[#257] Add policy checker

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>

api/router.go

@@ -89,6 +89,12 @@ type (
 	}
 )
 
+type Settings interface {
+	s3middleware.RequestSettings
+	s3middleware.PolicySettings
+	s3middleware.MetricsSettings
+}
+
 type Config struct {
 	Throttle middleware.ThrottleOpts
 	Handler  Handler
@@ -96,25 +102,25 @@ type Config struct {
 	Log      *zap.Logger
 	Metrics  *metrics.AppMetrics
 
-	RequestMiddlewareSettings s3middleware.RequestSettings
-
-	AliasResolver s3middleware.AliasResolver
+	MiddlewareSettings Settings
 
 	// Domains optional. If empty no virtual hosted domains will be attached.
 	Domains []string
 
 	// FrostfsID optional. If nil middleware.FrostfsIDValidation won't be attached.
 	FrostfsID s3middleware.FrostFSID
+
+	PolicyStorage engine.LocalOverrideEngine
 }
 
 func NewRouter(cfg Config) *chi.Mux {
 	api := chi.NewRouter()
 	api.Use(
-		s3middleware.Request(cfg.Log, cfg.RequestMiddlewareSettings),
+		s3middleware.Request(cfg.Log, cfg.MiddlewareSettings),
 		middleware.ThrottleWithOpts(cfg.Throttle),
 		middleware.Recoverer,
 		s3middleware.Tracing(),
-		s3middleware.Metrics(cfg.Log, cfg.Handler.ResolveBucket, cfg.Metrics, cfg.AliasResolver),
+		s3middleware.Metrics(cfg.Log, cfg.Handler.ResolveBucket, cfg.Metrics, cfg.MiddlewareSettings),
 		s3middleware.LogSuccessResponse(cfg.Log),
 		s3middleware.Auth(cfg.Center, cfg.Log),
 	)
@@ -123,6 +129,10 @@ func NewRouter(cfg Config) *chi.Mux {
 		api.Use(s3middleware.FrostfsIDValidation(cfg.FrostfsID, cfg.Log))
 	}
 
+	if cfg.PolicyStorage != nil {
+		api.Use(s3middleware.PolicyCheck(cfg.PolicyStorage, cfg.MiddlewareSettings, cfg.Domains, cfg.Log))
+	}
+
 	defaultRouter := chi.NewRouter()
 	defaultRouter.Mount(fmt.Sprintf("/{%s}", s3middleware.BucketURLPrm), bucketRouter(cfg.Handler, cfg.Log))
 	defaultRouter.Get("/", named("ListBuckets", cfg.Handler.ListBucketsHandler))