From b4044528aca66a6b4a2b98600f809bc5062f087a Mon Sep 17 00:00:00 2001 From: Evgenii Baidakov Date: Wed, 2 Aug 2023 08:07:49 +0400 Subject: [PATCH] *: Update SDK to the latest version closes #806 Signed-off-by: Evgenii Baidakov --- api/handler/handlers_test.go | 5 +-- api/handler/notifications.go | 3 +- api/layer/container.go | 2 +- api/layer/layer.go | 17 ++++---- api/layer/neofs.go | 4 +- api/layer/neofs_mock.go | 7 ++- api/layer/versioning_test.go | 8 ++-- authmate/authmate.go | 16 +++---- cmd/s3-authmate/main.go | 8 ++-- cmd/s3-gw/app.go | 65 ++++++++++++++-------------- cmd/s3-gw/app_metrics.go | 15 ++++--- creds/accessbox/bearer_token_test.go | 3 +- go.mod | 14 +++--- go.sum | 16 ++++--- internal/neofs/neofs.go | 61 ++++++++++++++------------ internal/neofs/tree.go | 3 +- 16 files changed, 127 insertions(+), 120 deletions(-) diff --git a/api/handler/handlers_test.go b/api/handler/handlers_test.go index 7919f47c..5ae20d45 100644 --- a/api/handler/handlers_test.go +++ b/api/handler/handlers_test.go @@ -18,7 +18,6 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api/data" "github.com/nspcc-dev/neofs-s3-gw/api/layer" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/netmap" "github.com/nspcc-dev/neofs-sdk-go/object" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" @@ -80,8 +79,8 @@ func prepareHandlerContext(t *testing.T) *handlerContext { testResolver := &contResolver{layer: tp} - var owner user.ID - require.NoError(t, user.IDFromSigner(&owner, neofsecdsa.SignerRFC6979(key.PrivateKey))) + signer := user.NewSignerRFC6979(key.PrivateKey) + owner := signer.UserID() layerCfg := &layer.Config{ Caches: layer.DefaultCachesConfigs(zap.NewExample()), diff --git a/api/handler/notifications.go b/api/handler/notifications.go index 73a92e87..39c3919a 100644 --- a/api/handler/notifications.go +++ b/api/handler/notifications.go @@ -13,7 +13,6 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api/data" "github.com/nspcc-dev/neofs-s3-gw/api/layer" "github.com/nspcc-dev/neofs-s3-gw/api/s3errors" - "github.com/nspcc-dev/neofs-sdk-go/bearer" ) type ( @@ -163,7 +162,7 @@ func (h *handler) sendNotifications(ctx context.Context, p *SendNotificationPara box, err := layer.GetBoxData(ctx) if err == nil && box.Gate.BearerToken != nil { - p.User = bearer.ResolveIssuer(*box.Gate.BearerToken).EncodeToString() + p.User = box.Gate.BearerToken.ResolveIssuer().EncodeToString() } p.Time = layer.TimeNow(ctx) diff --git a/api/layer/container.go b/api/layer/container.go index f4fb6323..e4acab1d 100644 --- a/api/layer/container.go +++ b/api/layer/container.go @@ -159,7 +159,7 @@ func (n *layer) createContainer(ctx context.Context, p *CreateBucketParams) (*da func (n *layer) setContainerEACLTable(ctx context.Context, idCnr cid.ID, table *eacl.Table, sessionToken *session.Container) error { table.SetCID(idCnr) - return n.neoFS.SetContainerEACL(ctx, *table, sessionToken) + return n.neoFS.SetContainerEACL(ctx, *table, sessionToken, n.gateSigner) } func (n *layer) GetContainerEACL(ctx context.Context, idCnr cid.ID) (*eacl.Table, error) { diff --git a/api/layer/layer.go b/api/layer/layer.go index ec641452..8fb570d1 100644 --- a/api/layer/layer.go +++ b/api/layer/layer.go @@ -17,7 +17,6 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api/layer/encryption" "github.com/nspcc-dev/neofs-s3-gw/api/s3errors" "github.com/nspcc-dev/neofs-s3-gw/creds/accessbox" - "github.com/nspcc-dev/neofs-sdk-go/bearer" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" "github.com/nspcc-dev/neofs-sdk-go/eacl" "github.com/nspcc-dev/neofs-sdk-go/netmap" @@ -47,6 +46,7 @@ type ( neoFS NeoFS log *zap.Logger gateKey *keys.PrivateKey + gateSigner user.Signer resolver BucketResolver ncontroller EventListener cache *Cache @@ -266,6 +266,7 @@ func NewLayer(log *zap.Logger, neoFS NeoFS, config *Config) Client { neoFS: neoFS, log: log, gateKey: config.GateKey, + gateSigner: user.NewSignerRFC6979(config.GateKey.PrivateKey), resolver: config.Resolver, cache: NewCache(config.Caches), treeService: config.TreeService, @@ -307,26 +308,24 @@ func TimeNow(ctx context.Context) time.Time { // Owner returns owner id from BearerToken (context) or from client owner. func (n *layer) Owner(ctx