))...)
 			continue
@@ -542,21 +672,24 @@ func (a *app) initServers(ctx context.Context) {
 }
 
 func (a *app) updateServers() error {
-	serversInfo := fetchServers(a.cfg)
+	serversInfo := fetchServers(a.cfg, a.log)
+
+	a.mu.Lock()
+	defer a.mu.Unlock()
 
 	var found bool
 	for _, serverInfo := range serversInfo {
-		index := a.serverIndex(serverInfo.Address)
-		if index == -1 {
-			continue
-		}
-
-		if serverInfo.TLS.Enabled {
-			if err := a.servers[index].UpdateCert(serverInfo.TLS.CertFile, serverInfo.TLS.KeyFile); err != nil {
-				return fmt.Errorf("failed to update tls certs: %w", err)
+		ser := a.getServer(serverInfo.Address)
+		if ser != nil {
+			if serverInfo.TLS.Enabled {
+				if err := ser.UpdateCert(serverInfo.TLS.CertFile, serverInfo.TLS.KeyFile); err != nil {
+					return fmt.Errorf("failed to update tls certs: %w", err)
+				}
+				found = true
 			}
+		} else if unbind := a.updateUnbindServerInfo(serverInfo); unbind {
+			found = true
 		}
-		found = true
 	}
 
 	if !found {
@@ -566,13 +699,29 @@ func (a *app) updateServers() error {
 	return nil
 }
 
-func (a *app) serverIndex(address string) int {
+func (a *app) getServers() []Server {
+	a.mu.RLock()
+	defer a.mu.RUnlock()
+	return a.servers
+}
+
+func (a *app) getServer(address string) Server {
 	for i := range a.servers {
 		if a.servers[i].Address() == address {
-			return i
+			return a.servers[i]
 		}
 	}
-	return -1
+	return nil
+}
+
+func (a *app) updateUnbindServerInfo(info ServerInfo) bool {
+	for i := range a.unbindServers {
+		if a.unbindServers[i].Address == info.Address {
+			a.unbindServers[i] = info
+			return true
+		}
+	}
+	return false
 }
 
 func (a *app) initTracing(ctx context.Context) {
@@ -596,3 +745,109 @@ func (a *app) initTracing(ctx context.Context) {
 		a.log.Info(logs.TracingConfigUpdated)
 	}
 }
+
+func (a *app) setRuntimeParameters() {
+	if len(os.Getenv("GOMEMLIMIT")) != 0 {
+		// default limit < yaml limit < app env limit < GOMEMLIMIT
+		a.log.Warn(logs.RuntimeSoftMemoryDefinedWithGOMEMLIMIT)
+		return
+	}
+
+	softMemoryLimit := fetchSoftMemoryLimit(a.cfg)
+	previous := debug.SetMemoryLimit(softMemoryLimit)
+	if softMemoryLimit != previous {
+		a.log.Info(logs.RuntimeSoftMemoryLimitUpdated,
+			zap.Int64("new_value", softMemoryLimit),
+			zap.Int64("old_value", previous))
+	}
+}
+
+func (s *appSettings) NamespaceHeader() string {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	return s.namespaceHeader
+}
+
+func (s *appSettings) setNamespaceHeader(nsHeader string) {
+	s.mu.Lock()
+	s.namespaceHeader = nsHeader
+	s.mu.Unlock()
+}
+
+func (s *appSettings) FormContainerZone(ns string) (zone string, isDefault bool) {
+	s.mu.RLock()
+	namespaces := s.defaultNamespaces
+	s.mu.RUnlock()
+	if slices.Contains(namespaces, ns) {
+		return v2container.SysAttributeZoneDefault, true
+	}
+
+	return ns + ".ns", false
+}
+
+func (s *appSettings) setDefaultNamespaces(namespaces []string) {
+	for i := range namespaces { // to be set namespaces in env variable as `HTTP_GW_RESOLVE_BUCKET_DEFAULT_NAMESPACES="" "root"`
+		namespaces[i] = strings.Trim(namespaces[i], "\"")
+	}
+
+	s.mu.Lock()
+	s.defaultNamespaces = namespaces
+	s.mu.Unlock()
+}
+
+func (a *app) scheduleReconnect(ctx context.Context, srv *fasthttp.Server) {
+	go func() {
+		t := time.NewTicker(a.settings.reconnectInterval)
+		defer t.Stop()
+		for {
+			select {
+			case <-t.C:
+				if a.tryReconnect(ctx, srv) {
+					return
+				}
+				t.Reset(a.settings.reconnectInterval)
+			case <-ctx.Done():
+				return
+			}
+		}
+	}()
+}
+
+func (a *app) tryReconnect(ctx context.Context, sr *fasthttp.Server) bool {
+	a.mu.Lock()
+	defer a.mu.Unlock()
+
+	a.log.Info(logs.ServerReconnecting)
+	var failedServers []ServerInfo
+
+	for _, serverInfo := range a.unbindServers {
+		fields := []zap.Field{
+			zap.String("address", serverInfo.Address), zap.Bool("tls enabled", serverInfo.TLS.Enabled),
+			zap.String("tls cert", serverInfo.TLS.CertFile), zap.String("tls key", serverInfo.TLS.KeyFile),
+		}
+
+		srv, err := newServer(ctx, serverInfo)
+		if err != nil {
+			a.log.Warn(logs.ServerReconnectFailed, zap.Error(err))
+			failedServers = append(failedServers, serverInfo)
+			a.metrics.MarkUnhealthy(serverInfo.Address)
+			continue
+		}
+
+		go func() {
+			a.log.Info(logs.StartingServer, zap.String("address", srv.Address()))
+			a.metrics.MarkHealthy(serverInfo.Address)
+			if err = sr.Serve(srv.Listener()); err != nil && !errors.Is(err, http.ErrServerClosed) {
+				a.log.Warn(logs.ListenAndServe, zap.Error(err))
+				a.metrics.MarkUnhealthy(serverInfo.Address)
+			}
+		}()
+
+		a.servers = append(a.servers, srv)
+		a.log.Info(logs.ServerReconnectedSuccessfully, fields...)
+	}
+
+	a.unbindServers = failedServers
+
+	return len(a.unbindServers) == 0
+}

cmd/http-gw/integration_test.go

@@ -6,29 +6,35 @@ import (
 	"archive/zip"
 	"bytes"
 	"context"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
 	"mime/multipart"
 	"net/http"
+	"os"
 	"sort"
 	"testing"
 	"time"
 
 	containerv2 "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/eacl"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neo-go/pkg/wallet"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/require"
 	"github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/wait"
+	"go.uber.org/zap/zapcore"
 )
 
 type putResponse struct {
@@ -46,11 +52,18 @@ func TestIntegration(t *testing.T) {
 	rootCtx := context.Background()
 	aioImage := "truecloudlab/frostfs-aio:"
 	versions := []string{
-		"1.2.7", // frostfs-storage v0.36.0 RC
+		"1.2.7",
+		"1.3.0",
+		"1.5.0",
 	}
 	key, err := keys.NewPrivateKeyFromHex("1dd37fba80fec4e6a6f13fd708d8dcb3b29def768017052f6c930fa1c5d90bbb")
 	require.NoError(t, err)
 
+	file, err := os.CreateTemp("", "wallet")
+	require.NoError(t, err)
+	defer os.Remove(file.Name())
+	makeTempWallet(t, key, file.Name())
+
 	var ownerID user.ID
 	user.IDFromKey(&ownerID, key.PrivateKey.PublicKey)
 
@@ -58,16 +71,21 @@ func TestIntegration(t *testing.T) {
 		ctx, cancel2 := context.WithCancel(rootCtx)
 
 		aioContainer := createDockerContainer(ctx, t, aioImage+version)
-		server, cancel := runServer()
+		server, cancel := runServer(file.Name())
 		clientPool := getPool(ctx, t, key)
 		CID, err := createContainer(ctx, t, clientPool, ownerID, version)
 		require.NoError(t, err, version)
 
+		token := makeBearerToken(t, key, ownerID, version)
+
 		t.Run("simple put "+version, func(t *testing.T) { simplePut(ctx, t, clientPool, CID, version) })
+		t.Run("put with bearer token in header"+version, func(t *testing.T) { putWithBearerTokenInHeader(ctx, t, clientPool, CID, token) })
+		t.Run("put with bearer token in cookie"+version, func(t *testing.T) { putWithBearerTokenInCookie(ctx, t, clientPool, CID, token) })
 		t.Run("put with duplicate keys "+version, func(t *testing.T) { putWithDuplicateKeys(t, CID) })
 		t.Run("simple get "+version, func(t *testing.T) { simpleGet(ctx, t, clientPool, ownerID, CID, version) })
 		t.Run("get by attribute "+version, func(t *testing.T) { getByAttr(ctx, t, clientPool, ownerID, CID, version) })
 		t.Run("get zip "+version, func(t *testing.T) { getZip(ctx, t, clientPool, ownerID, CID, version) })
+		t.Run("test namespaces "+version, func(t *testing.T) { checkNamespaces(ctx, t, clientPool, ownerID, CID, version) })
 
 		cancel()
 		server.Wait()
@@ -77,13 +95,16 @@ func TestIntegration(t *testing.T) {
 	}
 }
 
-func runServer() (App, context.CancelFunc) {
+func runServer(pathToWallet string) (App, context.CancelFunc) {
 	cancelCtx, cancel := context.WithCancel(context.Background())
 
 	v := getDefaultConfig()
-	l, lvl := newLogger(v)
+	v.Set(cfgWalletPath, pathToWallet)
+	v.Set(cfgWalletPassphrase, "")
+
+	l, lvl := newStdoutLogger(zapcore.DebugLevel)
 	application := newApp(cancelCtx, WithConfig(v), WithLogger(l, lvl))
-	go application.Serve(cancelCtx)
+	go application.Serve()
 
 	return application, cancel
 }
@@ -96,7 +117,38 @@ func simplePut(ctx context.Context, t *testing.T, p *pool.Pool, CID cid.ID, vers
 	makePutRequestAndCheck(ctx, t, p, CID, url)
 }
 
+func putWithBearerTokenInHeader(ctx context.Context, t *testing.T, p *pool.Pool, CID cid.ID, token string) {
+	url := testHost + "/upload/" + CID.String()
+
+	request, content, attributes := makePutRequest(t, url)
+	request.Header.Set("Authorization", "Bearer "+token)
+	resp, err := http.DefaultClient.Do(request)
+	require.NoError(t, err)
+
+	checkPutResponse(ctx, t, p, CID, resp, content, attributes)
+}
+
+func putWithBearerTokenInCookie(ctx context.Context, t *testing.T, p *pool.Pool, CID cid.ID, token string) {
+	url := testHost + "/upload/" + CID.String()
+
+	request, content, attributes := makePutRequest(t, url)
+	request.AddCookie(&http.Cookie{Name: "Bearer", Value: token})
+	resp, err := http.DefaultClient.Do(request)
+	require.NoError(t, err)
+
+	checkPutResponse(ctx, t, p, CID, resp, content, attributes)
+}
+
 func makePutRequestAndCheck(ctx context.Context, t *testing.T, p *pool.Pool, cnrID cid.ID, url string) {
+	request, content, attributes := makePutRequest(t, url)
+
+	resp, err := http.DefaultClient.Do(request)
+	require.NoError(t, err)
+
+	checkPutResponse(ctx, t, p, cnrID, resp, content, attributes)
+}
+
+func makePutRequest(t *testing.T, url string) (*http.Request, string, map[string]string) {
 	content := "content of file"
 	keyAttr, valAttr := "User-Attribute", "user value"
 	attributes := map[string]string{
@@ -118,9 +170,10 @@ func makePutRequestAndCheck(ctx context.Context, t *testing.T, p *pool.Pool, cnr
 	request.Header.Set("Content-Type", w.FormDataContentType())
 	request.Header.Set("X-Attribute-"+keyAttr, valAttr)
 
-	resp, err := http.DefaultClient.Do(request)
-	require.NoError(t, err)
+	return request, content, attributes
+}
 
+func checkPutResponse(ctx context.Context, t *testing.T, p *pool.Pool, cnrID cid.ID, resp *http.Response, content string, attributes map[string]string) {
 	defer func() {
 		err := resp.Body.Close()
 		require.NoError(t, err)
@@ -338,6 +391,40 @@ func checkZip(t *testing.T, data []byte, length int64, names, contents []string)
 	}
 }
 
+func checkNamespaces(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID, version string) {
+	content := "content of file"
+	attributes := map[string]string{
+		"some-attr": "some-get-value",
+	}
+
+	id := putObject(ctx, t, clientPool, ownerID, CID, content, attributes)
+
+	req, err := http.NewRequest(http.MethodGet, testHost+"/get/"+testContainerName+"/"+id.String(), nil)
+	require.NoError(t, err)
+	req.Header.Set(defaultNamespaceHeader, "")
+
+	resp, err := http.DefaultClient.Do(req)
+	require.NoError(t, err)
+	checkGetResponse(t, resp, content, attributes)
+
+	req, err = http.NewRequest(http.MethodGet, testHost+"/get/"+testContainerName+"/"+id.String(), nil)
+	require.NoError(t, err)
+	req.Header.Set(defaultNamespaceHeader, "root")
+
+	resp, err = http.DefaultClient.Do(req)
+	require.NoError(t, err)
+	checkGetResponse(t, resp, content, attributes)
+
+	req, err = http.NewRequest(http.MethodGet, testHost+"/get/"+testContainerName+"/"+id.String(), nil)
+	require.NoError(t, err)
+	req.Header.Set(defaultNamespaceHeader, "root2")
+
+	resp, err = http.DefaultClient.Do(req)
+	require.NoError(t, err)
+	require.Equal(t, http.StatusNotFound, resp.StatusCode)
+
+}
+
 func createDockerContainer(ctx context.Context, t *testing.T, image string) testcontainers.Container {
 	req := testcontainers.ContainerRequest{
 		Image:       image,
@@ -420,7 +507,7 @@ func createContainer(ctx context.Context, t *testing.T, clientPool *pool.Pool, o
 func putObject(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID user.ID, CID cid.ID, content string, attributes map[string]string) oid.ID {
 	obj := object.New()
 	obj.SetContainerID(CID)
-	obj.SetOwnerID(&ownerID)
+	obj.SetOwnerID(ownerID)
 
 	var attrs []object.Attribute
 	for key, val := range attributes {
@@ -440,3 +527,37 @@ func putObject(ctx context.Context, t *testing.T, clientPool *pool.Pool, ownerID
 
 	return id
 }
+
+func makeBearerToken(t *testing.T, key *keys.PrivateKey, ownerID user.ID, version string) string {
+	tkn := new(bearer.Token)
+	tkn.ForUser(ownerID)
+	tkn.SetExp(10000)
+
+	if version == "1.2.7" {
+		tkn.SetEACLTable(*eacl.NewTable())
+	} else {
+		tkn.SetImpersonate(true)
+	}
+
+	err := tkn.Sign(key.PrivateKey)
+	require.NoError(t, err)
+
+	t64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
+	require.NotEmpty(t, t64)
+
+	return t64
+}
+
+func makeTempWallet(t *testing.T, key *keys.PrivateKey, path string) {
+	w, err := wallet.NewWallet(path)
+	require.NoError(t, err)
+
+	acc := wallet.NewAccountFromPrivateKey(key)
+	err = acc.Encrypt("", w.Scrypt)
+	require.NoError(t, err)
+
+	w.AddAccount(acc)
+
+	err = w.Save()
+	require.NoError(t, err)
+}

cmd/http-gw/main.go

@@ -9,7 +9,7 @@ import (
 func main() {
 	globalContext, _ := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
 	v := settings()
-	logger, atomicLevel := newLogger(v)
+	logger, atomicLevel := pickLogger(v)
 
 	application := newApp(globalContext, WithLogger(logger, atomicLevel), WithConfig(v))
 	go application.Serve()

cmd/http-gw/server.go

@@ -68,11 +68,13 @@ func newServer(ctx context.Context, serverInfo ServerInfo) (*server, error) {
 
 	if serverInfo.TLS.Enabled {
 		if err = tlsProvider.UpdateCert(serverInfo.TLS.CertFile, serverInfo.TLS.KeyFile); err != nil {
-			return nil, fmt.Errorf("failed to update cert: %w", err)
+			lnErr := ln.Close()
+			return nil, fmt.Errorf("failed to update cert (listener close: %v): %w", lnErr, err)
 		}
 
 		ln = tls.NewListener(ln, &tls.Config{
 			GetCertificate: tlsProvider.GetCertificate,
+			NextProtos:     []string{"h2"}, // required to enable HTTP/2 requests in `http.Serve`
 		})
 	}
 

cmd/http-gw/server_test.go

@@ -0,0 +1,119 @@
+package main
+
+import (
+	"context"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"fmt"
+	"math/big"
+	"net"
+	"net/http"
+	"os"
+	"path"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/require"
+	"golang.org/x/net/http2"
+)
+
+const (
+	expHeaderKey   = "Foo"
+	expHeaderValue = "Bar"
+)
+
+func TestHTTP2TLS(t *testing.T) {
+	ctx := context.Background()
+	certPath, keyPath := prepareTestCerts(t)
+
+	srv := &http.Server{
+		Handler: http.HandlerFunc(testHandler),
+	}
+
+	tlsListener, err := newServer(ctx, ServerInfo{
+		Address: ":0",
+		TLS: ServerTLSInfo{
+			Enabled:  true,
+			CertFile: certPath,
+			KeyFile:  keyPath,
+		},
+	})
+	require.NoError(t, err)
+	port := tlsListener.Listener().Addr().(*net.TCPAddr).Port
+	addr := fmt.Sprintf("https://localhost:%d", port)
+
+	go func() {
+		_ = srv.Serve(tlsListener.Listener())
+	}()
+
+	// Server is running, now send HTTP/2 request
+
+	tlsClientConfig := &tls.Config{
+		InsecureSkipVerify: true,
+	}
+
+	cliHTTP1 := http.Client{Transport: &http.Transport{TLSClientConfig: tlsClientConfig}}
+	cliHTTP2 := http.Client{Transport: &http2.Transport{TLSClientConfig: tlsClientConfig}}
+
+	req, err := http.NewRequest("GET", addr, nil)
+	require.NoError(t, err)
+	req.Header[expHeaderKey] = []string{expHeaderValue}
+
+	resp, err := cliHTTP1.Do(req)
+	require.NoError(t, err)
+	require.Equal(t, http.StatusOK, resp.StatusCode)
+
+	resp, err = cliHTTP2.Do(req)
+	require.NoError(t, err)
+	require.Equal(t, http.StatusOK, resp.StatusCode)
+}
+
+func testHandler(resp http.ResponseWriter, req *http.Request) {
+	hdr, ok := req.Header[expHeaderKey]
+	if !ok || len(hdr) != 1 || hdr[0] != expHeaderValue {
+		resp.WriteHeader(http.StatusBadRequest)
+	} else {
+		resp.WriteHeader(http.StatusOK)
+	}
+}
+
+func prepareTestCerts(t *testing.T) (certPath, keyPath string) {
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	require.NoError(t, err)
+
+	template := x509.Certificate{
+		SerialNumber:          big.NewInt(1),
+		Subject:               pkix.Name{CommonName: "localhost"},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().Add(time.Hour * 24 * 365),
+		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		BasicConstraintsValid: true,
+	}
+
+	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &privateKey.PublicKey, privateKey)
+	require.NoError(t, err)
+
+	dir := t.TempDir()
+	certPath = path.Join(dir, "cert.pem")
+	keyPath = path.Join(dir, "key.pem")
+
+	certFile, err := os.Create(certPath)
+	require.NoError(t, err)
+	defer certFile.Close()
+
+	keyFile, err := os.Create(keyPath)
+	require.NoError(t, err)
+	defer keyFile.Close()
+
+	err = pem.Encode(certFile, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+	require.NoError(t, err)
+
+	err = pem.Encode(keyFile, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)})
+	require.NoError(t, err)
+
+	return certPath, keyPath
+}

cmd/http-gw/settings.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/hex"
 	"fmt"
+	"math"
 	"os"
 	"path"
 	"runtime"
@@ -12,20 +13,28 @@ import (
 	"strings"
 	"time"
 
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/cache"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
 	grpctracing "git.frostfs.info/TrueCloudLab/frostfs-observability/tracing/grpc"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
 	treepool "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool/tree"
+	"git.frostfs.info/TrueCloudLab/zapjournald"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
+	"github.com/ssgreg/journald"
 	"github.com/valyala/fasthttp"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 	"google.golang.org/grpc"
 )
 
+const (
+	destinationStdout   = "stdout"
+	destinationJournald = "journald"
+)
+
 const (
 	defaultRebalanceTimer = 60 * time.Second
 	defaultRequestTimeout = 15 * time.Second
@@ -36,11 +45,21 @@ const (
 
 	defaultPoolErrorThreshold uint32 = 100
 
+	defaultSoftMemoryLimit = math.MaxInt64
+
+	defaultBufferMaxSizeForPut = 1024 * 1024 // 1mb
+
+	defaultNamespaceHeader = "X-Frostfs-Namespace"
+
+	defaultReconnectInterval = time.Minute
+
 	cfgServer      = "server"
 	cfgTLSEnabled  = "tls.enabled"
 	cfgTLSCertFile = "tls.cert_file"
 	cfgTLSKeyFile  = "tls.key_file"
 
+	cfgReconnectInterval = "reconnect_interval"
+
 	// Web.
 	cfgWebReadBufferSize     = "web.read_buffer_size"
 	cfgWebWriteBufferSize    = "web.write_buffer_size"
@@ -68,7 +87,8 @@ const (
 	cfgPoolErrorThreshold = "pool_error_threshold"
 
 	// Logger.
-	cfgLoggerLevel = "logger.level"
+	cfgLoggerLevel       = "logger.level"
+	cfgLoggerDestination = "logger.destination"
 
 	// Wallet.
 	cfgWalletPassphrase = "wallet.passphrase"
@@ -90,6 +110,25 @@ const (
 	// Zip compression.
 	cfgZipCompression = "zip.compression"
 
+	// Runtime.
+	cfgSoftMemoryLimit = "runtime.soft_memory_limit"
+
+	// Enabling client side object preparing for PUT operations.
+	cfgClientCut = "frostfs.client_cut"
+	// Sets max buffer size for read payload in put operations.
+	cfgBufferMaxSizeForPut = "frostfs.buffer_max_size_for_put"
+	// Configuration of parameters of requests to FrostFS.
+	// Sets max attempt to make successful tree request.
+	cfgTreePoolMaxAttempts = "frostfs.tree_pool_max_attempts"
+
+	// Caching.
+	cfgBucketsCacheLifetime = "cache.buckets.lifetime"
+	cfgBucketsCacheSize     = "cache.buckets.size"
+
+	// Bucket resolving options.
+	cfgResolveNamespaceHeader   = "resolve_bucket.namespace_header"
+	cfgResolveDefaultNamespaces = "resolve_bucket.default_namespaces"
+
 	// Command line args.
 	cmdHelp          = "help"
 	cmdVersion       = "version"
@@ -147,10 +186,14 @@ func settings() *viper.Viper {
 
 	// logger:
 	v.SetDefault(cfgLoggerLevel, "debug")
+	v.SetDefault(cfgLoggerDestination, "stdout")
 
 	// pool:
 	v.SetDefault(cfgPoolErrorThreshold, defaultPoolErrorThreshold)
 
+	// frostfs:
+	v.SetDefault(cfgBufferMaxSizeForPut, defaultBufferMaxSizeForPut)
+
 	// web-server:
 	v.SetDefault(cfgWebReadBufferSize, 4096)
 	v.SetDefault(cfgWebWriteBufferSize, 4096)
@@ -169,6 +212,10 @@ func settings() *viper.Viper {
 	v.SetDefault(cfgPprofAddress, "localhost:8083")
 	v.SetDefault(cfgPrometheusAddress, "localhost:8084")
 
+	// resolve bucket
+	v.SetDefault(cfgResolveNamespaceHeader, defaultNamespaceHeader)
+	v.SetDefault(cfgResolveDefaultNamespaces, []string{"", "root"})
+
 	// Binding flags
 	if err := v.BindPFlag(cfgPprofEnabled, flags.Lookup(cmdPprof)); err != nil {
 		panic(err)
@@ -328,7 +375,25 @@ func mergeConfig(v *viper.Viper, fileName string) error {
 	return v.MergeConfig(cfgFile)
 }
 
-// newLogger constructs a zap.Logger instance for current application.
+func pickLogger(v *viper.Viper) (*zap.Logger, zap.AtomicLevel) {
+	lvl, err := getLogLevel(v)
+	if err != nil {
+		panic(err)
+	}
+
+	dest := v.GetString(cfgLoggerDestination)
+
+	switch dest {
+	case destinationStdout:
+		return newStdoutLogger(lvl)
+	case destinationJournald:
+		return newJournaldLogger(lvl)
+	default:
+		panic(fmt.Sprintf("wrong destination for logger: %s", dest))
+	}
+}
+
+// newStdoutLogger constructs a zap.Logger instance for current application.
 // Panics on failure.
 //
 // Logger is built from zap's production logging configuration with:
@@ -339,12 +404,7 @@ func mergeConfig(v *viper.Viper, fileName string) error {
 // Logger records a stack trace for all messages at or above fatal level.
 //
 // See also zapcore.Level, zap.NewProductionConfig, zap.AddStacktrace.
-func newLogger(v *viper.Viper) (*zap.Logger, zap.AtomicLevel) {
-	lvl, err := getLogLevel(v)
-	if err != nil {
-		panic(err)
-	}
-
+func newStdoutLogger(lvl zapcore.Level) (*zap.Logger, zap.AtomicLevel) {
 	c := zap.NewProductionConfig()
 	c.Level = zap.NewAtomicLevelAt(lvl)
 	c.Encoding = "console"
@@ -360,6 +420,25 @@ func newLogger(v *viper.Viper) (*zap.Logger, zap.AtomicLevel) {
 	return l, c.Level
 }
 
+func newJournaldLogger(lvl zapcore.Level) (*zap.Logger, zap.AtomicLevel) {
+	c := zap.NewProductionConfig()
+	c.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder
+	c.Level = zap.NewAtomicLevelAt(lvl)
+
+	encoder := zapjournald.NewPartialEncoder(zapcore.NewConsoleEncoder(c.EncoderConfig), zapjournald.SyslogFields)
+
+	core := zapjournald.NewCore(c.Level, encoder, &journald.Journal{}, zapjournald.SyslogFields)
+	coreWithContext := core.With([]zapcore.Field{
+		zapjournald.SyslogFacility(zapjournald.LogDaemon),
+		zapjournald.SyslogIdentifier(),
+		zapjournald.SyslogPid(),
+	})
+
+	l := zap.New(coreWithContext, zap.AddStacktrace(zap.NewAtomicLevelAt(zap.FatalLevel)))
+
+	return l, c.Level
+}
+
 func getLogLevel(v *viper.Viper) (zapcore.Level, error) {
 	var lvl zapcore.Level
 	lvlStr := v.GetString(cfgLoggerLevel)
@@ -379,8 +458,18 @@ func getLogLevel(v *viper.Viper) (zapcore.Level, error) {
 	return lvl, nil
 }
 
