forked from TrueCloudLab/frostfs-node
[#247] object/eacl: Use object ID from session token context
Signed-off-by: Leonard Lyubich <leonard@nspcc.ru>
This commit is contained in:
parent
168dcbdccd
commit
8654458b19
2 changed files with 65 additions and 21 deletions
pkg/services/object/acl
|
@ -143,9 +143,11 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
|
|||
return err
|
||||
}
|
||||
|
||||
sTok := request.GetMetaHeader().GetSessionToken()
|
||||
|
||||
req := metaWithToken{
|
||||
vheader: request.GetVerificationHeader(),
|
||||
token: request.GetMetaHeader().GetSessionToken(),
|
||||
token: sTok,
|
||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
||||
}
|
||||
|
||||
|
@ -155,6 +157,7 @@ func (b Service) Get(request *object.GetRequest, stream objectSvc.GetObjectStrea
|
|||
}
|
||||
|
||||
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
||||
useObjectIDFromSession(&reqInfo, sTok)
|
||||
|
||||
if !basicACLCheck(reqInfo) {
|
||||
return basicACLErr(reqInfo)
|
||||
|
@ -188,9 +191,11 @@ func (b Service) Head(
|
|||
return nil, err
|
||||
}
|
||||
|
||||
sTok := request.GetMetaHeader().GetSessionToken()
|
||||
|
||||
req := metaWithToken{
|
||||
vheader: request.GetVerificationHeader(),
|
||||
token: request.GetMetaHeader().GetSessionToken(),
|
||||
token: sTok,
|
||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
||||
}
|
||||
|
||||
|
@ -200,6 +205,7 @@ func (b Service) Head(
|
|||
}
|
||||
|
||||
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
||||
useObjectIDFromSession(&reqInfo, sTok)
|
||||
|
||||
if !basicACLCheck(reqInfo) {
|
||||
return nil, basicACLErr(reqInfo)
|
||||
|
@ -260,9 +266,11 @@ func (b Service) Delete(
|
|||
return nil, err
|
||||
}
|
||||
|
||||
sTok := request.GetMetaHeader().GetSessionToken()
|
||||
|
||||
req := metaWithToken{
|
||||
vheader: request.GetVerificationHeader(),
|
||||
token: request.GetMetaHeader().GetSessionToken(),
|
||||
token: sTok,
|
||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
||||
}
|
||||
|
||||
|
@ -272,6 +280,7 @@ func (b Service) Delete(
|
|||
}
|
||||
|
||||
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
||||
useObjectIDFromSession(&reqInfo, sTok)
|
||||
|
||||
if !basicACLCheck(reqInfo) {
|
||||
return nil, basicACLErr(reqInfo)
|
||||
|
@ -288,9 +297,11 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
|
|||
return err
|
||||
}
|
||||
|
||||
sTok := request.GetMetaHeader().GetSessionToken()
|
||||
|
||||
req := metaWithToken{
|
||||
vheader: request.GetVerificationHeader(),
|
||||
token: request.GetMetaHeader().GetSessionToken(),
|
||||
token: sTok,
|
||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
||||
}
|
||||
|
||||
|
@ -300,6 +311,7 @@ func (b Service) GetRange(request *object.GetRangeRequest, stream objectSvc.GetO
|
|||
}
|
||||
|
||||
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
||||
useObjectIDFromSession(&reqInfo, sTok)
|
||||
|
||||
if !basicACLCheck(reqInfo) {
|
||||
return basicACLErr(reqInfo)
|
||||
|
@ -323,9 +335,11 @@ func (b Service) GetRangeHash(
|
|||
return nil, err
|
||||
}
|
||||
|
||||
sTok := request.GetMetaHeader().GetSessionToken()
|
||||
|
||||
req := metaWithToken{
|
||||
vheader: request.GetVerificationHeader(),
|
||||
token: request.GetMetaHeader().GetSessionToken(),
|
||||
token: sTok,
|
||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
||||
}
|
||||
|
||||
|
@ -335,6 +349,7 @@ func (b Service) GetRangeHash(
|
|||
}
|
||||
|
||||
reqInfo.oid = getObjectIDFromRequestBody(request.GetBody())
|
||||
useObjectIDFromSession(&reqInfo, sTok)
|
||||
|
||||
if !basicACLCheck(reqInfo) {
|
||||
return nil, basicACLErr(reqInfo)
|
||||
|
@ -363,9 +378,11 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
|
|||
return err
|
||||
}
|
||||
|
||||
sTok := part.GetHeader().GetSessionToken()
|
||||
|
||||
req := metaWithToken{
|
||||
vheader: request.GetVerificationHeader(),
|
||||
token: part.GetHeader().GetSessionToken(),
|
||||
token: sTok,
|
||||
bearer: request.GetMetaHeader().GetBearerToken(),
|
||||
}
|
||||
|
||||
|
@ -375,6 +392,7 @@ func (p putStreamBasicChecker) Send(request *object.PutRequest) error {
|
|||
}
|
||||
|
||||
reqInfo.oid = getObjectIDFromRequestBody(part)
|
||||
useObjectIDFromSession(&reqInfo, sTok)
|
||||
|
||||
if !basicACLCheck(reqInfo) || !stickyBitCheck(reqInfo, ownerID) {
|
||||
return basicACLErr(reqInfo)
|
||||
|
@ -484,6 +502,21 @@ func getContainerIDFromRequest(req interface{}) (id *container.ID, err error) {
|
|||
}
|
||||
}
