From feaea15aa7cd87acda2019df197769f4c0ab14ed Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Thu, 6 Oct 2022 17:40:14 +0300 Subject: [PATCH] [#73] Add missed CORS Allow X-Bearer-For-All-Users, X-Bearer-Lifetime headers. Add CORS to /auth/bearer route. Signed-off-by: Denis Kirillov --- gen/restapi/embedded_spec.go | 34 ++++++++ gen/restapi/operations/neofs_rest_gw_api.go | 12 +++ gen/restapi/operations/options_auth_bearer.go | 56 +++++++++++++ .../options_auth_bearer_parameters.go | 46 +++++++++++ .../options_auth_bearer_responses.go | 80 +++++++++++++++++++ handlers/api.go | 1 + handlers/preflight.go | 8 +- spec/rest.yaml | 11 +++ 8 files changed, 247 insertions(+), 1 deletion(-) create mode 100644 gen/restapi/operations/options_auth_bearer.go create mode 100644 gen/restapi/operations/options_auth_bearer_parameters.go create mode 100644 gen/restapi/operations/options_auth_bearer_responses.go diff --git a/gen/restapi/embedded_spec.go b/gen/restapi/embedded_spec.go index 5e6df36..88a6337 100644 --- a/gen/restapi/embedded_spec.go +++ b/gen/restapi/embedded_spec.go @@ -193,6 +193,23 @@ func init() { } } } + }, + "options": { + "security": [], + "operationId": "optionsAuthBearer", + "responses": { + "200": { + "description": "CORS", + "headers": { + "Access-Control-Allow-Headers": { + "type": "string" + }, + "Access-Control-Allow-Origin": { + "type": "string" + } + } + } + } } }, "/containers": { @@ -1822,6 +1839,23 @@ func init() { } } } + }, + "options": { + "security": [], + "operationId": "optionsAuthBearer", + "responses": { + "200": { + "description": "CORS", + "headers": { + "Access-Control-Allow-Headers": { + "type": "string" + }, + "Access-Control-Allow-Origin": { + "type": "string" + } + } + } + } } }, "/containers": { diff --git a/gen/restapi/operations/neofs_rest_gw_api.go b/gen/restapi/operations/neofs_rest_gw_api.go index 26253d6..a99480a 100644 --- a/gen/restapi/operations/neofs_rest_gw_api.go +++ b/gen/restapi/operations/neofs_rest_gw_api.go @@ -74,6 +74,9 @@ func NewNeofsRestGwAPI(spec *loads.Document) *NeofsRestGwAPI { OptionsAuthHandler: OptionsAuthHandlerFunc(func(params OptionsAuthParams) middleware.Responder { return middleware.NotImplemented("operation OptionsAuth has not yet been implemented") }), + OptionsAuthBearerHandler: OptionsAuthBearerHandlerFunc(func(params OptionsAuthBearerParams) middleware.Responder { + return middleware.NotImplemented("operation OptionsAuthBearer has not yet been implemented") + }), OptionsContainersEACLHandler: OptionsContainersEACLHandlerFunc(func(params OptionsContainersEACLParams) middleware.Responder { return middleware.NotImplemented("operation OptionsContainersEACL has not yet been implemented") }), @@ -174,6 +177,8 @@ type NeofsRestGwAPI struct { ListContainersHandler ListContainersHandler // OptionsAuthHandler sets the operation handler for the options auth operation OptionsAuthHandler OptionsAuthHandler + // OptionsAuthBearerHandler sets the operation handler for the options auth bearer operation + OptionsAuthBearerHandler OptionsAuthBearerHandler // OptionsContainersEACLHandler sets the operation handler for the options containers e ACL operation OptionsContainersEACLHandler OptionsContainersEACLHandler // OptionsContainersGetDeleteHandler sets the operation handler for the options containers get delete operation @@ -305,6 +310,9 @@ func (o *NeofsRestGwAPI) Validate() error { if o.OptionsAuthHandler == nil { unregistered = append(unregistered, "OptionsAuthHandler") } + if o.OptionsAuthBearerHandler == nil { + unregistered = append(unregistered, "OptionsAuthBearerHandler") + } if o.OptionsContainersEACLHandler == nil { unregistered = append(unregistered, "OptionsContainersEACLHandler") } @@ -477,6 +485,10 @@ func (o *NeofsRestGwAPI) initHandlerCache() { if o.handlers["OPTIONS"] == nil { o.handlers["OPTIONS"] = make(map[string]http.Handler) } + o.handlers["OPTIONS"]["/auth/bearer"] = NewOptionsAuthBearer(o.context, o.OptionsAuthBearerHandler) + if o.handlers["OPTIONS"] == nil { + o.handlers["OPTIONS"] = make(map[string]http.Handler) + } o.handlers["OPTIONS"]["/containers/{containerId}/eacl"] = NewOptionsContainersEACL(o.context, o.OptionsContainersEACLHandler) if