[#153] English Check

Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru>
This commit is contained in:
Elizaveta Chichindaeva 2022-04-21 11:35:57 +03:00 committed by Alex Vanin
parent 1e3df95eed
commit 11283c1c79
6 changed files with 57 additions and 57 deletions

View file

@ -9,14 +9,14 @@ everyone. Please follow the guidelines:
- Open an issue first, to discuss a new feature or enhancement. - Open an issue first, to discuss a new feature or enhancement.
- Write tests, and make sure the test suite passes locally and on CI. - Write tests and make sure the test suite passes locally and on CI.
- Open a pull request, and reference the relevant issue(s). - Open a pull request and reference the relevant issue(s).
- Make sure your commits are logically separated and have good comments - Make sure your commits are logically separated and have good comments
explaining the details of your change. explaining the details of your change.
- After receiving feedback, amend your commits or add new ones as - After receiving a feedback, amend your commits or add new ones as
appropriate. appropriate.
- **Have fun!** - **Have fun!**
@ -48,7 +48,7 @@ $ git merge upstream/master
### Create your feature branch ### Create your feature branch
Before making code changes, make sure you create a separate branch for these Before making code changes, make sure you create a separate branch for these
changes. Maybe you will find it convenient to name branch in changes. Maybe you will find it convenient to name a branch in
`<type>/<Issue>-<changes_topic>` format. `<type>/<Issue>-<changes_topic>` format.
``` ```
@ -98,7 +98,7 @@ reviewed and approved, it will be merged.
## DCO Sign off ## DCO Sign off
All authors to the project retain copyright to their work. However, to ensure All authors to the project retain copyright to their work. However, to ensure
that they are only submitting work that they have rights to, we are requiring that they are only submitting work that they have rights to, we require
everyone to acknowledge this by signing their work. everyone to acknowledge this by signing their work.
Any copyright notices in this repository should specify the authors as "the Any copyright notices in this repository should specify the authors as "the
@ -110,7 +110,7 @@ To sign your work, just add a line like this at the end of your commit message:
Signed-off-by: Samii Sakisaka <samii@nspcc.ru> Signed-off-by: Samii Sakisaka <samii@nspcc.ru>
``` ```
This can easily be done with the `--signoff` option to `git commit`. This can be easily done with the `--signoff` option to `git commit`.
By doing this you state that you can certify the following (from [The Developer By doing this you state that you can certify the following (from [The Developer
Certificate of Origin](https://developercertificate.org/)): Certificate of Origin](https://developercertificate.org/)):

View file

@ -13,7 +13,7 @@
# NeoFS HTTP Gateway # NeoFS HTTP Gateway
NeoFS HTTP Gateway bridges NeoFS internal protocol and HTTP standard. NeoFS HTTP Gateway bridges NeoFS internal protocol and HTTP standard.
- you can download one file per request from NeoFS Network - you can download one file per request from the NeoFS Network
- you can upload one file per request into the NeoFS Network - you can upload one file per request into the NeoFS Network
## Installation ## Installation
@ -35,8 +35,8 @@ version Show current version
``` ```
Or you can also use a [Docker Or you can also use a [Docker
image](https://hub.docker.com/r/nspccdev/neofs-http-gw) provided for released image](https://hub.docker.com/r/nspccdev/neofs-http-gw) provided for the released
(and occasionally unreleased) versions of gateway (`:latest` points to the (and occasionally unreleased) versions of the gateway (`:latest` points to the
latest stable release). latest stable release).
## Execution ## Execution
@ -47,8 +47,8 @@ can be done either via `-p` parameter or via `HTTP_GW_PEERS_<N>_ADDRESS` and
`HTTP_GW_PEERS_<N>_WEIGHT` environment variables (the gate supports multiple `HTTP_GW_PEERS_<N>_WEIGHT` environment variables (the gate supports multiple
NeoFS nodes with weighted load balancing). NeoFS nodes with weighted load balancing).
