package handlers import ( "encoding/hex" "fmt" sessionv2 "github.com/nspcc-dev/neofs-api-go/v2/session" "github.com/nspcc-dev/neofs-rest-gw/gen/models" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" "github.com/nspcc-dev/neofs-sdk-go/eacl" "github.com/nspcc-dev/neofs-sdk-go/session" "github.com/nspcc-dev/neofs-sdk-go/token" ) // ToNativeAction converts models.Action to appropriate eacl.Action. func ToNativeAction(a *models.Action) (eacl.Action, error) { if a == nil { return eacl.ActionUnknown, fmt.Errorf("unsupported empty action") } switch *a { case models.ActionALLOW: return eacl.ActionAllow, nil case models.ActionDENY: return eacl.ActionDeny, nil default: return eacl.ActionUnknown, fmt.Errorf("unsupported action type: '%s'", *a) } } // FromNativeAction converts eacl.Action to appropriate models.Action. func FromNativeAction(a eacl.Action) (*models.Action, error) { switch a { case eacl.ActionAllow: return models.NewAction(models.ActionALLOW), nil case eacl.ActionDeny: return models.NewAction(models.ActionDENY), nil default: return nil, fmt.Errorf("unsupported action type: '%s'", a) } } // ToNativeOperation converts models.Operation to appropriate eacl.Operation. func ToNativeOperation(o *models.Operation) (eacl.Operation, error) { if o == nil { return eacl.OperationUnknown, fmt.Errorf("unsupported empty opertaion") } switch *o { case models.OperationGET: return eacl.OperationGet, nil case models.OperationHEAD: return eacl.OperationHead, nil case models.OperationPUT: return eacl.OperationPut, nil case models.OperationDELETE: return eacl.OperationDelete, nil case models.OperationSEARCH: return eacl.OperationSearch, nil case models.OperationRANGE: return eacl.OperationRange, nil case models.OperationRANGEHASH: return eacl.OperationRangeHash, nil default: return eacl.OperationUnknown, fmt.Errorf("unsupported operation type: '%s'", *o) } } // FromNativeOperation converts eacl.Operation to appropriate models.Operation. func FromNativeOperation(o eacl.Operation) (*models.Operation, error) { switch o { case eacl.OperationGet: return models.NewOperation(models.OperationGET), nil case eacl.OperationHead: return models.NewOperation(models.OperationHEAD), nil case eacl.OperationPut: return models.NewOperation(models.OperationPUT), nil case eacl.OperationDelete: return models.NewOperation(models.OperationDELETE), nil case eacl.OperationSearch: return models.NewOperation(models.OperationSEARCH), nil case eacl.OperationRange: return models.NewOperation(models.OperationRANGE), nil case eacl.OperationRangeHash: return models.NewOperation(models.OperationRANGEHASH), nil default: return nil, fmt.Errorf("unsupported operation type: '%s'", o) } } // ToNativeHeaderType converts models.HeaderType to appropriate eacl.FilterHeaderType. func ToNativeHeaderType(h *models.HeaderType) (eacl.FilterHeaderType, error) { if h == nil { return eacl.HeaderTypeUnknown, fmt.Errorf("unsupported empty header type") } switch *h { case models.HeaderTypeOBJECT: return eacl.HeaderFromObject, nil case models.HeaderTypeREQUEST: return eacl.HeaderFromRequest, nil case models.HeaderTypeSERVICE: return eacl.HeaderFromService, nil default: return eacl.HeaderTypeUnknown, fmt.Errorf("unsupported header type: '%s'", *h) } } // FromNativeHeaderType converts eacl.FilterHeaderType to appropriate models.HeaderType. func FromNativeHeaderType(h eacl.FilterHeaderType) (*models.HeaderType, error) { switch h { case eacl.HeaderFromObject: return models.NewHeaderType(models.HeaderTypeOBJECT), nil case eacl.HeaderFromRequest: return models.NewHeaderType(models.HeaderTypeREQUEST), nil case eacl.HeaderFromService: return models.NewHeaderType(models.HeaderTypeSERVICE), nil default: return nil, fmt.Errorf("unsupported header type: '%s'", h) } } // ToNativeMatchType converts models.MatchType to appropriate eacl.Match. func ToNativeMatchType(t *models.MatchType) (eacl.Match, error) { if t == nil { return eacl.MatchUnknown, fmt.Errorf("unsupported empty match type") } switch *t { case models.MatchTypeSTRINGEQUAL: return eacl.MatchStringEqual, nil case models.MatchTypeSTRINGNOTEQUAL: return eacl.MatchStringNotEqual, nil default: return eacl.MatchUnknown, fmt.Errorf("unsupported match type: '%s'", *t) } } // FromNativeMatchType converts eacl.Match to appropriate models.MatchType. func FromNativeMatchType(t eacl.Match) (*models.MatchType, error) { switch t { case eacl.MatchStringEqual: return models.NewMatchType(models.MatchTypeSTRINGEQUAL), nil case eacl.MatchStringNotEqual: return models.NewMatchType(models.MatchTypeSTRINGNOTEQUAL), nil default: return nil, fmt.Errorf("unsupported match type: '%s'", t) } } // ToNativeRole converts models.Role to appropriate eacl.Role. func ToNativeRole(r *models.Role) (eacl.Role, error) { if r == nil { return eacl.RoleUnknown, fmt.Errorf("unsupported empty role") } switch *r { case models.RoleUSER: return eacl.RoleUser, nil case models.RoleSYSTEM: return eacl.RoleSystem, nil case models.RoleOTHERS: return eacl.RoleOthers, nil default: return eacl.RoleUnknown, fmt.Errorf("unsupported role type: '%s'", *r) } } // FromNativeRole converts eacl.Role to appropriate models.Role. func FromNativeRole(r eacl.Role) (*models.Role, error) { switch