[#455] Allow preflight requests without auth

Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2025-03-20 14:04:27 +03:00 · 2025-03-20 14:04:27 +03:00 · 8625b6e119
commit 8625b6e119
parent c9c7379835
3 changed files with 31 additions and 3 deletions
--- a/api/middleware/policy.go
+++ b/api/middleware/policy.go
@ -108,6 +108,10 @@ func PolicyCheck(cfg PolicyConfig) Func {
 }

 func policyCheck(ctx context.Context, r *http.Request, cfg PolicyConfig) error {
+	if r.Method == http.MethodOptions {
+		return nil
+	}
+
 	reqInfo := GetReqInfo(ctx)

 	req, userKey, userGroups, err := getPolicyRequest(ctx, r, cfg, reqInfo.RequestType, reqInfo.BucketName, reqInfo.ObjectName)
--- a/api/router_mock_test.go
+++ b/api/router_mock_test.go
@ -518,9 +518,13 @@ func (h *handlerMock) ListBucketsHandler(w http.ResponseWriter, r *http.Request)
 	h.writeResponse(w, res)
 }

-func (h *handlerMock) Preflight(http.ResponseWriter, *http.Request) {
-	//TODO implement me
-	panic("implement me")
+func (h *handlerMock) Preflight(w http.ResponseWriter, r *http.Request) {
+	res := &handlerResult{
+		Method:  middleware.OptionsBucketOperation,
+		ReqInfo: middleware.GetReqInfo(r.Context()),
+	}
+
+	h.writeResponse(w, res)
 }

 func (h *handlerMock) AppendCORSHeaders(http.ResponseWriter, *http.Request) {
--- a/api/router_test.go
+++ b/api/router_test.go
@ -627,6 +627,26 @@ func TestMFAPolicy(t *testing.T) {
 	createBucket(router, ns, bktName)
 }

+func TestPreflightWithoutAuth(t *testing.T) {
+	router := prepareRouter(t)
+	router.middlewareSettings.denyByDefault = true
+
+	ns, bktName := "", "bucket"
+	allowOperations(router, ns, []string{"s3:CreateBucket"}, nil)
+	createBucket(router, ns, bktName)
+
+	w, r := httptest.NewRecorder(), httptest.NewRequest(http.MethodOptions, "/"+bktName, nil)
+	r.Header.Set(FrostfsNamespaceHeader, ns)
+	router.ServeHTTP(w, r)
+	require.Equal(t, http.StatusOK, w.Code)
+
+	w, r = httptest.NewRecorder(), httptest.NewRequest(http.MethodOptions, "/"+bktName+"/some-object", nil)
+	r.Header.Set(FrostfsNamespaceHeader, ns)
+	router.ServeHTTP(w, r)
+
+	require.Equal(t, http.StatusOK, w.Code)
+}
+
 func allowOperations(router *routerMock, ns string, operations []string, conditions engineiam.Conditions) {
 	addPolicy(router, ns, "allow", engineiam.AllowEffect, operations, conditions)
 }