working commit

2026-02-14 18:45:11 +02:00
parent 8d46c6a677
commit 53ed35dc08
16 changed files with 144 additions and 120 deletions
@@ -3,6 +3,7 @@ package handler
 import (
 	"context"
 	"fmt"
+	"regexp"

 	"mstore/app/descr"
 	"mstore/app/router"
@@ -21,9 +22,10 @@ func (hand *Handler) AuthMiddleware(next router.Handler) router.Handler {
 	handlerFunc = func(rctx *router.Context) {
 		hand.logg.Debugf("Call authorization middleware")
 		success, accountID, err := hand.CheckAccess(rctx)
-		if success && err == nil {
+		if success {
 			rctx.SetBool(authTag, true)
 			rctx.SetString(userTag, accountID)
+			hand.logg.Debugf("Authorization for accountID [%s]", rctx.Strings[userTag])
 		}
 		if err != nil {
 			hand.logg.Errorf("Authorization middleware error: %v", err)
@@ -50,10 +52,16 @@ func (hand *Handler) CheckAccess(rctx *router.Context) (bool, string, error) {
 		if err != nil {
 			return success, accountID, err
 		}
-		hand.logg.Debugf("Authorization username is %s:%s", username, password)
 	}
-	success = true // TODO: change to actual call
-
+	success, id, err := hand.ValidatePassword(rctx.Ctx, username, password)
+	if err != nil {
+		return false, accountID, err
+	}
+	if !success {
+		err = fmt.Errorf("Incorrect username or password")
+		return false, accountID, err
+	}
+	accountID = id
 	return success, accountID, err
 }

@@ -73,5 +81,46 @@ func (hand *Handler) ValidatePassword(ctx context.Context, username, password st
 	}
 	valid = true
 	accountID = accountDescr.ID
+
 	return valid, accountID, err
 }
+
+func (hand *Handler) CheckRight(ctx context.Context, accountID, right, subject string) (bool, error) {
+	var err error
+	var res bool
+	hand.logg.Debugf("Cop check your right %s: %s %s", accountID, right, subject)
+	//         =[]=
+	//        /------\
+	//   .---[-]  [#] \--,
+	//  >|   [ ]  [ ]    |
+	//   '--0-------0----'
+	//  Bad news for you, baby.... #
+
+	// TODO: defer logger
+
+	defer hand.logg.Debugf("Checking right %s for %s: %v", right, accountID, res)
+
+	exists, grant, err := hand.mdb.GetGrantByAccoundIDRight(ctx, accountID, right)
+	if err != nil {
+		return res, err
+	}
+	if !exists {
+		return res, err
+	}
+
+	switch right {
+	case descr.RightReadFiles, descr.RightWriteFiles:
+		grant.Pattern = ".*"
+		re, err := regexp.Compile(grant.Pattern)
+		if err != nil {
+			return res, err
+		}
+		if !re.MatchString(subject) {
+			return res, err
+		}
+	default:
+		// NOP
+	}
+	res = true
+	return res, err
+}
@@ -1,7 +1,6 @@
 package handler

 import (
-	"context"
 	"fmt"

 	"mstore/app/descr"
@@ -9,21 +8,6 @@ import (
 	"mstore/app/router"
 )

-func (hand *Handler) CheckRight(ctx context.Context, accountID, right, subject string) (bool, error) {
-	var err error
-	var res bool
-	hand.logg.Debugf("Cop check your right %s: %s %s", accountID, right, subject)
-	//         =[]=
-	//        /------\
-	//   .---[-]  [#] \--,
-	//  >|   [ ]  [ ]    |
-	//   '--0-------0----'
-	//  Bad news for you, baby.... #
-
-	res = true
-	return res, err
-}
-
 // POST /v3/account/create 200 200
 func (hand *Handler) CreateAccount(rctx *router.Context) {
 	var err error
@@ -11,7 +11,6 @@
 package handler

 import (
-	"fmt"
 	"io"
 	"net/http"

@@ -35,13 +34,11 @@ func (hand *Handler) BlobExists(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -77,13 +74,11 @@ func (hand *Handler) PostUpload(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -124,13 +119,11 @@ func (hand *Handler) PatchUpload(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -170,13 +163,11 @@ func (hand *Handler) PutUpload(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -202,13 +193,11 @@ func (hand *Handler) GetBlob(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -250,13 +239,11 @@ func (hand *Handler) DeleteBlob(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -10,8 +10,8 @@
 package handler

 import (
-	"fmt"
 	"io"
+	"net/http"

 	"mstore/app/descr"
 	"mstore/app/operator"
@@ -30,13 +30,11 @@ func (hand *Handler) FileInfo(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadFiles, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -77,13 +75,11 @@ func (hand *Handler) PutFile(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteFiles, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -107,13 +103,11 @@ func (hand *Handler) GetFile(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadFiles, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -157,13 +151,11 @@ func (hand *Handler) DeleteFile(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteFiles, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -189,13 +181,11 @@ func (hand *Handler) ListFiles(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadFiles, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -10,7 +10,6 @@
 package handler

 import (
-	"fmt"
 	"net/http"

