[#1386] services/object: Fail eACL check if the request is invalid

Parse all headers beforehand and reject invalid requests. Another approach would be to remember the error and check it after `CalculateAction`, which is a bit faster. The rule of thumb here is "first validate, then use". Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2022-05-17 15:46:25 +03:00 · 2022-05-17 15:46:25 +03:00 · 3f4475f97b
commit 3f4475f97b
parent f99a0498da
3 changed files with 55 additions and 40 deletions
--- a/pkg/services/object/acl/acl.go
+++ b/pkg/services/object/acl/acl.go
@ -187,14 +187,17 @@ func (c *Checker) CheckEACL(msg interface{}, reqInfo v2.RequestInfo) error {
 		)
 	}

+	hdrSrc, err := eaclV2.NewMessageHeaderSource(hdrSrcOpts...)
+	if err != nil {
+		return fmt.Errorf("can't parse headers: %w", err)
+	}
+
 	action := c.validator.CalculateAction(new(eaclSDK.ValidationUnit).
 		WithRole(reqInfo.RequestRole()).
 		WithOperation(reqInfo.Operation()).
 		WithContainerID(reqInfo.ContainerID()).
 		WithSenderKey(reqInfo.SenderKey()).
-		WithHeaderSource(
-			eaclV2.NewMessageHeaderSource(hdrSrcOpts...),
-		).
+		WithHeaderSource(hdrSrc).
 		WithEACLTable(&table),
 	)