v2

package
v0.51.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 4, 2026 License: GPL-3.0 Imports: 29 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNotMatched is returned from CheckEACL() when there were no rules
	// found that match request/object. Most of the time this means there
	// were no object headers to check rules against, but it can also
	// mean the default behavior after the full table scan.
	ErrNotMatched = errors.New("no matching rule")
)
View Source 
var ErrSkipRequest = errors.New("skip request")

Functions

This section is empty.

Types

type ACLChecker 

type ACLChecker interface {
	// CheckBasicACL must return true only if request
	// passes basic ACL validation.
	CheckBasicACL(RequestInfo) bool
	// CheckEACL must return non-nil error if request
	// doesn't pass extended ACL validation.
	CheckEACL(any, RequestInfo) error
	// StickyBitCheck must return true only if sticky bit
	// is disabled or enabled but request contains correct
	// owner field.
	StickyBitCheck(RequestInfo, user.ID) bool
}

ACLChecker is an interface that must provide ACL related checks.

type FSChain added in v0.46.0 

type FSChain interface {
	InvokeContainedScript(tx *transaction.Transaction, header *block.Header, _ *trigger.Type, _ *bool) (*result.Invoke, error)

	// InContainerInLastTwoEpochs checks whether given public key belongs to any SN
	// from the referenced container either in the current or the previous NeoFS
	// epoch.
	InContainerInLastTwoEpochs(_ cid.ID, pub []byte) (bool, error)

	// HasUserInNNS checks whether given user is listed in the NNS domain.
	HasUserInNNS(name string, addr util.Uint160) (bool, error)
}

FSChain provides base non-contract functionality of the FS chain required for Service to work.

type InnerRingFetcher 

type InnerRingFetcher interface {
	// InnerRingKeys must return list of public keys of
	// the actual inner ring.
	InnerRingKeys() ([][]byte, error)
}

InnerRingFetcher is an interface that must provide Inner Ring information.

type Netmapper added in v0.43.0 

type Netmapper interface {
	netmap.Source
	// ServerInContainer checks if current node belongs to requested container.
	// Any unknown state must be returned as `(false, error.New("explanation"))`,
	// not `(false, nil)`.
	ServerInContainer(cid.ID) (bool, error)
	// GetEpochBlock returns FS chain height when given NeoFS epoch was ticked.
	GetEpochBlock(epoch uint64) (uint32, error)
	// GetEpochBlockByTime returns FS chain height of block index when the latest epoch that
	// started not later than the provided block time came.
	GetEpochBlockByTime(t uint32) (uint32, error)
}

Netmapper must provide network map information.

type Option 

type Option func(*cfg)

Option represents Service constructor option.

func WithContainerSource 

func WithContainerSource(v container.Source) Option

WithContainerSource returns option to set container source.

func WithIRFetcher 

func WithIRFetcher(v InnerRingFetcher) Option

WithIRFetcher returns option to set inner ring fetcher.

func WithLogger 

func WithLogger(v *zap.Logger) Option

WithLogger returns option to set logger.

func WithNetmapper added in v0.43.0 

func WithNetmapper(v Netmapper) Option

WithNetmapper return option to set netmap source.

func WithTimeProvider added in v0.51.0 

func WithTimeProvider(p TimeProvider) Option

WithTimeProvider sets external chain time provider updated from header subscriptions.

type RequestInfo 

type RequestInfo struct {
	// contains filtered or unexported fields
}

RequestInfo groups parsed version-independent (from SDK library) request information and raw API request.

func (RequestInfo) BasicACL 

func (r RequestInfo) BasicACL() acl.Basic

BasicACL returns basic ACL of the container.

func (RequestInfo) Bearer 

func (r RequestInfo) Bearer() *bearer.Token

Bearer returns bearer token of the request.

func (*RequestInfo) CleanBearer 

func (r *RequestInfo) CleanBearer()

CleanBearer forces cleaning bearer token information.