context.Context) user.ID { if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil && bd.Gate.BearerToken != nil { - return bearer.ResolveIssuer(*bd.Gate.BearerToken) + return bd.Gate.BearerToken.ResolveIssuer() } var ownerID user.ID - if err := user.IDFromKey(&ownerID, n.gateKey.PublicKey().Bytes()); err != nil { - panic(fmt.Errorf("id from key: %w", err)) - } + ownerID.SetScriptHash(n.gateKey.PublicKey().GetScriptHash()) return ownerID } func (n *layer) prepareAuthParameters(ctx context.Context, prm *PrmAuth, bktOwner user.ID) { + prm.PrivateKey = &n.gateKey.PrivateKey + if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil && bd.Gate.BearerToken != nil { - if bktOwner.Equals(bearer.ResolveIssuer(*bd.Gate.BearerToken)) { + if bktOwner.Equals(bd.Gate.BearerToken.ResolveIssuer()) { prm.BearerToken = bd.Gate.BearerToken return } } - - prm.PrivateKey = &n.gateKey.PrivateKey } // GetBucketInfo returns bucket info by name. @@ -673,5 +672,5 @@ func (n *layer) DeleteBucket(ctx context.Context, p *DeleteBucketParams) error { } n.cache.DeleteBucket(p.BktInfo.Name) - return n.neoFS.DeleteContainer(ctx, p.BktInfo.CID, p.SessionToken) + return n.neoFS.DeleteContainer(ctx, p.BktInfo.CID, p.SessionToken, n.gateSigner) } diff --git a/api/layer/neofs.go b/api/layer/neofs.go index 8583b491..7b301ae8 100644 --- a/api/layer/neofs.go +++ b/api/layer/neofs.go @@ -159,7 +159,7 @@ type NeoFS interface { // extended ACL is modified within session if session token is not nil. // // It returns any error encountered which prevented the eACL from being saved. - SetContainerEACL(context.Context, eacl.Table, *session.Container) error + SetContainerEACL(context.Context, eacl.Table, *session.Container, user.Signer) error // ContainerEACL reads the container eACL from NeoFS by the container ID. // @@ -172,7 +172,7 @@ type NeoFS interface { // Successful return does not guarantee actual removal. // // It returns any error encountered which prevented the removal request from being sent. - DeleteContainer(context.Context, cid.ID, *session.Container) error + DeleteContainer(context.Context, cid.ID, *session.Container, user.Signer) error // ReadObject reads a part of the object from the NeoFS container by identifier. // Exact part is returned according to the parameters: diff --git a/api/layer/neofs_mock.go b/api/layer/neofs_mock.go index d8d02e0c..563b080f 100644 --- a/api/layer/neofs_mock.go +++ b/api/layer/neofs_mock.go @@ -13,7 +13,6 @@ import ( objectv2 "github.com/nspcc-dev/neofs-api-go/v2/object" "github.com/nspcc-dev/neofs-s3-gw/api" "github.com/nspcc-dev/neofs-s3-gw/creds/accessbox" - "github.com/nspcc-dev/neofs-sdk-go/bearer" "github.com/nspcc-dev/neofs-sdk-go/checksum" "github.com/nspcc-dev/neofs-sdk-go/container" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" @@ -106,7 +105,7 @@ func (t *TestNeoFS) CreateContainer(_ context.Context, prm PrmContainerCreate) ( return id, nil } -func (t *TestNeoFS) DeleteContainer(_ context.Context, cnrID cid.ID, _ *session.Container) error { +func (t *TestNeoFS) DeleteContainer(_ context.Context, cnrID cid.ID, _ *session.Container, _ user.Signer) error { delete(t.containers, cnrID.EncodeToString()) return nil @@ -258,7 +257,7 @@ func (t *TestNeoFS) AllObjects(cnrID cid.ID) []oid.ID { return result } -func (t *TestNeoFS) SetContainerEACL(_ context.Context, table eacl.Table, _ *session.Container) error { +func (t *TestNeoFS) SetContainerEACL(_ context.Context, table eacl.Table, _ *session.Container, _ user.Signer) error { cnrID, ok := table.CID() if !ok { return errors.New("invalid cid") @@ -284,7 +283,7 @@ func (t *TestNeoFS) ContainerEACL(_ context.Context, cnrID cid.ID) (*eacl.Table, func getOwner(ctx context.Context) user.ID { if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil && bd.Gate.BearerToken != nil { - return bearer.ResolveIssuer(*bd.Gate.BearerToken) + return bd.Gate.BearerToken.ResolveIssuer() } return user.ID{} diff --git a/api/layer/versioning_test.go b/api/layer/versioning_test.go index d9ecb47f..6ac62229 100644 --- a/api/layer/versioning_test.go +++ b/api/layer/versioning_test.go @@ -10,7 +10,6 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api/data" "github.com/nspcc-dev/neofs-s3-gw/creds/accessbox" bearertest "github.com/nspcc-dev/neofs-sdk-go/bearer/test" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/object" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" "github.com/nspcc-dev/neofs-sdk-go/user" @@ -138,8 +137,10 @@ func prepareContext(t *testing.T, cachesConfig ...