-func fetchServers(v *viper.Viper) []ServerInfo {
+func fetchReconnectInterval(cfg *viper.Viper) time.Duration {
+	reconnect := cfg.GetDuration(cfgReconnectInterval)
+	if reconnect <= 0 {
+		reconnect = defaultReconnectInterval
+	}
+
+	return reconnect
+}
+
+func fetchServers(v *viper.Viper, log *zap.Logger) []ServerInfo {
 	var servers []ServerInfo
+	seen := make(map[string]struct{})
 
 	for i := 0; ; i++ {
 		key := cfgServer + "." + strconv.Itoa(i) + "."
@@ -395,6 +484,11 @@ func fetchServers(v *viper.Viper) []ServerInfo {
 			break
 		}
 
+		if _, ok := seen[serverInfo.Address]; ok {
+			log.Warn(logs.WarnDuplicateAddress, zap.String("address", serverInfo.Address))
+			continue
+		}
+		seen[serverInfo.Address] = struct{}{}
 		servers = append(servers, serverInfo)
 	}
 
@@ -455,6 +549,8 @@ func getPools(ctx context.Context, logger *zap.Logger, cfg *viper.Viper) (*pool.
 	prm.SetLogger(logger)
 	prmTree.SetLogger(logger)
 
+	prmTree.SetMaxRequestAttempts(cfg.GetInt(cfgTreePoolMaxAttempts))
+
 	var apiGRPCDialOpts []grpc.DialOption
 	var treeGRPCDialOpts []grpc.DialOption
 	if cfg.GetBool(cfgTracingEnabled) {
@@ -516,3 +612,53 @@ func fetchPeers(l *zap.Logger, v *viper.Viper) []pool.NodeParam {
 
 	return nodes
 }
+
+func fetchSoftMemoryLimit(cfg *viper.Viper) int64 {
+	softMemoryLimit := cfg.GetSizeInBytes(cfgSoftMemoryLimit)
+	if softMemoryLimit <= 0 {
+		softMemoryLimit = defaultSoftMemoryLimit
+	}
+
+	return int64(softMemoryLimit)
+}
+
+func getCacheOptions(v *viper.Viper, l *zap.Logger) *cache.Config {
+	cacheCfg := cache.DefaultBucketConfig(l)
+
+	cacheCfg.Lifetime = fetchCacheLifetime(v, l, cfgBucketsCacheLifetime, cacheCfg.Lifetime)
+	cacheCfg.Size = fetchCacheSize(v, l, cfgBucketsCacheSize, cacheCfg.Size)
+
+	return cacheCfg
+}
+
+func fetchCacheLifetime(v *viper.Viper, l *zap.Logger, cfgEntry string, defaultValue time.Duration) time.Duration {
+	if v.IsSet(cfgEntry) {
+		lifetime := v.GetDuration(cfgEntry)
+		if lifetime <= 0 {
+			l.Error(logs.InvalidLifetimeUsingDefaultValue,
+				zap.String("parameter", cfgEntry),
+				zap.Duration("value in config", lifetime),
+				zap.Duration("default", defaultValue))
+		} else {
+			return lifetime
+		}
+	}
+
+	return defaultValue
+}
+
+func fetchCacheSize(v *viper.Viper, l *zap.Logger, cfgEntry string, defaultValue int) int {
+	if v.IsSet(cfgEntry) {
+		size := v.GetInt(cfgEntry)
+		if size <= 0 {
+			l.Error(logs.InvalidCacheSizeUsingDefaultValue,
+				zap.String("parameter", cfgEntry),
+				zap.Int("value in config", size),
+				zap.Int("default", defaultValue))
+		} else {
+			return size
+		}
+	}
+
+	return defaultValue
+}

config/config.env

@@ -26,6 +26,9 @@ HTTP_GW_SERVER_1_TLS_ENABLED=true
 HTTP_GW_SERVER_1_TLS_CERT_FILE=/path/to/tls/cert
 HTTP_GW_SERVER_1_TLS_KEY_FILE=/path/to/tls/key
 
+# How often to reconnect to the servers
+HTTP_GW_RECONNECT_INTERVAL: 1m
+
 # Nodes configuration.
 # This configuration make the gateway use the first node (grpc://s01.frostfs.devenv:8080)
 # while it's healthy. Otherwise, the gateway use the second node (grpc://s01.frostfs.devenv:8080)
@@ -96,3 +99,25 @@ HTTP_GW_ZIP_COMPRESSION=false
 HTTP_GW_TRACING_ENABLED=true
 HTTP_GW_TRACING_ENDPOINT="localhost:4317"
 HTTP_GW_TRACING_EXPORTER="otlp_grpc"
+
+HTTP_GW_RUNTIME_SOFT_MEMORY_LIMIT=1073741824
+
+# Parameters of requests to FrostFS
+# This flag enables client side object preparing.
+HTTP_GW_FROSTFS_CLIENT_CUT=false
+# Sets max buffer size for read payload in put operations.
+HTTP_GW_FROSTFS_BUFFER_MAX_SIZE_FOR_PUT=1048576
+
+# Caching
+# Cache which contains mapping of bucket name to bucket info
+HTTP_GW_CACHE_BUCKETS_LIFETIME=1m
+HTTP_GW_CACHE_BUCKETS_SIZE=1000
+
+# Header to determine zone to resolve bucket name
+HTTP_GW_RESOLVE_BUCKET_NAMESPACE_HEADER=X-Frostfs-Namespace
+# Namespaces that should be handled as default
+HTTP_GW_RESOLVE_BUCKET_DEFAULT_NAMESPACES="" "root"
+
+# Max attempt to make successful tree request.
+# default value is 0 that means the number of attempts equals to number of nodes in pool.
+HTTP_GW_FROSTFS_TREE_POOL_MAX_ATTEMPTS=0

config/config.yaml

@@ -16,6 +16,7 @@ tracing:
 
 logger:
   level: debug # Log level.
+  destination: stdout
 
 server:
   - address: 0.0.0.0:8080
@@ -54,6 +55,7 @@ peers:
     priority: 2
     weight: 9
 
+reconnect_interval: 1m
 
 web:
   # Per-connection buffer size for requests' reading.
@@ -101,3 +103,27 @@ pool_error_threshold: 100 # The number of errors on connection after which node
 
 zip:
   compression: false # Enable zip compression to download files by common prefix.
+
+runtime:
+  soft_memory_limit: 1gb
+
+# Parameters of requests to FrostFS
+frostfs:
+  # This flag enables client side object preparing.
+  client_cut: false
+  # Sets max buffer size for read payload in put operations.
+  buffer_max_size_for_put: 1048576
+  # Max attempt to make successful tree request.
+  # default value is 0 that means the number of attempts equals to number of nodes in pool.
+  tree_pool_max_attempts: 0
+
+# Caching
+cache:
+  # Cache which contains mapping of bucket name to bucket info
+  buckets:
+    lifetime: 1m
+    size: 1000
+
+resolve_bucket:
+  namespace_header: X-Frostfs-Namespace
+  default_namespaces: [ "", "root" ]

debian/frostfs-http-gw.postinst

@@ -21,7 +21,7 @@ set -e
 case "$1" in
     configure)
         USERNAME=http
-        id -u frostfs-$USERNAME >/dev/null 2>&1 || useradd -s /usr/sbin/nologin -d /var/lib/frostfs/$USERNAME --system -M -U -c "FrostFS HTTP gateway" frostfs-$USERNAME
+        id -u frostfs-$USERNAME >/dev/null 2>&1 || useradd -s /usr/sbin/nologin -d /var/lib/frostfs/$USERNAME --system -m -U -c "FrostFS HTTP gateway" frostfs-$USERNAME
         if ! dpkg-statoverride --list /etc/frostfs/$USERNAME >/dev/null; then
             chown -f root:frostfs-$USERNAME /etc/frostfs/$USERNAME
             chown -f root:frostfs-$USERNAME /etc/frostfs/$USERNAME/config.yaml || true

docs/gate-configuration.md

@@ -40,19 +40,23 @@ $ cat http.log
 
 # Structure
 
-| Section         | Description                                           |
-|-----------------|-------------------------------------------------------|
-| no section      | [General parameters](#general-section)                |
-| `wallet`        | [Wallet configuration](#wallet-section)               |
-| `peers`         | [Nodes configuration](#peers-section)                 |
-| `logger`        | [Logger configuration](#logger-section)               |
-| `web`           | [Web configuration](#web-section)                     |
-| `server`        | [Server configuration](#server-section)               |
-| `upload-header` | [Upload header configuration](#upload-header-section) |
-| `zip`           | [ZIP configuration](#zip-section)                     |
-| `pprof`         | [Pprof configuration](#pprof-section)                 |
-| `prometheus`    | [Prometheus configuration](#prometheus-section)       |
-| `tracing`       | [Tracing configuration](#tracing-section)             |
+| Section          | Description                                                    |
+|------------------|----------------------------------------------------------------|
+| no section       | [General parameters](#general-section)                         |
+| `wallet`         | [Wallet configuration](#wallet-section)                        |
+| `peers`          | [Nodes configuration](#peers-section)                          |
+| `logger`         | [Logger configuration](#logger-section)                        |
+| `web`            | [Web configuration](#web-section)                              |
+| `server`         | [Server configuration](#server-section)                        |
+| `upload-header`  | [Upload header configuration](#upload-header-section)          |
+| `zip`            | [ZIP configuration](#zip-section)                              |
+| `pprof`          | [Pprof configuration](#pprof-section)                          |
+| `prometheus`     | [Prometheus configuration](#prometheus-section)                |
+| `tracing`        | [Tracing configuration](#tracing-section)                      |
+| `runtime`        | [Runtime configuration](#runtime-section)                      |
+| `frostfs`        | [Frostfs configuration](#frostfs-section)                      |
+| `cache`          | [Cache configuration](#cache-section)                          |
+| `resolve_bucket` | [Bucket name resolving configuration](#resolve_bucket-section) |
 