func (RequestInfo) ContainerID 

func (r RequestInfo) ContainerID() cid.ID

ContainerID return container ID.

func (RequestInfo) ObjectID 

func (r RequestInfo) ObjectID() *oid.ID

ObjectID return object ID.

func (RequestInfo) Operation 

func (r RequestInfo) Operation() acl.Op

Operation returns request's operation.

func (RequestInfo) Request 

func (r RequestInfo) Request() any

Request returns raw API request.

func (RequestInfo) RequestRole 

func (r RequestInfo) RequestRole() acl.Role

RequestRole returns request sender's role.

func (RequestInfo) SenderAccount added in v0.43.0 

func (r RequestInfo) SenderAccount() *user.ID

SenderAccount returns account of the request's sender.

func (RequestInfo) SenderKey 

func (r RequestInfo) SenderKey() []byte

SenderKey returns public key of the request's sender.

func (*RequestInfo) SetBasicACL 

func (r *RequestInfo) SetBasicACL(basicACL acl.Basic)

func (*RequestInfo) SetRequestRole 

func (r *RequestInfo) SetRequestRole(requestRole acl.Role)

func (*RequestInfo) SetSenderKey 

func (r *RequestInfo) SetSenderKey(senderKey []byte)

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service checks basic ACL rules.

func New 

func New(fsChain FSChain, opts ...Option) Service

New is a constructor for object ACL checking service.

func (Service) DeleteRequestToInfo added in v0.45.0 

func (b Service) DeleteRequestToInfo(request *protoobject.DeleteRequest) (RequestInfo, error)

DeleteRequestToInfo resolves RequestInfo from the request to check it using ACLChecker.

func (Service) GetRequestToInfo added in v0.45.0 

func (b Service) GetRequestToInfo(request *protoobject.GetRequest) (RequestInfo, error)

GetRequestToInfo resolves RequestInfo from the request to check it using ACLChecker.

func (Service) HashRequestToInfo added in v0.45.0 

func (b Service) HashRequestToInfo(request *protoobject.GetRangeHashRequest) (RequestInfo, error)

HashRequestToInfo resolves RequestInfo from the request to check it using ACLChecker.

func (Service) HeadRequestToInfo added in v0.45.0 

func (b Service) HeadRequestToInfo(request *protoobject.HeadRequest) (RequestInfo, error)

HeadRequestToInfo resolves RequestInfo from the request to check it using ACLChecker.

func (Service) PutRequestToInfo added in v0.45.0 

func (b Service) PutRequestToInfo(request *protoobject.PutRequest) (RequestInfo, user.ID, error)

PutRequestToInfo resolves RequestInfo from the request to check it using ACLChecker. Returns ErrSkipRequest if check should not be performed.

func (Service) RangeRequestToInfo added in v0.45.0 

func (b Service) RangeRequestToInfo(request *protoobject.GetRangeRequest) (RequestInfo, error)

RangeRequestToInfo resolves RequestInfo from the request to check it using ACLChecker.

func (Service) ResetTokenCheckCache added in v0.48.0 

func (b Service) ResetTokenCheckCache()

ResetTokenCheckCache resets cache of session and bearer tokens' check results.

func (Service) SearchRequestToInfo added in v0.45.0 

func (b Service) SearchRequestToInfo(request *protoobject.SearchRequest) (RequestInfo, error)

SearchRequestToInfo resolves RequestInfo from the request to check it using ACLChecker.

func (Service) SearchV2RequestToInfo added in v0.45.0 

func (b Service) SearchV2RequestToInfo(request *protoobject.SearchV2Request) (RequestInfo, error)

SearchV2RequestToInfo resolves RequestInfo from the request to check it using ACLChecker.

type TimeProvider added in v0.51.0 

type TimeProvider interface {
	Now() time.Time
}

TimeProvider supplies current FS chain time without calling the chain. It should be updated from block header subscriptions and return time based on the latest observed header timestamp.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.