[#260] Refactor api/auth/center.go

Move the Center interface to middleware package where it's used

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>

api/auth/center.go

@@ -5,7 +5,6 @@ import (
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/hex"
-	"errors"
 	"fmt"
 	"io"
 	"mime/multipart"
@@ -17,6 +16,7 @@ import (
 	v4 "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/cache"
 	apiErrors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/middleware"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/tokens"
 	oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
@@ -31,27 +31,13 @@ var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(
 var postPolicyCredentialRegexp = regexp.MustCompile(`(?P<access_key_id>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request`)
 
 type (
-	// Center is a user authentication interface.
-	Center interface {
-		Authenticate(request *http.Request) (*Box, error)
-	}
-
-	// Box contains access box and additional info.
-	Box struct {
-		AccessBox   *accessbox.Box
-		ClientTime  time.Time
-		AuthHeaders *AuthHeader
-	}
-
-	center struct {
+	Center struct {
 		reg                        *RegexpSubmatcher
 		postReg                    *RegexpSubmatcher
 		cli                        tokens.Credentials
 		allowedAccessKeyIDPrefixes []string // empty slice means all access key ids are allowed
 	}
 
-	prs int
-
 	//nolint:revive
 	AuthHeader struct {
 		AccessKeyID  string
@@ -97,22 +83,9 @@ var ContentSHA256HeaderStandardValue = map[string]struct{}{
 	StreamingContentECDSASHA256Trailer: {},
 }
 
-// ErrNoAuthorizationHeader is returned for unauthenticated requests.
-var ErrNoAuthorizationHeader = errors.New("no authorization header")
-
-func (p prs) Read(_ []byte) (n int, err error) {
-	panic("implement me")
-}
-
-func (p prs) Seek(_ int64, _ int) (int64, error) {
-	panic("implement me")
-}
-
-var _ io.ReadSeeker = prs(0)
-
 // New creates an instance of AuthCenter.
-func New(frostFS tokens.FrostFS, key *keys.PrivateKey, prefixes []string, config *cache.Config) Center {
-	return &center{
+func New(frostFS tokens.FrostFS, key *keys.PrivateKey, prefixes []string, config *cache.Config) *Center {
+	return &Center{
 		cli:                        tokens.New(frostFS, key, config),
 		reg:                        NewRegexpMatcher(authorizationFieldRegexp),
 		postReg:                    NewRegexpMatcher(postPolicyCredentialRegexp),
@@ -120,7 +93,7 @@ func New(frostFS tokens.FrostFS, key *keys.PrivateKey, prefixes []string, config
 	}
 }
 
-func (c *center) parseAuthHeader(header string) (*AuthHeader, error) {
+func (c *Center) parseAuthHeader(header string) (*AuthHeader, error) {
 	submatches := c.reg.GetSubmatches(header)
 	if len(submatches) != authHeaderPartsNum {
 		return nil, apiErrors.GetAPIError(apiErrors.ErrAuthorizationHeaderMalformed)
@@ -156,7 +129,7 @@ func IsStandardContentSHA256(key string) bool {
 	return ok
 }
 
-func (c *center) Authenticate(r *http.Request) (*Box, error) {
+func (c *Center) Authenticate(r *http.Request) (*middleware.Box, error) {
 	var (
 		err                  error
 		authHdr              *AuthHeader
@@ -190,7 +163,7 @@ func (c *center) Authenticate(r *http.Request) (*Box, error) {
 			if strings.HasPrefix(r.Header.Get(ContentTypeHdr), "multipart/form-data") {
 				return c.checkFormData(r)
 			}
-			return nil, ErrNoAuthorizationHeader
+			return nil, middleware.ErrNoAuthorizationHeader
 		}
 		authHdr, err = c.parseAuthHeader(authHeaderField[0])
 		if err != nil {
@@ -228,9 +201,13 @@ func (c *center) Authenticate(r *http.Request) (*Box, error) {
 		return nil, err
 	}
 
-	result := &Box{
-		AccessBox:   box,
-		AuthHeaders: authHdr,
+	result := &middleware.Box{
+		AccessBox: box,
+		AuthHeaders: &middleware.AuthHeader{
+			AccessKeyID: authHdr.AccessKeyID,
+			Region:      authHdr.Region,
+			SignatureV4: authHdr.SignatureV4,
+		},
 	}
 	if needClientTime {
 		result.ClientTime = signatureDateTime
@@ -253,7 +230,7 @@ func checkFormatHashContentSHA256(hash string) error {
 	return nil
 }
 
-func (c center) checkAccessKeyID(accessKeyID string) error {
+func (c Center) checkAccessKeyID(accessKeyID string) error {
 	if len(c.allowedAccessKeyIDPrefixes) == 0 {
 		return nil
 	}
@@ -267,7 +244,7 @@ func (c center) checkAccessKeyID(accessKeyID string) error {
 	return apiErrors.GetAPIError(apiErrors.ErrAccessDenied)
 }
 
-func (c *center) checkFormData(r *http.Request) (*Box, error) {
+func (c *Center) checkFormData(r *http.Request) (*middleware.Box, error) {
 	if err := r.ParseMultipartForm(maxFormSizeMemory); err != nil {
 		return nil, apiErrors.GetAPIError(apiErrors.ErrInvalidArgument)
 	}
@@ -278,7 +255,7 @@ func (c *center) checkFormData(r *http.Request) (*Box, error) {
 
 	policy := MultipartFormValue(r, "policy")
 	if policy == "" {
-		return nil, ErrNoAuthorizationHeader
+		return nil, middleware.ErrNoAuthorizationHeader
 	}
 
 	submatches := c.postReg.GetSubmatches(MultipartFormValue(r, "x-amz-credential"))
@@ -309,7 +286,7 @@ func (c *center) checkFormData(r *http.Request) (*Box, error) {
 		return nil, apiErrors.GetAPIError(apiErrors.ErrSignatureDoesNotMatch)
 	}
 
-	return &Box{AccessBox: box}, nil
+	return &middleware.Box{AccessBox: box}, nil
 }
 
 func cloneRequest(r *http.Request, authHeader *AuthHeader) *http.Request {
@@ -333,7 +310,7 @@ func cloneRequest(r *http.Request, authHeader *AuthHeader) *http.Request {
 	return otherRequest
 }
 
-func (c *center) checkSign(authHeader *AuthHeader, box *accessbox.Box, request *http.Request, signatureDateTime time.Time) error {
+func (c *Center) checkSign(authHeader *AuthHeader, box *accessbox.Box, request *http.Request, signatureDateTime time.Time) error {
 	awsCreds := credentials.NewStaticCredentials(authHeader.AccessKeyID, box.Gate.SecretKey, "")
 	signer := v4.NewSigner(awsCreds)
 	signer.DisableURIPathEscaping = true