 
 # General section
@@ -68,6 +72,7 @@ stream_timeout: 10s
 request_timeout: 5s
 rebalance_timer: 30s
 pool_error_threshold: 100
+reconnect_interval: 1m
 ```
 
 | Parameter              | Type       | SIGHUP reload | Default value  | Description                                                                        |
@@ -79,6 +84,7 @@ pool_error_threshold: 100
 | `request_timeout`      | `duration` |               | `15s`          | Timeout to check node health during rebalance.                                     |
 | `rebalance_timer`      | `duration` |               | `60s`          | Interval to check node health.                                                     |
 | `pool_error_threshold` | `uint32`   |               | `100`          | The number of errors on connection after which node is considered as unhealthy.    |
+| `reconnect_interval`   | `duration` | no            | `1m`           | Listeners reconnection interval.                                                   |
 
 # `wallet` section
 
@@ -157,12 +163,13 @@ server:
 ```yaml
 logger:
   level: debug
+  destination: stdout
 ```
 
-| Parameter | Type     | SIGHUP reload | Default value | Description                                                                                        |
-|-----------|----------|---------------|---------------|----------------------------------------------------------------------------------------------------|
-| `level`   | `string` | yes           | `debug`       | Logging level.<br/>Possible values:  `debug`, `info`, `warn`, `error`, `dpanic`, `panic`, `fatal`. |
-
+| Parameter     | Type     | SIGHUP reload | Default value | Description                                                                                        |
+|---------------|----------|---------------|---------------|----------------------------------------------------------------------------------------------------|
+| `level`       | `string` | yes           | `debug`       | Logging level.<br/>Possible values:  `debug`, `info`, `warn`, `error`, `dpanic`, `panic`, `fatal`. |
+| `destination` | `string` | no            | `stdout`      | Destination for logger: `stdout` or `journald`                                                     |
 
 # `web` section
 
@@ -256,3 +263,76 @@ tracing:
 | `enabled`  | `bool`   | yes           | `false`          | Flag to enable the tracing.                                   |
 | `exporter` | `string` | yes           |                  | Trace collector type (`stdout` or `otlp_grpc` are supported). |
 | `endpoint` | `string` | yes           |                  | Address of collector endpoint for OTLP exporters.             |
+
+# `runtime` section
+Contains runtime parameters.
+
+```yaml
+runtime:
+  soft_memory_limit: 1gb
+```
+
+| Parameter           | Type   | SIGHUP reload | Default value | Description                                                                                                                                                                  |
+|---------------------|--------|---------------|---------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `soft_memory_limit` | `size` | yes           | maxint64      | Soft memory limit for the runtime. Zero or no value stands for no limit. If `GOMEMLIMIT` environment variable is set, the value from the configuration file will be ignored. |
+
+# `frostfs` section
+
+Contains parameters of requests to FrostFS.
+
+```yaml
+frostfs:
+  client_cut: false
+  buffer_max_size_for_put: 1048576 # 1mb
+  tree_pool_max_attempts: 0
+```
+
+| Parameter                 | Type     | SIGHUP reload | Default value | Description                                                                                                               |
+|---------------------------|----------|---------------|---------------|---------------------------------------------------------------------------------------------------------------------------|
+| `client_cut`              | `bool`   | yes           | `false`       | This flag enables client side object preparing.                                                                           |
+| `buffer_max_size_for_put` | `uint64` | yes           | `1048576`     | Sets max buffer size for read payload in put operations.                                                                  |
+| `tree_pool_max_attempts`  | `uint32` | no            | `0`           | Sets max attempt to make successful tree request. Value 0 means the number of attempts equals to number of nodes in pool. |
+
+
+### `cache` section
+
+```yaml
+cache:
+  buckets:
+    lifetime: 1m
+    size: 1000
+
+```
+
+| Parameter       | Type                              | Default value                     | Description                                                                            |
+|-----------------|-----------------------------------|-----------------------------------|----------------------------------------------------------------------------------------|
+| `buckets`       | [Cache config](#cache-subsection) | `lifetime: 60s`<br>`size: 1000`   | Cache which contains mapping of bucket name to bucket info.                            |
+
+
+#### `cache` subsection
+
+```yaml
+lifetime: 1m
+size: 1000
+```
+
+| Parameter  | Type       | Default value    | Description                   |
+|------------|------------|------------------|-------------------------------|
+| `lifetime` | `duration` | depends on cache | Lifetime of entries in cache. |
+| `size`     | `int`      | depends on cache | LRU cache size.               |
+
+
+# `resolve_bucket` section
+
+Bucket name resolving parameters from and to container ID.
+
+```yaml
+resolve_bucket:
+  namespace_header: X-Frostfs-Namespace
+  default_namespaces: [ "", "root" ]
+```
+
+| Parameter            | Type       | SIGHUP reload | Default value         | Description                                                                                                              |
+|----------------------|------------|---------------|-----------------------|--------------------------------------------------------------------------------------------------------------------------|
+| `namespace_header`   | `string`   | yes           | `X-Frostfs-Namespace` | Header to determine zone to resolve bucket name.                                                                         |
+| `default_namespaces` | `[]string` | yes           | ["","root"]           | Namespaces that should be handled as default.                                                                            |

downloader/download.go

@@ -1,537 +0,0 @@
-package downloader
-
-import (
-	"archive/zip"
-	"bufio"
-	"bytes"
-	"context"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"path"
-	"strconv"
-	"strings"
-	"time"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tokens"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tree"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
-	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
-	"github.com/valyala/fasthttp"
-	"go.uber.org/atomic"
-	"go.uber.org/zap"
-)
-
-type request struct {
-	*fasthttp.RequestCtx
-	log *zap.Logger
-}
-
-func isValidToken(s string) bool {
-	for _, c := range s {
-		if c <= ' ' || c > 127 {
-			return false
-		}
-		if strings.ContainsRune("()<>@,;:\\\"/[]?={}", c) {
-			return false
-		}
-	}
-	return true
-}
-
-func isValidValue(s string) bool {
-	for _, c := range s {
-		// HTTP specification allows for more technically, but we don't want to escape things.
-		if c < ' ' || c > 127 || c == '"' {
-			return false
-		}
-	}
-	return true
-}
-
-type readCloser struct {
-	io.Reader
-	io.Closer
-}
-
-// initializes io.Reader with the limited size and detects Content-Type from it.
-// Returns r's error directly. Also returns the processed data.
-func readContentType(maxSize uint64, rInit func(uint64) (io.Reader, error)) (string, []byte, error) {
-	if maxSize > sizeToDetectType {
-		maxSize = sizeToDetectType
-	}
-
-	buf := make([]byte, maxSize) // maybe sync-pool the slice?
-
-	r, err := rInit(maxSize)
-	if err != nil {
-		return "", nil, err
-	}
-
-	n, err := r.Read(buf)
-	if err != nil && err != io.EOF {
-		return "", nil, err
-	}
-
-	buf = buf[:n]
-
-	return http.DetectContentType(buf), buf, err // to not lose io.EOF
-}
-
-func receiveFile(ctx context.Context, req request, clnt *pool.Pool, objectAddress oid.Address) {
-	var (
-		err      error
-		dis      = "inline"
-		start    = time.Now()
-		filename string
-	)
-
-	var prm pool.PrmObjectGet
-	prm.SetAddress(objectAddress)
-	if btoken := bearerToken(ctx); btoken != nil {
-		prm.UseBearer(*btoken)
-	}
-
-	rObj, err := clnt.GetObject(ctx, prm)
-	if err != nil {
-		req.handleFrostFSErr(err, start)
-		return
-	}
-
-	// we can't close reader in this function, so how to do it?
-
-	if req.Request.URI().QueryArgs().GetBool("download") {
-		dis = "attachment"
-	}
-
-	payloadSize := rObj.Header.PayloadSize()
-
-	req.Response.Header.Set(fasthttp.HeaderContentLength, strconv.FormatUint(payloadSize, 10))
-	var contentType string
-	for _, attr := range rObj.Header.Attributes() {
-		key := attr.Key()
-		val := attr.Value()
-		if !isValidToken(key) || !isValidValue(val) {
-			continue
-		}
-
-		key = utils.BackwardTransformIfSystem(key)
-
-		req.Response.Header.Set(utils.UserAttributeHeaderPrefix+key, val)
-		switch key {
-		case object.AttributeFileName:
-			filename = val
-		case object.AttributeTimestamp:
-			value, err := strconv.ParseInt(val, 10, 64)
-			if err != nil {
-				req.log.Info(logs.CouldntParseCreationDate,
-					zap.String("key", key),
-					zap.String("val", val),
-					zap.Error(err))
-				continue
-			}
-			req.Response.Header.Set(fasthttp.HeaderLastModified,
-				time.Unix(value, 0).UTC().Format(http.TimeFormat))
-		case object.AttributeContentType:
-			contentType = val
-		}
-	}
-
-	idsToResponse(&req.Response, &rObj.Header)
-
-	if len(contentType) == 0 {
-		// determine the Content-Type from the payload head
-		var payloadHead []byte
-
-		contentType, payloadHead, err = readContentType(payloadSize, func(uint64) (io.Reader, error) {
-			return rObj.Payload, nil
-		})
-		if err != nil && err != io.EOF {
-			req.log.Error(logs.CouldNotDetectContentTypeFromPayload, zap.Error(err))
-			response.Error(req.RequestCtx, "could not detect Content-Type from payload: "+err.Error(), fasthttp.StatusBadRequest)
-			return
-		}
-
-		// reset payload reader since a part of the data has been read
-		var headReader io.Reader = bytes.NewReader(payloadHead)
-
-		if err != io.EOF { // otherwise, we've already read full payload
-			headReader = io.MultiReader(headReader, rObj.Payload)
-		}
-
-		// note: we could do with io.Reader, but SetBodyStream below closes body stream
-		// if it implements io.Closer and that's useful for us.
-		rObj.Payload = readCloser{headReader, rObj.Payload}
-	}
-	req.SetContentType(contentType)
-
-	req.Response.Header.Set(fasthttp.HeaderContentDisposition, dis+"; filename="+path.Base(filename))
-
-	req.Response.SetBodyStream(rObj.Payload, int(payloadSize))
-}
-
-func bearerToken(ctx context.Context) *bearer.Token {
-	if tkn, err := tokens.LoadBearerToken(ctx); err == nil {
-		return tkn
-	}
-	return nil
-}
-
-func (r *request) handleFrostFSErr(err error, start time.Time) {
-	logFields := []zap.Field{
-		zap.Stringer("elapsed", time.Since(start)),
-		zap.Error(err),
-	}
-	statusCode, msg, additionalFields := response.FormErrorResponse("could not receive object", err)
-	logFields = append(logFields, additionalFields...)
-
-	r.log.Error(logs.CouldNotReceiveObject, logFields...)
-	response.Error(r.RequestCtx, msg, statusCode)
-}
-
-// Downloader is a download request handler.
-type Downloader struct {
-	log               *zap.Logger
-	pool              *pool.Pool
-	containerResolver *resolver.ContainerResolver
-	settings          *Settings
-	tree              *tree.Tree
-}
-
-// Settings stores reloading parameters, so it has to provide atomic getters and setters.
-type Settings struct {
-	zipCompression atomic.Bool
-}
-
-func (s *Settings) ZipCompression() bool {
-	return s.zipCompression.Load()
-}
-
-func (s *Settings) SetZipCompression(val bool) {
-	s.zipCompression.Store(val)
-}
-
-// New creates an instance of Downloader using specified options.
-func New(params *utils.AppParams, settings *Settings, tree *tree.Tree) *Downloader {
-	return &Downloader{
-		log:               params.Logger,
-		pool:              params.Pool,
-		settings:          settings,
-		containerResolver: params.Resolver,
-		tree:              tree,
-	}
-}
-
-func (d *Downloader) newRequest(ctx *fasthttp.RequestCtx, log *zap.Logger) *request {
-	return &request{
-		RequestCtx: ctx,
-		log:        log,
-	}
-}
-
-// DownloadByAddressOrBucketName handles download requests using simple cid/oid or bucketname/key format.
-func (d *Downloader) DownloadByAddressOrBucketName(c *fasthttp.RequestCtx) {
-	test, _ := c.UserValue("oid").(string)
-	var id oid.ID
-	err := id.DecodeString(test)
-	if err != nil {
-		d.byBucketname(c, receiveFile)
-	} else {
-		d.byAddress(c, receiveFile)
-	}
-}
-
-// byAddress is a wrapper for function (e.g. request.headObject, request.receiveFile) that
-// prepares request and object address to it.
-func (d *Downloader) byAddress(c *fasthttp.RequestCtx, f func(context.Context, request, *pool.Pool, oid.Address)) {
-	var (
-		idCnr, _ = c.UserValue("cid").(string)
-		idObj, _ = c.UserValue("oid").(string)
-		log      = d.log.With(zap.String("cid", idCnr), zap.String("oid", idObj))
-	)
-
-	ctx := utils.GetContextFromRequest(c)
-
-	cnrID, err := utils.GetContainerID(ctx, idCnr, d.containerResolver)
-	if err != nil {
-		log.Error(logs.WrongContainerID, zap.Error(err))
-		response.Error(c, "wrong container id", fasthttp.StatusBadRequest)
-		return
-	}
-
-	objID := new(oid.ID)
-	if err = objID.DecodeString(idObj); err != nil {
-		log.Error(logs.WrongObjectID, zap.Error(err))
-		response.Error(c, "wrong object id", fasthttp.StatusBadRequest)
-		return
-	}
-
-	var addr oid.Address
-	addr.SetContainer(*cnrID)
-	addr.SetObject(*objID)
-
-	f(ctx, *d.newRequest(c, log), d.pool, addr)
-}
-
-// byBucketname is a wrapper for function (e.g. request.headObject, request.receiveFile) that
-// prepares request and object address to it.
-func (d *Downloader) byBucketname(req *fasthttp.RequestCtx, f func(context.Context, request, *pool.Pool, oid.Address)) {
-	var (
-		bucketname = req.UserValue("cid").(string)
-		key        = req.UserValue("oid").(string)
-		log        = d.log.With(zap.String("bucketname", bucketname), zap.String("key", key))
-	)
-
-	ctx := utils.GetContextFromRequest(req)
-
-	cnrID, err := utils.GetContainerID(ctx, bucketname, d.containerResolver)
-	if err != nil {
-		log.Error(logs.WrongContainerID, zap.Error(err))
-		response.Error(req, "wrong container id", fasthttp.StatusBadRequest)
-		return
-	}
-
-	foundOid, err := d.tree.GetLatestVersion(ctx, cnrID, key)
-	if err != nil {
-		log.Error(logs.ObjectWasntFound, zap.Error(err))
-		response.Error(req, "object wasn't found", fasthttp.StatusNotFound)
-		return
-	}
-	if foundOid.DeleteMarker {
-		log.Error(logs.ObjectWasDeleted)
-		response.Error(req, "object deleted", fasthttp.StatusNotFound)
-		return
-	}
-
-	var addr oid.Address
-	addr.SetContainer(*cnrID)
-	addr.SetObject(foundOid.OID)
-
-	f(ctx, *d.newRequest(req, log), d.pool, addr)
-}
-
-// DownloadByAttribute handles attribute-based download requests.
-func (d *Downloader) DownloadByAttribute(c *fasthttp.RequestCtx) {
-	d.byAttribute(c, receiveFile)
-}
-
-// byAttribute is a wrapper similar to byAddress.
-func (d *Downloader) byAttribute(c *fasthttp.RequestCtx, f func(context.Context, request, *pool.Pool, oid.Address)) {
-	var (
-		scid, _ = c.UserValue("cid").(string)
-		key, _  = url.QueryUnescape(c.UserValue("attr_key").(string))
-		val, _  = url.QueryUnescape(c.UserValue("attr_val").(string))
-		log     = d.log.With(zap.String("cid", scid), zap.String("attr_key", key), zap.String("attr_val", val))
-	)
-
-	ctx := utils.GetContextFromRequest(c)
-
-	containerID, err := utils.GetContainerID(ctx, scid, d.containerResolver)
-	if err != nil {
-		log.Error(logs.WrongContainerID, zap.Error(err))
-		response.Error(c, "wrong container id", fasthttp.StatusBadRequest)
-		return
-	}
-
-	res, err := d.search(ctx, containerID, key, val, object.MatchStringEqual)
-	if err != nil {
-		log.Error(logs.CouldNotSearchForObjects, zap.Error(err))
-		response.Error(c, "could not search for objects: "+err.Error(), fasthttp.StatusBadRequest)
-		return
-	}
-
-	defer res.Close()
-
-	buf := make([]oid.ID, 1)
-
-	n, err := res.Read(buf)
-	if n == 0 {
-		if errors.Is(err, io.EOF) {
-			log.Error(logs.ObjectNotFound, zap.Error(err))
-			response.Error(c, "object not found", fasthttp.StatusNotFound)
-			return
-		}
-
-		log.Error(logs.ReadObjectListFailed, zap.Error(err))
-		response.Error(c, "read object list failed: "+err.Error(), fasthttp.StatusBadRequest)
-		return
-	}
-
-	var addrObj oid.Address
-	addrObj.SetContainer(*containerID)
-	addrObj.SetObject(buf[0])
-
-	f(ctx, *d.newRequest(c, log), d.pool, addrObj)
-}
-
-func (d *Downloader) search(ctx context.Context, cid *cid.ID, key, val string, op object.SearchMatchType) (pool.ResObjectSearch, error) {
-	filters := object.NewSearchFilters()
-	filters.AddRootFilter()
-	filters.AddFilter(key, val, op)
-
-	var prm pool.PrmObjectSearch
-	prm.SetContainerID(*cid)
-	prm.SetFilters(filters)
-	if btoken := bearerToken(ctx); btoken != nil {
-		prm.UseBearer(*btoken)
-	}
-
-	return d.pool.SearchObjects(ctx, prm)
-}
-
-func (d *Downloader) getContainer(ctx context.Context, cnrID cid.ID) (container.Container, error) {
-	var prm pool.PrmContainerGet
-	prm.SetContainerID(cnrID)
-
-	return d.pool.GetContainer(ctx, prm)
-}
-
-func (d *Downloader) addObjectToZip(zw *zip.Writer, obj *object.Object) (io.Writer, error) {
-	method := zip.Store
-	if d.settings.ZipCompression() {
-		method = zip.Deflate
-	}
-
-	filePath := getZipFilePath(obj)
-	if len(filePath) == 0 || filePath[len(filePath)-1] == '/' {
-		return nil, fmt.Errorf("invalid filepath '%s'", filePath)
-	}
-
-	return zw.CreateHeader(&zip.FileHeader{
-		Name:     filePath,
-		Method:   method,
-		Modified: time.Now(),
-	})
-}
-
-// DownloadZipped handles zip by prefix requests.
-func (d *Downloader) DownloadZipped(c *fasthttp.RequestCtx) {
-	scid, _ := c.UserValue("cid").(string)
-	prefix, _ := url.QueryUnescape(c.UserValue("prefix").(string))
-	log := d.log.With(zap.String("cid", scid), zap.String("prefix", prefix))
-
-	ctx := utils.GetContextFromRequest(c)
-
-	containerID, err := utils.GetContainerID(ctx, scid, d.containerResolver)
-	if err != nil {
-		log.Error(logs.WrongContainerID, zap.Error(err))
-		response.Error(c, "wrong container id", fasthttp.StatusBadRequest)
-		return
-	}
-
-	// check if container exists here to be able to return 404 error,
-	// otherwise we get this error only in object iteration step
-	// and client get 200 OK.
-	if _, err = d.getContainer(ctx, *containerID); err != nil {
-		log.Error(logs.CouldNotCheckContainerExistence, zap.Error(err))
-		if client.IsErrContainerNotFound(err) {
-			response.Error(c, "Not Found", fasthttp.StatusNotFound)
-			return
-		}
-		response.Error(c, "could not check container existence: "+err.Error(), fasthttp.StatusBadRequest)
-		return
-	}
-
-	resSearch, err := d.search(ctx, containerID, object.AttributeFilePath, prefix, object.MatchCommonPrefix)
-	if err != nil {
-		log.Error(logs.CouldNotSearchForObjects, zap.Error(err))
-		response.Error(c, "could not search for objects: "+err.Error(), fasthttp.StatusBadRequest)
-		return
-	}
-
-	c.Response.Header.Set(fasthttp.HeaderContentType, "application/zip")
-	c.Response.Header.Set(fasthttp.HeaderContentDisposition, "attachment; filename=\"archive.zip\"")
-	c.Response.SetStatusCode(http.StatusOK)
-
-	c.SetBodyStreamWriter(func(w *bufio.Writer) {
-		defer resSearch.Close()
-
-		zipWriter := zip.NewWriter(w)
-
-		var bufZip []byte
-		var addr oid.Address
-
-		empty := true
-		called := false
-		btoken := bearerToken(ctx)
-		addr.SetContainer(*containerID)
-
-		errIter := resSearch.Iterate(func(id oid.ID) bool {
-			called = true
-
-			if empty {
-				bufZip = make([]byte, 3<<20) // the same as for upload
-			}
-			empty = false
-
-			addr.SetObject(id)
-			if err = d.zipObject(ctx, zipWriter, addr, btoken, bufZip); err != nil {
-				log.Error(logs.FailedToAddObjectToArchive, zap.String("oid", id.EncodeToString()), zap.Error(err))
-			}
-
-			return false
-		})
-		if errIter != nil {
-			log.Error(logs.IteratingOverSelectedObjectsFailed, zap.Error(errIter))
-		} else if !called {
-			log.Error(logs.ObjectsNotFound)
-		}
-
-		if err = zipWriter.Close(); err != nil {
-			log.Error(logs.CloseZipWriter, zap.Error(err))
-		}
-	})
-}
-
-func (d *Downloader) zipObject(ctx context.Context, zipWriter *zip.Writer, addr oid.Address, btoken *bearer.Token, bufZip []byte) error {
-	var prm pool.PrmObjectGet
-	prm.SetAddress(addr)
-	if btoken != nil {
-		prm.UseBearer(*btoken)
-	}
-
-	resGet, err := d.pool.GetObject(ctx, prm)
-	if err != nil {
-		return fmt.Errorf("get FrostFS object: %v", err)
-	}
-
-	objWriter, err := d.addObjectToZip(zipWriter, &resGet.Header)
-	if err != nil {
-		return fmt.Errorf("zip create header: %v", err)
-	}
-
-	if _, err = io.CopyBuffer(objWriter, resGet.Payload, bufZip); err != nil {
-		return fmt.Errorf("copy object payload to zip file: %v", err)
-	}
-
-	if err = resGet.Payload.Close(); err != nil {
-		return fmt.Errorf("object body close error: %w", err)
-	}
-
-	if err = zipWriter.Flush(); err != nil {
-		return fmt.Errorf("flush zip writer: %v", err)
-	}
-
-	return nil
-}
-
-func getZipFilePath(obj *object.Object) string {
-	for _, attr := range obj.Attributes() {
-		if attr.Key() == object.AttributeFilePath {
-			return attr.Value()
-		}
-	}
-
-	return ""
-}

go.mod

@@ -1,29 +1,34 @@
 module git.frostfs.info/TrueCloudLab/frostfs-http-gw
 
-go 1.20
+go 1.22
 
 require (
-	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.15.1-0.20230802075510-964c3edb3f44
+	git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240716113920-f517e3949164
 	git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20230531082742-c97d21411eb6
-	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20230802103237-363f153eafa6
+	git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240718141740-ce8270568d36
+	git.frostfs.info/TrueCloudLab/zapjournald v0.0.0-20240124114243-cb2e66427d02
+	github.com/bluele/gcache v0.0.2
 	github.com/fasthttp/router v1.4.1
-	github.com/nspcc-dev/neo-go v0.101.2-0.20230601131642-a0117042e8fc
-	github.com/prometheus/client_golang v1.15.1
-	github.com/prometheus/client_model v0.3.0
+	github.com/nspcc-dev/neo-go v0.106.2
+	github.com/prometheus/client_golang v1.19.0
+	github.com/prometheus/client_model v0.5.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.15.0
-	github.com/stretchr/testify v1.8.3
+	github.com/ssgreg/journald v1.0.0
+	github.com/stretchr/testify v1.9.0
 	github.com/testcontainers/testcontainers-go v0.13.0
+	github.com/trailofbits/go-fuzz-utils v0.0.0-20230413173806-58c38daa3cb4
 	github.com/valyala/fasthttp v1.34.0
 	go.opentelemetry.io/otel v1.16.0
 	go.opentelemetry.io/otel/trace v1.16.0
-	go.uber.org/atomic v1.10.0
-	go.uber.org/zap v1.24.0
-	google.golang.org/grpc v1.55.0
+	go.uber.org/zap v1.27.0
+	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
+	golang.org/x/net v0.23.0
+	google.golang.org/grpc v1.62.0
 )
 
 require (
-	git.frostfs.info/TrueCloudLab/frostfs-contract v0.0.0-20230307110621-19a8ef2d02fb // indirect
+	git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e // indirect
 	git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 // indirect
 	git.frostfs.info/TrueCloudLab/hrw v1.2.1 // indirect
 	git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 // indirect
@@ -38,7 +43,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/containerd/cgroups v1.0.3 // indirect
 	github.com/containerd/containerd v1.6.2 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
 	github.com/docker/distribution v2.8.1+incompatible // indirect
@@ -51,33 +56,32 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/google/uuid v1.3.0 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/mux v1.8.0 // indirect
-	github.com/gorilla/websocket v1.5.0 // indirect
+	github.com/gorilla/websocket v1.5.1 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.2 // indirect
-	github.com/hashicorp/golang-lru v0.6.0 // indirect
-	github.com/hashicorp/golang-lru/v2 v2.0.2 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/klauspost/compress v1.16.4 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/moby/sys/mount v0.3.2 // indirect
 	github.com/moby/sys/mountinfo v0.6.1 // indirect
 	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/mr-tron/base58 v1.2.0 // indirect
-	github.com/nspcc-dev/go-ordered-json v0.0.0-20220111165707-25110be27d22 // indirect
-	github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20230615193820-9185820289ce // indirect
-	github.com/nspcc-dev/rfc6979 v0.2.0 // indirect
+	github.com/nspcc-dev/go-ordered-json v0.0.0-20240301084351-0246b013f8b2 // indirect
+	github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240521091047-78685785716d // indirect
+	github.com/nspcc-dev/rfc6979 v0.2.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.2 // indirect
 	github.com/opencontainers/runc v1.1.1 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/common v0.42.0 // indirect
-	github.com/prometheus/procfs v0.9.0 // indirect
+	github.com/prometheus/common v0.48.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/savsgio/gotils v0.0.0-20210617111740-97865ed5a873 // indirect
 	github.com/sirupsen/logrus v1.8.1 // indirect
@@ -89,6 +93,7 @@ require (
 	github.com/twmb/murmur3 v1.1.8 // indirect
 	github.com/urfave/cli v1.22.5 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	go.etcd.io/bbolt v1.3.9 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.16.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.16.0 // indirect
@@ -98,16 +103,16 @@ require (
 	go.opentelemetry.io/otel/sdk v1.16.0 // indirect
 	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.9.0 // indirect
-	golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sync v0.2.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/term v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/term v0.18.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -37,22 +37,24 @@ cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RX
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.15.1-0.20230802075510-964c3edb3f44 h1:v6JqBD/VzZx3QSxbaXnUwnnJ1KEYheU4LzLGr3IhsAE=
-git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.15.1-0.20230802075510-964c3edb3f44/go.mod h1:pKJJRLOChW4zDQsAt1e8k/snWKljJtpkiPfxV53ngjI=
-git.frostfs.info/TrueCloudLab/frostfs-contract v0.0.0-20230307110621-19a8ef2d02fb h1:S/TrbOOu9qEXZRZ9/Ddw7crnxbBUQLo68PSzQWYrc9M=
-git.frostfs.info/TrueCloudLab/frostfs-contract v0.0.0-20230307110621-19a8ef2d02fb/go.mod h1:nkR5gaGeez3Zv2SE7aceP0YwxG2FzIB5cGKpQO2vV2o=
+git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240716113920-f517e3949164 h1:XxvwQKJT/f16qS3df5PBQPRYKkhy0/A7zH6644QpKD0=
+git.frostfs.info/TrueCloudLab/frostfs-api-go/v2 v2.16.1-0.20240716113920-f517e3949164/go.mod h1:OBDSr+DqV1z4VDouoX3YMleNc4DPBVBWTG3WDT2PK1o=
+git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e h1:kcBqZBiFIUBATUqEuvVigtkJJWQ2Gug/eYXn967o3M4=
+git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e/go.mod h1:F/fe1OoIDKr5Bz99q4sriuHDuf3aZefZy9ZsCqEtgxc=
 git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 h1:FxqFDhQYYgpe41qsIHVOcdzSVCB8JNSfPG7Uk4r2oSk=
 git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0/go.mod h1:RUIKZATQLJ+TaYQa60X2fTDwfuhMfm8Ar60bQ5fr+vU=
 git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20230531082742-c97d21411eb6 h1:aGQ6QaAnTerQ5Dq5b2/f9DUQtSqPkZZ/bkMx/HKuLCo=
 git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20230531082742-c97d21411eb6/go.mod h1:W8Nn08/l6aQ7UlIbpF7FsQou7TVpcRD1ZT1KG4TrFhE=
-git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20230802103237-363f153eafa6 h1:u6lzNotV6MEMNEG/XeS7g+FjPrrf+j4gnOHtvun2KJc=
-git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20230802103237-363f153eafa6/go.mod h1:LI2GOj0pEx0jYTjB3QHja2PNhQFYL2pCm71RAFwDv0M=
