2022-05-04 12:29:11 +00:00
|
|
|
package authmate
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
|
|
|
|
2023-03-07 14:38:08 +00:00
|
|
|
apisession "git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
|
2023-09-26 11:26:33 +00:00
|
|
|
cid "git.frostfs.info/mbiryukova/frostfs-sdk-go/container/id"
|
|
|
|
"git.frostfs.info/mbiryukova/frostfs-sdk-go/session"
|
2022-05-04 12:29:11 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type (
|
|
|
|
sessionTokenModel struct {
|
|
|
|
Verb string `json:"verb"`
|
|
|
|
ContainerID string `json:"ContainerID"`
|
|
|
|
}
|
|
|
|
|
|
|
|
sessionTokenContext struct {
|
|
|
|
verb session.ContainerVerb
|
2022-06-27 09:08:26 +00:00
|
|
|
containerID cid.ID
|
2022-05-04 12:29:11 +00:00
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
func (c *sessionTokenContext) UnmarshalJSON(data []byte) (err error) {
|
|
|
|
var m sessionTokenModel
|
|
|
|
|
|
|
|
if err = json.Unmarshal(data, &m); err != nil {
|
2022-06-22 19:40:52 +00:00
|
|
|
return fmt.Errorf("unmarshal session token context: %w", err)
|
2022-05-04 12:29:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
switch m.Verb {
|
|
|
|
case apisession.ContainerVerbPut.String():
|
|
|
|
c.verb = session.VerbContainerPut
|
|
|
|
case apisession.ContainerVerbSetEACL.String():
|
|
|
|
c.verb = session.VerbContainerSetEACL
|
|
|
|
case apisession.ContainerVerbDelete.String():
|
|
|
|
c.verb = session.VerbContainerDelete
|
|
|
|
default:
|
|
|
|
return fmt.Errorf("unknown container token verb %s", m.Verb)
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(m.ContainerID) > 0 {
|
|
|
|
return c.containerID.DecodeString(m.ContainerID)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func buildContext(rules []byte) ([]sessionTokenContext, error) {
|
|
|
|
var sessionCtxs []sessionTokenContext
|
|
|
|
|
|
|
|
if len(rules) != 0 {
|
|
|
|
err := json.Unmarshal(rules, &sessionCtxs)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("failed to unmarshal rules for session token: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var (
|
|
|
|
containsPut = false
|
|
|
|
containsSetEACL = false
|
|
|
|
)
|
|
|
|
for _, d := range sessionCtxs {
|
|
|
|
if d.verb == session.VerbContainerPut {
|
|
|
|
containsPut = true
|
|
|
|
} else if d.verb == session.VerbContainerSetEACL {
|
|
|
|
containsSetEACL = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if containsPut && !containsSetEACL {
|
|
|
|
sessionCtxs = append(sessionCtxs, sessionTokenContext{
|
|
|
|
verb: session.VerbContainerSetEACL,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
return sessionCtxs, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return []sessionTokenContext{
|
|
|
|
{verb: session.VerbContainerPut},
|
|
|
|
{verb: session.VerbContainerDelete},
|
|
|
|
{verb: session.VerbContainerSetEACL},
|
|
|
|
}, nil
|
|
|
|
}
|