If you're launching HTTP gateway in bundle with [neofs-dev-env](https://github.com/nspcc-dev/neofs-dev-env), If you launch HTTP gateway in bundle with [neofs-dev-env](https://github.com/nspcc-dev/neofs-dev-env),
you can get an IP address of the node in output of `make hosts` command you can get the IP address of the node in the output of `make hosts` command
(with s0*.neofs.devenv name). (with s0*.neofs.devenv name).
These two commands are functionally equivalent, they run the gate with one These two commands are functionally equivalent, they run the gate with one
@ -89,9 +89,9 @@ This command will make gateway use 192.168.130.71 while it is healthy. Otherwise
192.168.130.72 for 90% of requests and 192.168.130.73 for remaining 10%. 192.168.130.72 for 90% of requests and 192.168.130.73 for remaining 10%.
### Keys ### Keys
You can provide wallet via `--wallet` or `-w` flag also you can specify account address using `--address` You can provide a wallet via `--wallet` or `-w` flag. You can also specify the account address using `--address`
(if no address provided default one will be used). If wallet is used you need to set `HTTP_GW_WALLET_PASSPHRASE` variable to decrypt wallet. (if no address provided default one will be used). If wallet is used, you need to set `HTTP_GW_WALLET_PASSPHRASE` variable to decrypt the wallet.
If no wallet provided gateway autogenerates key pair it will use for NeoFS requests. If no wallet provided, the gateway autogenerates a key pair it will use for NeoFS requests.
``` ```
$ neofs-http-gw -p $NEOFS_NODE -w $WALLET_PATH --address $ACCOUNT_ADDRESS $ neofs-http-gw -p $NEOFS_NODE -w $WALLET_PATH --address $ACCOUNT_ADDRESS
``` ```
@ -105,10 +105,10 @@ $ neofs-http-gw -p 192.168.130.72:8080 -w wallet.json --address NfgHwwTi3wHAS8aF
Gateway binds to `0.0.0.0:8082` by default and you can change that with Gateway binds to `0.0.0.0:8082` by default and you can change that with
`--listen_address` option. `--listen_address` option.
It can also provide TLS interface for its users, just specify paths to key and It can also provide TLS interface for its users, just specify paths to the key and
certificate files via `--tls_key` and `--tls_certificate` parameters. Note certificate files via `--tls_key` and `--tls_certificate` parameters. Note
that using these options makes gateway TLS-only, if you need to serve both TLS that using these options makes gateway TLS-only. If you need to serve both TLS
and plain text HTTP you either have to run two gateway instances or use some and plain text HTTP, you either have to run two gateway instances or use some
external redirecting solution. external redirecting solution.
Example to bind to `192.168.130.130:443` and serve TLS there: Example to bind to `192.168.130.130:443` and serve TLS there:
@ -131,7 +131,7 @@ and `HTTP_GW_WEB_WRITE_TIMEOUT=0`. Otherwise, HTTP Gateway will terminate
request with data stream after timeout. request with data stream after timeout.
`HTTP_GW_WEB_STREAM_REQUEST_BODY` environment variable can be used to disable `HTTP_GW_WEB_STREAM_REQUEST_BODY` environment variable can be used to disable
request body streaming (effectively it'll make gateway accept file completely request body streaming (effectively it'll make the gateway accept the file completely
first and only then try sending it to NeoFS). first and only then try sending it to NeoFS).
`HTTP_GW_WEB_MAX_REQUEST_BODY_SIZE` controls maximum request body size `HTTP_GW_WEB_MAX_REQUEST_BODY_SIZE` controls maximum request body size
@ -145,17 +145,17 @@ variable to control this behavior.
### Monitoring and metrics ### Monitoring and metrics
Pprof and Prometheus are integrated into the gateway, but not enabled by Pprof and Prometheus are integrated into the gateway, but they are not enabled by
default. To enable them use `--pprof` and `--metrics` flags or default. To enable them use `--pprof` and `--metrics` flags or
`HTTP_GW_PPROF`/`HTTP_GW_METRICS` environment variables. `HTTP_GW_PPROF`/`HTTP_GW_METRICS` environment variables.