+git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240718141740-ce8270568d36 h1:MV/vKJWLQT34RRbXYvkNKFYGNjL5bRNuCQMXkbC7fLI=
+git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240718141740-ce8270568d36/go.mod h1:vluJ/+yQMcq8ZIZZSA7Te+JKClr0lgtRErjICvb8wto=
 git.frostfs.info/TrueCloudLab/hrw v1.2.1 h1:ccBRK21rFvY5R1WotI6LNoPlizk7qSvdfD8lNIRudVc=
 git.frostfs.info/TrueCloudLab/hrw v1.2.1/go.mod h1:C1Ygde2n843yTZEQ0FP69jYiuaYV0kriLvP4zm8JuvM=
 git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0 h1:M2KR3iBj7WpY3hP10IevfIB9MURr4O9mwVfJ+SjT3HA=
 git.frostfs.info/TrueCloudLab/rfc6979 v0.4.0/go.mod h1:okpbKfVYf/BpejtfFTfhZqFP+sZ8rsHrP8Rr/jYPNRc=
 git.frostfs.info/TrueCloudLab/tzhash v1.8.0 h1:UFMnUIk0Zh17m8rjGHJMqku2hCgaXDqjqZzS4gsb4UA=
 git.frostfs.info/TrueCloudLab/tzhash v1.8.0/go.mod h1:dhY+oy274hV8wGvGL4MwwMpdL3GYvaX1a8GQZQHvlF8=
+git.frostfs.info/TrueCloudLab/zapjournald v0.0.0-20240124114243-cb2e66427d02 h1:HeY8n27VyPRQe49l/fzyVMkWEB2fsLJYKp64pwA7tz4=
+git.frostfs.info/TrueCloudLab/zapjournald v0.0.0-20240124114243-cb2e66427d02/go.mod h1:rQFJJdEOV7KbbMtQYR2lNfiZk+ONRDJSbMCTWxKt8Fw=
 github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=
@@ -69,10 +71,6 @@ github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/CityOfZion/neo-go v0.62.1-pre.0.20191114145240-e740fbe708f8/go.mod h1:MJCkWUBhi9pn/CrYO1Q3P687y2KeahrOPS9BD9LDGb0=
-github.com/CityOfZion/neo-go v0.70.1-pre.0.20191209120015-fccb0085941e/go.mod h1:0enZl0az8xA6PVkwzEOwPWVJGqlt/GO4hA4kmQ5Xzig=
-github.com/CityOfZion/neo-go v0.70.1-pre.0.20191212173117-32ac01130d4c/go.mod h1:JtlHfeqLywZLswKIKFnAp+yzezY4Dji9qlfQKB2OD/I=
-github.com/CityOfZion/neo-go v0.71.1-pre.0.20200129171427-f773ec69fb84/go.mod h1:FLI526IrRWHmcsO+mHsCbj64pJZhwQFTLJZu+A4PGOA=
 github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
@@ -103,31 +101,20 @@ github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt
 github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
-github.com/Workiva/go-datastructures v1.0.50/go.mod h1:Z+F2Rca0qCsVYDS8z7bAGm8f3UkzuWYS/oBZz5a7VVA=
-github.com/abiosoft/ishell v2.0.0+incompatible/go.mod h1:HQR9AqF2R3P4XXpMpI0NAzgHf/aS6+zVXRj14cVk9qg=
-github.com/abiosoft/ishell/v2 v2.0.2/go.mod h1:E4oTCXfo6QjoCart0QYa5m9w4S+deXs/P/9jA77A9Bs=
-github.com/abiosoft/readline v0.0.0-20180607040430-155bce2042db/go.mod h1:rB3B4rKii8V21ydCbIzH5hZiCQE7f5E9SzUb/ZZx530=
-github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0=
-github.com/alicebob/gopher-json v0.0.0-20180125190556-5a6b3ba71ee6/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc=
-github.com/alicebob/miniredis v2.5.0+incompatible/go.mod h1:8HZjEj4yU0dwhYHky+DxYx+6BMjkBbe5ONFIF1MXffk=
 github.com/andybalholm/brotli v1.0.2/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
 github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
-github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210521073959-f0d4d129b7f1/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
 github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
 github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0=
-github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
-github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
@@ -136,22 +123,14 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
 github.com/bits-and-blooms/bitset v1.2.0/go.mod h1:gIdJ4wp64HaoK2YrL1Q5/N7Y16edYb8uY+O0FJTyyDA=
+github.com/bits-and-blooms/bitset v1.8.0 h1:FD+XqgOZDUxxZ8hzoBFuV9+cGWY9CslN6d5MS5JVb4c=
+github.com/bits-and-blooms/bitset v1.8.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
 github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
+github.com/bluele/gcache v0.0.2 h1:WcbfdXICg7G/DGBh1PFfcirkWOQV+v077yF1pSy3DGw=
+github.com/bluele/gcache v0.0.2/go.mod h1:m15KV+ECjptwSPxKhOhQoAFQVtUFjTVkc3H8o0t/fp0=
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
 github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
-github.com/btcsuite/btcd v0.20.1-beta/go.mod h1:wVuoA8VJLEcwgqHBwHmzLRazpKxTv13Px/pDuV7OomQ=
-github.com/btcsuite/btcd v0.22.0-beta/go.mod h1:9n5ntfhhHQBIhUvlhDvD3Qg6fRUj4jkN0VB8L8svzOA=
-github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA=
-github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d/go.mod h1:+5NJ2+qvTyV9exUAL/rxXi3DcLg2Ts+ymUAY5y4NvMg=
-github.com/btcsuite/btcutil v1.0.3-0.20201208143702-a53e38424cce/go.mod h1:0DVlHczLPewLcPGEIeUEzfOJhqGPQ0mJJRDBtD307+o=
-github.com/btcsuite/go-socks v0.0.0-20170105172521-4720035b7bfd/go.mod h1:HHNXQzUsZCxOoE+CPiyCTO6x34Zs86zZUiwtpXoGdtg=
-github.com/btcsuite/goleveldb v0.0.0-20160330041536-7834afc9e8cd/go.mod h1:F+uVaaLLH7j4eDXPRvw78tMflu7Ie2bzYOH4Y8rRKBY=
-github.com/btcsuite/goleveldb v1.0.0/go.mod h1:QiK9vBlgftBg6rWQIj6wFzbPfRjiykIEhBH4obrXJ/I=
-github.com/btcsuite/snappy-go v0.0.0-20151229074030-0bdef8d06723/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc=
-github.com/btcsuite/snappy-go v1.0.0/go.mod h1:8woku9dyThutzjeg+3xrA5iCpBRH8XEEg3lh6TiUghc=
-github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtEyQwv5/p4Mg4C0fgbePVuGr935/5ddU9Z3TmDRY=
-github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs=
 github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
@@ -162,9 +141,7 @@ github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqy
 github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.0/go.mod h1:dgIUBU3pDso/gPgZ1osOZ0iQf77oPR28Tjxl5dIMyVM=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
@@ -189,6 +166,10 @@ github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
+github.com/consensys/bavard v0.1.13 h1:oLhMLOFGTLdlda/kma4VOJazblc7IM5y5QPd2A/YjhQ=
+github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI=
+github.com/consensys/gnark-crypto v0.12.2-0.20231013160410-1f65e75b6dfb h1:f0BMgIjhZy4lSRHCXFbQst85f5agZAjtDMixQqBWNpc=
+github.com/consensys/gnark-crypto v0.12.2-0.20231013160410-1f65e75b6dfb/go.mod h1:v2Gy7L/4ZRosZ7Ivs+9SfUDr0f5UlG+EM5t7MPHiLuY=
 github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
 github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
 github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
@@ -237,6 +218,7 @@ github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR
 github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ=
 github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM=
 github.com/containerd/continuity v0.2.2 h1:QSqfxcn8c+12slxwu00AtzXrsami0MJb/MQs9lOLHLA=
+github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk=
 github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
 github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
 github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
@@ -298,8 +280,8 @@ github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfc
 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.1 h1:r/myEWzV9lfsM1tFLgDyu0atFtJ1fXn261LKYj/3DxU=
-github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw=
@@ -310,13 +292,11 @@ github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1S
 github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
 github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
 github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
-github.com/davecgh/go-spew v0.0.0-20171005155431-ecdeabc65495/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
-github.com/decred/dcrd/lru v1.0.0/go.mod h1:mxKOwFd7lFjN2GZYsiz/ecgqR6kkYAl+0pz0tEMk218=
 github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0=
 github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
@@ -358,18 +338,15 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw=
 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fasthttp/router v1.4.1 h1:3xPUO+hy/HAkgGDSd5sX5w18cyGDIFbC7vip8KwPDk8=
 github.com/fasthttp/router v1.4.1/go.mod h1:4P0Kq4C882tA2evBKDW7De7hGfWmvV8FN+zqt8Lu49Q=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
-github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
-github.com/flynn-archive/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:rZfgFAXFS/z/lEd6LJmf9HVZ1LkgYiHx5pHhV5DR16M=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
-github.com/frankban/quicktest v1.14.0/go.mod h1:NeW+ay9A/U67EYXNFA1nPE8e/tnQv/09mUdL/ijj8og=
 github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA=
+github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
@@ -384,12 +361,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2
 github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -408,13 +381,11 @@ github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8
 github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
 github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-redis/redis v6.10.2+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-redis/redis v6.15.9+incompatible h1:K0pv1D7EQUjfyoMql+r/jZqCLizCGKFlFgcHWWmHQjg=
 github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-yaml/yaml v2.1.0+incompatible/go.mod h1:w2MrLa16VYP0jy6N7M5kHaCkaLENm+P+Tv+MfurjSw0=
 github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
 github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
@@ -432,7 +403,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
-github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE=
+github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
+github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -447,7 +419,6 @@ github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt
 github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8=
 github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -467,12 +438,9 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.0-20170215233205-553a64147049/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -487,8 +455,8 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.5.1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -511,8 +479,9 @@ github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
@@ -526,8 +495,8 @@ github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB7
 github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
-github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
+github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
 github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
@@ -544,14 +513,12 @@ github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/golang-lru v0.6.0 h1:uL2shRDx7RTrOrTCUZEGP/wJUFiUI8QT6E7z5o8jga4=
-github.com/hashicorp/golang-lru v0.6.0/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/golang-lru/v2 v2.0.2 h1:Dwmkdr5Nc/oBiXgJS3CDHNhJtIHkuZ3DZF5twqnfBdU=
-github.com/hashicorp/golang-lru/v2 v2.0.2/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
+github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
+github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/holiman/uint256 v1.2.0/go.mod h1:y4ga/t+u+Xwd7CpDgZESaRcWy0I7XMlTMA25ApIH5Jw=
+github.com/holiman/uint256 v1.2.4 h1:jUc4Nk8fm9jZabQuqr2JzednajVmBpC+oiTiXZJEApU=
+github.com/holiman/uint256 v1.2.4/go.mod h1:EOMSn4q6Nyt9P6efbI3bueV4e1b3dGlUCXeiRV4ng7E=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
@@ -562,31 +529,22 @@ github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH
 github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
-github.com/jessevdk/go-flags v0.0.0-20141203071132-1679536dcc89/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
 github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
-github.com/jrick/logrotate v1.0.0/go.mod h1:LNinyqDIJnpAur+b8yyulnQw/wDuN1+BYKlTRt3OuAQ=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/kkdai/bstream v0.0.0-20161212061736-f391b8402d23/go.mod h1:J+Gs4SYgM6CZQHDETBtE9HaSEkGmuNXF86RwHhHUvq4=
 github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.12.2/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
@@ -601,8 +559,8 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
@@ -619,21 +577,14 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN
 github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
-github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
 github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
 github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
 github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4=
@@ -642,6 +593,8 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A=
+github.com/mmcloughlin/addchain v0.4.0 h1:SobOdjm2xLj1KkXN5/n0xTIWyZA2+s99UCY1iPfkHRY=
+github.com/mmcloughlin/addchain v0.4.0/go.mod h1:A86O+tHqZLMNO4w6ZZ4FlVQEadcoqkyU72HC5wJ4RlU=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/sys/mount v0.2.0/go.mod h1:aAivFE2LB3W4bACsUXChRHQ0qKWsetY4Y9V7sxOougM=
 github.com/moby/sys/mount v0.3.2 h1:uq/CiGDZPvr+c85RYHtKIUORFbmavBUyWH3E1NEyjqI=
@@ -659,74 +612,49 @@ github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJ
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/mr-tron/base58 v1.1.2/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
 github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o=
 github.com/mr-tron/base58 v1.2.0/go.mod h1:BinMc/sQntlIE1frQmRFPUoPA1Zkr8VRgBdjWI2mNwc=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nspcc-dev/dbft v0.0.0-20191205084618-dacb1a30c254/go.mod h1:w1Ln2aT+dBlPhLnuZhBV+DfPEdS2CHWWLp5JTScY3bw=
-github.com/nspcc-dev/dbft v0.0.0-20191209120240-0d6b7568d9ae/go.mod h1:3FjXOoHmA51EGfb5GS/HOv7VdmngNRTssSeQ729dvGY=
-github.com/nspcc-dev/dbft v0.0.0-20200117124306-478e5cfbf03a/go.mod h1:/YFK+XOxxg0Bfm6P92lY5eDSLYfp06XOdL8KAVgXjVk=
-github.com/nspcc-dev/dbft v0.0.0-20200219114139-199d286ed6c1/go.mod h1:O0qtn62prQSqizzoagHmuuKoz8QMkU3SzBoKdEvm3aQ=
-github.com/nspcc-dev/dbft v0.0.0-20210721160347-1b03241391ac/go.mod h1:U8MSnEShH+o5hexfWJdze6uMFJteP0ko7J2frO7Yu1Y=
-github.com/nspcc-dev/dbft v0.0.0-20220902113116-58a5e763e647/go.mod h1:g9xisXmX9NP9MjioaTe862n9SlZTrP+6PVUWLBYOr98=
-github.com/nspcc-dev/go-ordered-json v0.0.0-20210915112629-e1b6cce73d02/go.mod h1:79bEUDEviBHJMFV6Iq6in57FEOCMcRhfQnfaf0ETA5U=
-github.com/nspcc-dev/go-ordered-json v0.0.0-20220111165707-25110be27d22 h1:n4ZaFCKt1pQJd7PXoMJabZWK9ejjbLOVrkl/lOUmshg=
-github.com/nspcc-dev/go-ordered-json v0.0.0-20220111165707-25110be27d22/go.mod h1:79bEUDEviBHJMFV6Iq6in57FEOCMcRhfQnfaf0ETA5U=
-github.com/nspcc-dev/hrw v1.0.9/go.mod h1:l/W2vx83vMQo6aStyx2AuZrJ+07lGv2JQGlVkPG06MU=
-github.com/nspcc-dev/neo-go v0.73.1-pre.0.20200303142215-f5a1b928ce09/go.mod h1:pPYwPZ2ks+uMnlRLUyXOpLieaDQSEaf4NM3zHVbRjmg=
-github.com/nspcc-dev/neo-go v0.98.0/go.mod h1:E3cc1x6RXSXrJb2nDWXTXjnXk3rIqVN8YdFyWv+FrqM=
-github.com/nspcc-dev/neo-go v0.99.4/go.mod h1:mKTolfRUfKjFso5HPvGSQtUZc70n0VKBMs16eGuC5gA=
-github.com/nspcc-dev/neo-go v0.101.2-0.20230601131642-a0117042e8fc h1:fySIWvUQsitK5e5qYIHnTDCXuPpwzz89SEUEIyY11sg=
-github.com/nspcc-dev/neo-go v0.101.2-0.20230601131642-a0117042e8fc/go.mod h1:s9QhjMC784MWqTURovMbyYduIJc86mnCruxcMiAebpc=
-github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220927123257-24c107e3a262/go.mod h1:23bBw0v6pBYcrWs8CBEEDIEDJNbcFoIh8pGGcf2Vv8s=
-github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20230615193820-9185820289ce h1:vLGuUNDkmQrWMa4rr4vTd1u8ULqejWxVmNz1L7ocTEI=
-github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20230615193820-9185820289ce/go.mod h1:ZUuXOkdtHZgaC13za/zMgXfQFncZ0jLzfQTe+OsDOtg=
-github.com/nspcc-dev/neofs-api-go/v2 v2.11.0-pre.0.20211201134523-3604d96f3fe1/go.mod h1:oS8dycEh8PPf2Jjp6+8dlwWyEv2Dy77h/XhhcdxYEFs=
-github.com/nspcc-dev/neofs-api-go/v2 v2.11.1/go.mod h1:oS8dycEh8PPf2Jjp6+8dlwWyEv2Dy77h/XhhcdxYEFs=
-github.com/nspcc-dev/neofs-crypto v0.2.0/go.mod h1:F/96fUzPM3wR+UGsPi3faVNmFlA9KAEAUQR7dMxZmNA=
-github.com/nspcc-dev/neofs-crypto v0.2.3/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
-github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw=
-github.com/nspcc-dev/neofs-crypto v0.4.0/go.mod h1:6XJ8kbXgOfevbI2WMruOtI+qUJXNwSGM/E9eClXxPHs=
-github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4=
-github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40=
-github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
-github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE=
-github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso=
+github.com/nspcc-dev/go-ordered-json v0.0.0-20240301084351-0246b013f8b2 h1:mD9hU3v+zJcnHAVmHnZKt3I++tvn30gBj2rP2PocZMk=
+github.com/nspcc-dev/go-ordered-json v0.0.0-20240301084351-0246b013f8b2/go.mod h1:U5VfmPNM88P4RORFb6KSUVBdJBDhlqggJZYGXGPxOcc=
+github.com/nspcc-dev/neo-go v0.106.2 h1:KXSJ2J5Oacc7LrX3r4jvnC8ihKqHs5NB21q4f2S3r9o=
+github.com/nspcc-dev/neo-go v0.106.2/go.mod h1:Ojwfx3/lv0VTeEHMpQ17g0wTnXcCSoFQVq5GEeCZmGo=
+github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240521091047-78685785716d h1:Vcb7YkZuUSSIC+WF/xV3UDfHbAxZgyT2zGleJP3Ig5k=
+github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20240521091047-78685785716d/go.mod h1:/vrbWSHc7YS1KSYhVOyyeucXW/e+1DkVBOgnBEXUCeY=
+github.com/nspcc-dev/rfc6979 v0.2.1 h1:8wWxkamHWFmO790GsewSoKUSJjVnL1fmdRpokU/RgRM=
+github.com/nspcc-dev/rfc6979 v0.2.1/go.mod h1:Tk7h5kyUWkhjyO3zUgFFhy1v2vQv3BvQEntakdtqrWc=
+github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
 github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA=
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.4.1/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
-github.com/onsi/gomega v1.4.2/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.10.3 h1:gph6h/qe9GSUw1NhH1gp+qb+h8rXD8Cy60Z32Qw3ELA=
 github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
 github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@@ -762,7 +690,6 @@ github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrap
 github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
 github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/pierrec/lz4 v2.6.1+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -777,32 +704,24 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
-github.com/prometheus/client_golang v1.2.1/go.mod h1:XMU6Z2MjaRKVu/dC1qupJI9SiNkDYzz3xecMgSW/F+U=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ=
-github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI=
-github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk=
+github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
+github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
 github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4=
-github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
 github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
-github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA=
-github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM=
-github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc=
+github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
+github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@@ -814,16 +733,14 @@ github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+Gx
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4=
-github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI=
-github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
@@ -848,7 +765,6 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
@@ -871,6 +787,8 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU=
 github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA=
+github.com/ssgreg/journald v1.0.0 h1:0YmTDPJXxcWDPba12qNMdO6TxvfkFSYpFIJ31CwmLcU=
+github.com/ssgreg/journald v1.0.0/go.mod h1:RUckwmTM8ghGWPslq2+ZBZzbb9/2KgjzYZ4JEP+oRt0=
 github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8=
 github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -888,15 +806,13 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
-github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
 github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
-github.com/syndtr/goleveldb v0.0.0-20180307113352-169b1b37be73/go.mod h1:Z4AUp2Km+PwemOoO/VB5AOx9XSsIItzFjoJlOSiYmn0=
-github.com/syndtr/goleveldb v1.0.1-0.20210305035536-64b5b1c73954/go.mod h1:u2MKkTVTVJWe5D1rCvame8WqhBd88EuIwODJZ1VHCPM=
 github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 h1:epCh84lMvA70Z7CTTCmYQn2CKbY8j86K7/FAIr141uY=
 github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7/go.mod h1:q4W45IWZaF22tdD+VEXcAWRA037jwmWEB5VWYORlTpc=
 github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
@@ -904,7 +820,8 @@ github.com/testcontainers/testcontainers-go v0.13.0 h1:OUujSlEGsXVo/ykPVZk3KanBN
 github.com/testcontainers/testcontainers-go v0.13.0/go.mod h1:z1abufU633Eb/FmSBTzV6ntZAC1eZBYPtaFsn4nPuDk=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/twmb/murmur3 v1.1.5/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ=
+github.com/trailofbits/go-fuzz-utils v0.0.0-20230413173806-58c38daa3cb4 h1:GpfJ7OdNjS7BFTVwNCUI9L4aCJOFRbr5fdHqjdhoYE8=
+github.com/trailofbits/go-fuzz-utils v0.0.0-20230413173806-58c38daa3cb4/go.mod h1:f3jBhpWvuZmue0HZK52GzRHJOYHYSILs/c8+K2S/J+o=
 github.com/twmb/murmur3 v1.1.8 h1:8Yt9taO/WN3l08xErzjeschgZU2QSrwm1kclYq+0aRg=
 github.com/twmb/murmur3 v1.1.8/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
@@ -920,8 +837,6 @@ github.com/valyala/fasthttp v1.28.0/go.mod h1:cmWIqlu99AO/RKcp1HWaViTqc57FswJOfY
 github.com/valyala/fasthttp v1.34.0 h1:d3AAQJ2DRcxJYHm7OXNXtXt2as1vMDfxeIcFvhmGGm4=
 github.com/valyala/fasthttp v1.34.0/go.mod h1:epZA5N+7pY6ZaEKRmstzOuYJx9HI8DI1oaCGZpdH4h0=
 github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc=
-github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo=
-github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c=
 github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho=
@@ -940,17 +855,15 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/gopher-lua v0.0.0-20190514113301-1cd887cd7036/go.mod h1:gqRgreBUhTSL0GeU64rtZ3Uq3wtjOa/TB2YfrtkCbVQ=
-github.com/yuin/gopher-lua v0.0.0-20191128022950-c6266f4fe8d7/go.mod h1:gqRgreBUhTSL0GeU64rtZ3Uq3wtjOa/TB2YfrtkCbVQ=
 github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs=
 github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
-go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
 go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
+go.etcd.io/bbolt v1.3.9 h1:8x7aARPEXiXbHmtUwAIv7eV2fQFHrLLavdiJ3uzJXoI=
+go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE=
 go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
 go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -982,22 +895,15 @@ go.opentelemetry.io/proto/otlp v0.19.0 h1:IVN6GR+mhC4s5yfcTbmzHYODqvWAp3ZedA2SJP
 go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
-go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
-go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
-go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
-go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
-go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
-golang.org/x/crypto v0.0.0-20170930174604-9419663f5a44/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1007,19 +913,16 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200115085410-6d4e4cb37c7d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
-golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1030,8 +933,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc h1:mCRnTeVUjcrhlRmO0VK8a6k6Rrf6TF9htwo2pJVSjIU=
-golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w=
+golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
+golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1056,8 +959,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
-golang.org/x/net v0.0.0-20180719180050-a680a1efc54d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
+golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1105,15 +1008,12 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210510120150-4163338589ed/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211108170745-6635138e15ea/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1123,9 +1023,7 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1137,17 +1035,14 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
-golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190204203706-41f3e6584952/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1164,14 +1059,11 @@ golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1199,7 +1091,6 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200814200057-3d37ad5750ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1226,26 +1117,22 @@ golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210429154555-c04ba851c2a4/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1255,8 +1142,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
-golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1266,7 +1153,6 @@ golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180318012157-96caea41033d/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1288,7 +1174,6 @@ golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDq
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -1319,7 +1204,6 @@ golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
 golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
-golang.org/x/tools v0.0.0-20201022035929-9cf592e881e9/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
@@ -1329,11 +1213,14 @@ golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
+golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw=
+golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
@@ -1404,8 +1291,12 @@ google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
-google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
+google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
+google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
+google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 h1:x9PwdEgd11LgK+orcck69WVRo7DezSO4VUMPI4xpc8A=
+google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c h1:NUsgEN92SQQqzfA+YtqYNqYmB3DMMYLlIwUZAQFVFbo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY=
 google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1429,10 +1320,9 @@ google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA5
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
-google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k=
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
-google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
+google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk=
+google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1446,10 +1336,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
-google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/abiosoft/ishell.v2 v2.0.0/go.mod h1:sFp+cGtH6o4s1FtpVPTMcHq2yue+c4DGOVohJCPUzwY=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1458,6 +1346,7 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
@@ -1470,6 +1359,7 @@ gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -1479,6 +1369,7 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -1530,6 +1421,8 @@ k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+rsc.io/tmplfunc v0.0.3 h1:53XFQh69AfOa8Tw0Jm7t+GV7KZhOi6jzsCzTtKbMvzU=
+rsc.io/tmplfunc v0.0.3/go.mod h1:AG3sTPzElb1Io3Yg4voV9AGZJuleGAwaVRxL9M49PhA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=

internal/api/layer/tree_service.go

@@ -4,7 +4,7 @@ import (
 	"context"
 	"errors"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/api"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 )
 

internal/cache/buckets.go

@@ -0,0 +1,72 @@
+package cache
+
+import (
+	"fmt"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	"github.com/bluele/gcache"
+	"go.uber.org/zap"
+)
+
+// BucketCache contains cache with objects and the lifetime of cache entries.
+type BucketCache struct {
+	cache  gcache.Cache
+	logger *zap.Logger
+}
+
+// Config stores expiration params for cache.
+type Config struct {
+	Size     int
+	Lifetime time.Duration
+	Logger   *zap.Logger
+}
+
+const (
+	// DefaultBucketCacheSize is a default maximum number of entries in cache.
+	DefaultBucketCacheSize = 1e3
+	// DefaultBucketCacheLifetime is a default lifetime of entries in cache.
+	DefaultBucketCacheLifetime = time.Minute
+)
+
+// DefaultBucketConfig returns new default cache expiration values.
+func DefaultBucketConfig(logger *zap.Logger) *Config {
+	return &Config{
+		Size:     DefaultBucketCacheSize,
+		Lifetime: DefaultBucketCacheLifetime,
+		Logger:   logger,
+	}
+}
+
+// NewBucketCache creates an object of BucketCache.
+func NewBucketCache(config *Config) *BucketCache {
+	gc := gcache.New(config.Size).LRU().Expiration(config.Lifetime).Build()
+	return &BucketCache{cache: gc, logger: config.Logger}
