[#329] Use suitable tokens for container requests

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-01-26 12:09:28 +03:00 · 2022-01-26 12:09:28 +03:00 · c383f332d5
commit c383f332d5
parent cce79b612a
6 changed files with 73 additions and 28 deletions
--- a/api/handler/put.go
+++ b/api/handler/put.go
@ -549,7 +549,7 @@ func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
 	boxData, err := layer.GetBoxData(r.Context())
 	if err == nil {
 		policies = boxData.Policies
-		p.SessionToken = boxData.Gate.SessionToken
+		p.SessionToken = boxData.Gate.SessionTokenForPut()
 	}

 	if createParams.LocationConstraint != "" {
--- a/api/layer/container.go
+++ b/api/layer/container.go
@ -16,6 +16,7 @@ import (
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
 	"github.com/nspcc-dev/neofs-sdk-go/eacl"
 	"github.com/nspcc-dev/neofs-sdk-go/pool"
+	"github.com/nspcc-dev/neofs-sdk-go/session"
 	"go.uber.org/zap"
 )

@ -170,7 +171,14 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*ci

 func (n *layer) setContainerEACLTable(ctx context.Context, cid *cid.ID, table *eacl.Table) error {
 	table.SetCID(cid)
-	if err := n.pool.SetEACL(ctx, table, n.SessionOpt(ctx)); err != nil {
+
+	var sessionToken *session.Token
+	boxData, err := GetBoxData(ctx)
+	if err == nil {
+		sessionToken = boxData.Gate.SessionTokenForSetEACL()
+	}
+
+	if err := n.pool.SetEACL(ctx, table, pool.WithSession(sessionToken)); err != nil {
 		return err
 	}

@ -225,5 +233,10 @@ func (n *layer) waitEACLPresence(ctx context.Context, cid *cid.ID, table *eacl.T
 }

 func (n *layer) deleteContainer(ctx context.Context, cid *cid.ID) error {
-	return n.pool.DeleteContainer(ctx, cid, n.SessionOpt(ctx))
+	var sessionToken *session.Token
+	boxData, err := GetBoxData(ctx)
+	if err == nil {
+		sessionToken = boxData.Gate.SessionTokenForDelete()
+	}
+	return n.pool.DeleteContainer(ctx, cid, pool.WithSession(sessionToken))
 }
--- a/api/layer/layer.go
+++ b/api/layer/layer.go
@ -299,15 +299,6 @@ func (n *layer) CallOptions(ctx context.Context) []pool.CallOption {
 	return []pool.CallOption{pool.WithKey(&n.anonKey.Key.PrivateKey)}
 }

-// SessionOpt returns client.WithSession call option with token from context or with nil token.
-func (n *layer) SessionOpt(ctx context.Context) pool.CallOption {
-	if data, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && data != nil && data.Gate != nil {
-		return pool.WithSession(data.Gate.SessionToken)
-	}
-
-	return pool.WithSession(nil)
-}
-
 // Get NeoFS Object by refs.Address (should be used by auth.Center).
 func (n *layer) Get(ctx context.Context, address *object.Address) (*object.Object, error) {
 	ops := new(client.GetObjectParams).WithAddress(address)