### Timeouts ### Timeouts
You can tune gRPC interface parameters with `--connect_timeout` (for You can tune gRPC interface parameters with `--connect_timeout` (for
connection to node) and `--request_timeout` (for request processing over connection to a node) and `--request_timeout` (for request processing over
established connection) options. established connection) options.
gRPC-level checks allow gateway to detect dead peers, but it declares them gRPC-level checks allow the gateway to detect dead peers, but it declares them
unhealthy at pool level once per `--rebalance_timer` interval, so check for it unhealthy at pool level once per `--rebalance_timer` interval, so check for it
if needed. if needed.
@ -194,7 +194,7 @@ supported.
Before uploading or downloading a file make sure you have a prepared container. Before uploading or downloading a file make sure you have a prepared container.
You can create it with instructions below. You can create it with instructions below.
Also in case of downloading you need to have a file inside a container. Also ,in case of downloading, you need to have a file inside a container.
#### Create a container #### Create a container
@ -202,8 +202,8 @@ You can create a container via [neofs-cli](https://github.com/nspcc-dev/neofs-n
``` ```
$ neofs-cli -r $NEOFS_NODE -k $KEY container create --policy $POLICY --basic-acl $ACL $ neofs-cli -r $NEOFS_NODE -k $KEY container create --policy $POLICY --basic-acl $ACL
``` ```
where `$KEY` can be a path to private key file (as raw bytes), a hex string or where `$KEY` can be a path to a private key file (as raw bytes), a hex string or
(unencrypted) WIF string, a (unencrypted) WIF string,
`$ACL` -- hex encoded basic ACL value or keywords 'private, 'public-read', 'public-read-write' and `$ACL` -- hex encoded basic ACL value or keywords 'private, 'public-read', 'public-read-write' and
`$POLICY` -- QL-encoded or JSON-encoded placement policy or path to file with it `$POLICY` -- QL-encoded or JSON-encoded placement policy or path to file with it
@ -212,7 +212,7 @@ For example:
$ neofs-cli -r 192.168.130.72:8080 -k 6PYLKJhiSub5imt6WCVy6Quxtd9xu176omev1vWYovzkAQCTSQabAAQXii container create --policy "REP 3" --basic-acl public --await $ neofs-cli -r 192.168.130.72:8080 -k 6PYLKJhiSub5imt6WCVy6Quxtd9xu176omev1vWYovzkAQCTSQabAAQXii container create --policy "REP 3" --basic-acl public --await
``` ```
If you launched nodes via [neofs-dev-env](https://github.com/nspcc-dev/neofs-dev-env) If you have launched nodes via [neofs-dev-env](https://github.com/nspcc-dev/neofs-dev-env),
you can get the key value from `wallets/wallet.json` or write the path to you can get the key value from `wallets/wallet.json` or write the path to
the file `wallets/wallet.key`. the file `wallets/wallet.key`.
@ -279,7 +279,7 @@ $ wget http://localhost:8082/get_by_attribute/88GdaZFTcYJn1dqiSECss8kKPmmun6d6Bf
$ wget http://localhost:8082/get_by_attribute/88GdaZFTcYJn1dqiSECss8kKPmmun6d6BfvC4zhwfLYM/FileName/cat%25jpeg # means 'cat%jpeg' $ wget http://localhost:8082/get_by_attribute/88GdaZFTcYJn1dqiSECss8kKPmmun6d6BfvC4zhwfLYM/FileName/cat%25jpeg # means 'cat%jpeg'
``` ```
Some other user-defined attribute: Some other user-defined attributes:
``` ```
$ wget http://localhost:8082/get_by_attribute/Dxhf4PNprrJHWWTG5RGLdfLkJiSQ3AQqit1MSnEPRkDZ/Ololo/100500 $ wget http://localhost:8082/get_by_attribute/Dxhf4PNprrJHWWTG5RGLdfLkJiSQ3AQqit1MSnEPRkDZ/Ololo/100500
@ -332,10 +332,10 @@ set of reply headers generated using the following rules:
### Uploading ### Uploading
You can POST files to `/upload/$CID` path where `$CID` is container ID. The You can POST files to `/upload/$CID` path where `$CID` is a container ID. The
request must contain multipart form with mandatory `filename` parameter. Only request must contain multipart form with mandatory `filename` parameter. Only
one part in multipart form will be processed, so to upload another file just one part in multipart form will be processed, so to upload another file just
issue new POST request. issue a new POST request.
