Documentation
¶
Index ¶
- Variables
- type ACLChecker
- type FSChain
- type InnerRingFetcher
- type Netmapper
- type Option
- type RequestInfo
- func (r RequestInfo) BasicACL() acl.Basic
- func (r RequestInfo) Bearer() *bearer.Token
- func (r *RequestInfo) CleanBearer()
- func (r RequestInfo) ContainerID() cid.ID
- func (r RequestInfo) ObjectID() *oid.ID
- func (r RequestInfo) Operation() acl.Op
- func (r RequestInfo) Request() any
- func (r RequestInfo) RequestRole() acl.Role
- func (r RequestInfo) SenderAccount() *user.ID
- func (r RequestInfo) SenderKey() []byte
- func (r *RequestInfo) SetBasicACL(basicACL acl.Basic)
- func (r *RequestInfo) SetRequestRole(requestRole acl.Role)
- func (r *RequestInfo) SetSenderKey(senderKey []byte)
- type Service
- func (b Service) DeleteRequestToInfo(request *protoobject.DeleteRequest) (RequestInfo, error)
- func (b Service) GetRequestToInfo(request *protoobject.GetRequest) (RequestInfo, error)
- func (b Service) HashRequestToInfo(request *protoobject.GetRangeHashRequest) (RequestInfo, error)
- func (b Service) HeadRequestToInfo(request *protoobject.HeadRequest) (RequestInfo, error)
- func (b Service) PutRequestToInfo(request *protoobject.PutRequest) (RequestInfo, user.ID, error)
- func (b Service) RangeRequestToInfo(request *protoobject.GetRangeRequest) (RequestInfo, error)
- func (b Service) ResetTokenCheckCache()
- func (b Service) SearchRequestToInfo(request *protoobject.SearchRequest) (RequestInfo, error)
- func (b Service) SearchV2RequestToInfo(request *protoobject.SearchV2Request) (RequestInfo, error)
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNotMatched is returned from CheckEACL() when there were no rules // found that match request/object. Most of the time this means there // were no object headers to check rules against, but it can also // mean the default behavior after the full table scan. ErrNotMatched = errors.New("no matching rule") )
var ErrSkipRequest = errors.New("skip request")
Functions ¶
This section is empty.
Types ¶
type ACLChecker ¶
type ACLChecker interface {
// CheckBasicACL must return true only if request
// passes basic ACL validation.
CheckBasicACL(RequestInfo) bool
// CheckEACL must return non-nil error if request
// doesn't pass extended ACL validation.
CheckEACL(any, RequestInfo) error
// StickyBitCheck must return true only if sticky bit
// is disabled or enabled but request contains correct
// owner field.
StickyBitCheck(RequestInfo, user.ID) bool
}
ACLChecker is an interface that must provide ACL related checks.
type FSChain ¶ added in v0.46.0
type FSChain interface {
InvokeContainedScript(tx *transaction.Transaction, header *block.Header, _ *trigger.Type, _ *bool) (*result.Invoke, error)
// InContainerInLastTwoEpochs checks whether given public key belongs to any SN
// from the referenced container either in the current or the previous NeoFS
// epoch.
InContainerInLastTwoEpochs(_ cid.ID, pub []byte) (bool, error)
}
FSChain provides base non-contract functionality of the FS chain required for Service to work.
type InnerRingFetcher ¶
type InnerRingFetcher interface {
// InnerRingKeys must return list of public keys of
// the actual inner ring.
InnerRingKeys() ([][]byte, error)
}
InnerRingFetcher is an interface that must provide Inner Ring information.
type Netmapper ¶ added in v0.43.0
type Netmapper interface {
netmap.Source
// ServerInContainer checks if current node belongs to requested container.
// Any unknown state must be returned as `(false, error.New("explanation"))`,
// not `(false, nil)`.
ServerInContainer(cid.ID) (bool, error)
// GetEpochBlock returns FS chain height when given NeoFS epoch was ticked.
