From 2bcc0051ab1cc073f0b5f4d81494c3c1a3ef9503 Mon Sep 17 00:00:00 2001 From: Leonard Lyubich Date: Wed, 25 May 2022 19:09:12 +0300 Subject: [PATCH] [#1423] session: Get session issuer from token structure Signed-off-by: Leonard Lyubich --- go.mod | 2 +- go.sum | 4 ++-- pkg/services/object/acl/v2/util.go | 18 ++++------------ pkg/services/object/delete/exec.go | 16 ++++++++------- pkg/services/object/get/exec.go | 4 +--- pkg/services/object/put/remote.go | 4 +--- pkg/services/object/put/streamer.go | 4 +--- pkg/services/object/search/util.go | 4 +--- pkg/services/object/util/prm.go | 32 ++++------------------------- 9 files changed, 24 insertions(+), 64 deletions(-) diff --git a/go.mod b/go.mod index b8794579c..78c1bf644 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20220321144137-d5a9af5860af // indirect github.com/nspcc-dev/neofs-api-go/v2 v2.12.1 github.com/nspcc-dev/neofs-contract v0.15.1 - github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220525080251-1f7fe6864d34 + github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220526065457-bef4618cd6b9 github.com/nspcc-dev/tzhash v1.5.2 github.com/panjf2000/ants/v2 v2.4.0 github.com/paulmach/orb v0.2.2 diff --git a/go.sum b/go.sum index 2f85e764b..20a826f66 100644 --- a/go.sum +++ b/go.sum @@ -407,8 +407,8 @@ github.com/nspcc-dev/neofs-crypto v0.3.0 h1:zlr3pgoxuzrmGCxc5W8dGVfA9Rro8diFvVnB github.com/nspcc-dev/neofs-crypto v0.3.0/go.mod h1:8w16GEJbH6791ktVqHN9YRNH3s9BEEKYxGhlFnp0cDw= github.com/nspcc-dev/neofs-sdk-go v0.0.0-20211201182451-a5b61c4f6477/go.mod h1:dfMtQWmBHYpl9Dez23TGtIUKiFvCIxUZq/CkSIhEpz4= github.com/nspcc-dev/neofs-sdk-go v0.0.0-20220113123743-7f3162110659/go.mod h1:/jay1lr3w7NQd/VDBkEhkJmDmyPNsu4W+QV2obsUV40= -github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220525080251-1f7fe6864d34 h1:s9+ckFRFDVJfYh/QezTUE4g1JP3pyU5NaNxBfUIyGh8= -github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220525080251-1f7fe6864d34/go.mod h1:u567oWTnAyGXbPWMrbcN0NB5zCPF+PqkaKg+vcijcho= +github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220526065457-bef4618cd6b9 h1:TV2/sp/2CY7h7R2MJfU7HYDvXjKGAcOMJvpmV/w4lFk= +github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.3.0.20220526065457-bef4618cd6b9/go.mod h1:u567oWTnAyGXbPWMrbcN0NB5zCPF+PqkaKg+vcijcho= github.com/nspcc-dev/rfc6979 v0.1.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso= github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE= github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso= diff --git a/pkg/services/object/acl/v2/util.go b/pkg/services/object/acl/v2/util.go index a8b1cae52..d679a3943 100644 --- a/pkg/services/object/acl/v2/util.go +++ b/pkg/services/object/acl/v2/util.go @@ -164,29 +164,19 @@ func ownerFromToken(token *sessionSDK.Object) (*user.ID, *keys.PublicKey, error) var tokV2 sessionV2.Token token.WriteToV2(&tokV2) - ownerSessionV2 := tokV2.GetBody().GetOwnerID() - if ownerSessionV2 == nil { - return nil, nil, errors.New("missing session owner") - } - - var ownerSession user.ID - - err := ownerSession.ReadFromV2(*ownerSessionV2) - if err != nil { - return nil, nil, fmt.Errorf("invalid session token: %w", err) - } - tokenIssuerKey, err := unmarshalPublicKey(tokV2.GetSignature().GetKey()) if err != nil { return nil, nil, fmt.Errorf("invalid key in session token signature: %w", err) } - if !isOwnerFromKey(&ownerSession, tokenIssuerKey) { + tokenIssuer := token.Issuer() + + if !isOwnerFromKey(&tokenIssuer, tokenIssuerKey) { // TODO: #767 in this case we can issue all owner keys from neofs.id and check once again return nil, nil, fmt.Errorf("%w: invalid session token owner", ErrMalformedRequest) } - return &ownerSession, tokenIssuerKey, nil + return &tokenIssuer, tokenIssuerKey, nil } func originalBodySignature(v *sessionV2.RequestVerificationHeader) *refsV2.Signature { diff --git a/pkg/services/object/delete/exec.go b/pkg/services/object/delete/exec.go index 1acb3d854..cfefd8ada 100644 --- a/pkg/services/object/delete/exec.go +++ b/pkg/services/object/delete/exec.go @@ -243,18 +243,20 @@ func (exec *execCtx) initTombstoneObject() bool { return false } - tombOwnerID, ok := exec.commonParameters().SessionOwner() - if !ok { - // make local node a tombstone object owner - tombOwnerID = *exec.svc.netInfo.LocalNodeID() - } - exec.tombstoneObj = object.New() exec.tombstoneObj.SetContainerID(*exec.containerID()) - exec.tombstoneObj.SetOwnerID(&tombOwnerID) exec.tombstoneObj.SetType(object.TypeTombstone) exec.tombstoneObj.SetPayload(payload) + tokenSession := exec.commonParameters().SessionToken() + if tokenSession != nil { + issuer := tokenSession.Issuer() + exec.tombstoneObj.SetOwnerID(&issuer) + } else { + // make local node a tombstone object owner + exec.tombstoneObj.SetOwnerID(exec.svc.netInfo.LocalNodeID()) + } + var a object.Attribute a.SetKey(objectV2.SysAttributeExpEpoch) a.SetValue(strconv.FormatUint(exec.tombstone.ExpirationEpoch(), 10)) diff --git a/pkg/services/object/get/exec.go b/pkg/services/object/get/exec.go index 6a7c7afa6..1e4f20d11 100644 --- a/pkg/services/object/get/exec.go +++ b/pkg/services/object/get/exec.go @@ -109,11 +109,9 @@ func (exec execCtx) key() (*ecdsa.PrivateKey, error) { var sessionInfo *util.SessionInfo if tok := exec.prm.common.SessionToken(); tok != nil { - ownerSession, _ := exec.prm.common.SessionOwner() - sessionInfo = &util.SessionInfo{ ID: tok.ID(), - Owner: ownerSession, + Owner: tok.Issuer(), } } diff --git a/pkg/services/object/put/remote.go b/pkg/services/object/put/remote.go index ce67034f2..e76ab3a1e 100644 --- a/pkg/services/object/put/remote.go +++ b/pkg/services/object/put/remote.go @@ -51,11 +51,9 @@ func (t *remoteTarget) Close() (*transformer.AccessIdentifiers, error) { var sessionInfo *util.SessionInfo if tok := t.commonPrm.SessionToken(); tok != nil { - ownerSession, _ := t.commonPrm.SessionOwner() - sessionInfo = &util.SessionInfo{ ID: tok.ID(), - Owner: ownerSession, + Owner: tok.Issuer(), } } diff --git a/pkg/services/object/put/streamer.go b/pkg/services/object/put/streamer.go index c44843bb5..54ebd9993 100644 --- a/pkg/services/object/put/streamer.go +++ b/pkg/services/object/put/streamer.go @@ -87,11 +87,9 @@ func (p *Streamer) initTarget(prm *PutInitPrm) error { var sessionInfo *util.SessionInfo if sToken != nil { - ownerSession, _ := prm.common.SessionOwner() - sessionInfo = &util.SessionInfo{ ID: sToken.ID(), - Owner: ownerSession, + Owner: sToken.Issuer(), } } diff --git a/pkg/services/object/search/util.go b/pkg/services/object/search/util.go index eafa8f75e..5fb07f459 100644 --- a/pkg/services/object/search/util.go +++ b/pkg/services/object/search/util.go @@ -88,11 +88,9 @@ func (c *clientWrapper) searchObjects(exec *execCtx, info client.NodeInfo) ([]oi var sessionInfo *util.SessionInfo if tok := exec.prm.common.SessionToken(); tok != nil { - ownerSession, _ := exec.prm.common.SessionOwner() - sessionInfo = &util.SessionInfo{ ID: tok.ID(), - Owner: ownerSession, + Owner: tok.Issuer(), } } diff --git a/pkg/services/object/util/prm.go b/pkg/services/object/util/prm.go index 46582578a..9b577c4d4 100644 --- a/pkg/services/object/util/prm.go +++ b/pkg/services/object/util/prm.go @@ -1,14 +1,12 @@ package util import ( - "errors" "fmt" "strconv" "github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/nspcc-dev/neofs-sdk-go/bearer" sessionsdk "github.com/nspcc-dev/neofs-sdk-go/session" - "github.com/nspcc-dev/neofs-sdk-go/user" ) // maxLocalTTL is maximum TTL for an operation to be considered local. @@ -26,8 +24,6 @@ type CommonPrm struct { ttl uint32 xhdrs []string - - ownerSession user.ID } // TTL returns TTL for new requests. @@ -72,14 +68,6 @@ func (p *CommonPrm) SessionToken() *sessionsdk.Object { return nil } -func (p *CommonPrm) SessionOwner() (user.ID, bool) { - if p != nil && p.token != nil { - return p.ownerSession, true - } - - return user.ID{}, false -} - func (p *CommonPrm) BearerToken() *bearer.Token { if p != nil { return p.bearer @@ -117,19 +105,8 @@ func CommonPrmFromV2(req interface { var tokenSession *sessionsdk.Object var err error - var ownerSession user.ID if tokenSessionV2 := meta.GetSessionToken(); tokenSessionV2 != nil { - ownerSessionV2 := tokenSessionV2.GetBody().GetOwnerID() - if ownerSessionV2 == nil { - return nil, errors.New("missing session owner") - } - - err = ownerSession.ReadFromV2(*ownerSessionV2) - if err != nil { - return nil, fmt.Errorf("invalid session token: %w", err) - } - tokenSession = new(sessionsdk.Object) err = tokenSession.ReadFromV2(*tokenSessionV2) @@ -142,11 +119,10 @@ func CommonPrmFromV2(req interface { ttl := meta.GetTTL() prm := &CommonPrm{ - local: ttl <= maxLocalTTL, - token: tokenSession, - ttl: ttl - 1, // decrease TTL for new requests - xhdrs: make([]string, 0, 2*len(xHdrs)), - ownerSession: ownerSession, + local: ttl <= maxLocalTTL, + token: tokenSession, + ttl: ttl - 1, // decrease TTL for new requests + xhdrs: make([]string, 0, 2*len(xHdrs)), } if tok := meta.GetBearerToken(); tok != nil {