*CachesConfig) *testContext { key, err := keys.NewPrivateKey() require.NoError(t, err) + signer := user.NewSignerRFC6979(key.PrivateKey) + bearerToken := bearertest.Token(t) - require.NoError(t, bearerToken.Sign(neofsecdsa.SignerRFC6979(key.PrivateKey))) + require.NoError(t, bearerToken.Sign(signer)) ctx := context.WithValue(context.Background(), api.BoxData, &accessbox.Box{ Gate: &accessbox.GateData{ @@ -160,8 +161,7 @@ func prepareContext(t *testing.T, cachesConfig ...*CachesConfig) *testContext { config = cachesConfig[0] } - var owner user.ID - require.NoError(t, user.IDFromSigner(&owner, neofsecdsa.SignerRFC6979(key.PrivateKey))) + owner := signer.UserID() layerCfg := &Config{ Caches: config, diff --git a/authmate/authmate.go b/authmate/authmate.go index 67496776..afc9e136 100644 --- a/authmate/authmate.go +++ b/authmate/authmate.go @@ -229,10 +229,8 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr box.ContainerPolicy = policies - var idOwner user.ID - if err = user.IDFromSigner(&idOwner, neofsecdsa.SignerRFC6979(options.NeoFSKey.PrivateKey)); err != nil { - return fmt.Errorf("id from signer: %w", err) - } + signer := user.NewSignerRFC6979(options.NeoFSKey.PrivateKey) + idOwner := signer.UserID() a.log.Info("check container or create", zap.Stringer("cid", options.Container.ID), zap.String("friendly_name", options.Container.FriendlyName), @@ -346,10 +344,10 @@ func restrictedRecords() (records []*eacl.Record) { } func buildBearerToken(key *keys.PrivateKey, table *eacl.Table, lifetime lifetimeOptions, gateKey *keys.PublicKey) (*bearer.Token, error) { + signer := user.NewSignerRFC6979(key.PrivateKey) + var ownerID user.ID - if err := user.IDFromKey(&ownerID, gateKey.Bytes()); err != nil { - return nil, fmt.Errorf("id from key: %w", err) - } + ownerID.SetScriptHash(gateKey.GetScriptHash()) var bearerToken bearer.Token bearerToken.SetEACLTable(*table) @@ -358,7 +356,7 @@ func buildBearerToken(key *keys.PrivateKey, table *eacl.Table, lifetime lifetime bearerToken.SetIat(lifetime.Iat) bearerToken.SetNbf(lifetime.Iat) - err := bearerToken.Sign(neofsecdsa.SignerRFC6979(key.PrivateKey)) + err := bearerToken.Sign(signer) if err != nil { return nil, fmt.Errorf("sign bearer token: %w", err) } @@ -390,7 +388,7 @@ func buildSessionToken(key *keys.PrivateKey, lifetime lifetimeOptions, ctx sessi tok.SetNbf(lifetime.Iat) tok.SetExp(lifetime.Exp) - return tok, tok.Sign(neofsecdsa.SignerRFC6979(key.PrivateKey)) + return tok, tok.Sign(user.NewSignerRFC6979(key.PrivateKey)) } func buildSessionTokens(key *keys.PrivateKey, lifetime lifetimeOptions, ctxs []sessionTokenContext, gatesKeys []*keys.PublicKey) ([][]*session.Container, error) { diff --git a/cmd/s3-authmate/main.go b/cmd/s3-authmate/main.go index 335bb08f..56eae3ae 100644 --- a/cmd/s3-authmate/main.go +++ b/cmd/s3-authmate/main.go @@ -24,8 +24,8 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/internal/version" "github.com/nspcc-dev/neofs-s3-gw/internal/wallet" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/pool" + "github.com/nspcc-dev/neofs-sdk-go/user" "github.com/spf13/viper" "github.com/urfave/cli/v2" "go.uber.org/zap" @@ -687,8 +687,10 @@ func obtainSecret() *cli.Command { func createNeoFS(ctx context.Context, log *zap.Logger, cfg PoolConfig) (authmate.NeoFS, error) { log.Debug("prepare connection pool") + signer := user.NewSignerRFC6979(*cfg.Key) + var prm pool.InitParameters - prm.SetSigner(neofsecdsa.SignerRFC6979(*cfg.Key)) + prm.SetSigner(signer) prm.SetNodeDialTimeout(cfg.DialTimeout) prm.SetHealthcheckTimeout(cfg.HealthcheckTimeout) prm.SetNodeStreamTimeout(cfg.StreamTimeout) @@ -704,5 +706,5 @@ func createNeoFS(ctx context.Context, log *zap.Logger, cfg PoolConfig) (authmate return nil, fmt.Errorf("dial pool: %w", err) } - return neofs.NewAuthmateNeoFS(p), nil + return neofs.NewAuthmateNeoFS(p, signer), nil } diff --git