Skip to content

Commit

Permalink
api: drop useless key->issuer transformations
Browse files Browse the repository at this point in the history
Signed-off-by: Roman Khimov <[email protected]>
  • Loading branch information
roman-khimov committed Aug 14, 2024
1 parent 37b5fb8 commit 45644ab
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 26 deletions.
26 changes: 12 additions & 14 deletions api/handler/acl.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package handler
import (
"bytes"
"context"
"crypto/elliptic"
"encoding/json"
"encoding/xml"
"errors"
Expand All @@ -13,7 +12,6 @@ import (
"strconv"
"strings"

"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neofs-s3-gw/api"
"github.com/nspcc-dev/neofs-s3-gw/api/data"
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
Expand Down Expand Up @@ -214,25 +212,25 @@ func (h *handler) GetBucketACLHandler(w http.ResponseWriter, r *http.Request) {
}
}

func (h *handler) bearerTokenIssuerKey(ctx context.Context) (*keys.PublicKey, error) {
func (h *handler) bearerTokenIssuer(ctx context.Context) (user.ID, error) {
box, err := layer.GetBoxData(ctx)
if err != nil {
return nil, err
return user.ID{}, err
}

key, err := keys.NewPublicKeyFromBytes(box.Gate.BearerToken.SigningKeyBytes(), elliptic.P256())
if err != nil {
return nil, fmt.Errorf("public key from bytes: %w", err)
iss := box.Gate.BearerToken.ResolveIssuer()
if iss.IsZero() {
return user.ID{}, errors.New("can't resolve issuer from bearer token")
}

return key, nil
return iss, nil
}

func (h *handler) PutBucketACLHandler(w http.ResponseWriter, r *http.Request) {
reqInfo := api.GetReqInfo(r.Context())
key, err := h.bearerTokenIssuerKey(r.Context())
iss, err := h.bearerTokenIssuer(r.Context())
if err != nil {
h.logAndSendError(w, "couldn't get bearer token issuer key", reqInfo, err)
h.logAndSendError(w, "couldn't get bearer token issuer", reqInfo, err)
return
}

Expand All @@ -244,7 +242,7 @@ func (h *handler) PutBucketACLHandler(w http.ResponseWriter, r *http.Request) {

list := &AccessControlPolicy{}
if r.ContentLength == 0 {
list, err = parseACLHeaders(r.Header, user.NewFromScriptHash(key.GetScriptHash()))
list, err = parseACLHeaders(r.Header, iss)
if err != nil {
h.logAndSendError(w, "could not parse bucket acl", reqInfo, err)
return
Expand Down Expand Up @@ -347,9 +345,9 @@ func (h *handler) GetObjectACLHandler(w http.ResponseWriter, r *http.Request) {
func (h *handler) PutObjectACLHandler(w http.ResponseWriter, r *http.Request) {
reqInfo := api.GetReqInfo(r.Context())
versionID := reqInfo.URL.Query().Get(api.QueryVersionID)
key, err := h.bearerTokenIssuerKey(r.Context())
iss, err := h.bearerTokenIssuer(r.Context())
if err != nil {
h.logAndSendError(w, "couldn't get gate key", reqInfo, err)
h.logAndSendError(w, "couldn't get bearer token issues", reqInfo, err)
return
}

Expand Down Expand Up @@ -379,7 +377,7 @@ func (h *handler) PutObjectACLHandler(w http.ResponseWriter, r *http.Request) {

list := &AccessControlPolicy{}
if r.ContentLength == 0 {
list, err = parseACLHeaders(r.Header, user.NewFromScriptHash(key.GetScriptHash()))
list, err = parseACLHeaders(r.Header, iss)
if err != nil {
h.logAndSendError(w, "could not parse bucket acl", reqInfo, err)
return
Expand Down
11 changes: 5 additions & 6 deletions api/handler/multipart_upload.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ import (
"github.com/nspcc-dev/neofs-s3-gw/api/layer"
"github.com/nspcc-dev/neofs-s3-gw/api/s3errors"
"github.com/nspcc-dev/neofs-sdk-go/session"
"github.com/nspcc-dev/neofs-sdk-go/user"
"go.uber.org/zap"
)

Expand Down Expand Up @@ -114,12 +113,12 @@ func (h *handler) CreateMultipartUploadHandler(w http.ResponseWriter, r *http.Re
}

if containsACLHeaders(r) {
key, err := h.bearerTokenIssuerKey(r.Context())
iss, err := h.bearerTokenIssuer(r.Context())
if err != nil {
h.logAndSendError(w, "couldn't get gate key", reqInfo, err)
h.logAndSendError(w, "couldn't get bearer token issuer", reqInfo, err)
return
}
if _, err = parseACLHeaders(r.Header, user.NewFromScriptHash(key.GetScriptHash())); err != nil {
if _, err = parseACLHeaders(r.Header, iss); err != nil {
h.logAndSendError(w, "could not parse acl", reqInfo, err)
return
}
Expand Down Expand Up @@ -422,12 +421,12 @@ func (h *handler) CompleteMultipartUploadHandler(w http.ResponseWriter, r *http.
}

if len(uploadData.ACLHeaders) != 0 {
key, err := h.bearerTokenIssuerKey(r.Context())
iss, err := h.bearerTokenIssuer(r.Context())
if err != nil {
h.logAndSendError(w, "couldn't get gate key", reqInfo, err)
return
}
acl, err := parseACLHeaders(r.Header, user.NewFromScriptHash(key.GetScriptHash()))
acl, err := parseACLHeaders(r.Header, iss)
if err != nil {
h.logAndSendError(w, "could not parse acl", reqInfo, err)
return
Expand Down
12 changes: 6 additions & 6 deletions api/handler/put.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ import (
"github.com/nspcc-dev/neofs-s3-gw/creds/accessbox"
"github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/session"
"github.com/nspcc-dev/neofs-sdk-go/user"
"go.uber.org/zap"
)

Expand Down Expand Up @@ -591,11 +590,12 @@ func containsACLHeaders(r *http.Request) bool {

func (h *handler) getNewEAclTable(r *http.Request, bktInfo *data.BucketInfo, objInfo *data.ObjectInfo) (*eacl.Table, error) {
var newEaclTable *eacl.Table
key, err := h.bearerTokenIssuerKey(r.Context())

iss, err := h.bearerTokenIssuer(r.Context())
if err != nil {
return nil, fmt.Errorf("get bearer token issuer: %w", err)
}
objectACL, err := parseACLHeaders(r.Header, user.NewFromScriptHash(key.GetScriptHash()))
objectACL, err := parseACLHeaders(r.Header, iss)
if err != nil {
return nil, fmt.Errorf("could not parse object acl: %w", err)
}
Expand Down Expand Up @@ -683,13 +683,13 @@ func (h *handler) CreateBucketHandler(w http.ResponseWriter, r *http.Request) {
return
}

key, err := h.bearerTokenIssuerKey(r.Context())
iss, err := h.bearerTokenIssuer(r.Context())
if err != nil {
h.logAndSendError(w, "couldn't get bearer token signature key", reqInfo, err)
h.logAndSendError(w, "couldn't get bearer token issuer", reqInfo, err)
return
}

bktACL, err := parseACLHeaders(r.Header, user.NewFromScriptHash(key.GetScriptHash()))
bktACL, err := parseACLHeaders(r.Header, iss)
if err != nil {
h.logAndSendError(w, "could not parse bucket acl", reqInfo, err)
return
Expand Down

0 comments on commit 45644ab

Please sign in to comment.