GetEpochBlock(epoch uint64) (uint32, error)
}
Netmapper must provide network map information.
type Option ¶
type Option func(*cfg)
Option represents Service constructor option.
func WithContainerSource ¶
WithContainerSource returns option to set container source.
func WithIRFetcher ¶
func WithIRFetcher(v InnerRingFetcher) Option
WithIRFetcher returns option to set inner ring fetcher.
func WithNetmapper ¶ added in v0.43.0
WithNetmapper return option to set netmap source.
type RequestInfo ¶
type RequestInfo struct {
// contains filtered or unexported fields
}
RequestInfo groups parsed version-independent (from SDK library) request information and raw API request.
func (RequestInfo) BasicACL ¶
func (r RequestInfo) BasicACL() acl.Basic
BasicACL returns basic ACL of the container.
func (RequestInfo) Bearer ¶
func (r RequestInfo) Bearer() *bearer.Token
Bearer returns bearer token of the request.
func (*RequestInfo) CleanBearer ¶
func (r *RequestInfo) CleanBearer()
CleanBearer forces cleaning bearer token information.
func (RequestInfo) ContainerID ¶
func (r RequestInfo) ContainerID() cid.ID
ContainerID return container ID.
func (RequestInfo) Operation ¶
func (r RequestInfo) Operation() acl.Op
Operation returns request's operation.
func (RequestInfo) RequestRole ¶
func (r RequestInfo) RequestRole() acl.Role
RequestRole returns request sender's role.
func (RequestInfo) SenderAccount ¶ added in v0.43.0
func (r RequestInfo) SenderAccount() *user.ID
SenderAccount returns account of the request's sender.
func (RequestInfo) SenderKey ¶
func (r RequestInfo) SenderKey() []byte
SenderKey returns public key of the request's sender.
func (*RequestInfo) SetBasicACL ¶
func (r *RequestInfo) SetBasicACL(basicACL acl.Basic)
func (*RequestInfo) SetRequestRole ¶
func (r *RequestInfo) SetRequestRole(requestRole acl.Role)
func (*RequestInfo) SetSenderKey ¶
func (r *RequestInfo) SetSenderKey(senderKey []byte)
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service checks basic ACL rules.
func (Service) DeleteRequestToInfo ¶ added in v0.45.0
func (b Service) DeleteRequestToInfo(request *protoobject.DeleteRequest) (RequestInfo, error)
DeleteRequestToInfo resolves RequestInfo from the request to check it using ACLChecker.
func (Service) GetRequestToInfo ¶ added in v0.45.0
func (b Service) GetRequestToInfo(request *protoobject.GetRequest) (RequestInfo, error)
GetRequestToInfo resolves RequestInfo from the request to check it using ACLChecker.
func (Service) HashRequestToInfo ¶ added in v0.45.0
func (b Service) HashRequestToInfo(request *protoobject.GetRangeHashRequest) (RequestInfo, error)
HashRequestToInfo resolves RequestInfo from the request to check it using ACLChecker.
func (Service) HeadRequestToInfo ¶ added in v0.45.0
func (b Service) HeadRequestToInfo(request *protoobject.HeadRequest) (RequestInfo, error)
HeadRequestToInfo resolves RequestInfo from the request to check it using ACLChecker.
func (Service) PutRequestToInfo ¶ added in v0.45.0
func (b Service) PutRequestToInfo(request *protoobject.PutRequest) (RequestInfo, user.ID, error)
PutRequestToInfo resolves RequestInfo from the request to check it using ACLChecker. Returns ErrSkipRequest if check should not be performed.
func (Service) RangeRequestToInfo ¶ added in v0.45.0
func (b Service) RangeRequestToInfo(request *protoobject.GetRangeRequest) (RequestInfo, error)
RangeRequestToInfo resolves RequestInfo from the request to check it using ACLChecker.
func (Service) ResetTokenCheckCache ¶ added in v0.48.0
func (b Service) ResetTokenCheckCache()
ResetTokenCheckCache resets cache of session and bearer tokens' check results.
func (Service) SearchRequestToInfo ¶ added in v0.45.0
func (b Service) SearchRequestToInfo(request *protoobject.SearchRequest) (RequestInfo, error)
SearchRequestToInfo resolves RequestInfo from the request to check it using ACLChecker.
func (Service) SearchV2RequestToInfo ¶ added in v0.45.0
func (b Service) SearchV2RequestToInfo(request *protoobject.SearchV2Request) (RequestInfo, error)
SearchV2RequestToInfo resolves RequestInfo from the request to check it using ACLChecker.
Source Files