a/cmd/s3-gw/app.go b/cmd/s3-gw/app.go index 175d439a..f11e8b32 100644 --- a/cmd/s3-gw/app.go +++ b/cmd/s3-gw/app.go @@ -29,9 +29,10 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/internal/neogo/sidechain" "github.com/nspcc-dev/neofs-s3-gw/internal/version" "github.com/nspcc-dev/neofs-s3-gw/internal/wallet" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/netmap" "github.com/nspcc-dev/neofs-sdk-go/pool" + "github.com/nspcc-dev/neofs-sdk-go/stat" + "github.com/nspcc-dev/neofs-sdk-go/user" "github.com/spf13/viper" "go.uber.org/zap" ) @@ -39,14 +40,15 @@ import ( type ( // App is the main application structure. App struct { - ctr auth.Center - log *zap.Logger - cfg *viper.Viper - pool *pool.Pool - key *keys.PrivateKey - nc *notifications.Controller - obj layer.Client - api api.Handler + ctr auth.Center + log *zap.Logger + cfg *viper.Viper + pool *pool.Pool + poolStat *stat.PoolStat + gateKey *keys.PrivateKey + nc *notifications.Controller + obj layer.Client + api api.Handler servers []Server @@ -90,17 +92,20 @@ type ( ) func newApp(ctx context.Context, log *Logger, v *viper.Viper) *App { - conns, key := getPool(ctx, log.logger, v) + conns, key, poolStat := getPool(ctx, log.logger, v) + + signer := user.NewSignerRFC6979(key.PrivateKey) // prepare auth center - ctr := auth.New(neofs.NewAuthmateNeoFS(conns), key, v.GetStringSlice(cfgAllowedAccessKeyIDPrefixes), getAccessBoxCacheConfig(v, log.logger)) + ctr := auth.New(neofs.NewAuthmateNeoFS(conns, signer), key, v.GetStringSlice(cfgAllowedAccessKeyIDPrefixes), getAccessBoxCacheConfig(v, log.logger)) app := &App{ - ctr: ctr, - log: log.logger, - cfg: v, - pool: conns, - key: key, + ctr: ctr, + log: log.logger, + cfg: v, + pool: conns, + poolStat: poolStat, + gateKey: key, webDone: make(chan struct{}, 1), wrkDone: make(chan struct{}, 1), @@ -124,7 +129,7 @@ func (a *App) initLayer(ctx context.Context) { a.initResolver(ctx) treeServiceEndpoint := a.cfg.GetString(cfgTreeServiceEndpoint) - treeService, err := neofs.NewTreeClient(ctx, treeServiceEndpoint, a.key) + treeService, err := neofs.NewTreeClient(ctx, treeServiceEndpoint, a.gateKey) if err != nil { a.log.Fatal("failed to create tree service", zap.Error(err)) } @@ -132,13 +137,15 @@ func (a *App) initLayer(ctx context.Context) { layerCfg := &layer.Config{ Caches: getCacheOptions(a.cfg, a.log), - GateKey: a.key, + GateKey: a.gateKey, Resolver: a.bucketResolver, TreeService: treeService, } + signer := user.NewSignerRFC6979(a.gateKey.PrivateKey) + // prepare object layer - a.obj = layer.NewLayer(a.log, neofs.NewNeoFS(a.pool), layerCfg) + a.obj = layer.NewLayer(a.log, neofs.NewNeoFS(a.pool, signer), layerCfg) if a.cfg.GetBool(cfgEnableNATS) { nopts := getNotificationsOptions(a.cfg, a.log) @@ -180,7 +187,7 @@ func (a *App) initAPI(ctx context.Context) { } func (a *App) initMetrics() { - gateMetricsProvider := newGateMetrics(neofs.NewPoolStatistic(a.pool)) + gateMetricsProvider := newGateMetrics(neofs.NewPoolStatistic(a.poolStat)) gateMetricsProvider.SetGWVersion(version.Version) a.metrics = newAppMetrics(a.log, gateMetricsProvider, a.cfg.GetBool(cfgPrometheusEnabled)) } @@ -230,8 +237,11 @@ func newMaxClients(cfg *viper.Viper) api.MaxClients { return api.NewMaxClientsMiddleware(maxClientsCount, maxClientsDeadline) } -func getPool(ctx context.Context, logger *zap.Logger, cfg *viper.Viper) (*pool.Pool, *keys.PrivateKey) { +func getPool(ctx context.Context, logger *zap.Logger, cfg *viper.Viper) (*pool.Pool, *keys.PrivateKey, *stat.PoolStat) { + poolStat := stat.NewPoolStatistic() + var prm pool.InitParameters + prm.SetStatisticCallback(poolStat.OperationCallback) password := wallet.GetPassword(cfg, cfgWalletPassphrase) key, err := wallet.GetKeyFromPath(cfg.GetString(cfgWalletPath), cfg.GetString(cfgWalletAddress), password) @@ -239,7 +249,7 @@ func getPool(ctx context.Context, logger *zap.Logger, cfg *viper.Viper) (*pool.P logger.Fatal("could not load NeoFS private key", zap.Error(err)) } - prm.SetSigner(neofsecdsa.SignerRFC6979(key.PrivateKey)) + prm.SetSigner(user.NewSignerRFC6979(key.PrivateKey)) logger.Info("using credentials", zap.String("NeoFS", hex.EncodeToString(key.PublicKey().Bytes()))) for _, peer := range