Example request: Example request:
@ -345,7 +345,7 @@ $ curl -F 'file=@cat.jpeg;filename=cat.jpeg' http://localhost:8082/upload/Dxhf4P
Chunked encoding is supported by the server (but check for request read Chunked encoding is supported by the server (but check for request read
timeouts if you're planning some streaming). You can try streaming support timeouts if you're planning some streaming). You can try streaming support
with large file piped through named FIFO pipe: with a large file piped through named FIFO pipe:
``` ```
$ mkfifo pipe $ mkfifo pipe
@ -383,7 +383,7 @@ which transforms to `X-Attribute-Neofs-Expiration-Epoch`. So you can provide exp
--- ---
For successful uploads you get JSON data in reply body with container and For successful uploads you get JSON data in reply body with a container and
object ID, like this: object ID, like this:
``` ```
{ {
@ -396,7 +396,7 @@ object ID, like this:
You can always upload files to public containers (open for anyone to put You can always upload files to public containers (open for anyone to put
objects into), but for restricted containers you need to explicitly allow PUT objects into), but for restricted containers you need to explicitly allow PUT
operations for request signed with your HTTP Gateway keys. operations for a request signed with your HTTP Gateway keys.
If your don't want to manage gateway's secret keys and adjust eACL rules when If your don't want to manage gateway's secret keys and adjust eACL rules when
gateway configuration changes (new gate, key rotation, etc) or you plan to use gateway configuration changes (new gate, key rotation, etc) or you plan to use
@ -410,23 +410,23 @@ documentation for more details). There are two options to pass them to gateway:
credentials field credentials field
* "Bearer" cookie with base64-encoded token contents * "Bearer" cookie with base64-encoded token contents
For example you have a mobile application frontend with a backend part storing For example, you have a mobile application frontend with a backend part storing
data in NeoFS. When user authorizes in mobile app, the backend issues a NeoFS data in NeoFS. When a user authorizes in the mobile app, the backend issues a NeoFS
Bearer token and provides it to the frontend. Then the mobile app may generate Bearer token and provides it to the frontend. Then, the mobile app may generate
some data and upload it via any available NeoFS HTTP Gateway by adding some data and upload it via any available NeoFS HTTP Gateway by adding
the corresponding header to the upload request. Accessing the ACL protected data the corresponding header to the upload request. Accessing the ACL protected data
works the same way. works the same way.
##### Example ##### Example
In order to generate bearer token, you need to know container owner key and In order to generate a bearer token, you need to know the container owner key and
address of sender who will be do request to NeoFS (in our case it's gateway wallet address). the address of the sender who will do the request to NeoFS (in our case, it's a gateway wallet address).
Suppose we have: Suppose we have:
* **KxDgvEKzgSBPPfuVfw67oPQBSjidEiqTHURKSDL1R7yGaGYAeYnr** (container owner key) * **KxDgvEKzgSBPPfuVfw67oPQBSjidEiqTHURKSDL1R7yGaGYAeYnr** (container owner key)
* **NhVtreTTCoqsMQV5Wp55fqnriiUCpEaKm3** (token owner address) * **NhVtreTTCoqsMQV5Wp55fqnriiUCpEaKm3** (token owner address)
* **BJeErH9MWmf52VsR1mLWKkgF3pRm3FkubYxM7TZkBP4K** (container id) * **BJeErH9MWmf52VsR1mLWKkgF3pRm3FkubYxM7TZkBP4K** (container id)
Firstly we need to encode container id and sender address to base64 (now it's base58). Firstly, we need to encode the container id and the sender address to base64 (now it's base58).
So use **base58** and **base64** utils. So use **base58** and **base64** utils.