|
||||
|
||||
func useObjectIDFromSession(req *requestInfo, token *session.SessionToken) {
|
||||
if token == nil {
|
||||
return
|
||||
}
|
||||
|
||||
objCtx, ok := token.GetBody().GetContext().(*session.ObjectSessionContext)
|
||||
if !ok {
|
||||
return
|
||||
}
|
||||
|
||||
req.oid = objectSDK.NewIDFromV2(
|
||||
objCtx.GetAddress().GetObjectID(),
|
||||
)
|
||||
}
|
||||
|
||||
func getObjectIDFromRequestBody(body interface{}) *objectSDK.ID {
|
||||
switch v := body.(type) {
|
||||
default:
|
||||
|
|
|
@ -64,7 +64,7 @@ func (h *headerSource) HeadersOfType(typ eaclSDK.FilterHeaderType) ([]eacl.Heade
|
|||
case eaclSDK.HeaderFromRequest:
|
||||
return requestHeaders(h.msg), true
|
||||
case eaclSDK.HeaderFromObject:
|
||||
return h.objectHeaders(), true
|
||||
return h.objectHeaders()
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -80,7 +80,7 @@ func requestHeaders(msg xHeaderSource) []eacl.Header {
|
|||
return res
|
||||
}
|
||||
|
||||
func (h *headerSource) objectHeaders() []eacl.Header {
|
||||
func (h *headerSource) objectHeaders() ([]eacl.Header, bool) {
|
||||
switch m := h.msg.(type) {
|
||||
default:
|
||||
panic(fmt.Sprintf("unexpected message type %T", h.msg))
|
||||
|
@ -89,39 +89,50 @@ func (h *headerSource) objectHeaders() []eacl.Header {
|
|||
case *objectV2.GetRequest:
|
||||
return h.localObjectHeaders(req.GetBody().GetAddress())
|
||||
case *objectV2.DeleteRequest:
|
||||
return h.localObjectHeaders(req.GetBody().GetAddress())
|
||||
hs, _ := h.localObjectHeaders(req.GetBody().GetAddress())
|
||||
return hs, true
|
||||
case *objectV2.HeadRequest:
|
||||
return h.localObjectHeaders(req.GetBody().GetAddress())
|
||||
case *objectV2.GetRangeRequest:
|
||||
return h.localObjectHeaders(req.GetBody().GetAddress())
|
||||
hs, _ := h.localObjectHeaders(req.GetBody().GetAddress())
|
||||
return hs, true
|
||||
case *objectV2.GetRangeHashRequest:
|
||||
return h.localObjectHeaders(req.GetBody().GetAddress())
|
||||
hs, _ := h.localObjectHeaders(req.GetBody().GetAddress())
|
||||
return hs, true
|
||||
case *objectV2.PutRequest:
|
||||
if v, ok := req.GetBody().GetObjectPart().(*objectV2.PutObjectPartInit); ok {
|
||||
oV2 := new(objectV2.Object)
|
||||
oV2.SetObjectID(v.GetObjectID())
|
||||
oV2.SetHeader(v.GetHeader())
|
||||
|
||||
return headersFromObject(object.NewFromV2(oV2))
|
||||
hs := headersFromObject(object.NewFromV2(oV2))
|
||||
if tok := oV2.GetHeader().GetSessionToken(); tok != nil {
|
||||
objCtx, ok := tok.GetBody().GetContext().(*session.ObjectSessionContext)
|
||||
if ok {
|
||||
hs = append(hs, addressHeaders(objectSDK.NewAddressFromV2(objCtx.GetAddress()))...)
|
||||
}
|
||||
}
|
||||
|
||||
return hs, true
|
||||
}
|
||||
case *objectV2.SearchRequest:
|
||||
return []eacl.Header{cidHeader(
|
||||
container.NewIDFromV2(
|
||||
req.GetBody().GetContainerID()),
|
||||
),
|
||||
}
|
||||
)}, true
|
||||
}
|
||||
case *responseXHeaderSource:
|
||||
switch resp := m.resp.(type) {
|
||||
default:
|
||||
return h.localObjectHeaders(m.addr)
|
||||
hs, _ := h.localObjectHeaders(m.addr)
|
||||
return hs, true
|
||||
case *objectV2.GetResponse:
|
||||
if v, ok := resp.GetBody().GetObjectPart().(*objectV2.GetObjectPartInit); ok {
|
||||
oV2 := new(objectV2.Object)
|
||||
oV2.SetObjectID(v.GetObjectID())
|
||||
oV2.SetHeader(v.GetHeader())
|
||||
|
||||
return headersFromObject(object.NewFromV2(oV2))
|
||||
return headersFromObject(object.NewFromV2(oV2)), true
|
||||
}
|
||||
case *objectV2.HeadResponse:
|
||||
oV2 := new(objectV2.Object)
|
||||
|
@ -147,22 +158,22 @@ func (h *headerSource) objectHeaders() []eacl.Header {
|
|||
return append(
|
||||
headersFromObject(object.NewFromV2(oV2)),
|
||||
oidHeader(objectSDK.NewIDFromV2(m.addr.GetObjectID())),
|
||||
)
|
||||
), true
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
return nil, true
|
||||
}
|
||||
|
||||
func (h *headerSource) localObjectHeaders(addrV2 *refs.Address) []eacl.Header {
|
||||
func (h *headerSource) localObjectHeaders(addrV2 *refs.Address) ([]eacl.Header, bool) {
|
||||
addr := objectSDK.NewAddressFromV2(addrV2)
|
||||
|
||||
obj, err := h.storage.Head(addr)
|
||||
if err == nil {
|
||||
return headersFromObject(obj)
|
||||
return append(headersFromObject(obj), addressHeaders(addr)...), true
|
||||
}
|
||||
|
||||
return addressHeaders(addr)
|
||||
return addressHeaders(addr), false
|
||||
}
|
||||
|
||||
func cidHeader(cid *container.ID) eacl.Header {
|
||||
|
|
Loading…
Reference in a new issue