fetchPeers(logger, cfg) { @@ -286,7 +296,7 @@ func getPool(ctx context.Context, logger *zap.Logger, cfg *viper.Viper) (*pool.P logger.Fatal("failed to dial connection pool", zap.Error(err)) } - return p, key + return p, key, poolStat } func newPlacementPolicy(defaultPolicy string, regionPolicyFilepath string) (*placementPolicy, error) { @@ -387,15 +397,6 @@ func (m *appMetrics) Shutdown() { m.mu.Unlock() } -func remove(list []string, element string) []string { - for i, item := range list { - if item == element { - return append(list[:i], list[i+1:]...) - } - } - return list -} - // Wait waits for an application to finish. // // Pre-logs a message about the launch of the application mentioning its diff --git a/cmd/s3-gw/app_metrics.go b/cmd/s3-gw/app_metrics.go index 81d85b0c..dc263dc7 100644 --- a/cmd/s3-gw/app_metrics.go +++ b/cmd/s3-gw/app_metrics.go @@ -3,7 +3,7 @@ package main import ( "net/http" - "github.com/nspcc-dev/neofs-sdk-go/pool" + "github.com/nspcc-dev/neofs-sdk-go/stat" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promhttp" "github.com/spf13/viper" @@ -33,7 +33,7 @@ const ( ) type StatisticScraper interface { - Statistic() pool.Statistic + Statistic() stat.Statistic } type GateMetrics struct { @@ -195,25 +195,26 @@ func (m *poolMetricsCollector) register() { } func (m *poolMetricsCollector) updateStatistic() { - stat := m.poolStatScraper.Statistic() + st := m.poolStatScraper.Statistic() m.overallNodeErrors.Reset() m.overallNodeRequests.Reset() m.currentErrors.Reset() m.requestDuration.Reset() - for _, node := range stat.Nodes() { + for _, node := range st.Nodes() { m.overallNodeErrors.WithLabelValues(node.Address()).Set(float64(node.OverallErrors())) m.overallNodeRequests.WithLabelValues(node.Address()).Set(float64(node.Requests())) - m.currentErrors.WithLabelValues(node.Address()).Set(float64(node.CurrentErrors())) + // ??????? + // m.currentErrors.WithLabelValues(node.Address()).Set(float64(node.CurrentErrors())) m.updateRequestsDuration(node) } - m.overallErrors.Set(float64(stat.OverallErrors())) + m.overallErrors.Set(float64(st.OverallErrors())) } -func (m *poolMetricsCollector) updateRequestsDuration(node pool.NodeStatistic) { +func (m *poolMetricsCollector) updateRequestsDuration(node stat.NodeStatistic) { m.requestDuration.WithLabelValues(node.Address(), methodGetBalance).Set(float64(node.AverageGetBalance().Milliseconds())) m.requestDuration.WithLabelValues(node.Address(), methodPutContainer).Set(float64(node.AveragePutContainer().Milliseconds())) m.requestDuration.WithLabelValues(node.Address(), methodGetContainer).Set(float64(node.AverageGetContainer().Milliseconds())) diff --git a/creds/accessbox/bearer_token_test.go b/creds/accessbox/bearer_token_test.go index cea65be5..082f3e2b 100644 --- a/creds/accessbox/bearer_token_test.go +++ b/creds/accessbox/bearer_token_test.go @@ -9,6 +9,7 @@ import ( neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/eacl" "github.com/nspcc-dev/neofs-sdk-go/session" + "github.com/nspcc-dev/neofs-sdk-go/user" "github.com/stretchr/testify/require" ) @@ -90,7 +91,7 @@ func TestSessionTokenInAccessBox(t *testing.T) { tkn.SetID(uuid.New()) tkn.SetAuthKey((*neofsecdsa.PublicKey)(sec.PublicKey())) - require.NoError(t, tkn.Sign(neofsecdsa.SignerRFC6979(sec.PrivateKey))) + require.NoError(t, tkn.Sign(user.NewSignerRFC6979(sec.PrivateKey))) var newTkn bearer.Token gate := NewGateData(cred.PublicKey(), &newTkn) diff --git a/go.mod b/go.mod index 3c08cc64..90808cd2 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,8 @@ require ( github.com/nats-io/nats.go v1.13.1-0.20220308171302-2f2f6968e98d github.com/nspcc-dev/neo-go v0.101.0 github.com/nspcc-dev/neofs-api-go/v2 v2.14.0 - github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.9.0.20230606101007-79edfa63bbc9 + github.com/nspcc-dev/neofs-contract v0.17.1-0.20230802104308-10a876994149 + github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.9.0.20230803034921-b7b285846495 github.com/panjf2000/ants/v2 v2.5.0 github.com/prometheus/client_golang v1.13.0 github.com/spf13/pflag v1.0.5 @@ -27,7 +28,12 @@ require ( require ( github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20221202181307-76fa05c21b12 