forked from TrueCloudLab/frostfs-rest-gw
[#32] Support bearer token for all users
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
parent
07786dd94b
commit
e68cda7f9c
4 changed files with 64 additions and 5 deletions
|
@ -95,6 +95,13 @@ func init() {
|
|||
"name": "X-Bearer-Lifetime",
|
||||
"in": "header"
|
||||
},
|
||||
{
|
||||
"type": "boolean",
|
||||
"default": false,
|
||||
"description": "Form token for all users or only for this gate.",
|
||||
"name": "X-Bearer-For-All-Users",
|
||||
"in": "header"
|
||||
},
|
||||
{
|
||||
"description": "Bearer tokens to form.",
|
||||
"name": "tokens",
|
||||
|
@ -1689,6 +1696,13 @@ func init() {
|
|||
"name": "X-Bearer-Lifetime",
|
||||
"in": "header"
|
||||
},
|
||||
{
|
||||
"type": "boolean",
|
||||
"default": false,
|
||||
"description": "Form token for all users or only for this gate.",
|
||||
"name": "X-Bearer-For-All-Users",
|
||||
"in": "header"
|
||||
},
|
||||
{
|
||||
"description": "Bearer tokens to form.",
|
||||
"name": "tokens",
|
||||
|
|
|
@ -26,10 +26,13 @@ func NewAuthParams() AuthParams {
|
|||
var (
|
||||
// initialize parameters with default values
|
||||
|
||||
xBearerLifetimeDefault = int64(100)
|
||||
xBearerForAllUsersDefault = bool(false)
|
||||
xBearerLifetimeDefault = int64(100)
|
||||
)
|
||||
|
||||
return AuthParams{
|
||||
XBearerForAllUsers: &xBearerForAllUsersDefault,
|
||||
|
||||
XBearerLifetime: &xBearerLifetimeDefault,
|
||||
}
|
||||
}
|
||||
|
@ -43,6 +46,11 @@ type AuthParams struct {
|
|||
// HTTP Request Object
|
||||
HTTPRequest *http.Request `json:"-"`
|
||||
|
||||
/*Form token for all users or only for this gate.
|
||||
In: header
|
||||
Default: false
|
||||
*/
|
||||
XBearerForAllUsers *bool
|
||||
/*Token lifetime in epoch.
|
||||
In: header
|
||||
Default: 100
|
||||
|
@ -69,6 +77,10 @@ func (o *AuthParams) BindRequest(r *http.Request, route *middleware.MatchedRoute
|
|||
|
||||
o.HTTPRequest = r
|
||||
|
||||
if err := o.bindXBearerForAllUsers(r.Header[http.CanonicalHeaderKey("X-Bearer-For-All-Users")], true, route.Formats); err != nil {
|
||||
res = append(res, err)
|
||||
}
|
||||
|
||||
if err := o.bindXBearerLifetime(r.Header[http.CanonicalHeaderKey("X-Bearer-Lifetime")], true, route.Formats); err != nil {
|
||||
res = append(res, err)
|
||||
}
|
||||
|
@ -112,6 +124,29 @@ func (o *AuthParams) BindRequest(r *http.Request, route *middleware.MatchedRoute
|
|||
return nil
|
||||
}
|
||||
|
||||
// bindXBearerForAllUsers binds and validates parameter XBearerForAllUsers from header.
|
||||
func (o *AuthParams) bindXBearerForAllUsers(rawData []string, hasKey bool, formats strfmt.Registry) error {
|
||||
var raw string
|
||||
if len(rawData) > 0 {
|
||||
raw = rawData[len(rawData)-1]
|
||||
}
|
||||
|
||||
// Required: false
|
||||
|
||||
if raw == "" { // empty values pass all other validations
|
||||
// Default values have been previously initialized by NewAuthParams()
|
||||
return nil
|
||||
}
|
||||
|
||||
value, err := swag.ConvertBool(raw)
|
||||
if err != nil {
|
||||
return errors.InvalidType("X-Bearer-For-All-Users", "header", "bool", raw)
|
||||
}
|
||||
o.XBearerForAllUsers = &value
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// bindXBearerLifetime binds and validates parameter XBearerLifetime from header.
|
||||
func (o *AuthParams) bindXBearerLifetime(rawData []string, hasKey bool, formats strfmt.Registry) error {
|
||||
var raw string
|
||||
|
|
|
@ -22,8 +22,9 @@ import (
|
|||
const defaultTokenExpDuration = 100 // in epoch
|
||||
|
||||
type headersParams struct {
|
||||
XBearerLifetime uint64
|
||||
XBearerOwnerID string
|
||||
XBearerLifetime uint64
|
||||
XBearerOwnerID string
|
||||
XBearerForAllUsers bool
|
||||
}
|
||||
|
||||
type objectTokenParams struct {
|
||||
|
@ -40,7 +41,8 @@ type containerTokenParams struct {
|
|||
|
||||
func newHeaderParams(params operations.AuthParams) headersParams {
|
||||
prm := headersParams{
|
||||
XBearerOwnerID: params.XBearerOwnerID,
|
||||
XBearerOwnerID: params.XBearerOwnerID,
|
||||
XBearerForAllUsers: *params.XBearerForAllUsers,
|
||||
}
|
||||
|
||||
if params.XBearerLifetime != nil && *params.XBearerLifetime > 0 {
|
||||
|
@ -122,7 +124,10 @@ func prepareObjectToken(ctx context.Context, params objectTokenParams, pool *poo
|
|||
if err != nil {
|
||||
return nil, fmt.Errorf("couldn't transform token to native: %w", err)
|
||||
}
|
||||
btoken.ForUser(owner)
|
||||
|
||||
if !params.XBearerForAllUsers {
|
||||
btoken.ForUser(owner)
|
||||
}
|
||||
|
||||
iat, exp, err := getTokenLifetime(ctx, pool, params.XBearerLifetime)
|
||||
if err != nil {
|
||||
|
|
|
@ -79,6 +79,11 @@ paths:
|
|||
name: X-Bearer-Lifetime
|
||||
type: integer
|
||||
default: 100
|
||||
- in: header
|
||||
description: Form token for all users or only for this gate.
|
||||
name: X-Bearer-For-All-Users
|
||||
type: boolean
|
||||
default: false
|
||||
- in: body
|
||||
name: tokens
|
||||
required: true
|
||||
|
|
Loading…
Reference in a new issue