+}
+
+// Get returns a cached object.
+func (o *BucketCache) Get(ns, bktName string) *data.BucketInfo {
+	entry, err := o.cache.Get(formKey(ns, bktName))
+	if err != nil {
+		return nil
+	}
+
+	result, ok := entry.(*data.BucketInfo)
+	if !ok {
+		o.logger.Warn(logs.InvalidCacheEntryType, zap.String("actual", fmt.Sprintf("%T", entry)),
+			zap.String("expected", fmt.Sprintf("%T", result)))
+		return nil
+	}
+
+	return result
+}
+
+// Put puts an object to cache.
+func (o *BucketCache) Put(bkt *data.BucketInfo) error {
+	return o.cache.Set(formKey(bkt.Zone, bkt.Name), bkt)
+}
+
+func formKey(ns, name string) string {
+	return name + "." + ns
+}

internal/data/bucket.go

@@ -0,0 +1,12 @@
+package data
+
+import (
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+)
+
+type BucketInfo struct {
+	Name                    string // container name from system attribute
+	Zone                    string // container zone from system attribute
+	CID                     cid.ID
+	HomomorphicHashDisabled bool
+}

internal/frostfs/frostfs.go

@@ -0,0 +1,242 @@
+package frostfs
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"strings"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// FrostFS represents virtual connection to the FrostFS network.
+// It is used to provide an interface to dependent packages
+// which work with FrostFS.
+type FrostFS struct {
+	pool *pool.Pool
+}
+
+// NewFrostFS creates new FrostFS using provided pool.Pool.
+func NewFrostFS(p *pool.Pool) *FrostFS {
+	return &FrostFS{
+		pool: p,
+	}
+}
+
+// Container implements frostfs.FrostFS interface method.
+func (x *FrostFS) Container(ctx context.Context, layerPrm handler.PrmContainer) (*container.Container, error) {
+	prm := pool.PrmContainerGet{
+		ContainerID: layerPrm.ContainerID,
+	}
+
+	res, err := x.pool.GetContainer(ctx, prm)
+	if err != nil {
+		return nil, handleObjectError("read container via connection pool", err)
+	}
+
+	return &res, nil
+}
+
+// CreateObject implements frostfs.FrostFS interface method.
+func (x *FrostFS) CreateObject(ctx context.Context, prm handler.PrmObjectCreate) (oid.ID, error) {
+	var prmPut pool.PrmObjectPut
+	prmPut.SetHeader(*prm.Object)
+	prmPut.SetPayload(prm.Payload)
+	prmPut.SetClientCut(prm.ClientCut)
+	prmPut.WithoutHomomorphicHash(prm.WithoutHomomorphicHash)
+	prmPut.SetBufferMaxSize(prm.BufferMaxSize)
+
+	if prm.BearerToken != nil {
+		prmPut.UseBearer(*prm.BearerToken)
+	}
+
+	idObj, err := x.pool.PutObject(ctx, prmPut)
+	return idObj, handleObjectError("save object via connection pool", err)
+}
+
+// wraps io.ReadCloser and transforms Read errors related to access violation
+// to frostfs.ErrAccessDenied.
+type payloadReader struct {
+	io.ReadCloser
+}
+
+func (x payloadReader) Read(p []byte) (int, error) {
+	n, err := x.ReadCloser.Read(p)
+	if err != nil && errors.Is(err, io.EOF) {
+		return n, err
+	}
+	return n, handleObjectError("read payload", err)
+}
+
+// HeadObject implements frostfs.FrostFS interface method.
+func (x *FrostFS) HeadObject(ctx context.Context, prm handler.PrmObjectHead) (*object.Object, error) {
+	var prmHead pool.PrmObjectHead
+	prmHead.SetAddress(prm.Address)
+
+	if prm.BearerToken != nil {
+		prmHead.UseBearer(*prm.BearerToken)
+	}
+
+	res, err := x.pool.HeadObject(ctx, prmHead)
+	if err != nil {
+		return nil, handleObjectError("read object header via connection pool", err)
+	}
+
+	return &res, nil
+}
+
+// GetObject implements frostfs.FrostFS interface method.
+func (x *FrostFS) GetObject(ctx context.Context, prm handler.PrmObjectGet) (*handler.Object, error) {
+	var prmGet pool.PrmObjectGet
+	prmGet.SetAddress(prm.Address)
+
+	if prm.BearerToken != nil {
+		prmGet.UseBearer(*prm.BearerToken)
+	}
+
+	res, err := x.pool.GetObject(ctx, prmGet)
+	if err != nil {
+		return nil, handleObjectError("init full object reading via connection pool", err)
+	}
+
+	return &handler.Object{
+		Header:  res.Header,
+		Payload: res.Payload,
+	}, nil
+}
+
+// RangeObject implements frostfs.FrostFS interface method.
+func (x *FrostFS) RangeObject(ctx context.Context, prm handler.PrmObjectRange) (io.ReadCloser, error) {
+	var prmRange pool.PrmObjectRange
+	prmRange.SetAddress(prm.Address)
+	prmRange.SetOffset(prm.PayloadRange[0])
+	prmRange.SetLength(prm.PayloadRange[1])
+
+	if prm.BearerToken != nil {
+		prmRange.UseBearer(*prm.BearerToken)
+	}
+
+	res, err := x.pool.ObjectRange(ctx, prmRange)
+	if err != nil {
+		return nil, handleObjectError("init payload range reading via connection pool", err)
+	}
+
+	return payloadReader{&res}, nil
+}
+
+// SearchObjects implements frostfs.FrostFS interface method.
+func (x *FrostFS) SearchObjects(ctx context.Context, prm handler.PrmObjectSearch) (handler.ResObjectSearch, error) {
+	var prmSearch pool.PrmObjectSearch
+	prmSearch.SetContainerID(prm.Container)
+	prmSearch.SetFilters(prm.Filters)
+
+	if prm.BearerToken != nil {
+		prmSearch.UseBearer(*prm.BearerToken)
+	}
+
+	res, err := x.pool.SearchObjects(ctx, prmSearch)
+	if err != nil {
+		return nil, handleObjectError("init object search via connection pool", err)
+	}
+
+	return &res, nil
+}
+
+// GetEpochDurations implements frostfs.FrostFS interface method.
+func (x *FrostFS) GetEpochDurations(ctx context.Context) (*utils.EpochDurations, error) {
+	networkInfo, err := x.pool.NetworkInfo(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	res := &utils.EpochDurations{
+		CurrentEpoch:  networkInfo.CurrentEpoch(),
+		MsPerBlock:    networkInfo.MsPerBlock(),
+		BlockPerEpoch: networkInfo.EpochDuration(),
+	}
+
+	if res.BlockPerEpoch == 0 {
+		return nil, fmt.Errorf("EpochDuration is empty")
+	}
+	return res, nil
+}
+
+// ResolverFrostFS represents virtual connection to the FrostFS network.
+// It implements resolver.FrostFS.
+type ResolverFrostFS struct {
+	pool *pool.Pool
+}
+
+// NewResolverFrostFS creates new ResolverFrostFS using provided pool.Pool.
+func NewResolverFrostFS(p *pool.Pool) *ResolverFrostFS {
+	return &ResolverFrostFS{pool: p}
+}
+
+// SystemDNS implements resolver.FrostFS interface method.
+func (x *ResolverFrostFS) SystemDNS(ctx context.Context) (string, error) {
+	networkInfo, err := x.pool.NetworkInfo(ctx)
+	if err != nil {
+		return "", handleObjectError("read network info via client", err)
+	}
+
+	domain := networkInfo.RawNetworkParameter("SystemDNS")
+	if domain == nil {
+		return "", errors.New("system DNS parameter not found or empty")
+	}
+
+	return string(domain), nil
+}
+
+func handleObjectError(msg string, err error) error {
+	if err == nil {
+		return nil
+	}
+
+	if reason, ok := IsErrObjectAccessDenied(err); ok {
+		return fmt.Errorf("%s: %w: %s", msg, handler.ErrAccessDenied, reason)
+	}
+
+	if IsTimeoutError(err) {
+		return fmt.Errorf("%s: %w: %s", msg, handler.ErrGatewayTimeout, err.Error())
+	}
+
+	return fmt.Errorf("%s: %w", msg, err)
+}
+
+func UnwrapErr(err error) error {
+	unwrappedErr := errors.Unwrap(err)
+	for unwrappedErr != nil {
+		err = unwrappedErr
+		unwrappedErr = errors.Unwrap(err)
+	}
+
+	return err
+}
+
+func IsErrObjectAccessDenied(err error) (string, bool) {
+	err = UnwrapErr(err)
+	switch err := err.(type) {
+	default:
+		return "", false
+	case *apistatus.ObjectAccessDenied:
+		return err.Reason(), true
+	}
+}
+
+func IsTimeoutError(err error) bool {
+	if strings.Contains(err.Error(), "timeout") ||
+		errors.Is(err, context.DeadlineExceeded) {
+		return true
+	}
+
+	return status.Code(UnwrapErr(err)) == codes.DeadlineExceeded
+}

internal/frostfs/services/pool_wrapper.go

@@ -35,30 +35,6 @@ func (n GetNodeByPathResponseInfoWrapper) GetMeta() []tree.Meta {
 	return res
 }
 
-type GetSubTreeResponseBodyWrapper struct {
-	response *grpcService.GetSubTreeResponse_Body
-}
-
-func (n GetSubTreeResponseBodyWrapper) GetNodeID() uint64 {
-	return n.response.GetNodeId()
-}
-
-func (n GetSubTreeResponseBodyWrapper) GetParentID() uint64 {
-	return n.response.GetParentId()
-}
-
-func (n GetSubTreeResponseBodyWrapper) GetTimestamp() uint64 {
-	return n.response.GetTimestamp()
-}
-
-func (n GetSubTreeResponseBodyWrapper) GetMeta() []tree.Meta {
-	res := make([]tree.Meta, len(n.response.Meta))
-	for i, value := range n.response.Meta {
-		res[i] = value
-	}
-	return res
-}
-
 type PoolWrapper struct {
 	p *treepool.Pool
 }

internal/handler/download.go

@@ -0,0 +1,196 @@
+package handler
+
+import (
+	"archive/zip"
+	"bufio"
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"github.com/valyala/fasthttp"
+	"go.uber.org/zap"
+)
+
+// DownloadByAddressOrBucketName handles download requests using simple cid/oid or bucketname/key format.
+func (h *Handler) DownloadByAddressOrBucketName(c *fasthttp.RequestCtx) {
+	test, _ := c.UserValue("oid").(string)
+	var id oid.ID
+	err := id.DecodeString(test)
+	if err != nil {
+		h.byObjectName(c, h.receiveFile)
+	} else {
+		h.byAddress(c, h.receiveFile)
+	}
+}
+
+func (h *Handler) newRequest(ctx *fasthttp.RequestCtx, log *zap.Logger) *request {
+	return &request{
+		RequestCtx: ctx,
+		log:        log,
+	}
+}
+
+// DownloadByAttribute handles attribute-based download requests.
+func (h *Handler) DownloadByAttribute(c *fasthttp.RequestCtx) {
+	h.byAttribute(c, h.receiveFile)
+}
+
+func (h *Handler) search(ctx context.Context, cnrID *cid.ID, key, val string, op object.SearchMatchType) (ResObjectSearch, error) {
+	filters := object.NewSearchFilters()
+	filters.AddRootFilter()
+	filters.AddFilter(key, val, op)
+
+	prm := PrmObjectSearch{
+		PrmAuth: PrmAuth{
+			BearerToken: bearerToken(ctx),
+		},
+		Container: *cnrID,
+		Filters:   filters,
+	}
+
+	return h.frostfs.SearchObjects(ctx, prm)
+}
+
+func (h *Handler) addObjectToZip(zw *zip.Writer, obj *object.Object) (io.Writer, error) {
+	method := zip.Store
+	if h.config.ZipCompression() {
+		method = zip.Deflate
+	}
+
+	filePath := getZipFilePath(obj)
+	if len(filePath) == 0 || filePath[len(filePath)-1] == '/' {
+		return nil, fmt.Errorf("invalid filepath '%s'", filePath)
+	}
+
+	return zw.CreateHeader(&zip.FileHeader{
+		Name:     filePath,
+		Method:   method,
+		Modified: time.Now(),
+	})
+}
+
+// DownloadZipped handles zip by prefix requests.
+func (h *Handler) DownloadZipped(c *fasthttp.RequestCtx) {
+	scid, _ := c.UserValue("cid").(string)
+	prefix, _ := c.UserValue("prefix").(string)
+
+	prefix, err := url.QueryUnescape(prefix)
+	if err != nil {
+		h.log.Error(logs.FailedToUnescapeQuery, zap.String("cid", scid), zap.String("prefix", prefix), zap.Uint64("id", c.ID()), zap.Error(err))
+		response.Error(c, "could not unescape prefix: "+err.Error(), fasthttp.StatusBadRequest)
+		return
+	}
+
+	log := h.log.With(zap.String("cid", scid), zap.String("prefix", prefix), zap.Uint64("id", c.ID()))
+
+	ctx := utils.GetContextFromRequest(c)
+
+	bktInfo, err := h.getBucketInfo(ctx, scid, log)
+	if err != nil {
+		logAndSendBucketError(c, log, err)
+		return
+	}
+
+	resSearch, err := h.search(ctx, &bktInfo.CID, object.AttributeFilePath, prefix, object.MatchCommonPrefix)
+	if err != nil {
+		log.Error(logs.CouldNotSearchForObjects, zap.Error(err))
+		response.Error(c, "could not search for objects: "+err.Error(), fasthttp.StatusBadRequest)
+		return
+	}
+
+	c.Response.Header.Set(fasthttp.HeaderContentType, "application/zip")
+	c.Response.Header.Set(fasthttp.HeaderContentDisposition, "attachment; filename=\"archive.zip\"")
+	c.Response.SetStatusCode(http.StatusOK)
+
+	c.SetBodyStreamWriter(func(w *bufio.Writer) {
+		defer resSearch.Close()
+
+		zipWriter := zip.NewWriter(w)
+
+		var bufZip []byte
+		var addr oid.Address
+
+		empty := true
+		called := false
+		btoken := bearerToken(ctx)
+		addr.SetContainer(bktInfo.CID)
+
+		errIter := resSearch.Iterate(func(id oid.ID) bool {
+			called = true
+
+			if empty {
+				bufZip = make([]byte, 3<<20) // the same as for upload
+			}
+			empty = false
+
+			addr.SetObject(id)
+			if err = h.zipObject(ctx, zipWriter, addr, btoken, bufZip); err != nil {
+				log.Error(logs.FailedToAddObjectToArchive, zap.String("oid", id.EncodeToString()), zap.Error(err))
+			}
+
+			return false
+		})
+		if errIter != nil {
+			log.Error(logs.IteratingOverSelectedObjectsFailed, zap.Error(errIter))
+		} else if !called {
+			log.Error(logs.ObjectsNotFound)
+		}
+
+		if err = zipWriter.Close(); err != nil {
+			log.Error(logs.CloseZipWriter, zap.Error(err))
+		}
+	})
+}
+
+func (h *Handler) zipObject(ctx context.Context, zipWriter *zip.Writer, addr oid.Address, btoken *bearer.Token, bufZip []byte) error {
+	prm := PrmObjectGet{
+		PrmAuth: PrmAuth{
+			BearerToken: btoken,
+		},
+		Address: addr,
+	}
+
+	resGet, err := h.frostfs.GetObject(ctx, prm)
+	if err != nil {
+		return fmt.Errorf("get FrostFS object: %v", err)
+	}
+
+	objWriter, err := h.addObjectToZip(zipWriter, &resGet.Header)
+	if err != nil {
+		return fmt.Errorf("zip create header: %v", err)
+	}
+
+	if _, err = io.CopyBuffer(objWriter, resGet.Payload, bufZip); err != nil {
+		return fmt.Errorf("copy object payload to zip file: %v", err)
+	}
+
+	if err = resGet.Payload.Close(); err != nil {
+		return fmt.Errorf("object body close error: %w", err)
+	}
+
+	if err = zipWriter.Flush(); err != nil {
+		return fmt.Errorf("flush zip writer: %v", err)
+	}
+
+	return nil
+}
+
+func getZipFilePath(obj *object.Object) string {
+	for _, attr := range obj.Attributes() {
+		if attr.Key() == object.AttributeFilePath {
+			return attr.Value()
+		}
+	}
+
+	return ""
+}

internal/handler/filter.go

@@ -1,4 +1,4 @@
-package uploader
+package handler
 
 import (
 	"bytes"

internal/handler/filter_test.go

@@ -1,6 +1,6 @@
 //go:build !integration
 
-package uploader
+package handler
 
 import (
 	"testing"

internal/handler/frostfs_mock.go

@@ -0,0 +1,278 @@
+package handler
+
+import (
+	"bytes"
+	"context"
+	"crypto/rand"
+	"crypto/sha256"
+	"fmt"
+	"io"
+	"strings"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/checksum"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+)
+
+type TestFrostFS struct {
+	objects    map[string]*object.Object
+	containers map[string]*container.Container
+	accessList map[string]bool
+	key        *keys.PrivateKey
+}
+
+func NewTestFrostFS(key *keys.PrivateKey) *TestFrostFS {
+	return &TestFrostFS{
+		objects:    make(map[string]*object.Object),
+		containers: make(map[string]*container.Container),
+		accessList: make(map[string]bool),
+		key:        key,
+	}
+}
+
+func (t *TestFrostFS) ContainerID(name string) (*cid.ID, error) {
+	for id, cnr := range t.containers {
+		if container.Name(*cnr) == name {
+			var cnrID cid.ID
+			return &cnrID, cnrID.DecodeString(id)
+		}
+	}
+	return nil, fmt.Errorf("not found")
+}
+
+func (t *TestFrostFS) SetContainer(cnrID cid.ID, cnr *container.Container) {
+	t.containers[cnrID.EncodeToString()] = cnr
+}
+
+// AllowUserOperation grants access to object operations.
+// Empty userID and objID means any user and object respectively.
+func (t *TestFrostFS) AllowUserOperation(cnrID cid.ID, userID user.ID, op acl.Op, objID oid.ID) {
+	t.accessList[fmt.Sprintf("%s/%s/%s/%s", cnrID, userID, op, objID)] = true
+}
+
+func (t *TestFrostFS) Container(_ context.Context, prm PrmContainer) (*container.Container, error) {
+	for k, v := range t.containers {
+		if k == prm.ContainerID.EncodeToString() {
+			return v, nil
+		}
+	}
+
+	return nil, fmt.Errorf("container not found %s", prm.ContainerID)
+}
+
+func (t *TestFrostFS) requestOwner(btoken *bearer.Token) user.ID {
+	if btoken != nil {
+		return bearer.ResolveIssuer(*btoken)
+	}
+
+	var owner user.ID
+	user.IDFromKey(&owner, t.key.PrivateKey.PublicKey)
+	return owner
+}
+
+func (t *TestFrostFS) retrieveObject(addr oid.Address, btoken *bearer.Token) (*object.Object, error) {
+	sAddr := addr.EncodeToString()
+
+	if obj, ok := t.objects[sAddr]; ok {
+		owner := t.requestOwner(btoken)
+
+		if !t.isAllowed(addr.Container(), owner, acl.OpObjectGet, addr.Object()) {
+			return nil, ErrAccessDenied
+		}
+
+		return obj, nil
+	}
+
+	return nil, fmt.Errorf("%w: %s", &apistatus.ObjectNotFound{}, addr)
+}
+
+func (t *TestFrostFS) HeadObject(_ context.Context, prm PrmObjectHead) (*object.Object, error) {
+	return t.retrieveObject(prm.Address, prm.BearerToken)
+}
+
+func (t *TestFrostFS) GetObject(_ context.Context, prm PrmObjectGet) (*Object, error) {
+	obj, err := t.retrieveObject(prm.Address, prm.BearerToken)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Object{
+		Header:  *obj,
+		Payload: io.NopCloser(bytes.NewReader(obj.Payload())),
+	}, nil
+}
+
+func (t *TestFrostFS) RangeObject(_ context.Context, prm PrmObjectRange) (io.ReadCloser, error) {
+	obj, err := t.retrieveObject(prm.Address, prm.BearerToken)
+	if err != nil {
+		return nil, err
+	}
+
+	off := prm.PayloadRange[0]
+	payload := obj.Payload()[off : off+prm.PayloadRange[1]]
+	return io.NopCloser(bytes.NewReader(payload)), nil
+}
+
+func (t *TestFrostFS) CreateObject(_ context.Context, prm PrmObjectCreate) (oid.ID, error) {
+	b := make([]byte, 32)
+	if _, err := io.ReadFull(rand.Reader, b); err != nil {
+		return oid.ID{}, err
+	}
+	var id oid.ID
+	id.SetSHA256(sha256.Sum256(b))
+	prm.Object.SetID(id)
+
+	attrs := prm.Object.Attributes()
+	if prm.ClientCut {
+		a := object.NewAttribute()
+		a.SetKey("s3-client-cut")
+		a.SetValue("true")
+		attrs = append(attrs, *a)
+	}
+
+	prm.Object.SetAttributes(attrs...)
+
+	if prm.Payload != nil {
+		all, err := io.ReadAll(prm.Payload)
+		if err != nil {
+			return oid.ID{}, err
+		}
+		prm.Object.SetPayload(all)
+		prm.Object.SetPayloadSize(uint64(len(all)))
+		var hash checksum.Checksum
+		checksum.Calculate(&hash, checksum.SHA256, all)
+		prm.Object.SetPayloadChecksum(hash)
+	}
+
+	cnrID, _ := prm.Object.ContainerID()
+	objID, _ := prm.Object.ID()
+
+	owner := t.requestOwner(prm.BearerToken)
+
+	if !t.isAllowed(cnrID, owner, acl.OpObjectPut, objID) {
+		return oid.ID{}, ErrAccessDenied
+	}
+
+	addr := newAddress(cnrID, objID)
+	t.objects[addr.EncodeToString()] = prm.Object
+	return objID, nil
+}
+
+type resObjectSearchMock struct {
+	res []oid.ID
+}
+
+func (r *resObjectSearchMock) Read(buf []oid.ID) (int, error) {
+	for i := range buf {
+		if i > len(r.res)-1 {
+			return len(r.res), io.EOF
+		}
+		buf[i] = r.res[i]
+	}
+
+	r.res = r.res[len(buf):]
+
+	return len(buf), nil
+}
+
+func (r *resObjectSearchMock) Iterate(f func(oid.ID) bool) error {
+	for _, id := range r.res {
+		if f(id) {
+			return nil
+		}
+	}
+
+	return nil
+}
+
+func (r *resObjectSearchMock) Close() {}
+
+func (t *TestFrostFS) SearchObjects(_ context.Context, prm PrmObjectSearch) (ResObjectSearch, error) {
+	if !t.isAllowed(prm.Container, t.requestOwner(prm.BearerToken), acl.OpObjectSearch, oid.ID{}) {
+		return nil, ErrAccessDenied
+	}
+
+	cidStr := prm.Container.EncodeToString()
+	var res []oid.ID
+
+	if len(prm.Filters) == 1 { // match root filter
+		for k, v := range t.objects {
+			if strings.Contains(k, cidStr) {
+				id, _ := v.ID()
+				res = append(res, id)
+			}
+		}
+		return &resObjectSearchMock{res: res}, nil
+	}
+
+	filter := prm.Filters[1]
+	if len(prm.Filters) != 2 ||
+		filter.Operation() != object.MatchCommonPrefix && filter.Operation() != object.MatchStringEqual {
+		return nil, fmt.Errorf("usupported filters")
+	}
+
+	for k, v := range t.objects {
+		if strings.Contains(k, cidStr) && isMatched(v.Attributes(), filter) {
+			id, _ := v.ID()
+			res = append(res, id)
+		}
+	}
+
+	return &resObjectSearchMock{res: res}, nil
+}
+
+func isMatched(attributes []object.Attribute, filter object.SearchFilter) bool {
+	for _, attr := range attributes {
+		if attr.Key() == filter.Header() {
+			switch filter.Operation() {
+			case object.MatchStringEqual:
+				return attr.Value() == filter.Value()
+			case object.MatchCommonPrefix:
+				return strings.HasPrefix(attr.Value(), filter.Value())
+			default:
+				return false
+			}
+		}
+	}
+
+	return false
+}
+
+func (t *TestFrostFS) GetEpochDurations(context.Context) (*utils.EpochDurations, error) {
+	return &utils.EpochDurations{
+		CurrentEpoch:  10,
+		MsPerBlock:    1000,
+		BlockPerEpoch: 100,
+	}, nil
+}
+
+func (t *TestFrostFS) isAllowed(cnrID cid.ID, userID user.ID, op acl.Op, objID oid.ID) bool {
+	keysToCheck := []string{
+		fmt.Sprintf("%s/%s/%s/%s", cnrID, userID, op, objID),
+		fmt.Sprintf("%s/%s/%s/%s", cnrID, userID, op, oid.ID{}),
+		fmt.Sprintf("%s/%s/%s/%s", cnrID, user.ID{}, op, objID),
+		fmt.Sprintf("%s/%s/%s/%s", cnrID, user.ID{}, op, oid.ID{}),
+	}
+
+	for _, key := range keysToCheck {
+		if t.accessList[key] {
+			return true
+		}
+	}
+	return false
+}
+
+func newAddress(cnr cid.ID, obj oid.ID) oid.Address {
+	var addr oid.Address
+	addr.SetContainer(cnr)
+	addr.SetObject(obj)
+	return addr
+}

internal/handler/handler.go

@@ -0,0 +1,381 @@
+package handler
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net/url"
+	"strings"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/cache"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/data"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler/middleware"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tree"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
+	"github.com/valyala/fasthttp"
+	"go.uber.org/zap"
+)
+
+type Config interface {
+	DefaultTimestamp() bool
+	ZipCompression() bool
+	ClientCut() bool
+	BufferMaxSizeForPut() uint64
+	NamespaceHeader() string
+}
+
+// PrmContainer groups parameters of FrostFS.Container operation.
+type PrmContainer struct {
+	// Container identifier.
+	ContainerID cid.ID
+}
+
+// PrmAuth groups authentication parameters for the FrostFS operation.
+type PrmAuth struct {
+	// Bearer token to be used for the operation. Overlaps PrivateKey. Optional.
+	BearerToken *bearer.Token
+}
+
+// PrmObjectHead groups parameters of FrostFS.HeadObject operation.
+type PrmObjectHead struct {
+	// Authentication parameters.
+	PrmAuth
+
+	// Address to read the object header from.
+	Address oid.Address
+}
+
+// PrmObjectGet groups parameters of FrostFS.GetObject operation.
+type PrmObjectGet struct {
+	// Authentication parameters.
+	PrmAuth
+
+	// Address to read the object header from.
+	Address oid.Address
+}
+
+// PrmObjectRange groups parameters of FrostFS.RangeObject operation.
+type PrmObjectRange struct {
+	// Authentication parameters.
+	PrmAuth
+
+	// Address to read the object header from.
+	Address oid.Address
+
+	// Offset-length range of the object payload to be read.
+	PayloadRange [2]uint64
+}
+
+// Object represents FrostFS object.
+type Object struct {
+	// Object header (doesn't contain payload).
+	Header object.Object
+
+	// Object payload part encapsulated in io.Reader primitive.
+	// Returns ErrAccessDenied on read access violation.
+	Payload io.ReadCloser
+}
+
+// PrmObjectCreate groups parameters of FrostFS.CreateObject operation.
+type PrmObjectCreate struct {
+	// Authentication parameters.
+	PrmAuth
+
+	Object *object.Object
+
+	// Object payload encapsulated in io.Reader primitive.
+	Payload io.Reader
+
+	// Enables client side object preparing.
+	ClientCut bool
+
+	// Disables using Tillich-Zémor hash for payload.
+	WithoutHomomorphicHash bool
+
+	// Sets max buffer size to read payload.
+	BufferMaxSize uint64
+}
+
+// PrmObjectSearch groups parameters of FrostFS.sear SearchObjects operation.
+type PrmObjectSearch struct {
+	// Authentication parameters.
+	PrmAuth
+
+	// Container to select the objects from.
+	Container cid.ID
+
+	Filters object.SearchFilters
+}
+
+type ResObjectSearch interface {
+	Read(buf []oid.ID) (int, error)
+	Iterate(f func(oid.ID) bool) error
+	Close()
+}
+
+var (
+	// ErrAccessDenied is returned from FrostFS in case of access violation.
+	ErrAccessDenied = errors.New("access denied")
+	// ErrGatewayTimeout is returned from FrostFS in case of timeout, deadline exceeded etc.
+	ErrGatewayTimeout = errors.New("gateway timeout")
+)
+
+// FrostFS represents virtual connection to FrostFS network.
+type FrostFS interface {
+	Container(context.Context, PrmContainer) (*container.Container, error)
+	HeadObject(context.Context, PrmObjectHead) (*object.Object, error)
+	GetObject(context.Context, PrmObjectGet) (*Object, error)
+	RangeObject(context.Context, PrmObjectRange) (io.ReadCloser, error)
+	CreateObject(context.Context, PrmObjectCreate) (oid.ID, error)
+	SearchObjects(context.Context, PrmObjectSearch) (ResObjectSearch, error)
+	utils.EpochInfoFetcher
+}
+
+type ContainerResolver interface {
+	Resolve(ctx context.Context, name string) (*cid.ID, error)
+}
+
+type Handler struct {
+	log               *zap.Logger
+	frostfs           FrostFS
+	ownerID           *user.ID
+	config            Config
+	containerResolver ContainerResolver
+	tree              *tree.Tree
+	cache             *cache.BucketCache
+}
+
+type AppParams struct {
+	Logger   *zap.Logger
+	FrostFS  FrostFS
+	Owner    *user.ID
+	Resolver ContainerResolver
+	Cache    *cache.BucketCache
+}
+
+func New(params *AppParams, config Config, tree *tree.Tree) *Handler {
+	return &Handler{
+		log:               params.Logger,
+		frostfs:           params.FrostFS,
+		ownerID:           params.Owner,
+		config:            config,
+		containerResolver: params.Resolver,
+		tree:              tree,
+		cache:             params.Cache,
+	}
+}
+
+// byAddress is a wrapper for function (e.g. request.headObject, request.receiveFile) that
+// prepares request and object address to it.
+func (h *Handler) byAddress(c *fasthttp.RequestCtx, f func(context.Context, request, oid.Address)) {
+	var (
+		idCnr, _ = c.UserValue("cid").(string)
+		idObj, _ = c.UserValue("oid").(string)
+		log      = h.log.With(zap.String("cid", idCnr), zap.String("oid", idObj))
+	)
+
+	ctx := utils.GetContextFromRequest(c)
+
+	bktInfo, err := h.getBucketInfo(ctx, idCnr, log)
+	if err != nil {
+		logAndSendBucketError(c, log, err)
+		return
+	}
+
+	objID := new(oid.ID)
+	if err = objID.DecodeString(idObj); err != nil {
+		log.Error(logs.WrongObjectID, zap.Error(err))
+		response.Error(c, "wrong object id", fasthttp.StatusBadRequest)
+		return
+	}
+
+	var addr oid.Address
+	addr.SetContainer(bktInfo.CID)
+	addr.SetObject(*objID)
+
+	f(ctx, *h.newRequest(c, log), addr)
+}
+
+// byObjectName is a wrapper for function (e.g. request.headObject, request.receiveFile) that
+// prepares request and object address to it.
+func (h *Handler) byObjectName(req *fasthttp.RequestCtx, f func(context.Context, request, oid.Address)) {
+	var (
+		bucketname = req.UserValue("cid").(string)
+		key        = req.UserValue("oid").(string)
+		log        = h.log.With(zap.String("bucketname", bucketname), zap.String("key", key))
+	)
+
+	unescapedKey, err := url.QueryUnescape(key)
+	if err != nil {
+		logAndSendBucketError(req, log, err)
+		return
+	}
+
+	ctx := utils.GetContextFromRequest(req)
+
+	bktInfo, err := h.getBucketInfo(ctx, bucketname, log)
+	if err != nil {
+		logAndSendBucketError(req, log, err)
+		return
+	}
+
+	foundOid, err := h.tree.GetLatestVersion(ctx, &bktInfo.CID, unescapedKey)
+	if err != nil {
+		if errors.Is(err, tree.ErrNodeAccessDenied) {
+			response.Error(req, "Access Denied", fasthttp.StatusForbidden)
+			return
+		}
+		log.Error(logs.GetLatestObjectVersion, zap.Error(err))
+
+		response.Error(req, "object wasn't found", fasthttp.StatusNotFound)
+		return
+	}
+	if foundOid.DeleteMarker {
+		log.Error(logs.ObjectWasDeleted)
+		response.Error(req, "object deleted", fasthttp.StatusNotFound)
+		return
+	}
+
+	var addr oid.Address
+	addr.SetContainer(bktInfo.CID)
+	addr.SetObject(foundOid.OID)
+
+	f(ctx, *h.newRequest(req, log), addr)
+}
+
+// byAttribute is a wrapper similar to byAddress.
+func (h *Handler) byAttribute(c *fasthttp.RequestCtx, f func(context.Context, request, oid.Address)) {
+	scid, _ := c.UserValue("cid").(string)
+	key, _ := c.UserValue("attr_key").(string)
+	val, _ := c.UserValue("attr_val").(string)
+
+	key, err := url.QueryUnescape(key)
+	if err != nil {
+		h.log.Error(logs.FailedToUnescapeQuery, zap.String("cid", scid), zap.String("attr_key", key), zap.Uint64("id", c.ID()), zap.Error(err))
+		response.Error(c, "could not unescape attr_key: "+err.Error(), fasthttp.StatusBadRequest)
+		return
+	}
+
+	val, err = url.QueryUnescape(val)
+	if err != nil {
+		h.log.Error(logs.FailedToUnescapeQuery, zap.String("cid", scid), zap.String("attr_val", val), zap.Uint64("id", c.ID()), zap.Error(err))
+		response.Error(c, "could not unescape attr_val: "+err.Error(), fasthttp.StatusBadRequest)
+		return
+	}
+
+	log := h.log.With(zap.String("cid", scid), zap.String("attr_key", key), zap.String("attr_val", val))
+
+	ctx := utils.GetContextFromRequest(c)