 	"mstore/app/descr"
@@ -30,13 +29,11 @@ func (hand *Handler) ManifestExists(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -74,13 +71,11 @@ func (hand *Handler) PutManifest(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -107,13 +102,11 @@ func (hand *Handler) GetManifest(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -147,13 +140,11 @@ func (hand *Handler) DeleteManifest(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightWriteImages, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -178,13 +169,11 @@ func (hand *Handler) GetReferer(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -206,13 +195,11 @@ func (hand *Handler) GetTags(rctx *router.Context) {
 	operatorID, _ := rctx.GetString(userTag)
 	opEnable, err := hand.CheckRight(rctx.Ctx, operatorID, descr.RightReadImages, "")
 	if err != nil {
-		err := fmt.Errorf("Operation error: %v", err)
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusInternalServerError)
 		return
 	}
 	if !opEnable {
-		err := fmt.Errorf("Operation not enabled for this account")
-		hand.SendError(rctx, err)
+		rctx.SetStatus(http.StatusMethodNotAllowed)
 		return
 	}
 	// Execution of the operation
@@ -76,6 +76,23 @@ func (db *Database) GetGrantByID(ctx context.Context, id string) (bool, *descr.G
 	return true, res, err
 }

+func (db *Database) GetGrantByAccoundIDRight(ctx context.Context, accountID, right string) (bool, *descr.Grant, error) {
+	var err error
+	res := &descr.Grant{}
+	request := `SELECT * FROM grants WHERE account_id = $1 AND right = $2 LIMIT 1`
+	dbRes := make([]descr.Grant, 0)
+	err = db.db.Select(&dbRes, request, accountID, right)
+	if err != nil {
+		return false, res, err
+	}
+	if len(dbRes) == 0 {
+		return false, res, err
+
+	}
+	res = &dbRes[0]
+	return true, res, err
+}
+
 func (db *Database) GetGrantByAccoundIDRightPattern(ctx context.Context, accountID, right, pattern string) (bool, *descr.Grant, error) {
 	var err error
 	res := &descr.Grant{}
@@ -40,7 +40,7 @@ func TestGrant(t *testing.T) {
 	newGrant := &descr.Grant{
 		ID:        id,
 		AccountID: accountID,
-		Operation: "opFoo",
+		Right:     "rigthFoo",
 		Pattern:   `*`,
 		CreatedAt: timenow,
 		UpdatedAt: timenow,
@@ -43,7 +43,7 @@ func (db *Database) WriteAnonymous(ctx context.Context) error {
 		ID:        auxuuid.NewUUID(),
 		AccountID: accountDescr.ID,
 		Right:     descr.RightReadFiles,
-		Pattern:   "*",
+		Pattern:   ".*",
 		CreatedAt: now,
 		UpdatedAt: now,
 		CreatedBy: descr.ServerID,
@@ -57,7 +57,7 @@ func (db *Database) WriteAnonymous(ctx context.Context) error {
 		ID:        auxuuid.NewUUID(),
 		AccountID: accountDescr.ID,
 		Right:     descr.RightReadImages,
-		Pattern:   "*",
+		Pattern:   ".*",
 		CreatedAt: now,
 		UpdatedAt: now,
 		CreatedBy: descr.ServerID,
@@ -96,7 +96,7 @@ func (db *Database) WriteInituser(ctx context.Context) error {
 		ID:        auxuuid.NewUUID(),
 		AccountID: accountDescr.ID,
 		Right:     descr.RightReadFiles,
-		Pattern:   "*",
+		Pattern:   ".*",
 		CreatedAt: now,
 		UpdatedAt: now,
 		CreatedBy: descr.ServerID,
@@ -110,7 +110,7 @@ func (db *Database) WriteInituser(ctx context.Context) error {
 		ID:        auxuuid.NewUUID(),
 		AccountID: accountDescr.ID,
 		Right:     descr.RightWriteFiles,
-		Pattern:   "*",
+		Pattern:   ".*",
 		CreatedAt: now,
 		UpdatedAt: now,
 		CreatedBy: descr.ServerID,
@@ -125,7 +125,7 @@ func (db *Database) WriteInituser(ctx context.Context) error {
 		ID:        auxuuid.NewUUID(),
 		AccountID: accountDescr.ID,
 		Right:     descr.RightReadImages,
-		Pattern:   "*",
+		Pattern:   ",*",
 		CreatedAt: now,
 		UpdatedAt: now,
 		CreatedBy: descr.ServerID,
@@ -139,7 +139,7 @@ func (db *Database) WriteInituser(ctx context.Context) error {
 		ID:        auxuuid.NewUUID(),
 		AccountID: accountDescr.ID,
 		Right:     descr.RightWriteImages,
-		Pattern:   "*",
+		Pattern:   ".*",
 		CreatedAt: now,
 		UpdatedAt: now,
 		CreatedBy: descr.ServerID,
@@ -174,13 +174,13 @@ func (srv *Server) Build() error {
 	}
 	// Creating database dir
 	dbdir := srv.conf.Database.Basepath
-	if !auxtool.DirExists(dbdir) {
-		srv.logg.Infof("Creating database directory %s ", dbdir)
-		err = os.MkdirAll(dbdir, 0750)
-		if err != nil {
-			return err
-		}
+	//if !auxtool.DirExists(dbdir) {
+	srv.logg.Infof("Creating database directory %s ", dbdir)
+	err = os.MkdirAll(dbdir, 0750)
+	if err != nil {
+		return err
 	}
+	//}
 	// Creating database
 	mdb := maindb.NewDatabase(dbdir)
 	srv.logg.Infof("Opening main database")