1. Encoding container id: 1. Encoding container id:
@ -441,7 +441,7 @@ $ echo 'NhVtreTTCoqsMQV5Wp55fqnriiUCpEaKm3' | base58 --decode | base64
# output: NezFK4ujidF+X7bB88uzREQzRQeAvdj3Gg== # output: NezFK4ujidF+X7bB88uzREQzRQeAvdj3Gg==
``` ```
Now we can form Bearer token (10000 is liftetime expiration in epoch) and save it to **bearer.json**: Now, we can form a Bearer token (10000 is liftetime expiration in epoch) and save it to **bearer.json**:
``` ```
{ {
"body": { "body": {
@ -468,17 +468,17 @@ Now we can form Bearer token (10000 is liftetime expiration in epoch) and save i
} }
``` ```
Then sign it with container owner key: Next, sign it with the container owner key:
``` ```
$ neofs-cli util sign bearer-token --from bearer.json --to signed.json -k KxDgvEKzgSBPPfuVfw67oPQBSjidEiqTHURKSDL1R7yGaGYAeYnr $ neofs-cli util sign bearer-token --from bearer.json --to signed.json -k KxDgvEKzgSBPPfuVfw67oPQBSjidEiqTHURKSDL1R7yGaGYAeYnr
``` ```
Encoding to base64 to use via header: Encoding to base64 to use via the header:
``` ```
$ base64 -w 0 signed.json $ base64 -w 0 signed.json
# output: Ck4KKgoECAIQBhIiCiCZGdlbN7DPGPMg9rsWqV+p2XdMzUqknRiexewSFp8kmBIbChk17MUri6OJ0X5ftsHzy7NERDNFB4C92PcaGgMIkE4SZgohAxpsb7vfAso1F0X6hrm6WpRS14WsT3/Ct1SMoqRsT89KEkEEGxKi8GjKSf52YqhppgaOTQHbUsL3jn7SHLqS3ndAQ7NtAATnmRHleZw2V2xRRSRBQdjDC05KK83LhdSax72Fsw== # output: Ck4KKgoECAIQBhIiCiCZGdlbN7DPGPMg9rsWqV+p2XdMzUqknRiexewSFp8kmBIbChk17MUri6OJ0X5ftsHzy7NERDNFB4C92PcaGgMIkE4SZgohAxpsb7vfAso1F0X6hrm6WpRS14WsT3/Ct1SMoqRsT89KEkEEGxKi8GjKSf52YqhppgaOTQHbUsL3jn7SHLqS3ndAQ7NtAATnmRHleZw2V2xRRSRBQdjDC05KK83LhdSax72Fsw==
``` ```
After that Bearer token can be used: After that, the Bearer token can be used:
``` ```
$ curl -F 'file=@cat.jpeg;filename=cat.jpeg' -H "Authorization: Bearer Ck4KKgoECAIQBhIiCiCZGdlbN7DPGPMg9rsWqV+p2XdMzUqknRiexewSFp8kmBIbChk17MUri6OJ0X5ftsHzy7NERDNFB4C92PcaGgMIkE4SZgohAxpsb7vfAso1F0X6hrm6WpRS14WsT3/Ct1SMoqRsT89KEkEEGxKi8GjKSf52YqhppgaOTQHbUsL3jn7SHLqS3ndAQ7NtAATnmRHleZw2V2xRRSRBQdjDC05KK83LhdSax72Fsw==" \ $ curl -F 'file=@cat.jpeg;filename=cat.jpeg' -H "Authorization: Bearer Ck4KKgoECAIQBhIiCiCZGdlbN7DPGPMg9rsWqV+p2XdMzUqknRiexewSFp8kmBIbChk17MUri6OJ0X5ftsHzy7NERDNFB4C92PcaGgMIkE4SZgohAxpsb7vfAso1F0X6hrm6WpRS14WsT3/Ct1SMoqRsT89KEkEEGxKi8GjKSf52YqhppgaOTQHbUsL3jn7SHLqS3ndAQ7NtAATnmRHleZw2V2xRRSRBQdjDC05KK83LhdSax72Fsw==" \
@ -500,7 +500,7 @@ For example:
$ neofs-cli --key KxDgvEKzgSBPPfuVfw67oPQBSjidEiqTHURKSDL1R7yGaGYAeYnr --basic-acl 0x0FFFCFFF -r 192.168.130.72:8080 container create --policy "REP 3" --await $ neofs-cli --key KxDgvEKzgSBPPfuVfw67oPQBSjidEiqTHURKSDL1R7yGaGYAeYnr --basic-acl 0x0FFFCFFF -r 192.168.130.72:8080 container create --policy "REP 3" --await
``` ```
To deny access to the container without a token, set the eACL rules: To deny access to a container without a token, set the eACL rules:
``` ```