+
+	bktInfo, err := h.getBucketInfo(ctx, scid, log)
+	if err != nil {
+		logAndSendBucketError(c, log, err)
+		return
+	}
+
+	res, err := h.search(ctx, &bktInfo.CID, key, val, object.MatchStringEqual)
+	if err != nil {
+		log.Error(logs.CouldNotSearchForObjects, zap.Error(err))
+		response.Error(c, "could not search for objects: "+err.Error(), fasthttp.StatusBadRequest)
+		return
+	}
+
+	defer res.Close()
+
+	buf := make([]oid.ID, 1)
+
+	n, err := res.Read(buf)
+	if n == 0 {
+		if errors.Is(err, io.EOF) {
+			log.Error(logs.ObjectNotFound, zap.Error(err))
+			response.Error(c, "object not found", fasthttp.StatusNotFound)
+			return
+		}
+
+		log.Error(logs.ReadObjectListFailed, zap.Error(err))
+		response.Error(c, "read object list failed: "+err.Error(), fasthttp.StatusBadRequest)
+		return
+	}
+
+	var addrObj oid.Address
+	addrObj.SetContainer(bktInfo.CID)
+	addrObj.SetObject(buf[0])
+
+	f(ctx, *h.newRequest(c, log), addrObj)
+}
+
+// resolveContainer decode container id, if it's not a valid container id
+// then trey to resolve name using provided resolver.
+func (h *Handler) resolveContainer(ctx context.Context, containerID string) (*cid.ID, error) {
+	cnrID := new(cid.ID)
+	err := cnrID.DecodeString(containerID)
+	if err != nil {
+		cnrID, err = h.containerResolver.Resolve(ctx, containerID)
+		if err != nil && strings.Contains(err.Error(), "not found") {
+			err = fmt.Errorf("%w: %s", new(apistatus.ContainerNotFound), err.Error())
+		}
+	}
+	return cnrID, err
+}
+
+func (h *Handler) getBucketInfo(ctx context.Context, containerName string, log *zap.Logger) (*data.BucketInfo, error) {
+	ns, err := middleware.GetNamespace(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if bktInfo := h.cache.Get(ns, containerName); bktInfo != nil {
+		return bktInfo, nil
+	}
+
+	cnrID, err := h.resolveContainer(ctx, containerName)
+	if err != nil {
+		return nil, err
+	}
+
+	bktInfo, err := h.readContainer(ctx, *cnrID)
+	if err != nil {
+		return nil, err
+	}
+
+	if err = h.cache.Put(bktInfo); err != nil {
+		log.Warn(logs.CouldntPutBucketIntoCache,
+			zap.String("bucket name", bktInfo.Name),
+			zap.Stringer("bucket cid", bktInfo.CID),
+			zap.Error(err))
+	}
+
+	return bktInfo, nil
+}
+
+func (h *Handler) readContainer(ctx context.Context, cnrID cid.ID) (*data.BucketInfo, error) {
+	prm := PrmContainer{ContainerID: cnrID}
+	res, err := h.frostfs.Container(ctx, prm)
+	if err != nil {
+		return nil, fmt.Errorf("get frostfs container '%s': %w", cnrID.String(), err)
+	}
+
+	bktInfo := &data.BucketInfo{
+		CID:  cnrID,
+		Name: cnrID.EncodeToString(),
+	}
+
+	if domain := container.ReadDomain(*res); domain.Name() != "" {
+		bktInfo.Name = domain.Name()
+		bktInfo.Zone = domain.Zone()
+	}
+
+	bktInfo.HomomorphicHashDisabled = container.IsHomomorphicHashingDisabled(*res)
+
+	return bktInfo, err
+}

internal/handler/handler_fuzz_test.go

@@ -0,0 +1,580 @@
+//go:build gofuzz
+// +build gofuzz
+
+package handler
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"testing"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler/middleware"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tokens"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	go_fuzz_utils "github.com/trailofbits/go-fuzz-utils"
+	"github.com/valyala/fasthttp"
+)
+
+const (
+	fuzzSuccessExitCode = 0
+	fuzzFailExitCode    = -1
+)
+
+func prepareStrings(tp *go_fuzz_utils.TypeProvider, count int) ([]string, error) {
+	array := make([]string, count)
+	var err error
+
+	for i := 0; i < count; i++ {
+		err = tp.Reset()
+		if err != nil {
+			return nil, err
+		}
+
+		array[i], err = tp.GetString()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return array, nil
+}
+
+func prepareBools(tp *go_fuzz_utils.TypeProvider, count int) ([]bool, error) {
+	array := make([]bool, count)
+	var err error
+
+	for i := 0; i < count; i++ {
+		err = tp.Reset()
+		if err != nil {
+			return nil, err
+		}
+
+		array[i], err = tp.GetBool()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return array, nil
+}
+
+func getRandomDeterministicPositiveIntInRange(tp *go_fuzz_utils.TypeProvider, max int) (int, error) {
+	count, err := tp.GetInt()
+	if err != nil {
+		return -1, err
+	}
+	count = count % max
+	if count < 0 {
+		count += max
+	}
+	return count, nil
+}
+
+func generateHeaders(tp *go_fuzz_utils.TypeProvider, r *fasthttp.Request, params []string) error {
+	count, err := tp.GetInt()
+	if err != nil {
+		return err
+	}
+	count = count % len(params)
+	if count < 0 {
+		count += len(params)
+	}
+
+	for i := 0; i < count; i++ {
+		position, err := tp.GetInt()
+		if err != nil {
+			return err
+		}
+		position = position % len(params)
+		if position < 0 {
+			position += len(params)
+		}
+
+		v, err := tp.GetString()
+		if err != nil {
+			return err
+		}
+
+		r.Header.Set(params[position], v)
+
+	}
+
+	return nil
+}
+
+func maybeFillRandom(tp *go_fuzz_utils.TypeProvider, initValue string) (string, error) {
+	rnd, err := tp.GetBool()
+	if err != nil {
+		return "", err
+	}
+	if rnd == true {
+		initValue, err = tp.GetString()
+		if err != nil {
+			return "", err
+		}
+	}
+	return initValue, nil
+}
+
+func upload(tp *go_fuzz_utils.TypeProvider) (context.Context, *handlerContext, cid.ID, *fasthttp.RequestCtx, string, string, string, error) {
+	hc, err := prepareHandlerContext()
+	if err != nil {
+		return nil, nil, cid.ID{}, nil, "", "", "", err
+	}
+
+	aclList := []acl.Basic{
+		acl.Private,
+		acl.PrivateExtended,
+		acl.PublicRO,
+		acl.PublicROExtended,
+		acl.PublicRW,
+		acl.PublicRWExtended,
+		acl.PublicAppend,
+		acl.PublicAppendExtended,
+	}
+
+	pos, err := getRandomDeterministicPositiveIntInRange(tp, len(aclList))
+	if err != nil {
+		return nil, nil, cid.ID{}, nil, "", "", "", err
+	}
+	acl := aclList[pos]
+
+	strings, err := prepareStrings(tp, 6)
+	if err != nil {
+		return nil, nil, cid.ID{}, nil, "", "", "", err
+	}
+	bktName := strings[0]
+	objFileName := strings[1]
+	valAttr := strings[2]
+	keyAttr := strings[3]
+
+	if len(bktName) == 0 {
+		return nil, nil, cid.ID{}, nil, "", "", "", errors.New("not enought buckets")
+	}
+
+	cnrID, cnr, err := hc.prepareContainer(bktName, acl)
+	if err != nil {
+		return nil, nil, cid.ID{}, nil, "", "", "", err
+	}
+
+	hc.frostfs.SetContainer(cnrID, cnr)
+
+	ctx := context.Background()
+	ctx = middleware.SetNamespace(ctx, "")
+
+	r := new(fasthttp.RequestCtx)
+	utils.SetContextToRequest(ctx, r)
+	r.SetUserValue("cid", cnrID.EncodeToString())
+
+	attributes := map[string]string{
+		object.AttributeFileName: objFileName,
+		keyAttr:                  valAttr,
+	}
+
+	var buff bytes.Buffer
+	w := multipart.NewWriter(&buff)
+	fw, err := w.CreateFormFile("file", attributes[object.AttributeFileName])
+	if err != nil {
+		return nil, nil, cid.ID{}, nil, "", "", "", err
+	}
+
+	content, err := tp.GetBytes()
+	if err != nil {
+		return nil, nil, cid.ID{}, nil, "", "", "", err
+	}
+
+	if _, err = io.Copy(fw, bytes.NewReader(content)); err != nil {
+		return nil, nil, cid.ID{}, nil, "", "", "", err
+	}
+
+	if err = w.Close(); err != nil {
+		return nil, nil, cid.ID{}, nil, "", "", "", err
+	}
+
+	r.Request.SetBodyStream(&buff, buff.Len())
+	r.Request.Header.Set("Content-Type", w.FormDataContentType())
+	r.Request.Header.Set("X-Attribute-"+keyAttr, valAttr)
+
+	err = generateHeaders(tp, &r.Request, []string{"X-Attribute-", "X-Attribute-DupKey", "X-Attribute-MyAttribute", "X-Attribute-System-DupKey", "X-Attribute-System-Expiration-Epoch1", "X-Attribute-SYSTEM-Expiration-Epoch2", "X-Attribute-system-Expiration-Epoch3", "X-Attribute-User-Attribute", "X-Attribute-", "X-Attribute-FileName", "X-Attribute-FROSTFS", "X-Attribute-neofs", "X-Attribute-SYSTEM", "X-Attribute-System-Expiration-Duration", "X-Attribute-System-Expiration-Epoch", "X-Attribute-System-Expiration-RFC3339", "X-Attribute-System-Expiration-Timestamp", "X-Attribute-Timestamp", "X-Attribute-" + strings[4], "X-Attribute-System-" + strings[5]})
+	if err != nil {
+		return nil, nil, cid.ID{}, nil, "", "", "", err
+	}
+
+	hc.Handler().Upload(r)
+
+	if r.Response.StatusCode() != http.StatusOK {
+		return nil, nil, cid.ID{}, nil, "", "", "", errors.New("error on upload")
+	}
+
+	return ctx, hc, cnrID, r, objFileName, keyAttr, valAttr, nil
+}
+
+func InitFuzzUpload() {
+
+}
+
+func DoFuzzUpload(input []byte) int {
+	// FUZZER INIT
+	if len(input) < 100 {
+		return fuzzFailExitCode
+	}
+
+	tp, err := go_fuzz_utils.NewTypeProvider(input)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	_, _, _, _, _, _, _, err = upload(tp)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	return fuzzSuccessExitCode
+}
+
+func FuzzUpload(f *testing.F) {
+	f.Fuzz(func(t *testing.T, data []byte) {
+		DoFuzzUpload(data)
+	})
+}
+
+func downloadOrHead(tp *go_fuzz_utils.TypeProvider, ctx context.Context, hc *handlerContext, cnrID cid.ID, resp *fasthttp.RequestCtx, filename string) (*fasthttp.RequestCtx, error) {
+
+	var putRes putResponse
+
+	defer func() {
+		if r := recover(); r != nil {
+			panic(resp)
+		}
+	}()
+
+	data := resp.Response.Body()
+	err := json.Unmarshal(data, &putRes)
+
+	if err != nil {
+		return nil, err
+	}
+
+	obj := hc.frostfs.objects[putRes.ContainerID+"/"+putRes.ObjectID]
+	attr := object.NewAttribute()
+	attr.SetKey(object.AttributeFilePath)
+
+	filename, err = maybeFillRandom(tp, filename)
+	if err != nil {
+		return nil, err
+	}
+
+	attr.SetValue(filename)
+	obj.SetAttributes(append(obj.Attributes(), *attr)...)
+
+	r := new(fasthttp.RequestCtx)
+	utils.SetContextToRequest(ctx, r)
+
+	cid := cnrID.EncodeToString()
+	cid, err = maybeFillRandom(tp, cid)
+	if err != nil {
+		return nil, err
+	}
+	oid := putRes.ObjectID
+	oid, err = maybeFillRandom(tp, oid)
+	if err != nil {
+		return nil, err
+	}
+	r.SetUserValue("cid", cid)
+	r.SetUserValue("oid", oid)
+
+	rnd, err := tp.GetBool()
+	if err != nil {
+		return nil, err
+	}
+	if rnd == true {
+		r.SetUserValue("download", "true")
+	}
+
+	return r, nil
+}
+
+func InitFuzzGet() {
+
+}
+
+func DoFuzzGet(input []byte) int {
+	// FUZZER INIT
+	if len(input) < 100 {
+		return fuzzFailExitCode
+	}
+
+	tp, err := go_fuzz_utils.NewTypeProvider(input)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	ctx, hc, cnrID, resp, filename, _, _, err := upload(tp)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	r, err := downloadOrHead(tp, ctx, hc, cnrID, resp, filename)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	hc.Handler().DownloadByAddressOrBucketName(r)
+
+	return fuzzSuccessExitCode
+}
+
+func FuzzGet(f *testing.F) {
+	f.Fuzz(func(t *testing.T, data []byte) {
+		DoFuzzUpload(data)
+	})
+}
+
+func InitFuzzHead() {
+
+}
+
+func DoFuzzHead(input []byte) int {
+	// FUZZER INIT
+	if len(input) < 100 {
+		return fuzzFailExitCode
+	}
+
+	tp, err := go_fuzz_utils.NewTypeProvider(input)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	ctx, hc, cnrID, resp, filename, _, _, err := upload(tp)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	r, err := downloadOrHead(tp, ctx, hc, cnrID, resp, filename)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	hc.Handler().HeadByAddressOrBucketName(r)
+
+	return fuzzSuccessExitCode
+}
+
+func FuzzHead(f *testing.F) {
+	f.Fuzz(func(t *testing.T, data []byte) {
+		DoFuzzHead(data)
+	})
+}
+
+func InitFuzzDownloadByAttribute() {
+
+}
+
+func DoFuzzDownloadByAttribute(input []byte) int {
+	// FUZZER INIT
+	if len(input) < 100 {
+		return fuzzFailExitCode
+	}
+
+	tp, err := go_fuzz_utils.NewTypeProvider(input)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	ctx, hc, cnrID, _, _, attrKey, attrVal, err := upload(tp)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	cid := cnrID.EncodeToString()
+	cid, err = maybeFillRandom(tp, cid)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	attrKey, err = maybeFillRandom(tp, attrKey)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	attrVal, err = maybeFillRandom(tp, attrVal)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	r := new(fasthttp.RequestCtx)
+	utils.SetContextToRequest(ctx, r)
+	r.SetUserValue("cid", cid)
+	r.SetUserValue("attr_key", attrKey)
+	r.SetUserValue("attr_val", attrVal)
+
+	hc.Handler().DownloadByAttribute(r)
+
+	return fuzzSuccessExitCode
+}
+
+func FuzzDownloadByAttribute(f *testing.F) {
+	f.Fuzz(func(t *testing.T, data []byte) {
+		DoFuzzDownloadByAttribute(data)
+	})
+}
+
+func InitFuzzHeadByAttribute() {
+
+}
+
+func DoFuzzHeadByAttribute(input []byte) int {
+	// FUZZER INIT
+	if len(input) < 100 {
+		return fuzzFailExitCode
+	}
+
+	tp, err := go_fuzz_utils.NewTypeProvider(input)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	ctx, hc, cnrID, _, _, attrKey, attrVal, err := upload(tp)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	cid := cnrID.EncodeToString()
+	cid, err = maybeFillRandom(tp, cid)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	attrKey, err = maybeFillRandom(tp, attrKey)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	attrVal, err = maybeFillRandom(tp, attrVal)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	r := new(fasthttp.RequestCtx)
+	utils.SetContextToRequest(ctx, r)
+	r.SetUserValue("cid", cid)
+	r.SetUserValue("attr_key", attrKey)
+	r.SetUserValue("attr_val", attrVal)
+
+	hc.Handler().HeadByAttribute(r)
+
+	return fuzzSuccessExitCode
+}
+
+func FuzzHeadByAttribute(f *testing.F) {
+	f.Fuzz(func(t *testing.T, data []byte) {
+		DoFuzzHeadByAttribute(data)
+	})
+}
+
+func InitFuzzDownloadZipped() {
+
+}
+
+func DoFuzzDownloadZipped(input []byte) int {
+	// FUZZER INIT
+	if len(input) < 100 {
+		return fuzzFailExitCode
+	}
+
+	tp, err := go_fuzz_utils.NewTypeProvider(input)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	ctx, hc, cnrID, _, _, _, _, err := upload(tp)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	cid := cnrID.EncodeToString()
+	cid, err = maybeFillRandom(tp, cid)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	prefix := ""
+	prefix, err = maybeFillRandom(tp, prefix)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	r := new(fasthttp.RequestCtx)
+	utils.SetContextToRequest(ctx, r)
+	r.SetUserValue("cid", cid)
+	r.SetUserValue("prefix", prefix)
+
+	hc.Handler().DownloadZipped(r)
+
+	return fuzzSuccessExitCode
+}
+
+func FuzzDownloadZipped(f *testing.F) {
+	f.Fuzz(func(t *testing.T, data []byte) {
+		DoFuzzDownloadZipped(data)
+	})
+}
+
+func InitFuzzStoreBearerTokenAppCtx() {
+
+}
+
+func DoFuzzStoreBearerTokenAppCtx(input []byte) int {
+	// FUZZER INIT
+	if len(input) < 100 {
+		return fuzzFailExitCode
+	}
+
+	tp, err := go_fuzz_utils.NewTypeProvider(input)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	prefix := ""
+	prefix, err = maybeFillRandom(tp, prefix)
+	if err != nil {
+		return fuzzFailExitCode
+	}
+
+	ctx := context.Background()
+	ctx = middleware.SetNamespace(ctx, "")
+
+	r := new(fasthttp.RequestCtx)
+	utils.SetContextToRequest(ctx, r)
+
+	strings, err := prepareStrings(tp, 3)
+
+	rand, err := prepareBools(tp, 2)
+
+	if rand[0] == true {
+		r.Request.Header.Set(fasthttp.HeaderAuthorization, "Bearer"+strings[0])
+	} else if rand[1] == true {
+		r.Request.Header.SetCookie(fasthttp.HeaderAuthorization, "Bearer"+strings[1])
+	} else {
+		r.Request.Header.Set(fasthttp.HeaderAuthorization, "Bearer"+strings[0])
+		r.Request.Header.SetCookie(fasthttp.HeaderAuthorization, "Bearer"+strings[1])
+	}
+
+	tokens.StoreBearerTokenAppCtx(ctx, r)
+
+	return fuzzSuccessExitCode
+}
+
+func FuzzStoreBearerTokenAppCtx(f *testing.F) {
+	f.Fuzz(func(t *testing.T, data []byte) {
+		DoFuzzStoreBearerTokenAppCtx(data)
+	})
+}

internal/handler/handler_test.go

@@ -0,0 +1,296 @@
+package handler
+
+import (
+	"archive/zip"
+	"bytes"
+	"context"
+	"encoding/json"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"testing"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/cache"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler/middleware"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tree"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/acl"
+	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
+	cidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id/test"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/netmap"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/stretchr/testify/require"
+	"github.com/valyala/fasthttp"
+	"go.uber.org/zap"
+)
+
+type treeClientMock struct {
+}
+
+func (t *treeClientMock) GetNodes(context.Context, *tree.GetNodesParams) ([]tree.NodeResponse, error) {
+	return nil, nil
+}
+
+type configMock struct {
+}
+
+func (c *configMock) DefaultTimestamp() bool {
+	return false
+}
+
+func (c *configMock) ZipCompression() bool {
+	return false
+}
+
+func (c *configMock) ClientCut() bool {
+	return false
+}
+
+func (c *configMock) BufferMaxSizeForPut() uint64 {
+	return 0
+}
+
+func (c *configMock) NamespaceHeader() string {
+	return ""
+}
+
+type handlerContext struct {
+	key   *keys.PrivateKey
+	owner user.ID
+
+	h       *Handler
+	frostfs *TestFrostFS
+	tree    *treeClientMock
+	cfg     *configMock
+}
+
+func (hc *handlerContext) Handler() *Handler {
+	return hc.h
+}
+
+func prepareHandlerContext() (*handlerContext, error) {
+	logger, err := zap.NewDevelopment()
+	if err != nil {
+		return nil, err
+	}
+
+	key, err := keys.NewPrivateKey()
+	if err != nil {
+		return nil, err
+	}
+
+	var owner user.ID
+	user.IDFromKey(&owner, key.PrivateKey.PublicKey)
+
+	testFrostFS := NewTestFrostFS(key)
+
+	testResolver := &resolver.Resolver{Name: "test_resolver"}
+	testResolver.SetResolveFunc(func(_ context.Context, name string) (*cid.ID, error) {
+		return testFrostFS.ContainerID(name)
+	})
+
+	params := &AppParams{
+		Logger:   logger,
+		FrostFS:  testFrostFS,
+		Owner:    &owner,
+		Resolver: testResolver,
+		Cache: cache.NewBucketCache(&cache.Config{
+			Size:     1,
+			Lifetime: 1,
+			Logger:   logger,
+		}),
+	}
+
+	treeMock := &treeClientMock{}
+	cfgMock := &configMock{}
+
+	handler := New(params, cfgMock, tree.NewTree(treeMock))
+
+	return &handlerContext{
+		key:     key,
+		owner:   owner,
+		h:       handler,
+		frostfs: testFrostFS,
+		tree:    treeMock,
+		cfg:     cfgMock,
+	}, nil
+}
+
+func (hc *handlerContext) prepareContainer(name string, basicACL acl.Basic) (cid.ID, *container.Container, error) {
+	var pp netmap.PlacementPolicy
+	err := pp.DecodeString("REP 1")
+	if err != nil {
+		return cid.ID{}, nil, err
+	}
+
+	var cnr container.Container
+	cnr.Init()
+	cnr.SetOwner(hc.owner)
+	cnr.SetPlacementPolicy(pp)
+	cnr.SetBasicACL(basicACL)
+
+	var domain container.Domain
+	domain.SetName(name)
+	container.WriteDomain(&cnr, domain)
+	container.SetName(&cnr, name)
+	container.SetCreationTime(&cnr, time.Now())
+
+	cnrID := cidtest.ID()
+
+	for op := acl.OpObjectGet; op < acl.OpObjectHash; op++ {
+		hc.frostfs.AllowUserOperation(cnrID, hc.owner, op, oid.ID{})
+		if basicACL.IsOpAllowed(op, acl.RoleOthers) {
+			hc.frostfs.AllowUserOperation(cnrID, user.ID{}, op, oid.ID{})
+		}
+	}
+
+	return cnrID, &cnr, nil
+}
+
+func TestBasic(t *testing.T) {
+	hc, err := prepareHandlerContext()
+	require.NoError(t, err)
+
+	bktName := "bucket"
+	cnrID, cnr, err := hc.prepareContainer(bktName, acl.PublicRWExtended)
+	require.NoError(t, err)
+	hc.frostfs.SetContainer(cnrID, cnr)
+
+	ctx := context.Background()
+	ctx = middleware.SetNamespace(ctx, "")
+
+	content := "hello"
+	r, err := prepareUploadRequest(ctx, cnrID.EncodeToString(), content)
+	require.NoError(t, err)
+
+	hc.Handler().Upload(r)
+	require.Equal(t, r.Response.StatusCode(), http.StatusOK)
+
+	var putRes putResponse
+	err = json.Unmarshal(r.Response.Body(), &putRes)
+	require.NoError(t, err)
+
+	obj := hc.frostfs.objects[putRes.ContainerID+"/"+putRes.ObjectID]
+	attr := object.NewAttribute()
+	attr.SetKey(object.AttributeFilePath)
+	attr.SetValue(objFileName)
+	obj.SetAttributes(append(obj.Attributes(), *attr)...)
+
+	t.Run("get", func(t *testing.T) {
+		r = prepareGetRequest(ctx, cnrID.EncodeToString(), putRes.ObjectID)
+		hc.Handler().DownloadByAddressOrBucketName(r)
+		require.Equal(t, content, string(r.Response.Body()))
+	})
+
+	t.Run("head", func(t *testing.T) {
+		r = prepareGetRequest(ctx, cnrID.EncodeToString(), putRes.ObjectID)
+		hc.Handler().HeadByAddressOrBucketName(r)
+		require.Equal(t, putRes.ObjectID, string(r.Response.Header.Peek(hdrObjectID)))
+		require.Equal(t, putRes.ContainerID, string(r.Response.Header.Peek(hdrContainerID)))
+	})
+
+	t.Run("get by attribute", func(t *testing.T) {
+		r = prepareGetByAttributeRequest(ctx, bktName, keyAttr, valAttr)
+		hc.Handler().DownloadByAttribute(r)
+		require.Equal(t, content, string(r.Response.Body()))
+	})
+
+	t.Run("head by attribute", func(t *testing.T) {
+		r = prepareGetByAttributeRequest(ctx, bktName, keyAttr, valAttr)
+		hc.Handler().HeadByAttribute(r)
+		require.Equal(t, putRes.ObjectID, string(r.Response.Header.Peek(hdrObjectID)))
+		require.Equal(t, putRes.ContainerID, string(r.Response.Header.Peek(hdrContainerID)))
+	})
+
+	t.Run("zip", func(t *testing.T) {
+		r = prepareGetZipped(ctx, bktName, "")
+		hc.Handler().DownloadZipped(r)
+
+		readerAt := bytes.NewReader(r.Response.Body())
+		zipReader, err := zip.NewReader(readerAt, int64(len(r.Response.Body())))
+		require.NoError(t, err)
+		require.Len(t, zipReader.File, 1)
+		require.Equal(t, objFileName, zipReader.File[0].Name)
+		f, err := zipReader.File[0].Open()
+		require.NoError(t, err)
+		defer func() {
+			inErr := f.Close()
+			require.NoError(t, inErr)
+		}()
+		data, err := io.ReadAll(f)
+		require.NoError(t, err)
+		require.Equal(t, content, string(data))
+	})
+}
+
+func prepareUploadRequest(ctx context.Context, bucket, content string) (*fasthttp.RequestCtx, error) {
+	r := new(fasthttp.RequestCtx)
+	utils.SetContextToRequest(ctx, r)
+	r.SetUserValue("cid", bucket)
+	return r, fillMultipartBody(r, content)
+}
+
+func prepareGetRequest(ctx context.Context, bucket, objID string) *fasthttp.RequestCtx {
+	r := new(fasthttp.RequestCtx)
+	utils.SetContextToRequest(ctx, r)
+	r.SetUserValue("cid", bucket)
+	r.SetUserValue("oid", objID)
+	return r
+}
+
+func prepareGetByAttributeRequest(ctx context.Context, bucket, attrKey, attrVal string) *fasthttp.RequestCtx {
+	r := new(fasthttp.RequestCtx)
+	utils.SetContextToRequest(ctx, r)
+	r.SetUserValue("cid", bucket)
+	r.SetUserValue("attr_key", attrKey)
+	r.SetUserValue("attr_val", attrVal)
+	return r
+}
+
+func prepareGetZipped(ctx context.Context, bucket, prefix string) *fasthttp.RequestCtx {
+	r := new(fasthttp.RequestCtx)
+	utils.SetContextToRequest(ctx, r)
+	r.SetUserValue("cid", bucket)
+	r.SetUserValue("prefix", prefix)
+	return r
+}
+
+const (
+	keyAttr     = "User-Attribute"
+	valAttr     = "user value"
+	objFileName = "newFile.txt"
+)
+
+func fillMultipartBody(r *fasthttp.RequestCtx, content string) error {
+	attributes := map[string]string{
+		object.AttributeFileName: objFileName,
+		keyAttr:                  valAttr,
+	}
+
+	var buff bytes.Buffer
+	w := multipart.NewWriter(&buff)
+	fw, err := w.CreateFormFile("file", attributes[object.AttributeFileName])
+	if err != nil {
+		return err
+	}
+
+	if _, err = io.Copy(fw, bytes.NewBufferString(content)); err != nil {
+		return err
+	}
+
+	if err = w.Close(); err != nil {
+		return err
+	}
+
+	r.Request.SetBodyStream(&buff, buff.Len())
+	r.Request.Header.Set("Content-Type", w.FormDataContentType())
+	r.Request.Header.Set("X-Attribute-"+keyAttr, valAttr)
+
+	return nil
+}

internal/handler/head.go

@@ -1,4 +1,4 @@
-package downloader
+package handler
 
 import (
 	"context"
@@ -11,7 +11,6 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
 	"github.com/valyala/fasthttp"
 	"go.uber.org/zap"
 )
@@ -25,18 +24,19 @@ const (
 	hdrContainerID = "X-Container-Id"
 )
 
-func headObject(ctx context.Context, req request, clnt *pool.Pool, objectAddress oid.Address) {
+func (h *Handler) headObject(ctx context.Context, req request, objectAddress oid.Address) {
 	var start = time.Now()
 
 	btoken := bearerToken(ctx)
 
-	var prm pool.PrmObjectHead
-	prm.SetAddress(objectAddress)
-	if btoken != nil {
-		prm.UseBearer(*btoken)
+	prm := PrmObjectHead{
+		PrmAuth: PrmAuth{
+			BearerToken: btoken,
+		},
+		Address: objectAddress,
 	}
 
-	obj, err := clnt.HeadObject(ctx, prm)
+	obj, err := h.frostfs.HeadObject(ctx, prm)
 	if err != nil {
 		req.handleFrostFSErr(err, start)
 		return
@@ -70,22 +70,19 @@ func headObject(ctx context.Context, req request, clnt *pool.Pool, objectAddress
 		}
 	}
 
-	idsToResponse(&req.Response, &obj)
+	idsToResponse(&req.Response, obj)
 
 	if len(contentType) == 0 {
 		contentType, _, err = readContentType(obj.PayloadSize(), func(sz uint64) (io.Reader, error) {
-			var prmRange pool.PrmObjectRange
-			prmRange.SetAddress(objectAddress)
-			prmRange.SetLength(sz)
-			if btoken != nil {
-				prmRange.UseBearer(*btoken)
+			prmRange := PrmObjectRange{
+				PrmAuth: PrmAuth{
+					BearerToken: btoken,
+				},
+				Address:      objectAddress,
+				PayloadRange: [2]uint64{0, sz},
 			}
 
-			resObj, err := clnt.ObjectRange(ctx, prmRange)
-			if err != nil {
-				return nil, err
-			}
-			return &resObj, nil
+			return h.frostfs.RangeObject(ctx, prmRange)
 		})
 		if err != nil && err != io.EOF {
 			req.handleFrostFSErr(err, start)
@@ -104,19 +101,19 @@ func idsToResponse(resp *fasthttp.Response, obj *object.Object) {
 }
 
 // HeadByAddressOrBucketName handles head requests using simple cid/oid or bucketname/key format.
-func (d *Downloader) HeadByAddressOrBucketName(c *fasthttp.RequestCtx) {
+func (h *Handler) HeadByAddressOrBucketName(c *fasthttp.RequestCtx) {
 	test, _ := c.UserValue("oid").(string)
 	var id oid.ID
 
 	err := id.DecodeString(test)
 	if err != nil {
-		d.byBucketname(c, headObject)
+		h.byObjectName(c, h.headObject)
 	} else {
-		d.byAddress(c, headObject)
+		h.byAddress(c, h.headObject)
 	}
 }
 
 // HeadByAttribute handles attribute-based head requests.
-func (d *Downloader) HeadByAttribute(c *fasthttp.RequestCtx) {
-	d.byAttribute(c, headObject)
+func (h *Handler) HeadByAttribute(c *fasthttp.RequestCtx) {
+	h.byAttribute(c, h.headObject)
 }

internal/handler/middleware/util.go

@@ -0,0 +1,26 @@
+package middleware
+
+import (
+	"context"
+	"fmt"
+)
+
+// keyWrapper is wrapper for context keys.
+type keyWrapper string
+
+const nsKey = keyWrapper("namespace")
+
+// GetNamespace extract namespace from context.
+func GetNamespace(ctx context.Context) (string, error) {
+	ns, ok := ctx.Value(nsKey).(string)
+	if !ok {
+		return "", fmt.Errorf("couldn't get namespace from context")
+	}
+
+	return ns, nil
+}
+
+// SetNamespace sets namespace in the context.
+func SetNamespace(ctx context.Context, ns string) context.Context {
+	return context.WithValue(ctx, nsKey, ns)
+}

internal/handler/multipart.go

@@ -1,10 +1,10 @@
-package uploader
+package handler
 
 import (
 	"io"
 
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler/multipart"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/uploader/multipart"
 	"go.uber.org/zap"
 )
 

internal/handler/multipart_test.go

@@ -1,6 +1,6 @@
 //go:build !integration
 
-package uploader
+package handler
 
 import (
 	"crypto/rand"

internal/handler/reader.go

@@ -0,0 +1,141 @@
+package handler
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"net/http"
+	"path"
+	"strconv"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
+	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
+	"github.com/valyala/fasthttp"
+	"go.uber.org/zap"
+)
+
+type readCloser struct {
+	io.Reader
+	io.Closer
+}
+
+// initializes io.Reader with the limited size and detects Content-Type from it.
+// Returns r's error directly. Also returns the processed data.
+func readContentType(maxSize uint64, rInit func(uint64) (io.Reader, error)) (string, []byte, error) {
+	if maxSize > sizeToDetectType {
+		maxSize = sizeToDetectType
+	}
+
+	buf := make([]byte, maxSize) // maybe sync-pool the slice?
+
+	r, err := rInit(maxSize)
+	if err != nil {
+		return "", nil, err
+	}
+
+	n, err := r.Read(buf)
+	if err != nil && err != io.EOF {
+		return "", nil, err
+	}
+
+	buf = buf[:n]
+
+	return http.DetectContentType(buf), buf, err // to not lose io.EOF
+}
+
+func (h *Handler) receiveFile(ctx context.Context, req request, objectAddress oid.Address) {
+	var (
+		err      error
+		dis      = "inline"
+		start    = time.Now()
+		filename string
+	)
+
+	prm := PrmObjectGet{
+		PrmAuth: PrmAuth{
+			BearerToken: bearerToken(ctx),
+		},
+		Address: objectAddress,
+	}
+
+	rObj, err := h.frostfs.GetObject(ctx, prm)
