Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

api: drop useless key->issuer transformations #978

Merged
merged 1 commit into from
Aug 15, 2024
Merged

api: drop useless key->issuer transformations #978

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 12 additions & 14 deletions api/handler/acl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package handler
import (
"bytes"
"context"
"crypto/elliptic"
"encoding/json"
"encoding/xml"
"errors"
Expand All @@ -13,7 +12,6 @@ import (
"strconv"
"strings"

"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neofs-s3-gw/api"
"github.com/nspcc-dev/neofs-s3-gw/api/data"
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
Expand Down Expand Up @@ -214,25 +212,25 @@ func (h *handler) GetBucketACLHandler(w http.ResponseWriter, r *http.Request) {
}
}

func (h *handler) bearerTokenIssuerKey(ctx context.Context) (*keys.PublicKey, error) {
func (h *handler) bearerTokenIssuer(ctx context.Context) (user.ID, error) {
box, err := layer.GetBoxData(ctx)
if err != nil {
return nil, err
return user.ID{}, err
}

key, err := keys.NewPublicKeyFromBytes(box.Gate.BearerToken.SigningKeyBytes(), elliptic.P256())
if err != nil {
return nil, fmt.Errorf("public key from bytes: %w", err)
iss := box.Gate.BearerToken.ResolveIssuer()
if iss.IsZero() {
return user.ID{}, errors.New("can't resolve issuer from bearer token")
}

return key, nil
return iss, nil
}

func (h *handler) PutBucketACLHandler(w http.ResponseWriter, r *http.Request) {
reqInfo := api.GetReqInfo(r.Context())
key, err := h.bearerTokenIssuerKey(r.Context())
iss, err := h.bearerTokenIssuer(r.Context())
if err != nil {
h.logAndSendError(w, "couldn't get bearer token issuer key", reqInfo, err)
h.logAndSendError(w, "couldn't get bearer token issuer", reqInfo, err)
return
}

Expand All @@ -244,7 +242,7 @@ func (h *handler) PutBucketACLHandler(w http.ResponseWriter, r *http.Request) {

list := &AccessControlPolicy{}
if r.ContentLength == 0 {
list, err = parseACLHeaders(r.Header, user.NewFromScriptHash(key.GetScriptHash()))
list, err = parseACLHeaders(r.Header, iss)
if err != nil {
h.logAndSendError(w, "could not parse bucket acl", reqInfo, err)
return
Expand Down Expand Up @@ -347,9 +345,9 @@ func (h *handler) GetObjectACLHandler(w http.ResponseWriter, r *http.Request) {
func (h *handler) PutObjectACLHandler(w http.ResponseWriter, r *http.Request) {
reqInfo := api.GetReqInfo(r.Context())
versionID := reqInfo.URL.Query().Get(api.QueryVersionID)
key, err := h.bearerTokenIssuerKey(r.Context())
iss, err := h.bearerTokenIssuer(r.Context())
if err != nil {
h.logAndSendError(w, "couldn't get gate key", reqInfo, err)
h.logAndSendError(w, "couldn't get bearer token issues", reqInfo, err)
return
}

Expand Down Expand Up @@ -379,7 +377,7 @@ func (h *handler) PutObjectACLHandler(w http.ResponseWriter, r *http.Request) {

list := &AccessControlPolicy{}
if r.ContentLength == 0 {
list, err = parseACLHeaders(r.Header, user.NewFromScriptHash(key.GetScriptHash()))
list, err = parseACLHeaders(r.Header, iss)
if err != nil {
h.logAndSendError(w, "could not parse bucket acl", reqInfo, err)
return
Expand Down
11 changes: 5 additions & 6 deletions api/handler/multipart_upload.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ import (
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
"github.com/nspcc-dev/neofs-s3-gw/api/s3errors"
"github.com/nspcc-dev/neofs-sdk-go/session"
"github.com/nspcc-dev/neofs-sdk-go/user"
"go.uber.org/zap"
)

Expand Down Expand Up @@ -114,12 +113,12 @@ func (h *handler) CreateMultipartUploadHandler(w http.ResponseWriter, r *http.Re
}

if containsACLHeaders(r) {
key, err := h.bearerTokenIssuerKey(r.Context())
iss, err := h.bearerTokenIssuer(r.Context())
if err != nil {
h.logAndSendError(w, "couldn't get gate key", reqInfo, err)
h.logAndSendError(w, "couldn't get bearer token issuer", reqInfo, err)
return
}
if _, err = parseACLHeaders(r.Header, user.NewFromScriptHash(key.GetScriptHash())); err != nil {
if _, err = parseACLHeaders(r.Header, iss); err != nil {
h.logAndSendError(w, "could not parse acl", reqInfo, err)
return
}
Expand Down Expand Up @@ -422,12 +421,12 @@ func (h *handler) CompleteMultipartUploadHandler(w http.ResponseWriter, r *http.
}

if len(uploadData.ACLHeaders) != 0 {
key, err := h.bearerTokenIssuerKey(r.Context())
iss, err := h.bearerTokenIssuer(r.Context())
if err != nil {
h.logAndSendError(w, "couldn't get gate key", reqInfo, err)
return
}
acl, err := parseACLHeaders(r.Header, user.NewFromScriptHash(key.GetScriptHash()))
acl, err := parseACLHeaders(r.Header, iss)
if err != nil {
h.logAndSendError(w, "could not parse acl", reqInfo, err)
return
Expand Down
12 changes: 6 additions & 6 deletions api/handler/put.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ import (
"github.com/nspcc-dev/neofs-s3-gw/creds/accessbox"
"github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/session"
"github.com/nspcc-dev/neofs-sdk-go/user"
"go.uber.org/zap"
)

Expand Down Expand Up @@ -591,11 +590,12 @@ func containsACLHeaders(r *http.Request) bool {

func (h *handler) getNewEAclTable(r *http.Request, bktInfo *data.BucketInfo, objInfo *data.ObjectInfo) (*eacl.Table, error) {
var newEaclTable *eacl.Table
key, err := h.bearerTokenIssuerKey(r.Context())

iss, err := h.bearerTokenIssuer(r.Context())
if err != nil {
return nil, fmt.Errorf("get bearer token issuer: %w", err)
}
objectACL, err := parseACLHeaders(r.Header, user.NewFromScriptHash(key.GetScriptHash()))
objectACL, err := parseACLHeaders(r.Header, iss)
if err != nil {
return nil, fmt.Errorf("could not parse object acl: %w", err)
}
Expand Down Expand Up @@ -683,13 +683,13 @@ func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
return
}

key, err := h.bearerTokenIssuerKey(r.Context())
iss, err := h.bearerTokenIssuer(r.Context())
if err != nil {
h.logAndSendError(w, "couldn't get bearer token signature key", reqInfo, err)
h.logAndSendError(w, "couldn't get bearer token issuer", reqInfo, err)
return
}

bktACL, err := parseACLHeaders(r.Header, user.NewFromScriptHash(key.GetScriptHash()))
bktACL, err := parseACLHeaders(r.Header, iss)
if err != nil {
h.logAndSendError(w, "could not parse bucket acl", reqInfo, err)
return
Expand Down
Loading