$ neofs-cli --key KxDgvEKzgSBPPfuVfw67oPQBSjidEiqTHURKSDL1R7yGaGYAeYnr -r 192.168.130.72:8080 container set-eacl --table eacl.json --await --cid BJeErH9MWmf52VsR1mLWKkgF3pRm3FkubYxM7TZkBP4K $ neofs-cli --key KxDgvEKzgSBPPfuVfw67oPQBSjidEiqTHURKSDL1R7yGaGYAeYnr -r 192.168.130.72:8080 container set-eacl --table eacl.json --await --cid BJeErH9MWmf52VsR1mLWKkgF3pRm3FkubYxM7TZkBP4K
``` ```

View file

@ -66,8 +66,8 @@ type readCloser struct {
io.Closer io.Closer
} }
// initializes io.Reader with limited size and detects Content-Type from it. // initializes io.Reader with the limited size and detects Content-Type from it.
// Returns r's error directly. Also returns processed data. // Returns r's error directly. Also returns the processed data.
func readContentType(maxSize uint64, rInit func(uint64) (io.Reader, error)) (string, []byte, error) { func readContentType(maxSize uint64, rInit func(uint64) (io.Reader, error)) (string, []byte, error) {
if maxSize > sizeToDetectType { if maxSize > sizeToDetectType {
maxSize = sizeToDetectType maxSize = sizeToDetectType
@ -167,7 +167,7 @@ func (r request) receiveFile(clnt *pool.Pool, objectAddress *address.Address) {
return return
} }
// reset payload reader since part of the data has been read // reset payload reader since a part of the data has been read
var headReader io.Reader = bytes.NewReader(payloadHead) var headReader io.Reader = bytes.NewReader(payloadHead)
if err != io.EOF { // otherwise, we've already read full payload if err != io.EOF { // otherwise, we've already read full payload
@ -276,7 +276,7 @@ func (d *Downloader) DownloadByAddress(c *fasthttp.RequestCtx) {
d.byAddress(c, request.receiveFile) d.byAddress(c, request.receiveFile)
} }
// byAddress is wrapper for function (e.g. request.headObject, request.receiveFile) that // byAddress is a wrapper for function (e.g. request.headObject, request.receiveFile) that
// prepares request and object address to it. // prepares request and object address to it.
func (d *Downloader) byAddress(c *fasthttp.RequestCtx, f func(request, *pool.Pool, *address.Address)) { func (d *Downloader) byAddress(c *fasthttp.RequestCtx, f func(request, *pool.Pool, *address.Address)) {
var ( var (
@ -300,7 +300,7 @@ func (d *Downloader) DownloadByAttribute(c *fasthttp.RequestCtx) {
d.byAttribute(c, request.receiveFile) d.byAttribute(c, request.receiveFile)
} }
// byAttribute is wrapper similar to byAddress. // byAttribute is a wrapper similar to byAddress.
func (d *Downloader) byAttribute(c *fasthttp.RequestCtx, f func(request, *pool.Pool, *address.Address)) { func (d *Downloader) byAttribute(c *fasthttp.RequestCtx, f func(request, *pool.Pool, *address.Address)) {
var ( var (
httpStatus = fasthttp.StatusBadRequest httpStatus = fasthttp.StatusBadRequest

View file

@ -5,6 +5,6 @@ package main
const Prefix = "HTTP_GW" const Prefix = "HTTP_GW"
var ( var (
// Version is gateway version. // Version is the gateway version.