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect + github.com/gorilla/websocket v1.4.2 // indirect + github.com/kr/pretty v0.3.0 // indirect + github.com/nspcc-dev/go-ordered-json v0.0.0-20220111165707-25110be27d22 // indirect + github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20230208100456-1d6e48ee78e5 // indirect golang.org/x/exp v0.0.0-20221227203929-1b447090c38c // indirect + golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect ) require ( @@ -38,8 +44,6 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/fsnotify/fsnotify v1.4.9 // indirect github.com/golang/protobuf v1.5.2 // indirect - github.com/golang/snappy v0.0.3 // indirect - github.com/gorilla/websocket v1.4.2 // indirect github.com/hashicorp/golang-lru v0.6.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect @@ -50,10 +54,7 @@ require ( github.com/nats-io/nats-server/v2 v2.7.4 // indirect github.com/nats-io/nkeys v0.3.0 // indirect github.com/nats-io/nuid v1.0.1 // indirect - github.com/nspcc-dev/go-ordered-json v0.0.0-20220111165707-25110be27d22 // indirect github.com/nspcc-dev/hrw v1.0.9 // indirect - github.com/nspcc-dev/neo-go/pkg/interop v0.0.0-20230208100456-1d6e48ee78e5 // indirect - github.com/nspcc-dev/neofs-contract v0.17.1-0.20230802104308-10a876994149 github.com/nspcc-dev/neofs-crypto v0.4.0 github.com/nspcc-dev/rfc6979 v0.2.0 // indirect github.com/nspcc-dev/tzhash v1.7.0 // indirect @@ -73,7 +74,6 @@ require ( go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.9.0 // indirect golang.org/x/net v0.10.0 // indirect - golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect golang.org/x/sys v0.8.0 // indirect golang.org/x/term v0.8.0 // indirect golang.org/x/text v0.9.0 // indirect diff --git a/go.sum b/go.sum index 4da9f92d..598a0673 100644 --- a/go.sum +++ b/go.sum @@ -81,6 +81,7 @@ github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSV github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -144,8 +145,7 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= -github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -236,11 +236,13 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= +github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls= github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= @@ -292,8 +294,8 @@ github.com/nspcc-dev/neofs-contract v0.17.1-0.20230802104308-10a876994149 h1:N1G github.com/nspcc-dev/neofs-contract v0.17.1-0.20230802104308-10a876994149/go.mod h1:SRedxMO37yDLu+5pvlbGKo3ZTMMUgVFkk8N2YVMC91g= github.com/nspcc-dev/neofs-crypto v0.4.0 h1:5LlrUAM5O0k1+sH/sktBtrgfWtq1pgpDs09fZo+KYi4= github.com/nspcc-dev/neofs-crypto v0.4.0/go.mod h1:6XJ8kbXgOfevbI2WMruOtI+qUJXNwSGM/E9eClXxPHs= -github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.9.0.20230606101007-79edfa63bbc9 h1:FvzdjUNvZuPEx7n82qOiKzWzbnK0oaerTU3cvYvEytM= -github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.9.0.20230606101007-79edfa63bbc9/go.mod h1:fTsdTU/M9rvv/f9jlp7vHOm3DRp+NSfjfTv9NohrKTE= +github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.9.0.20230803034921-b7b285846495 h1:eeugkDgN5O4XNyZLX/Q1cr1M/INRoxi7ofQZHoI/xOQ= +github.com/nspcc-dev/neofs-sdk-go v1.0.0-rc.9.0.20230803034921-b7b285846495/go.mod h1:fTsdTU/M9rvv/f9jlp7vHOm3DRp+NSfjfTv9NohrKTE= github.com/nspcc-dev/rfc6979 v0.2.0 h1:3e1WNxrN60/6N0DW7+UYisLeZJyfqZTNOjeV/toYvOE= github.com/nspcc-dev/rfc6979 v0.2.0/go.mod h1:exhIh1PdpDC5vQmyEsGvc4YDM/lyQp/452QxGq/UEso= github.com/nspcc-dev/tzhash v1.7.0 h1:/+aL33NC7y5OIGnY2kYgjZt8mg7LVGFMdj/KAJLndnk= @@ -338,6 +340,8 @@ github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5 github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k= +github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= diff --git a/internal/neofs/neofs.go b/internal/neofs/neofs.go index a031f79c..b6315947 100644 --- a/internal/neofs/neofs.go +++ b/internal/neofs/neofs.go @@ -14,16 +14,17 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api/layer" "github.com/nspcc-dev/neofs-s3-gw/authmate" "github.com/nspcc-dev/neofs-s3-gw/creds/tokens" + "github.com/nspcc-dev/neofs-sdk-go/client" apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status" "github.com/nspcc-dev/neofs-sdk-go/container" "github.com/nspcc-dev/neofs-sdk-go/container/acl" cid "github.com/nspcc-dev/neofs-sdk-go/container/id" - neofsecdsa "github.com/nspcc-dev/neofs-sdk-go/crypto/ecdsa" "github.com/nspcc-dev/neofs-sdk-go/eacl" "github.com/nspcc-dev/neofs-sdk-go/object" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" "github.com/nspcc-dev/neofs-sdk-go/pool" "github.com/nspcc-dev/neofs-sdk-go/session" + "github.com/nspcc-dev/neofs-sdk-go/stat" "github.com/nspcc-dev/neofs-sdk-go/user" ) @@ -31,8 +32,9 @@ import ( // It is used to provide an interface to dependent packages // which work with NeoFS. type NeoFS struct { - pool *pool.Pool - await pool.WaitParams + pool *pool.Pool + await pool.WaitParams + gateSigner user.Signer } const ( @@ -41,14 +43,15 @@ const ( ) // NewNeoFS creates new NeoFS using provided pool.Pool. -func NewNeoFS(p *pool.Pool) *NeoFS { +func NewNeoFS(p *pool.Pool, signer user.Signer) *NeoFS { var await pool.WaitParams await.SetPollInterval(defaultPollInterval) await.SetTimeout(defaultPollTimeout) return &NeoFS{ - pool: p, - await: await, + pool: p, + await: await, + gateSigner: signer, } } @@ -60,7 +63,7 @@ func (x *NeoFS) TimeToEpoch(ctx context.Context, now, futureTime time.Time) (uin futureTime.Format(time.RFC3339), now.Format(time.RFC3339)) } - networkInfo, err := x.pool.NetworkInfo(ctx) + networkInfo, err := x.pool.NetworkInfo(ctx, client.PrmNetworkInfo{}) if err != nil { return 0, 0, fmt.Errorf("get network info via client: %w", err) } @@ -132,7 +135,7 @@ func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreat cnr.SetAttribute(prm.AdditionalAttributes[i][0], prm.AdditionalAttributes[i][1]) } - err := pool.SyncContainerWithNetwork(ctx, &cnr, x.pool) + err := client.SyncContainerWithNetwork(ctx, &cnr, x.pool) if err != nil { return cid.ID{}, fmt.Errorf("sync container with the network state: %w", err) } @@ -145,7 +148,7 @@ func (x *NeoFS) CreateContainer(ctx context.Context, prm layer.PrmContainerCreat } // send request to save the container - idCnr, err := x.pool.PutContainer(ctx, cnr, prmPut) + idCnr, err := x.pool.PutContainer(ctx, cnr, x.gateSigner, prmPut) if err != nil { return cid.ID{}, fmt.Errorf("save container via connection pool: %w", err) } @@ -164,7 +167,7 @@ func (x *NeoFS) UserContainers(ctx context.Context, id user.ID) ([]cid.ID, error } // SetContainerEACL implements neofs.NeoFS interface method. -func (x *NeoFS) SetContainerEACL(ctx context.Context, table eacl.Table, sessionToken *session.Container) error { +func (x *NeoFS) SetContainerEACL(ctx context.Context, table eacl.Table, sessionToken *session.Container, signer user.Signer) error { var prm pool.PrmContainerSetEACL prm.SetWaitParams(x.await) @@ -172,7 +175,7 @@ func (x *NeoFS) SetContainerEACL(ctx context.Context, table eacl.Table, sessionT prm.WithinSession(*sessionToken) } - err := x.pool.SetEACL(ctx, table, prm) + err := x.pool.SetEACL(ctx, table, signer, prm) if err != nil { return fmt.Errorf("save eACL via connection pool: %w", err) } @@ -191,7 +194,7 @@ func (x *NeoFS) ContainerEACL(ctx context.Context, id cid.ID) (*eacl.Table, erro } // DeleteContainer implements neofs.NeoFS interface method. -func (x *NeoFS) DeleteContainer(ctx context.Context, id cid.ID, token *session.Container) error { +func (x *NeoFS) DeleteContainer(ctx context.Context, id cid.ID, token *session.Container, signer user.Signer) error { var prm pool.PrmContainerDelete prm.SetWaitParams(x.await) @@ -199,7 +202,7 @@ func (x *NeoFS) DeleteContainer(ctx context.Context, id cid.ID, token *session.C prm.SetSessionToken(*token) } - err := x.pool.DeleteContainer(ctx, id, prm) + err := x.pool.DeleteContainer(ctx, id, signer, prm) if err != nil { return fmt.Errorf("delete container via connection pool: %w", err) } @@ -263,7 +266,7 @@ func (x *NeoFS) CreateObject(ctx context.Context, prm layer.PrmObjectCreate) (oi if prm.BearerToken != nil { prmPut.UseBearer(*prm.BearerToken) } else if prm.PrivateKey != nil { - prmPut.UseSigner(neofsecdsa.SignerRFC6979(*prm.PrivateKey)) + prmPut.UseSigner(user.NewSignerRFC6979(*prm.PrivateKey)) } idObj, err := x.pool.PutObject(ctx, prmPut) @@ -302,7 +305,7 @@ func (x *NeoFS) ReadObject(ctx context.Context, prm layer.PrmObjectRead) (*layer if