+	if err != nil {
+		req.handleFrostFSErr(err, start)
+		return
+	}
+
+	// we can't close reader in this function, so how to do it?
+
+	if req.Request.URI().QueryArgs().GetBool("download") {
+		dis = "attachment"
+	}
+
+	payloadSize := rObj.Header.PayloadSize()
+
+	req.Response.Header.Set(fasthttp.HeaderContentLength, strconv.FormatUint(payloadSize, 10))
+	var contentType string
+	for _, attr := range rObj.Header.Attributes() {
+		key := attr.Key()
+		val := attr.Value()
+		if !isValidToken(key) || !isValidValue(val) {
+			continue
+		}
+
+		key = utils.BackwardTransformIfSystem(key)
+
+		req.Response.Header.Set(utils.UserAttributeHeaderPrefix+key, val)
+		switch key {
+		case object.AttributeFileName:
+			filename = val
+		case object.AttributeTimestamp:
+			value, err := strconv.ParseInt(val, 10, 64)
+			if err != nil {
+				req.log.Info(logs.CouldntParseCreationDate,
+					zap.String("key", key),
+					zap.String("val", val),
+					zap.Error(err))
+				continue
+			}
+			req.Response.Header.Set(fasthttp.HeaderLastModified,
+				time.Unix(value, 0).UTC().Format(http.TimeFormat))
+		case object.AttributeContentType:
+			contentType = val
+		}
+	}
+
+	idsToResponse(&req.Response, &rObj.Header)
+
+	if len(contentType) == 0 {
+		// determine the Content-Type from the payload head
+		var payloadHead []byte
+
+		contentType, payloadHead, err = readContentType(payloadSize, func(uint64) (io.Reader, error) {
+			return rObj.Payload, nil
+		})
+		if err != nil && err != io.EOF {
+			req.log.Error(logs.CouldNotDetectContentTypeFromPayload, zap.Error(err))
+			response.Error(req.RequestCtx, "could not detect Content-Type from payload: "+err.Error(), fasthttp.StatusBadRequest)
+			return
+		}
+
+		// reset payload reader since a part of the data has been read
+		var headReader io.Reader = bytes.NewReader(payloadHead)
+
+		if err != io.EOF { // otherwise, we've already read full payload
+			headReader = io.MultiReader(headReader, rObj.Payload)
+		}
+
+		// note: we could do with io.Reader, but SetBodyStream below closes body stream
+		// if it implements io.Closer and that's useful for us.
+		rObj.Payload = readCloser{headReader, rObj.Payload}
+	}
+	req.SetContentType(contentType)
+
+	req.Response.Header.Set(fasthttp.HeaderContentDisposition, dis+"; filename="+path.Base(filename))
+
+	req.Response.SetBodyStream(rObj.Payload, int(payloadSize))
+}

internal/handler/reader_test.go

@@ -1,6 +1,6 @@
 //go:build !integration
 
-package downloader
+package handler
 
 import (
 	"io"
@@ -35,7 +35,7 @@ func TestDetector(t *testing.T) {
 	} {
 		t.Run(tc.Name, func(t *testing.T) {
 			contentType, data, err := readContentType(uint64(len(tc.Expected)),
-				func(sz uint64) (io.Reader, error) {
+				func(uint64) (io.Reader, error) {
 					return strings.NewReader(tc.Expected), nil
 				},
 			)

internal/handler/upload.go

@@ -1,4 +1,4 @@
-package uploader
+package handler
 
 import (
 	"context"
@@ -9,17 +9,13 @@ import (
 	"time"
 
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tokens"
 	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/utils"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
 	"github.com/valyala/fasthttp"
-	"go.uber.org/atomic"
 	"go.uber.org/zap"
 )
 
@@ -28,58 +24,41 @@ const (
 	drainBufSize = 4096
 )
 
-// Uploader is an upload request handler.
-type Uploader struct {
-	log               *zap.Logger
-	pool              *pool.Pool
-	ownerID           *user.ID
-	settings          *Settings
-	containerResolver *resolver.ContainerResolver
+type putResponse struct {
+	ObjectID    string `json:"object_id"`
+	ContainerID string `json:"container_id"`
 }
 
-// Settings stores reloading parameters, so it has to provide atomic getters and setters.
-type Settings struct {
-	defaultTimestamp atomic.Bool
-}
-
-func (s *Settings) DefaultTimestamp() bool {
-	return s.defaultTimestamp.Load()
-}
-
-func (s *Settings) SetDefaultTimestamp(val bool) {
-	s.defaultTimestamp.Store(val)
-}
-
-// New creates a new Uploader using specified logger, connection pool and
-// other options.
-func New(params *utils.AppParams, settings *Settings) *Uploader {
-	return &Uploader{
-		log:               params.Logger,
-		pool:              params.Pool,
-		ownerID:           params.Owner,
-		settings:          settings,
-		containerResolver: params.Resolver,
+func newPutResponse(addr oid.Address) *putResponse {
+	return &putResponse{
+		ObjectID:    addr.Object().EncodeToString(),
+		ContainerID: addr.Container().EncodeToString(),
 	}
 }
 
+func (pr *putResponse) encode(w io.Writer) error {
+	enc := json.NewEncoder(w)
+	enc.SetIndent("", "\t")
+	return enc.Encode(pr)
+}
+
 // Upload handles multipart upload request.
-func (u *Uploader) Upload(req *fasthttp.RequestCtx) {
+func (h *Handler) Upload(req *fasthttp.RequestCtx) {
 	var (
 		file       MultipartFile
 		idObj      oid.ID
 		addr       oid.Address
 		scid, _    = req.UserValue("cid").(string)
-		log        = u.log.With(zap.String("cid", scid))
+		log        = h.log.With(zap.String("cid", scid))
 		bodyStream = req.RequestBodyStream()
 		drainBuf   = make([]byte, drainBufSize)
 	)
 
 	ctx := utils.GetContextFromRequest(req)
 
-	idCnr, err := utils.GetContainerID(ctx, scid, u.containerResolver)
+	bktInfo, err := h.getBucketInfo(ctx, scid, log)
 	if err != nil {
-		log.Error(logs.WrongContainerID, zap.Error(err))
-		response.Error(req, "wrong container id", fasthttp.StatusBadRequest)
+		logAndSendBucketError(req, log, err)
 		return
 	}
 
@@ -97,12 +76,12 @@ func (u *Uploader) Upload(req *fasthttp.RequestCtx) {
 		)
 	}()
 	boundary := string(req.Request.Header.MultipartFormBoundary())
-	if file, err = fetchMultipartFile(u.log, bodyStream, boundary); err != nil {
+	if file, err = fetchMultipartFile(h.log, bodyStream, boundary); err != nil {
 		log.Error(logs.CouldNotReceiveMultipartForm, zap.Error(err))
 		response.Error(req, "could not receive multipart/form: "+err.Error(), fasthttp.StatusBadRequest)
 		return
 	}
-	filtered, err := filterHeaders(u.log, &req.Request.Header)
+	filtered, err := filterHeaders(h.log, &req.Request.Header)
 	if err != nil {
 		log.Error(logs.CouldNotProcessHeaders, zap.Error(err))
 		response.Error(req, err.Error(), fasthttp.StatusBadRequest)
@@ -118,7 +97,7 @@ func (u *Uploader) Upload(req *fasthttp.RequestCtx) {
 		}
 	}
 
-	if err = utils.PrepareExpirationHeader(req, u.pool, filtered, now); err != nil {
+	if err = utils.PrepareExpirationHeader(req, h.frostfs, filtered, now); err != nil {
 		log.Error(logs.CouldNotPrepareExpirationHeader, zap.Error(err))
 		response.Error(req, "could not prepare expiration header: "+err.Error(), fasthttp.StatusBadRequest)
 		return
@@ -140,7 +119,7 @@ func (u *Uploader) Upload(req *fasthttp.RequestCtx) {
 		attributes = append(attributes, *filename)
 	}
 	// sets Timestamp attribute if it wasn't set from header and enabled by settings
-	if _, ok := filtered[object.AttributeTimestamp]; !ok && u.settings.DefaultTimestamp() {
+	if _, ok := filtered[object.AttributeTimestamp]; !ok && h.config.DefaultTimestamp() {
 		timestamp := object.NewAttribute()
 		timestamp.SetKey(object.AttributeTimestamp)
 		timestamp.SetValue(strconv.FormatInt(time.Now().Unix(), 10))
@@ -148,26 +127,28 @@ func (u *Uploader) Upload(req *fasthttp.RequestCtx) {
 	}
 
 	obj := object.New()
-	obj.SetContainerID(*idCnr)
-	obj.SetOwnerID(u.ownerID)
+	obj.SetContainerID(bktInfo.CID)
+	obj.SetOwnerID(*h.ownerID)
 	obj.SetAttributes(attributes...)
 
-	var prm pool.PrmObjectPut
-	prm.SetHeader(*obj)
-	prm.SetPayload(file)
-
-	bt := u.fetchBearerToken(ctx)
-	if bt != nil {
-		prm.UseBearer(*bt)
+	prm := PrmObjectCreate{
+		PrmAuth: PrmAuth{
+			BearerToken: h.fetchBearerToken(ctx),
+		},
+		Object:                 obj,
+		Payload:                file,
+		ClientCut:              h.config.ClientCut(),
+		WithoutHomomorphicHash: bktInfo.HomomorphicHashDisabled,
+		BufferMaxSize:          h.config.BufferMaxSizeForPut(),
 	}
 
-	if idObj, err = u.pool.PutObject(ctx, prm); err != nil {
-		u.handlePutFrostFSErr(req, err)
+	if idObj, err = h.frostfs.CreateObject(ctx, prm); err != nil {
+		h.handlePutFrostFSErr(req, err)
 		return
 	}
 
 	addr.SetObject(idObj)
-	addr.SetContainer(*idCnr)
+	addr.SetContainer(bktInfo.CID)
 
 	// Try to return the response, otherwise, if something went wrong, throw an error.
 	if err = newPutResponse(addr).encode(req); err != nil {
@@ -193,35 +174,17 @@ func (u *Uploader) Upload(req *fasthttp.RequestCtx) {
 	req.Response.Header.SetContentType(jsonHeader)
 }
 
-func (u *Uploader) handlePutFrostFSErr(r *fasthttp.RequestCtx, err error) {
+func (h *Handler) handlePutFrostFSErr(r *fasthttp.RequestCtx, err error) {
 	statusCode, msg, additionalFields := response.FormErrorResponse("could not store file in frostfs", err)
 	logFields := append([]zap.Field{zap.Error(err)}, additionalFields...)
 
-	u.log.Error(logs.CouldNotStoreFileInFrostfs, logFields...)
+	h.log.Error(logs.CouldNotStoreFileInFrostfs, logFields...)
 	response.Error(r, msg, statusCode)
 }
 
-func (u *Uploader) fetchBearerToken(ctx context.Context) *bearer.Token {
+func (h *Handler) fetchBearerToken(ctx context.Context) *bearer.Token {
 	if tkn, err := tokens.LoadBearerToken(ctx); err == nil && tkn != nil {
 		return tkn
 	}
 	return nil
 }
-
-type putResponse struct {
-	ObjectID    string `json:"object_id"`
-	ContainerID string `json:"container_id"`
-}
-
-func newPutResponse(addr oid.Address) *putResponse {
-	return &putResponse{
-		ObjectID:    addr.Object().EncodeToString(),
-		ContainerID: addr.Container().EncodeToString(),
-	}
-}
-
-func (pr *putResponse) encode(w io.Writer) error {
-	enc := json.NewEncoder(w)
-	enc.SetIndent("", "\t")
-	return enc.Encode(pr)
-}

internal/handler/utils.go

@@ -0,0 +1,71 @@
+package handler
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/logs"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/response"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/tokens"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/bearer"
+	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client"
+	"github.com/valyala/fasthttp"
+	"go.uber.org/zap"
+)
+
+type request struct {
+	*fasthttp.RequestCtx
+	log *zap.Logger
+}
+
+func (r *request) handleFrostFSErr(err error, start time.Time) {
+	logFields := []zap.Field{
+		zap.Stringer("elapsed", time.Since(start)),
+		zap.Error(err),
+	}
+	statusCode, msg, additionalFields := response.FormErrorResponse("could not receive object", err)
+	logFields = append(logFields, additionalFields...)
+
+	r.log.Error(logs.CouldNotReceiveObject, logFields...)
+	response.Error(r.RequestCtx, msg, statusCode)
+}
+
+func bearerToken(ctx context.Context) *bearer.Token {
+	if tkn, err := tokens.LoadBearerToken(ctx); err == nil {
+		return tkn
+	}
+	return nil
+}
+
+func isValidToken(s string) bool {
+	for _, c := range s {
+		if c <= ' ' || c > 127 {
+			return false
+		}
+		if strings.ContainsRune("()<>@,;:\\\"/[]?={}", c) {
+			return false
+		}
+	}
+	return true
+}
+
+func isValidValue(s string) bool {
+	for _, c := range s {
+		// HTTP specification allows for more technically, but we don't want to escape things.
+		if c < ' ' || c > 127 || c == '"' {
+			return false
+		}
+	}
+	return true
+}
+
+func logAndSendBucketError(c *fasthttp.RequestCtx, log *zap.Logger, err error) {
+	log.Error(logs.CouldntGetBucket, zap.Error(err))
+
+	if client.IsErrContainerNotFound(err) {
+		response.Error(c, "Not Found", fasthttp.StatusNotFound)
+		return
+	}
+	response.Error(c, "could not get bucket: "+err.Error(), fasthttp.StatusBadRequest)
+}

internal/logs/logs.go

@@ -1,69 +1,80 @@
 package logs
 
 const (
-	CouldntParseCreationDate                                              = "couldn't parse creation date"                                                       // Info in ../../downloader/*
-	CouldNotDetectContentTypeFromPayload                                  = "could not detect Content-Type from payload"                                         // Error in ../../downloader/download.go
-	CouldNotReceiveObject                                                 = "could not receive object"                                                           // Error in ../../downloader/download.go
-	WrongContainerID                                                      = "wrong container id"                                                                 // Error in ../../downloader/download.go and uploader/upload.go
-	WrongObjectID                                                         = "wrong object id"                                                                    // Error in ../../downloader/download.go
-	ObjectWasntFound                                                      = "object wasn't found"                                                                // Error in ../../downloader/download.go
-	ObjectWasDeleted                                                      = "object was deleted"                                                                 // Error in ../../downloader/download.go
-	CouldNotSearchForObjects                                              = "could not search for objects"                                                       // Error in ../../downloader/download.go
-	ObjectNotFound                                                        = "object not found"                                                                   // Error in ../../downloader/download.go
-	ReadObjectListFailed                                                  = "read object list failed"                                                            // Error in ../../downloader/download.go
-	CouldNotCheckContainerExistence                                       = "could not check container existence"                                                // Error in ../../downloader/download.go
-	FailedToAddObjectToArchive                                            = "failed to add object to archive"                                                    // Error in ../../downloader/download.go
-	IteratingOverSelectedObjectsFailed                                    = "iterating over selected objects failed"                                             // Error in ../../downloader/download.go
-	ObjectsNotFound                                                       = "objects not found"                                                                  // Error in ../../downloader/download.go
-	CloseZipWriter                                                        = "close zip writer"                                                                   // Error in ../../downloader/download.go
-	ServiceIsRunning                                                      = "service is running"                                                                 // Info in ../../metrics/service.go
-	ServiceCouldntStartOnConfiguredPort                                   = "service couldn't start on configured port"                                          // Warn in ../../metrics/service.go
-	ServiceHasntStartedSinceItsDisabled                                   = "service hasn't started since it's disabled"                                         // Info in ../../metrics/service.go
-	ShuttingDownService                                                   = "shutting down service"                                                              // Info in ../../metrics/service.go
-	CantShutDownService                                                   = "can't shut down service"                                                            // Panic in ../../metrics/service.go
-	IgnorePartEmptyFormName                                               = "ignore part, empty form name"                                                       // Debug in ../../uploader/upload.go
-	IgnorePartEmptyFilename                                               = "ignore part, empty filename"                                                        // Debug in ../../uploader/upload.go
-	CloseTemporaryMultipartFormFile                                       = "close temporary multipart/form file"                                                // Debug in ../../uploader/upload.go
-	CouldNotReceiveMultipartForm                                          = "could not receive multipart/form"                                                   // Error in ../../uploader/upload.go
-	CouldNotProcessHeaders                                                = "could not process headers"                                                          // Error in ../../uploader/upload.go
-	CouldNotParseClientTime                                               = "could not parse client time"                                                        // Warn in ../../uploader/upload.go
-	CouldNotPrepareExpirationHeader                                       = "could not prepare expiration header"                                                // Error in ../../uploader/upload.go
-	CouldNotEncodeResponse                                                = "could not encode response"                                                          // Error in ../../uploader/upload.go
-	CouldNotStoreFileInFrostfs                                            = "could not store file in frostfs"                                                    // Error in ../../uploader/upload.go
-	AddAttributeToResultObject                                            = "add attribute to result object"                                                     // Debug in ../../uploader/filter.go
-	FailedToCreateResolver                                                = "failed to create resolver"                                                          // Fatal in ../../app.go
-	ContainerResolverWillBeDisabledBecauseOfResolversResolverOrderIsEmpty = "container resolver will be disabled because of resolvers 'resolver_order' is empty" // Info in ../../app.go
-	MetricsAreDisabled                                                    = "metrics are disabled"                                                               // Warn in ../../app.go
-	NoWalletPathSpecifiedCreatingEphemeralKeyAutomaticallyForThisRun      = "no wallet path specified, creating ephemeral key automatically for this run"        // Info in ../../app.go
-	StartingApplication                                                   = "starting application"                                                               // Info in ../../app.go
-	StartingServer                                                        = "starting server"                                                                    // Info in ../../app.go
-	ListenAndServe                                                        = "listen and serve"                                                                   // Fatal in ../../app.go
-	ShuttingDownWebServer                                                 = "shutting down web server"                                                           // Info in ../../app.go
-	FailedToShutdownTracing                                               = "failed to shutdown tracing"                                                         // Warn in ../../app.go
-	SIGHUPConfigReloadStarted                                             = "SIGHUP config reload started"                                                       // Info in ../../app.go
-	FailedToReloadConfigBecauseItsMissed                                  = "failed to reload config because it's missed"                                        // Warn in ../../app.go
-	FailedToReloadConfig                                                  = "failed to reload config"                                                            // Warn in ../../app.go
-	LogLevelWontBeUpdated                                                 = "log level won't be updated"                                                         // Warn in ../../app.go
-	FailedToUpdateResolvers                                               = "failed to update resolvers"                                                         // Warn in ../../app.go
-	FailedToReloadServerParameters                                        = "failed to reload server parameters"                                                 // Warn in ../../app.go
-	SIGHUPConfigReloadCompleted                                           = "SIGHUP config reload completed"                                                     // Info in ../../app.go
-	AddedPathUploadCid                                                    = "added path /upload/{cid}"                                                           // Info in ../../app.go
-	AddedPathGetCidOid                                                    = "added path /get/{cid}/{oid}"                                                        // Info in ../../app.go
-	AddedPathGetByAttributeCidAttrKeyAttrVal                              = "added path /get_by_attribute/{cid}/{attr_key}/{attr_val:*}"                         // Info in ../../app.go
-	AddedPathZipCidPrefix                                                 = "added path /zip/{cid}/{prefix}"                                                     // Info in ../../app.go
-	Request                                                               = "request"                                                                            // Info in ../../app.go
-	CouldNotFetchAndStoreBearerToken                                      = "could not fetch and store bearer token"                                             // Error in ../../app.go
-	FailedToAddServer                                                     = "failed to add server"                                                               // Warn in ../../app.go
-	AddServer                                                             = "add server"                                                                         // Info in ../../app.go
-	NoHealthyServers                                                      = "no healthy servers"                                                                 // Fatal in ../../app.go
-	FailedToInitializeTracing                                             = "failed to initialize tracing"                                                       // Warn in ../../app.go
-	TracingConfigUpdated                                                  = "tracing config updated"                                                             // Info in ../../app.go
-	ResolverNNSWontBeUsedSinceRPCEndpointIsntProvided                     = "resolver nns won't be used since rpc_endpoint isn't provided"                       // Warn in ../../app.go
-	CouldNotLoadFrostFSPrivateKey                                         = "could not load FrostFS private key"                                                 // Fatal in ../../settings.go
-	UsingCredentials                                                      = "using credentials"                                                                  // Info in ../../settings.go
-	FailedToCreateConnectionPool                                          = "failed to create connection pool"                                                   // Fatal in ../../settings.go
-	FailedToDialConnectionPool                                            = "failed to dial connection pool"                                                     // Fatal in ../../settings.go
-	FailedToCreateTreePool                                                = "failed to create tree pool"                                                         // Fatal in ../../settings.go
-	FailedToDialTreePool                                                  = "failed to dial tree pool"                                                           // Fatal in ../../settings.go
-	AddedStoragePeer                                                      = "added storage peer"                                                                 // Info in ../../settings.go
+	CouldntParseCreationDate                                              = "couldn't parse creation date"                                                           // Info in ../../downloader/*
+	CouldNotDetectContentTypeFromPayload                                  = "could not detect Content-Type from payload"                                             // Error in ../../downloader/download.go
+	CouldNotReceiveObject                                                 = "could not receive object"                                                               // Error in ../../downloader/download.go
+	WrongObjectID                                                         = "wrong object id"                                                                        // Error in ../../downloader/download.go
+	GetLatestObjectVersion                                                = "get latest object version"                                                              // Error in ../../downloader/download.go
+	ObjectWasDeleted                                                      = "object was deleted"                                                                     // Error in ../../downloader/download.go
+	CouldNotSearchForObjects                                              = "could not search for objects"                                                           // Error in ../../downloader/download.go
+	ObjectNotFound                                                        = "object not found"                                                                       // Error in ../../downloader/download.go
+	ReadObjectListFailed                                                  = "read object list failed"                                                                // Error in ../../downloader/download.go
+	FailedToAddObjectToArchive                                            = "failed to add object to archive"                                                        // Error in ../../downloader/download.go
+	IteratingOverSelectedObjectsFailed                                    = "iterating over selected objects failed"                                                 // Error in ../../downloader/download.go
+	ObjectsNotFound                                                       = "objects not found"                                                                      // Error in ../../downloader/download.go
+	CloseZipWriter                                                        = "close zip writer"                                                                       // Error in ../../downloader/download.go
+	ServiceIsRunning                                                      = "service is running"                                                                     // Info in ../../metrics/service.go
+	ServiceCouldntStartOnConfiguredPort                                   = "service couldn't start on configured port"                                              // Warn in ../../metrics/service.go
+	ServiceHasntStartedSinceItsDisabled                                   = "service hasn't started since it's disabled"                                             // Info in ../../metrics/service.go
+	ShuttingDownService                                                   = "shutting down service"                                                                  // Info in ../../metrics/service.go
+	CantShutDownService                                                   = "can't shut down service"                                                                // Panic in ../../metrics/service.go
+	CantGracefullyShutDownService                                         = "can't gracefully shut down service, force stop"                                         // Error in ../../metrics/service.go
+	IgnorePartEmptyFormName                                               = "ignore part, empty form name"                                                           // Debug in ../../uploader/upload.go
+	IgnorePartEmptyFilename                                               = "ignore part, empty filename"                                                            // Debug in ../../uploader/upload.go
+	CloseTemporaryMultipartFormFile                                       = "close temporary multipart/form file"                                                    // Debug in ../../uploader/upload.go
