forked from TrueCloudLab/frostfs-rest-gw
[#32] Support bearer token for all users
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov
Kirillov Denis
parent
07786dd94b
commit
e68cda7f9c
4 changed files with 64 additions and 5 deletions
|
|
@ -95,6 +95,13 @@ func init() {
|
||||||
"name": "X-Bearer-Lifetime",
|
"name": "X-Bearer-Lifetime",
|
||||||
"in": "header"
|
"in": "header"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"type": "boolean",
|
||||||
|
"default": false,
|
||||||
|
"description": "Form token for all users or only for this gate.",
|
||||||
|
"name": "X-Bearer-For-All-Users",
|
||||||
|
"in": "header"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"description": "Bearer tokens to form.",
|
"description": "Bearer tokens to form.",
|
||||||
"name": "tokens",
|
"name": "tokens",
|
||||||
|
|
@ -1689,6 +1696,13 @@ func init() {
|
||||||
"name": "X-Bearer-Lifetime",
|
"name": "X-Bearer-Lifetime",
|
||||||
"in": "header"
|
"in": "header"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"type": "boolean",
|
||||||
|
"default": false,
|
||||||
|
"description": "Form token for all users or only for this gate.",
|
||||||
|
"name": "X-Bearer-For-All-Users",
|
||||||
|
"in": "header"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"description": "Bearer tokens to form.",
|
"description": "Bearer tokens to form.",
|
||||||
"name": "tokens",
|
"name": "tokens",
|
||||||
|
|
|
||||||
|
|
@ -26,10 +26,13 @@ func NewAuthParams() AuthParams {
|
||||||
var (
|
var (
|
||||||
// initialize parameters with default values
|
// initialize parameters with default values
|
||||||
|
|
||||||
xBearerLifetimeDefault = int64(100)
|
xBearerForAllUsersDefault = bool(false)
|
||||||
|
xBearerLifetimeDefault = int64(100)
|
||||||
)
|
)
|
||||||
|
|
||||||
return AuthParams{
|
return AuthParams{
|
||||||
|
XBearerForAllUsers: &xBearerForAllUsersDefault,
|
||||||
|
|
||||||
XBearerLifetime: &xBearerLifetimeDefault,
|
XBearerLifetime: &xBearerLifetimeDefault,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -43,6 +46,11 @@ type AuthParams struct {
|
||||||
// HTTP Request Object
|
// HTTP Request Object
|
||||||
HTTPRequest *http.Request `json:"-"`
|
HTTPRequest *http.Request `json:"-"`
|
||||||
|
|
||||||
|
/*Form token for all users or only for this gate.
|
||||||
|
In: header
|
||||||
|
Default: false
|
||||||
|
*/
|
||||||
|
XBearerForAllUsers *bool
|
||||||
/*Token lifetime in epoch.
|
/*Token lifetime in epoch.
|
||||||
In: header
|
In: header
|
||||||
Default: 100
|
Default: 100
|
||||||
|
|
@ -69,6 +77,10 @@ func (o *AuthParams) BindRequest(r *http.Request, route *middleware.MatchedRoute
|
||||||
|
|
||||||
o.HTTPRequest = r
|
o.HTTPRequest = r
|
||||||
|
|
||||||
|
if err := o.bindXBearerForAllUsers(r.Header[http.CanonicalHeaderKey("X-Bearer-For-All-Users")], true, route.Formats); err != nil {
|
||||||
|
res = append(res, err)
|
||||||
|
}
|
||||||
|
|
||||||
if err := o.bindXBearerLifetime(r.Header[http.CanonicalHeaderKey("X-Bearer-Lifetime")], true, route.Formats); err != nil {
|
if err := o.bindXBearerLifetime(r.Header[http.CanonicalHeaderKey("X-Bearer-Lifetime")], true, route.Formats); err != nil {
|
||||||
res = append(res, err)
|
res = append(res, err)
|
||||||
}
|
}
|
||||||
|
|
@ -112,6 +124,29 @@ func (o *AuthParams) BindRequest(r *http.Request, route *middleware.MatchedRoute
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// bindXBearerForAllUsers binds and validates parameter XBearerForAllUsers from header.