prm.BearerToken != nil { prmGet.UseBearer(*prm.BearerToken) } else if prm.PrivateKey != nil { - prmGet.UseSigner(neofsecdsa.SignerRFC6979(*prm.PrivateKey)) + prmGet.UseSigner(user.NewSignerRFC6979(*prm.PrivateKey)) } if prm.WithHeader { @@ -335,7 +338,7 @@ func (x *NeoFS) ReadObject(ctx context.Context, prm layer.PrmObjectRead) (*layer if prm.BearerToken != nil { prmHead.UseBearer(*prm.BearerToken) } else if prm.PrivateKey != nil { - prmHead.UseSigner(neofsecdsa.SignerRFC6979(*prm.PrivateKey)) + prmHead.UseSigner(user.NewSignerRFC6979(*prm.PrivateKey)) } hdr, err := x.pool.HeadObject(ctx, prm.Container, prm.Object, prmHead) @@ -370,7 +373,7 @@ func (x *NeoFS) ReadObject(ctx context.Context, prm layer.PrmObjectRead) (*layer if prm.BearerToken != nil { prmRange.UseBearer(*prm.BearerToken) } else if prm.PrivateKey != nil { - prmRange.UseSigner(neofsecdsa.SignerRFC6979(*prm.PrivateKey)) + prmRange.UseSigner(user.NewSignerRFC6979(*prm.PrivateKey)) } res, err := x.pool.ObjectRange(ctx, prm.Container, prm.Object, prm.PayloadRange[0], prm.PayloadRange[1], prmRange) @@ -393,8 +396,9 @@ func (x *NeoFS) DeleteObject(ctx context.Context, prm layer.PrmObjectDelete) err if prm.BearerToken != nil { prmDelete.UseBearer(*prm.BearerToken) - } else if prm.PrivateKey != nil { - prmDelete.UseSigner(neofsecdsa.SignerRFC6979(*prm.PrivateKey)) + } + if prm.PrivateKey != nil { + prmDelete.UseSigner(user.NewSignerRFC6979(*prm.PrivateKey)) } err := x.pool.DeleteObject(ctx, prm.Container, prm.Object, prmDelete) @@ -439,7 +443,7 @@ func NewResolverNeoFS(p *pool.Pool) *ResolverNeoFS { // SystemDNS implements resolver.NeoFS interface method. func (x *ResolverNeoFS) SystemDNS(ctx context.Context) (string, error) { - networkInfo, err := x.pool.NetworkInfo(ctx) + networkInfo, err := x.pool.NetworkInfo(ctx, client.PrmNetworkInfo{}) if err != nil { return "", fmt.Errorf("read network info via client: %w", err) } @@ -454,12 +458,13 @@ func (x *ResolverNeoFS) SystemDNS(ctx context.Context) (string, error) { // AuthmateNeoFS is a mediator which implements authmate.NeoFS through pool.Pool. type AuthmateNeoFS struct { - neoFS *NeoFS + neoFS *NeoFS + signer user.Signer } // NewAuthmateNeoFS creates new AuthmateNeoFS using provided pool.Pool. -func NewAuthmateNeoFS(p *pool.Pool) *AuthmateNeoFS { - return &AuthmateNeoFS{neoFS: NewNeoFS(p)} +func NewAuthmateNeoFS(p *pool.Pool, signer user.Signer) *AuthmateNeoFS { + return &AuthmateNeoFS{neoFS: NewNeoFS(p, signer), signer: signer} } // ContainerExists implements authmate.NeoFS interface method. @@ -521,15 +526,15 @@ func (x *AuthmateNeoFS) CreateObject(ctx context.Context, prm tokens.PrmObjectCr // PoolStatistic is a mediator which implements authmate.NeoFS through pool.Pool. type PoolStatistic struct { - pool *pool.Pool + poolStat *stat.PoolStat } // NewPoolStatistic creates new PoolStatistic using provided pool.Pool. -func NewPoolStatistic(p *pool.Pool) *PoolStatistic { - return &PoolStatistic{pool: p} +func NewPoolStatistic(poolStat *stat.PoolStat) *PoolStatistic { + return &PoolStatistic{poolStat: poolStat} } // Statistic implements interface method. -func (x *PoolStatistic) Statistic() pool.Statistic { - return x.pool.Statistic() +func (x *PoolStatistic) Statistic() stat.Statistic { + return x.poolStat.Statistic() } diff --git a/internal/neofs/tree.go b/internal/neofs/tree.go index d99e55b7..914c6ebf 100644 --- a/internal/neofs/tree.go +++ b/internal/neofs/tree.go @@ -15,7 +15,6 @@ import ( "github.com/nspcc-dev/neofs-s3-gw/api/layer" "github.com/nspcc-dev/neofs-s3-gw/creds/accessbox" "github.com/nspcc-dev/neofs-s3-gw/internal/neofs/services/tree" - "github.com/nspcc-dev/neofs-sdk-go/bearer" oid "github.com/nspcc-dev/neofs-sdk-go/object/id" "github.com/nspcc-dev/neofs-sdk-go/user" "google.golang.org/grpc" @@ -1262,7 +1261,7 @@ func handleError(msg string, err error) error { func getBearer(ctx context.Context, bktInfo *data.BucketInfo) []byte { if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil { if bd.Gate.BearerToken != nil { - if bktInfo.Owner.Equals(bearer.ResolveIssuer(*bd.Gate.BearerToken)) { + if bktInfo.Owner.Equals(bd.Gate.BearerToken.ResolveIssuer()) { return bd.Gate.BearerToken.Marshal() } }