+	CouldNotReceiveMultipartForm                                          = "could not receive multipart/form"                                                       // Error in ../../uploader/upload.go
+	CouldNotProcessHeaders                                                = "could not process headers"                                                              // Error in ../../uploader/upload.go
+	CouldNotParseClientTime                                               = "could not parse client time"                                                            // Warn in ../../uploader/upload.go
+	CouldNotPrepareExpirationHeader                                       = "could not prepare expiration header"                                                    // Error in ../../uploader/upload.go
+	CouldNotEncodeResponse                                                = "could not encode response"                                                              // Error in ../../uploader/upload.go
+	CouldNotStoreFileInFrostfs                                            = "could not store file in frostfs"                                                        // Error in ../../uploader/upload.go
+	AddAttributeToResultObject                                            = "add attribute to result object"                                                         // Debug in ../../uploader/filter.go
+	FailedToCreateResolver                                                = "failed to create resolver"                                                              // Fatal in ../../app.go
+	ContainerResolverWillBeDisabledBecauseOfResolversResolverOrderIsEmpty = "container resolver will be disabled because of resolvers 'resolver_order' is empty"     // Info in ../../app.go
+	MetricsAreDisabled                                                    = "metrics are disabled"                                                                   // Warn in ../../app.go
+	NoWalletPathSpecifiedCreatingEphemeralKeyAutomaticallyForThisRun      = "no wallet path specified, creating ephemeral key automatically for this run"            // Info in ../../app.go
+	StartingApplication                                                   = "starting application"                                                                   // Info in ../../app.go
+	StartingServer                                                        = "starting server"                                                                        // Info in ../../app.go
+	ListenAndServe                                                        = "listen and serve"                                                                       // Fatal in ../../app.go
+	ShuttingDownWebServer                                                 = "shutting down web server"                                                               // Info in ../../app.go
+	FailedToShutdownTracing                                               = "failed to shutdown tracing"                                                             // Warn in ../../app.go
+	SIGHUPConfigReloadStarted                                             = "SIGHUP config reload started"                                                           // Info in ../../app.go
+	FailedToReloadConfigBecauseItsMissed                                  = "failed to reload config because it's missed"                                            // Warn in ../../app.go
+	FailedToReloadConfig                                                  = "failed to reload config"                                                                // Warn in ../../app.go
+	LogLevelWontBeUpdated                                                 = "log level won't be updated"                                                             // Warn in ../../app.go
+	FailedToUpdateResolvers                                               = "failed to update resolvers"                                                             // Warn in ../../app.go
+	FailedToReloadServerParameters                                        = "failed to reload server parameters"                                                     // Warn in ../../app.go
+	SIGHUPConfigReloadCompleted                                           = "SIGHUP config reload completed"                                                         // Info in ../../app.go
+	AddedPathUploadCid                                                    = "added path /upload/{cid}"                                                               // Info in ../../app.go
+	AddedPathGetCidOid                                                    = "added path /get/{cid}/{oid}"                                                            // Info in ../../app.go
+	AddedPathGetByAttributeCidAttrKeyAttrVal                              = "added path /get_by_attribute/{cid}/{attr_key}/{attr_val:*}"                             // Info in ../../app.go
+	AddedPathZipCidPrefix                                                 = "added path /zip/{cid}/{prefix}"                                                         // Info in ../../app.go
+	Request                                                               = "request"                                                                                // Info in ../../app.go
+	CouldNotFetchAndStoreBearerToken                                      = "could not fetch and store bearer token"                                                 // Error in ../../app.go
+	FailedToAddServer                                                     = "failed to add server"                                                                   // Warn in ../../app.go
+	AddServer                                                             = "add server"                                                                             // Info in ../../app.go
+	NoHealthyServers                                                      = "no healthy servers"                                                                     // Fatal in ../../app.go
+	FailedToInitializeTracing                                             = "failed to initialize tracing"                                                           // Warn in ../../app.go
+	TracingConfigUpdated                                                  = "tracing config updated"                                                                 // Info in ../../app.go
+	ResolverNNSWontBeUsedSinceRPCEndpointIsntProvided                     = "resolver nns won't be used since rpc_endpoint isn't provided"                           // Warn in ../../app.go
+	RuntimeSoftMemoryDefinedWithGOMEMLIMIT                                = "soft runtime memory defined with GOMEMLIMIT environment variable, config value skipped" // Warn in ../../app.go
+	RuntimeSoftMemoryLimitUpdated                                         = "soft runtime memory limit value updated"                                                // Info in ../../app.go
+	CouldNotLoadFrostFSPrivateKey                                         = "could not load FrostFS private key"                                                     // Fatal in ../../settings.go
+	UsingCredentials                                                      = "using credentials"                                                                      // Info in ../../settings.go
+	FailedToCreateConnectionPool                                          = "failed to create connection pool"                                                       // Fatal in ../../settings.go
+	FailedToDialConnectionPool                                            = "failed to dial connection pool"                                                         // Fatal in ../../settings.go
+	FailedToCreateTreePool                                                = "failed to create tree pool"                                                             // Fatal in ../../settings.go
+	FailedToDialTreePool                                                  = "failed to dial tree pool"                                                               // Fatal in ../../settings.go
+	AddedStoragePeer                                                      = "added storage peer"                                                                     // Info in ../../settings.go
+	CouldntGetBucket                                                      = "could not get bucket"                                                                   // Error in ../handler/utils.go
+	CouldntPutBucketIntoCache                                             = "couldn't put bucket info into cache"                                                    // Warn in ../handler/handler.go
+	InvalidCacheEntryType                                                 = "invalid cache entry type"                                                               // Warn in ../cache/buckets.go
+	InvalidLifetimeUsingDefaultValue                                      = "invalid lifetime, using default value (in seconds)"                                     // Error in ../../cmd/http-gw/settings.go
+	InvalidCacheSizeUsingDefaultValue                                     = "invalid cache size, using default value"                                                // Error in ../../cmd/http-gw/settings.go
+	FailedToUnescapeQuery                                                 = "failed to unescape query"
+	ServerReconnecting                                                    = "reconnecting server..."
+	ServerReconnectedSuccessfully                                         = "server reconnected successfully"
+	ServerReconnectFailed                                                 = "failed to reconnect server"
+	WarnDuplicateAddress                                                  = "duplicate address"
 )

metrics/service.go

@@ -40,6 +40,9 @@ func (ms *Service) ShutDown(ctx context.Context) {
 	ms.log.Info(logs.ShuttingDownService, zap.String("endpoint", ms.Addr))
 	err := ms.Shutdown(ctx)
 	if err != nil {
-		ms.log.Panic(logs.CantShutDownService)
+		ms.log.Error(logs.CantGracefullyShutDownService, zap.Error(err))
+		if err = ms.Close(); err != nil {
+			ms.log.Panic(logs.CantShutDownService, zap.Error(err))
+		}
 	}
 }

resolver/frostfs.go

@@ -1,35 +0,0 @@
-package resolver
-
-import (
-	"context"
-	"errors"
-	"fmt"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
-)
-
-// FrostFSResolver represents virtual connection to the FrostFS network.
-// It implements resolver.FrostFS.
-type FrostFSResolver struct {
-	pool *pool.Pool
-}
-
-// NewFrostFSResolver creates new FrostFSResolver using provided pool.Pool.
-func NewFrostFSResolver(p *pool.Pool) *FrostFSResolver {
-	return &FrostFSResolver{pool: p}
-}
-
-// SystemDNS implements resolver.FrostFS interface method.
-func (x *FrostFSResolver) SystemDNS(ctx context.Context) (string, error) {
-	networkInfo, err := x.pool.NetworkInfo(ctx)
-	if err != nil {
-		return "", fmt.Errorf("read network info via client: %w", err)
-	}
-
-	domain := networkInfo.RawNetworkParameter("SystemDNS")
-	if domain == nil {
-		return "", errors.New("system DNS parameter not found or empty")
-	}
-
-	return string(domain), nil
-}

resolver/resolver.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"sync"
 
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/handler/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/ns"
@@ -28,9 +29,14 @@ type FrostFS interface {
 	SystemDNS(context.Context) (string, error)
 }
 
+type Settings interface {
+	FormContainerZone(ns string) (zone string, isDefault bool)
+}
+
 type Config struct {
 	FrostFS    FrostFS
 	RPCAddress string
+	Settings   Settings
 }
 
 type ContainerResolver struct {
@@ -135,29 +141,43 @@ func (r *ContainerResolver) equals(resolverNames []string) bool {
 func newResolver(name string, cfg *Config) (*Resolver, error) {
 	switch name {
 	case DNSResolver:
-		return NewDNSResolver(cfg.FrostFS)
+		return NewDNSResolver(cfg.FrostFS, cfg.Settings)
 	case NNSResolver:
-		return NewNNSResolver(cfg.RPCAddress)
+		return NewNNSResolver(cfg.RPCAddress, cfg.Settings)
 	default:
 		return nil, fmt.Errorf("unknown resolver: %s", name)
 	}
 }
 
-func NewDNSResolver(frostFS FrostFS) (*Resolver, error) {
+func NewDNSResolver(frostFS FrostFS, settings Settings) (*Resolver, error) {
 	if frostFS == nil {
 		return nil, fmt.Errorf("pool must not be nil for DNS resolver")
 	}
+	if settings == nil {
+		return nil, fmt.Errorf("resolver settings must not be nil for DNS resolver")
+	}
 
 	var dns ns.DNS
 
 	resolveFunc := func(ctx context.Context, name string) (*cid.ID, error) {
-		domain, err := frostFS.SystemDNS(ctx)
+		var err error
+
+		namespace, err := middleware.GetNamespace(ctx)
 		if err != nil {
-			return nil, fmt.Errorf("read system DNS parameter of the FrostFS: %w", err)
+			return nil, err
 		}
 
-		domain = name + "." + domain
+		zone, isDefault := settings.FormContainerZone(namespace)
+		if isDefault {
+			zone, err = frostFS.SystemDNS(ctx)
+			if err != nil {
+				return nil, fmt.Errorf("read system DNS parameter of the FrostFS: %w", err)
+			}
+		}
+
+		domain := name + "." + zone
 		cnrID, err := dns.ResolveContainerName(domain)
+
 		if err != nil {
 			return nil, fmt.Errorf("couldn't resolve container '%s' as '%s': %w", name, domain, err)
 		}
@@ -170,17 +190,32 @@ func NewDNSResolver(frostFS FrostFS) (*Resolver, error) {
 	}, nil
 }
 
-func NewNNSResolver(rpcAddress string) (*Resolver, error) {
+func NewNNSResolver(rpcAddress string, settings Settings) (*Resolver, error) {
+	if rpcAddress == "" {
+		return nil, fmt.Errorf("rpc address must not be empty for NNS resolver")
+	}
+	if settings == nil {
+		return nil, fmt.Errorf("resolver settings must not be nil for NNS resolver")
+	}
+
 	var nns ns.NNS
 
 	if err := nns.Dial(rpcAddress); err != nil {
 		return nil, fmt.Errorf("could not dial nns: %w", err)
 	}
 
-	resolveFunc := func(_ context.Context, name string) (*cid.ID, error) {
+	resolveFunc := func(ctx context.Context, name string) (*cid.ID, error) {
 		var d container.Domain
 		d.SetName(name)
 
+		namespace, err := middleware.GetNamespace(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		zone, _ := settings.FormContainerZone(namespace)
+		d.SetZone(zone)
+
 		cnrID, err := nns.ResolveContainerDomain(d)
 		if err != nil {
 			return nil, fmt.Errorf("couldn't resolve container '%s': %w", name, err)

tokens/bearer-token_test.go

@@ -23,19 +23,29 @@ func makeTestCookie(value []byte) *fasthttp.RequestHeader {
 func makeTestHeader(value []byte) *fasthttp.RequestHeader {
 	header := new(fasthttp.RequestHeader)
 	if value != nil {
-		header.Set(fasthttp.HeaderAuthorization, bearerTokenHdr+" "+string(value))
+		header.Set(fasthttp.HeaderAuthorization, string(value))
 	}
 	return header
 }
 
-func Test_fromCookie(t *testing.T) {
+func makeBearer(value string) string {
+	return bearerTokenHdr + " " + value
+}
+
+func TestBearerTokenFromCookie(t *testing.T) {
 	cases := []struct {
 		name   string
 		actual []byte
 		expect []byte
 	}{
-		{name: "empty"},
-		{name: "normal", actual: []byte("TOKEN"), expect: []byte("TOKEN")},
+		{
+			name: "empty",
+		},
+		{
+			name:   "normal",
+			actual: []byte("TOKEN"),
+			expect: []byte("TOKEN"),
+		},
 	}
 
 	for _, tt := range cases {
@@ -45,14 +55,31 @@ func Test_fromCookie(t *testing.T) {
 	}
 }
 
-func Test_fromHeader(t *testing.T) {
+func TestBearerTokenFromHeader(t *testing.T) {
+	validToken := "token"
+	tokenWithoutPrefix := "invalid-token"
+
 	cases := []struct {
 		name   string
 		actual []byte
 		expect []byte
 	}{
-		{name: "empty"},
-		{name: "normal", actual: []byte("TOKEN"), expect: []byte("TOKEN")},
+		{
+			name: "empty",
+		},
+		{
+			name:   "token without the bearer prefix",
+			actual: []byte(tokenWithoutPrefix),
+		},
+		{
+			name:   "token without payload",
+			actual: []byte(makeBearer("")),
+		},
+		{
+			name:   "normal",
+			actual: []byte(makeBearer(validToken)),
+			expect: []byte(validToken),
+		},
 	}
 
 	for _, tt := range cases {
@@ -62,7 +89,7 @@ func Test_fromHeader(t *testing.T) {
 	}
 }
 
-func Test_fetchBearerToken(t *testing.T) {
+func TestFetchBearerToken(t *testing.T) {
 	key, err := keys.NewPrivateKey()
 	require.NoError(t, err)
 	var uid user.ID
@@ -75,43 +102,77 @@ func Test_fetchBearerToken(t *testing.T) {
 	require.NotEmpty(t, t64)
 
 	cases := []struct {
-		name string
-
+		name   string
 		cookie string
 		header string
-
 		error  string
+		nilCtx bool
 		expect *bearer.Token
 	}{
-		{name: "empty"},
-
-		{name: "bad base64 header", header: "WRONG BASE64", error: "can't base64-decode bearer token"},
-		{name: "bad base64 cookie", cookie: "WRONG BASE64", error: "can't base64-decode bearer token"},
-
-		{name: "header token unmarshal error", header: "dGVzdAo=", error: "can't unmarshal bearer token"},
-		{name: "cookie token unmarshal error", cookie: "dGVzdAo=", error: "can't unmarshal bearer token"},
-
+		{
+			name: "empty",
+		},
+		{
+			name:   "nil context",
+			nilCtx: true,
+		},
+		{
+			name:   "bad base64 header",
+			header: "WRONG BASE64",
+			error:  "can't base64-decode bearer token",
+		},
+		{
+			name:   "bad base64 cookie",
+			cookie: "WRONG BASE64",
+			error:  "can't base64-decode bearer token",
+		},
+		{
+			name:   "header token unmarshal error",
+			header: "dGVzdAo=",
+			error:  "can't unmarshal bearer token",
+		},
+		{
+			name:   "cookie token unmarshal error",
+			cookie: "dGVzdAo=",
+			error:  "can't unmarshal bearer token",
+		},
 		{
 			name:   "bad header and cookie",
 			header: "WRONG BASE64",
 			cookie: "dGVzdAo=",
 			error:  "can't unmarshal bearer token",
 		},
-
 		{
 			name:   "bad header, but good cookie",
 			header: "dGVzdAo=",
 			cookie: t64,
 			expect: tkn,
 		},
-
-		{name: "ok for header", header: t64, expect: tkn},
-		{name: "ok for cookie", cookie: t64, expect: tkn},
+		{
+			name:   "bad cookie, but good header",
+			header: t64,
+			cookie: "dGVzdAo=",
+			expect: tkn,
+		},
+		{
+			name:   "ok for header",
+			header: t64,
+			expect: tkn,
+		},
+		{
+			name:   "ok for cookie",
+			cookie: t64,
+			expect: tkn,
+		},
 	}
 
 	for _, tt := range cases {
 		t.Run(tt.name, func(t *testing.T) {
-			ctx := makeTestRequest(tt.cookie, tt.header)
+			var ctx *fasthttp.RequestCtx
+			if !tt.nilCtx {
+				ctx = makeTestRequest(tt.cookie, tt.header)
+			}
+
 			actual, err := fetchBearerToken(ctx)
 
 			if tt.error == "" {
@@ -139,7 +200,7 @@ func makeTestRequest(cookie, header string) *fasthttp.RequestCtx {
 	return ctx
 }
 
-func Test_checkAndPropagateBearerToken(t *testing.T) {
+func TestCheckAndPropagateBearerToken(t *testing.T) {
 	key, err := keys.NewPrivateKey()
 	require.NoError(t, err)
 	var uid user.ID
@@ -162,3 +223,85 @@ func Test_checkAndPropagateBearerToken(t *testing.T) {
 	require.NoError(t, err)
 	require.Equal(t, tkn, actual)
 }
+
+func TestLoadBearerToken(t *testing.T) {
+	ctx := context.Background()
+	token := new(bearer.Token)
+
+	cases := []struct {
+		name   string
+		appCtx context.Context
+		error  string
+	}{
+		{
+			name:   "token is missing in the context",
+			appCtx: ctx,
+			error:  "found empty bearer token",
+		},
+		{
+			name:   "normal",
+			appCtx: context.WithValue(ctx, bearerTokenKey, token),
+		},
+	}
+
+	for _, tt := range cases {
+		t.Run(tt.name, func(t *testing.T) {
+			tkn, err := LoadBearerToken(tt.appCtx)
+
+			if tt.error == "" {
+				require.NoError(t, err)
+				require.Equal(t, token, tkn)
+
+				return
+			}
+
+			require.Contains(t, err.Error(), tt.error)
+		})
+	}
+}
+
+func TestStoreBearerTokenAppCtx(t *testing.T) {
+	key, err := keys.NewPrivateKey()
+	require.NoError(t, err)
+	var uid user.ID
+	user.IDFromKey(&uid, key.PrivateKey.PublicKey)
+
+	tkn := new(bearer.Token)
+	tkn.ForUser(uid)
+
+	t64 := base64.StdEncoding.EncodeToString(tkn.Marshal())
+	require.NotEmpty(t, t64)
+
+	cases := []struct {
+		name  string
+		req   *fasthttp.RequestCtx
+		error string
+	}{
+		{
+			name:  "invalid token",
+			req:   makeTestRequest("dGVzdAo=", ""),
+			error: "can't unmarshal bearer token",
+		},
+		{
+			name: "normal",
+			req:  makeTestRequest(t64, ""),
+		},
+	}
+
+	for _, tt := range cases {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx, err := StoreBearerTokenAppCtx(context.Background(), tt.req)
+
+			if tt.error == "" {
+				require.NoError(t, err)
+				actualToken, ok := ctx.Value(bearerTokenKey).(*bearer.Token)
+				require.True(t, ok)
+				require.Equal(t, tkn, actualToken)
+
+				return
+			}
+
+			require.Contains(t, err.Error(), tt.error)
+		})
+	}
+}

tree/tree.go

@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"strings"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/api"
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/api"
+	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/internal/api/layer"
 	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
 )
@@ -73,6 +73,7 @@ type Meta interface {
 
 type NodeResponse interface {
 	GetMeta() []Meta
+	GetTimestamp() uint64
 }
 
 func newTreeNode(nodeInfo NodeResponse) (*treeNode, error) {
@@ -135,7 +136,7 @@ func (c *Tree) GetLatestVersion(ctx context.Context, cnrID *cid.ID, objectName s
 		TreeID:     versionTree,
 		Path:       path,
 		Meta:       meta,
-		LatestOnly: true,
+		LatestOnly: false,
 		AllAttrs:   false,
 	}
 	nodes, err := c.service.GetNodes(ctx, p)
@@ -143,11 +144,43 @@ func (c *Tree) GetLatestVersion(ctx context.Context, cnrID *cid.ID, objectName s
 		return nil, err
 	}
 
-	if len(nodes) == 0 {
+	latestNode, err := getLatestNode(nodes)
+	if err != nil {
+		return nil, err
+	}
+
+	return newNodeVersion(latestNode)
+}
+
+func getLatestNode(nodes []NodeResponse) (NodeResponse, error) {
+	var (
+		maxCreationTime uint64
+		targetIndexNode = -1
+	)
+
+	for i, node := range nodes {
+		currentCreationTime := node.GetTimestamp()
+		if checkExistOID(node.GetMeta()) && currentCreationTime > maxCreationTime {
+			maxCreationTime = currentCreationTime
+			targetIndexNode = i
+		}
+	}
+
+	if targetIndexNode == -1 {
 		return nil, layer.ErrNodeNotFound
 	}
 
-	return newNodeVersion(nodes[0])
+	return nodes[targetIndexNode], nil
+}
+
+func checkExistOID(meta []Meta) bool {
+	for _, kv := range meta {
+		if kv.GetKey() == "OID" {
+			return true
+		}
+	}
+
+	return false
 }
 
 // pathFromName splits name by '/'.

tree/tree_test.go

@@ -0,0 +1,143 @@
+package tree
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+type nodeMeta struct {
+	key   string
+	value []byte
+}
+
+func (m nodeMeta) GetKey() string {
+	return m.key
+}
+
+func (m nodeMeta) GetValue() []byte {
+	return m.value
+}
+
+type nodeResponse struct {
+	meta      []nodeMeta
+	timestamp uint64
+}
+
+func (n nodeResponse) GetTimestamp() uint64 {
+	return n.timestamp
+}
+
+func (n nodeResponse) GetMeta() []Meta {
+	res := make([]Meta, len(n.meta))
+	for i, value := range n.meta {
+		res[i] = value
+	}
+	return res
+}
+
+func TestGetLatestNode(t *testing.T) {
+	for _, tc := range []struct {
+		name        string
+		nodes       []NodeResponse
+		exceptedOID string
+		error       bool
+	}{
+		{
+			name:  "empty",
+			nodes: []NodeResponse{},
+			error: true,
+		},
+		{
+			name: "one node of the object version",
+			nodes: []NodeResponse{
+				nodeResponse{
+					timestamp: 1,
+					meta: []nodeMeta{
+						{
+							key:   oidKV,
+							value: []byte("oid1"),
+						},
+					},
+				},
+			},
+			exceptedOID: "oid1",
+		},
+		{
+			name: "one node of the object version and one node of the secondary object",
+			nodes: []NodeResponse{
+				nodeResponse{
+					timestamp: 3,
+					meta:      []nodeMeta{},
+				},
+				nodeResponse{
+					timestamp: 1,
+					meta: []nodeMeta{
+						{
+							key:   oidKV,
+							value: []byte("oid1"),
+						},
+					},
+				},
+			},
+			exceptedOID: "oid1",
+		},
+		{
+			name: "all nodes represent a secondary object",
+			nodes: []NodeResponse{
+				nodeResponse{
+					timestamp: 3,
+					meta:      []nodeMeta{},
+				},
+				nodeResponse{
+					timestamp: 5,
+					meta:      []nodeMeta{},
+				},
+			},
+			error: true,
+		},
+		{
+			name: "several nodes of different types and with different timestamp",
+			nodes: []NodeResponse{
+				nodeResponse{
+					timestamp: 1,
+					meta: []nodeMeta{
+						{
+							key:   oidKV,
+							value: []byte("oid1"),
+						},
+					},
+				},
+				nodeResponse{
+					timestamp: 3,
+					meta:      []nodeMeta{},
+				},
+				nodeResponse{
+					timestamp: 4,
+					meta: []nodeMeta{
+						{
+							key:   oidKV,
+							value: []byte("oid2"),
+						},
+					},
+				},
+				nodeResponse{
+					timestamp: 6,
+					meta:      []nodeMeta{},
+				},
+			},
+			exceptedOID: "oid2",
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			actualNode, err := getLatestNode(tc.nodes)
+			if tc.error {
+				require.Error(t, err)
+				return
+			}
+
+			require.NoError(t, err)
+			require.Equal(t, tc.exceptedOID, string(actualNode.GetMeta()[0].GetValue()))
+		})
+	}
+}

utils/attributes.go

@@ -11,10 +11,18 @@ import (
 	"time"
 	"unicode"
 	"unicode/utf8"
-
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
 )
 
+type EpochDurations struct {
+	CurrentEpoch  uint64
+	MsPerBlock    int64
+	BlockPerEpoch uint64
+}
+
+type EpochInfoFetcher interface {
+	GetEpochDurations(context.Context) (*EpochDurations, error)
+}
+
 const (
 	UserAttributeHeaderPrefix = "X-Attribute-"
 )
@@ -151,7 +159,7 @@ func title(str string) string {
 	return string(r0) + str[size:]
 }
 
-func PrepareExpirationHeader(ctx context.Context, p *pool.Pool, headers map[string]string, now time.Time) error {
+func PrepareExpirationHeader(ctx context.Context, epochFetcher EpochInfoFetcher, headers map[string]string, now time.Time) error {
 	formatsNum := 0
 	index := -1
 	for i, transformer := range transformers {
@@ -165,7 +173,7 @@ func PrepareExpirationHeader(ctx context.Context, p *pool.Pool, headers map[stri
 	case 0:
 		return nil
 	case 1:
-		epochDuration, err := GetEpochDurations(ctx, p)
+		epochDuration, err := epochFetcher.GetEpochDurations(ctx)
 		if err != nil {
 			return fmt.Errorf("couldn't get epoch durations from network info: %w", err)
 		}

utils/params.go

@@ -1,15 +0,0 @@
-package utils
-
-import (
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/user"
-	"go.uber.org/zap"
-)
-
-type AppParams struct {
-	Logger   *zap.Logger
-	Pool     *pool.Pool
-	Owner    *user.ID
-	Resolver *resolver.ContainerResolver
-}

utils/tracing.go

@@ -30,12 +30,12 @@ func (c *httpCarrier) Set(key string, value string) {
 func (c *httpCarrier) Keys() []string {
 	dict := make(map[string]interface{})
 	c.r.Request.Header.VisitAll(
-		func(key, value []byte) {
+		func(key, _ []byte) {
 			dict[string(key)] = true
 		},
 	)
 	c.r.Response.Header.VisitAll(
-		func(key, value []byte) {
+		func(key, _ []byte) {
 			dict[string(key)] = true
 		},
 	)

utils/util.go

@@ -2,49 +2,10 @@ package utils
 
 import (
 	"context"
-	"fmt"
 
-	"git.frostfs.info/TrueCloudLab/frostfs-http-gw/resolver"
-	cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
-	"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
 	"github.com/valyala/fasthttp"
 )
 
-// GetContainerID decode container id, if it's not a valid container id
-// then trey to resolve name using provided resolver.
-func GetContainerID(ctx context.Context, containerID string, resolver *resolver.ContainerResolver) (*cid.ID, error) {
-	cnrID := new(cid.ID)
-	err := cnrID.DecodeString(containerID)
-	if err != nil {
-		cnrID, err = resolver.Resolve(ctx, containerID)
-	}
-	return cnrID, err
-}
-
-type EpochDurations struct {
-	CurrentEpoch  uint64
-	MsPerBlock    int64
-	BlockPerEpoch uint64
-}
-
-func GetEpochDurations(ctx context.Context, p *pool.Pool) (*EpochDurations, error) {
-	networkInfo, err := p.NetworkInfo(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	res := &EpochDurations{
-		CurrentEpoch:  networkInfo.CurrentEpoch(),
-		MsPerBlock:    networkInfo.MsPerBlock(),
-		BlockPerEpoch: networkInfo.EpochDuration(),
-	}
-
-	if res.BlockPerEpoch == 0 {
-		return nil, fmt.Errorf("EpochDuration is empty")
-	}
-	return res, nil
-}
-
 // SetContextToRequest adds new context to fasthttp request.
 func SetContextToRequest(ctx context.Context, c *fasthttp.RequestCtx) {
 	c.SetUserValue("context", ctx)