Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add content type checks #38

Merged
merged 3 commits into from
Sep 21, 2023
Merged

Add content type checks #38

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4284d8b
go.mod: Update SDK to the latest one
smallhive Sep 20, 2023
e4d2435
go.mod: Update neo-go to the latest one
smallhive Sep 20, 2023
7de6270
bearer: Deny some content-type uploads
smallhive Sep 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion auth/authenticator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"net/http"

"github.com/nspcc-dev/neofs-oauthz/bearer"
"github.com/nspcc-dev/neofs-sdk-go/client"
"github.com/nspcc-dev/neofs-sdk-go/pool"
"go.uber.org/zap"
)
Expand Down Expand Up @@ -144,7 +145,7 @@ func (u *Authenticator) getUserInfo(ctx context.Context, state, code string) (st
}

func (u *Authenticator) getBearerToken(ctx context.Context, email string) (string, string, error) {
infoRes, err := u.sdkPool.NetworkInfo(ctx)
infoRes, err := u.sdkPool.NetworkInfo(ctx, client.PrmNetworkInfo{})
if err != nil {
return "", "", err
}
Expand Down
7 changes: 7 additions & 0 deletions bearer/bearer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/eacl"
"github.com/nspcc-dev/neofs-sdk-go/object"
"github.com/nspcc-dev/neofs-sdk-go/user"
)

Expand Down Expand Up @@ -40,6 +41,12 @@ func (b *Generator) NewBearer(email string, currentEpoch uint64) (string, string
// order of rec is important
rec := eacl.CreateRecord(eacl.ActionAllow, eacl.OperationPut)
rec.AddObjectAttributeFilter(eacl.MatchStringEqual, b.config.EmailAttr, hashedEmail)
rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "application/javascript")
rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "text/javascript")
rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "application/xhtml+xml")
rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "text/html")
rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "text/htmlh")
rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "")
eacl.AddFormedTarget(rec, eacl.RoleOthers)
t.AddRecord(rec)
rec2 := eacl.CreateRecord(eacl.ActionDeny, eacl.OperationPut)
Expand Down
3 changes: 1 addition & 2 deletions cmd/neofs-oauthz/app.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ import (
"github.com/nspcc-dev/neofs-oauthz/auth"
"github.com/nspcc-dev/neofs-oauthz/bearer"
cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa"
"github.com/nspcc-dev/neofs-sdk-go/pool"
"github.com/nspcc-dev/neofs-sdk-go/user"
"github.com/spf13/viper"
Expand Down Expand Up @@ -92,7 +91,7 @@ func (a *app) initPool(ctx context.Context, key *keys.PrivateKey) {
err error
p pool.InitParameters
)
p.SetSigner(neofsecdsa.SignerRFC6979(key.PrivateKey))
p.SetSigner(user.NewAutoIDSignerRFC6979(key.PrivateKey))

connTimeout := a.cfg.GetDuration(cfgConTimeout)
if connTimeout <= 0 {
Expand Down
24 changes: 12 additions & 12 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ module github.com/nspcc-dev/neofs-oauthz
go 1.18

require (
github.com/nspcc-dev/neo-go v0.101.0
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.9
github.com/nspcc-dev/neo-go v0.102.0
github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.11.0.20230912200451-c0eefd5bd81c
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.15.0
go.uber.org/zap v1.24.0
Expand All @@ -16,7 +16,7 @@ require (
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/hashicorp/golang-lru v0.6.0 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
Expand All @@ -39,16 +39,16 @@ require (
github.com/urfave/cli v1.22.5 // indirect
go.uber.org/atomic v1.10.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
golang.org/x/crypto v0.4.0 // indirect
golang.org/x/exp v0.0.0-20221227203929-1b447090c38c // indirect
golang.org/x/net v0.9.0 // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/term v0.7.0 // indirect
golang.org/x/text v0.9.0 // indirect
golang.org/x/crypto v0.12.0 // indirect
golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b // indirect
golang.org/x/net v0.14.0 // indirect
golang.org/x/sys v0.11.0 // indirect
golang.org/x/term v0.11.0 // indirect
golang.org/x/text v0.12.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef // indirect
google.golang.org/grpc v1.52.0 // indirect
google.golang.org/protobuf v1.28.1 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 // indirect
google.golang.org/grpc v1.57.0 // indirect
google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
Loading
Loading