r { case eacl.RoleUser: return models.NewRole(models.RoleUSER), nil case eacl.RoleSystem: return models.NewRole(models.RoleSYSTEM), nil case eacl.RoleOthers: return models.NewRole(models.RoleOTHERS), nil default: return nil, fmt.Errorf("unsupported role type: '%s'", r) } } // ToNativeVerb converts models.Verb to appropriate session.ContainerSessionVerb. func ToNativeVerb(r *models.Verb) (sessionv2.ContainerSessionVerb, error) { if r == nil { return sessionv2.ContainerVerbUnknown, fmt.Errorf("unsupported empty verb type") } switch *r { case models.VerbPUT: return sessionv2.ContainerVerbPut, nil case models.VerbDELETE: return sessionv2.ContainerVerbDelete, nil case models.VerbSETEACL: return sessionv2.ContainerVerbSetEACL, nil default: return sessionv2.ContainerVerbUnknown, fmt.Errorf("unsupported verb type: '%s'", *r) } } // ToNativeRule converts models.Rule to appropriate session.ContainerContext. func ToNativeRule(r *models.Rule) (*session.ContainerContext, error) { var ctx session.ContainerContext verb, err := ToNativeVerb(r.Verb) if err != nil { return nil, err } ctx.ToV2().SetVerb(verb) if r.ContainerID == "" { ctx.ApplyTo(nil) } else { var cnrID cid.ID if err = cnrID.Parse(r.ContainerID); err != nil { return nil, fmt.Errorf("couldn't parse container id: %w", err) } ctx.ApplyTo(&cnrID) } return &ctx, nil } // ToNativeContainerToken converts models.Bearer to appropriate session.Token. func ToNativeContainerToken(b *models.Bearer) (*session.Token, error) { sctx, err := ToNativeRule(b.Container) if err != nil { return nil, fmt.Errorf("couldn't transform rule to native: %w", err) } tok := session.NewToken() tok.SetContext(sctx) return tok, nil } // ToNativeRecord converts models.Record to appropriate eacl.Record. func ToNativeRecord(r *models.Record) (*eacl.Record, error) { var record eacl.Record action, err := ToNativeAction(r.Action) if err != nil { return nil, err } record.SetAction(action) operation, err := ToNativeOperation(r.Operation) if err != nil { return nil, err } record.SetOperation(operation) for _, filter := range r.Filters { headerType, err := ToNativeHeaderType(filter.HeaderType) if err != nil { return nil, err } matchType, err := ToNativeMatchType(filter.MatchType) if err != nil { return nil, err } if filter.Key == nil || filter.Value == nil { return nil, fmt.Errorf("invalid filter") } record.AddFilter(headerType, matchType, *filter.Key, *filter.Value) } targets := make([]eacl.Target, len(r.Targets)) for i, target := range r.Targets { trgt, err := ToNativeTarget(target) if err != nil { return nil, err } targets[i] = *trgt } record.SetTargets(targets...) return &record, nil } // FromNativeRecord converts eacl.Record to appropriate models.Record. func FromNativeRecord(r eacl.Record) (*models.Record, error) { var err error var record models.Record record.Action, err = FromNativeAction(r.Action()) if err != nil { return nil, err } record.Operation, err = FromNativeOperation(r.Operation()) if err != nil { return nil, err } record.Filters = make([]*models.Filter, len(r.Filters())) for i, filter := range r.Filters() { headerType, err := FromNativeHeaderType(filter.From()) if err != nil { return nil, err } matchType, err := FromNativeMatchType(filter.Matcher()) if err != nil { return nil, err } record.Filters[i] = &models.Filter{ HeaderType: headerType, Key: NewString(filter.Key()), MatchType: matchType, Value: NewString(filter.Value()), } } record.Targets = make([]*models.Target, len(r.Targets())) for i, target := range r.Targets() { trgt, err := FromNativeTarget(target) if err != nil { return nil, err } record.Targets[i] = trgt } return &record, nil } // ToNativeTarget converts models.Target to appropriate eacl.Target. func ToNativeTarget(t *models.Target) (*eacl.Target, error) { var target eacl.Target role, err := ToNativeRole(t.Role) if err != nil { return nil, err } target.SetRole(role) keys := make([][]byte, len(t.Keys)) for i, key := range t.Keys { binaryKey, err := hex.DecodeString(key) if err != nil { return nil, fmt.Errorf("couldn't decode target key: %w", err) } keys[i] = binaryKey } target.SetBinaryKeys(keys) return &target, nil } // FromNativeTarget converts eacl.Target to appropriate models.Target. func FromNativeTarget(t eacl.Target) (*models.Target, error) { var err error var target models.Target target.Role, err = FromNativeRole(t.Role()) if err != nil { return nil, err } target.Keys = make([]string, len(t.BinaryKeys())) for i, key := range t.BinaryKeys() { target.Keys[i] = hex.EncodeToString(key) } return &target, nil } // ToNativeObjectToken converts Bearer to appropriate token.BearerToken. func ToNativeObjectToken(b *models.Bearer) (*token.BearerToken, error) { table, err := ToNativeTable(b.Object) if err != nil { return nil, err } var btoken token.BearerToken btoken.SetEACLTable(table) return &btoken, nil } // ToNativeTable converts records to eacl.Table. func ToNativeTable(records []*models.Record) (*eacl.Table, error) { table := eacl.NewTable() for _, rec := range records { record, err := ToNativeRecord(rec) if err != nil { return nil, fmt.Errorf("couldn't transform record to native: %w", err) } table.AddRecord(record) } return table, nil }