o.handlers["OPTIONS"] == nil { o.handlers["OPTIONS"] = make(map[string]http.Handler) diff --git a/gen/restapi/operations/options_auth_bearer.go b/gen/restapi/operations/options_auth_bearer.go new file mode 100644 index 0000000..211ce37 --- /dev/null +++ b/gen/restapi/operations/options_auth_bearer.go @@ -0,0 +1,56 @@ +// Code generated by go-swagger; DO NOT EDIT. + +package operations + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the generate command + +import ( + "net/http" + + "github.com/go-openapi/runtime/middleware" +) + +// OptionsAuthBearerHandlerFunc turns a function with the right signature into a options auth bearer handler +type OptionsAuthBearerHandlerFunc func(OptionsAuthBearerParams) middleware.Responder + +// Handle executing the request and returning a response +func (fn OptionsAuthBearerHandlerFunc) Handle(params OptionsAuthBearerParams) middleware.Responder { + return fn(params) +} + +// OptionsAuthBearerHandler interface for that can handle valid options auth bearer params +type OptionsAuthBearerHandler interface { + Handle(OptionsAuthBearerParams) middleware.Responder +} + +// NewOptionsAuthBearer creates a new http.Handler for the options auth bearer operation +func NewOptionsAuthBearer(ctx *middleware.Context, handler OptionsAuthBearerHandler) *OptionsAuthBearer { + return &OptionsAuthBearer{Context: ctx, Handler: handler} +} + +/* OptionsAuthBearer swagger:route OPTIONS /auth/bearer optionsAuthBearer + +OptionsAuthBearer options auth bearer API + +*/ +type OptionsAuthBearer struct { + Context *middleware.Context + Handler OptionsAuthBearerHandler +} + +func (o *OptionsAuthBearer) ServeHTTP(rw http.ResponseWriter, r *http.Request) { + route, rCtx, _ := o.Context.RouteInfo(r) + if rCtx != nil { + *r = *rCtx + } + var Params = NewOptionsAuthBearerParams() + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + + res := o.Handler.Handle(Params) // actually handle the request + o.Context.Respond(rw, r, route.Produces, route, res) + +} diff --git a/gen/restapi/operations/options_auth_bearer_parameters.go b/gen/restapi/operations/options_auth_bearer_parameters.go new file mode 100644 index 0000000..0344a56 --- /dev/null +++ b/gen/restapi/operations/options_auth_bearer_parameters.go @@ -0,0 +1,46 @@ +// Code generated by go-swagger; DO NOT EDIT. + +package operations + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "net/http" + + "github.com/go-openapi/errors" + "github.com/go-openapi/runtime/middleware" +) + +// NewOptionsAuthBearerParams creates a new OptionsAuthBearerParams object +// +// There are no default values defined in the spec. +func NewOptionsAuthBearerParams() OptionsAuthBearerParams { + + return OptionsAuthBearerParams{} +} + +// OptionsAuthBearerParams contains all the bound params for the options auth bearer operation +// typically these are obtained from a http.Request +// +// swagger:parameters optionsAuthBearer +type OptionsAuthBearerParams struct { + + // HTTP Request Object + HTTPRequest *http.Request `json:"-"` +} + +// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface +// for simple values it will use straight method calls. +// +// To ensure default values, the struct must have been initialized with NewOptionsAuthBearerParams() beforehand. +func (o *OptionsAuthBearerParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error { + var res []error + + o.HTTPRequest = r + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} diff --git a/gen/restapi/operations/options_auth_bearer_responses.go b/gen/restapi/operations/options_auth_bearer_responses.go new file mode 100644 index 0000000..77617ba --- /dev/null +++ b/gen/restapi/operations/options_auth_bearer_responses.go @@ -0,0 +1,80 @@ +// Code generated by go-swagger; DO NOT EDIT. + +package operations + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "net/http" + + "github.com/go-openapi/runtime" +) + +// OptionsAuthBearerOKCode is the HTTP code returned for type OptionsAuthBearerOK +const OptionsAuthBearerOKCode int = 200 + +/*OptionsAuthBearerOK CORS + +swagger:response optionsAuthBearerOK +*/ +type OptionsAuthBearerOK struct { + /* + + */ + AccessControlAllowHeaders string `json:"Access-Control-Allow-Headers"` + /* + + */ + AccessControlAllowOrigin string `json:"Access-Control-Allow-Origin"` +} + +// NewOptionsAuthBearerOK creates OptionsAuthBearerOK with default headers values +func NewOptionsAuthBearerOK() *OptionsAuthBearerOK { + + return &OptionsAuthBearerOK{} +} + +// WithAccessControlAllowHeaders adds the accessControlAllowHeaders to the options auth bearer o k response +func (o *OptionsAuthBearerOK) WithAccessControlAllowHeaders(accessControlAllowHeaders string) *OptionsAuthBearerOK { + o.AccessControlAllowHeaders = accessControlAllowHeaders + return o +} + +// SetAccessControlAllowHeaders sets the accessControlAllowHeaders to the options auth bearer o k response +func (o *OptionsAuthBearerOK) SetAccessControlAllowHeaders(accessControlAllowHeaders string) { + o.AccessControlAllowHeaders = accessControlAllowHeaders +} + +// WithAccessControlAllowOrigin adds the accessControlAllowOrigin to the options auth bearer o k response +func (o *OptionsAuthBearerOK) WithAccessControlAllowOrigin(accessControlAllowOrigin string) *OptionsAuthBearerOK { + o.AccessControlAllowOrigin = accessControlAllowOrigin + return o +} + +// SetAccessControlAllowOrigin sets the accessControlAllowOrigin to the options auth bearer o k response +func (o *OptionsAuthBearerOK) SetAccessControlAllowOrigin(accessControlAllowOrigin string) { + o.AccessControlAllowOrigin = accessControlAllowOrigin +} + +// WriteResponse to the client +func (o *OptionsAuthBearerOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { + + // response header Access-Control-Allow-Headers + + accessControlAllowHeaders := o.AccessControlAllowHeaders + if accessControlAllowHeaders != "" { + rw.Header().Set("Access-Control-Allow-Headers", accessControlAllowHeaders) + } + + // response header Access-Control-Allow-Origin + + accessControlAllowOrigin := o.AccessControlAllowOrigin + if accessControlAllowOrigin != "" { + rw.Header().Set("Access-Control-Allow-Origin", accessControlAllowOrigin) + } + + rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses + + rw.WriteHeader(200) +} diff --git a/handlers/api.go b/handlers/api.go index 0721b11..14d5b08 100644 --- a/handlers/api.go +++ b/handlers/api.go @@ -100,6 +100,7 @@ func (a *API) Configure(api *operations.NeofsRestGwAPI) http.Handler { api.OptionsAuthHandler = operations.OptionsAuthHandlerFunc(a.OptionsAuth) api.AuthHandler = operations.AuthHandlerFunc(a.PostAuth) + api.OptionsAuthBearerHandler = operations.OptionsAuthBearerHandlerFunc(a.OptionsAuthBearer) api.FormBinaryBearerHandler = operations.FormBinaryBearerHandlerFunc(a.FormBinaryBearer) api.GetBalanceHandler = operations.GetBalanceHandlerFunc(a.Balance) diff --git a/handlers/preflight.go b/handlers/preflight.go index 6f01219..0201fba 100644 --- a/handlers/preflight.go +++ b/handlers/preflight.go @@ -8,7 +8,7 @@ import ( const ( allOrigins = "*" allowMethods = "PUT, DELETE" - allowHeaders = "X-Bearer-Owner-Id, X-Bearer-Signature, X-Bearer-Signature-Key, Content-Type, Authorization" + allowHeaders = "X-Bearer-For-All-Users, X-Bearer-Lifetime, X-Bearer-Owner-Id, X-Bearer-Signature, X-Bearer-Signature-Key, Content-Type, Authorization" ) func (a *API) OptionsAuth(operations.OptionsAuthParams) middleware.Responder { @@ -17,6 +17,12 @@ func (a *API) OptionsAuth(operations.OptionsAuthParams) middleware.Responder { WithAccessControlAllowHeaders(allowHeaders) } +func (a *API) OptionsAuthBearer(operations.OptionsAuthBearerParams) middleware.Responder { + return operations.NewOptionsAuthBearerOK(). + WithAccessControlAllowOrigin(allOrigins). + WithAccessControlAllowHeaders(allowHeaders) +} + func (a *API) OptionsObjectSearch(operations.OptionsObjectsSearchParams) middleware.Responder { return operations.NewOptionsObjectsSearchOK(). WithAccessControlAllowOrigin(allOrigins). diff --git a/spec/rest.yaml b/spec/rest.yaml index 5c8fb29..704dddb 100644 --- a/spec/rest.yaml +++ b/spec/rest.yaml @@ -118,6 +118,17 @@ paths: $ref: '#/definitions/ErrorResponse' /auth/bearer: + options: + operationId: optionsAuthBearer + security: [ ] + responses: + 200: + description: CORS + headers: + Access-Control-Allow-Origin: + type: string + Access-Control-Allow-Headers: + type: string get: operationId: formBinaryBearer summary: Form binary bearer token