[#1324] services/tree: Implement Object Tree Service

Object Tree Service allows changing trees assotiated with the container in runtime. Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
2022-04-22 16:30:20 +03:00 · 2022-04-22 16:30:20 +03:00 · 62154da17c
commit 62154da17c
parent 46f4ce2773
18 changed files with 4001 additions and 0 deletions
--- a/pkg/services/tree/signature.go
+++ b/pkg/services/tree/signature.go
@ -0,0 +1,44 @@
+package tree
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"errors"
+	"fmt"
+
+	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
+	"github.com/nspcc-dev/neofs-api-go/v2/signature"
+	cidSDK "github.com/nspcc-dev/neofs-sdk-go/container/id"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
+)
+
+func (s *Service) verifyClient(req interface{}, cid cidSDK.ID, rawKey []byte) error {
+	// TODO(@fyrchik): #1328 access control
+	return nil
+	//nolint:govet
+	err := signature.VerifyServiceMessage(req)
+	if err != nil {
+		return err
+	}
+
+	cnr, err := s.cnrSource.Get(cid)
+	if err != nil {
+		return fmt.Errorf("can't get container %s: %w", cid, err)
+	}
+
+	ownerID := cnr.Value.Owner()
+
+	pub, err := keys.NewPublicKeyFromBytes(rawKey, elliptic.P256())
+	if err != nil {
+		return fmt.Errorf("invalid public key: %w", err)
+	}
+
+	var actualID user.ID
+	user.IDFromKey(&actualID, (ecdsa.PublicKey)(*pub))
+
+	if !actualID.Equals(ownerID) {
+		return errors.New("`Move` request must be signed by a container owner")
+	}
+
+	return nil
+}