Version = "dev" Version = "dev"
) )

View file

@ -26,7 +26,7 @@ const (
// return // return
// } // }
// BearerTokenFromHeader extracts bearer token from Authorization request header. // BearerTokenFromHeader extracts a bearer token from Authorization request header.
func BearerTokenFromHeader(h *fasthttp.RequestHeader) []byte { func BearerTokenFromHeader(h *fasthttp.RequestHeader) []byte {
auth := h.Peek(fasthttp.HeaderAuthorization) auth := h.Peek(fasthttp.HeaderAuthorization)
if auth == nil || !bytes.HasPrefix(auth, []byte(bearerTokenHdr)) { if auth == nil || !bytes.HasPrefix(auth, []byte(bearerTokenHdr)) {
@ -38,7 +38,7 @@ func BearerTokenFromHeader(h *fasthttp.RequestHeader) []byte {
return auth return auth
} }
// BearerTokenFromCookie extracts bearer token from cookies. // BearerTokenFromCookie extracts a bearer token from cookies.
func BearerTokenFromCookie(h *fasthttp.RequestHeader) []byte { func BearerTokenFromCookie(h *fasthttp.RequestHeader) []byte {
auth := h.Cookie(bearerTokenHdr) auth := h.Cookie(bearerTokenHdr)
if len(auth) == 0 { if len(auth) == 0 {
@ -48,7 +48,7 @@ func BearerTokenFromCookie(h *fasthttp.RequestHeader) []byte {
return auth return auth
} }
// StoreBearerToken extracts bearer token from header or cookie and stores // StoreBearerToken extracts a bearer token from the header or cookie and stores
// it in the request context. // it in the request context.
func StoreBearerToken(ctx *fasthttp.RequestCtx) error { func StoreBearerToken(ctx *fasthttp.RequestCtx) error {
tkn, err := fetchBearerToken(ctx) tkn, err := fetchBearerToken(ctx)
@ -60,7 +60,7 @@ func StoreBearerToken(ctx *fasthttp.RequestCtx) error {
return nil return nil
} }
// LoadBearerToken returns bearer token stored in context given (if it's // LoadBearerToken returns a bearer token stored in the context given (if it's
// present there). // present there).
func LoadBearerToken(ctx context.Context) (*token.BearerToken, error) { func LoadBearerToken(ctx context.Context) (*token.BearerToken, error) {
if tkn, ok := ctx.Value(bearerTokenKey).(*token.BearerToken); ok && tkn != nil { if tkn, ok := ctx.Value(bearerTokenKey).(*token.BearerToken); ok && tkn != nil {

View file

@ -15,7 +15,7 @@ import (
var neofsAttributeHeaderPrefixes = [...][]byte{[]byte("Neofs-"), []byte("NEOFS-"), []byte("neofs-")} var neofsAttributeHeaderPrefixes = [...][]byte{[]byte("Neofs-"), []byte("NEOFS-"), []byte("neofs-")}
func systemTranslator(key, prefix []byte) []byte { func systemTranslator(key, prefix []byte) []byte {
// replace specified prefix with `__NEOFS__` // replace the specified prefix with `__NEOFS__`
key = bytes.Replace(key, prefix, []byte(utils.SystemAttributePrefix), 1) key = bytes.Replace(key, prefix, []byte(utils.SystemAttributePrefix), 1)
// replace `-` with `_` // replace `-` with `_`
@ -30,12 +30,12 @@ func filterHeaders(l *zap.Logger, header *fasthttp.RequestHeader) map[string]str
prefix := []byte(utils.UserAttributeHeaderPrefix) prefix := []byte(utils.UserAttributeHeaderPrefix)
header.VisitAll(func(key, val []byte) { header.VisitAll(func(key, val []byte) {
// checks that key and val not empty // checks that the key and the val not empty
if len(key) == 0 || len(val) == 0 { if len(key) == 0 || len(val) == 0 {
return return
} }
// checks that key has attribute prefix // checks that the key has attribute prefix
if !bytes.HasPrefix(key, prefix) { if !bytes.HasPrefix(key, prefix) {
return return
} }
@ -51,7 +51,7 @@ func filterHeaders(l *zap.Logger, header *fasthttp.RequestHeader) map[string]str
} }
} }
// checks that attribute key not empty // checks that the attribute key is not empty
if len(key) == 0 { if len(key) == 0 {
return return
} }