|
||||||
|
func (o *AuthParams) bindXBearerForAllUsers(rawData []string, hasKey bool, formats strfmt.Registry) error {
|
||||||
|
var raw string
|
||||||
|
if len(rawData) > 0 {
|
||||||
|
raw = rawData[len(rawData)-1]
|
||||||
|
}
|
||||||
|
|
||||||
|
// Required: false
|
||||||
|
|
||||||
|
if raw == "" { // empty values pass all other validations
|
||||||
|
// Default values have been previously initialized by NewAuthParams()
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
value, err := swag.ConvertBool(raw)
|
||||||
|
if err != nil {
|
||||||
|
return errors.InvalidType("X-Bearer-For-All-Users", "header", "bool", raw)
|
||||||
|
}
|
||||||
|
o.XBearerForAllUsers = &value
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// bindXBearerLifetime binds and validates parameter XBearerLifetime from header.
|
// bindXBearerLifetime binds and validates parameter XBearerLifetime from header.
|
||||||
func (o *AuthParams) bindXBearerLifetime(rawData []string, hasKey bool, formats strfmt.Registry) error {
|
func (o *AuthParams) bindXBearerLifetime(rawData []string, hasKey bool, formats strfmt.Registry) error {
|
||||||
var raw string
|
var raw string
|
||||||
|
|
|
||||||
|
|
@ -22,8 +22,9 @@ import (
|
||||||
const defaultTokenExpDuration = 100 // in epoch
|
const defaultTokenExpDuration = 100 // in epoch
|
||||||
|
|
||||||
type headersParams struct {
|
type headersParams struct {
|
||||||
XBearerLifetime uint64
|
XBearerLifetime uint64
|
||||||
XBearerOwnerID string
|
XBearerOwnerID string
|
||||||
|
XBearerForAllUsers bool
|
||||||
}
|
}
|
||||||
|
|
||||||
type objectTokenParams struct {
|
type objectTokenParams struct {
|
||||||
|
|
@ -40,7 +41,8 @@ type containerTokenParams struct {
|
||||||
|
|
||||||
func newHeaderParams(params operations.AuthParams) headersParams {
|
func newHeaderParams(params operations.AuthParams) headersParams {
|
||||||
prm := headersParams{
|
prm := headersParams{
|
||||||
XBearerOwnerID: params.XBearerOwnerID,
|
XBearerOwnerID: params.XBearerOwnerID,
|
||||||
|
XBearerForAllUsers: *params.XBearerForAllUsers,
|
||||||
}
|
}
|
||||||
|
|
||||||
if params.XBearerLifetime != nil && *params.XBearerLifetime > 0 {
|
if params.XBearerLifetime != nil && *params.XBearerLifetime > 0 {
|
||||||
|
|
@ -122,7 +124,10 @@ func prepareObjectToken(ctx context.Context, params objectTokenParams, pool *poo
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("couldn't transform token to native: %w", err)
|
return nil, fmt.Errorf("couldn't transform token to native: %w", err)
|
||||||
}
|
}
|
||||||
btoken.ForUser(owner)
|
|
||||||
|
if !params.XBearerForAllUsers {
|
||||||
|
btoken.ForUser(owner)
|
||||||
|
}
|
||||||
|
|
||||||
iat, exp, err := getTokenLifetime(ctx, pool, params.XBearerLifetime)
|
iat, exp, err := getTokenLifetime(ctx, pool, params.XBearerLifetime)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -79,6 +79,11 @@ paths:
|
||||||
name: X-Bearer-Lifetime
|
name: X-Bearer-Lifetime
|
||||||
type: integer
|
type: integer
|
||||||
default: 100
|
default: 100
|
||||||
|
- in: header
|
||||||
|
description: Form token for all users or only for this gate.
|
||||||
|
name: X-Bearer-For-All-Users
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
- in: body
|
- in: body
|
||||||
name: tokens
|
name: tokens
|
||||||
required: true
|
required: true
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue