gater

package
v0.2.1-alpha.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 6, 2023 License: GPL-3.0 Imports: 44 Imported by: 0

Documentation

Index

Constants

View Source
const (
	MaxExpiryAgeInSec int32  = 3600 * 24 * 7 // 7 days
	ExpiryDateFormat  string = time.RFC3339
)
View Source
const (
	// ContentTypeHeader is used to indicate the media type of the resource
	ContentTypeHeader = "Content-Type"
	// ContentLengthHeader indicates the size of the message body, in bytes
	ContentLengthHeader = "Content-Length"
	// RangeHeader asks the server to send only a portion of an HTTP message back to a client
	RangeHeader = "Range"
	// ContentRangeHeader response HTTP header indicates where in a full body message a partial message belongs
	ContentRangeHeader = "Content-Range"
	// OctetStream is used to indicate the binary files
	OctetStream = "application/octet-stream"
	// ContentTypeJSONHeaderValue is used to indicate json
	ContentTypeJSONHeaderValue = "application/json"
	// ContentTypeXMLHeaderValue is used to indicate xml
	ContentTypeXMLHeaderValue = "application/xml"
	// ContentDispositionHeader is used to indicate the media disposition of the resource
	ContentDispositionHeader = "Content-Disposition"
	// ContentDispositionAttachmentValue is used to indicate attachment
	ContentDispositionAttachmentValue = "attachment"
	// ContentDispositionInlineValue is used to indicate inline
	ContentDispositionInlineValue = "inline"

	// SignAlgorithm uses secp256k1 with the ECDSA algorithm
	SignAlgorithm = "ECDSA-secp256k1"
	// SignedMsg is the request hash
	SignedMsg = "SignedMsg"
	// Signature is the request signature
	Signature = "Signature"
	// SignTypeV1 is an authentication algorithm, which is used by dapps
	SignTypeV1 = "authTypeV1"
	// SignTypeV2 is an authentication algorithm, which is used by metamask
	SignTypeV2 = "authTypeV2"

	SignTypeOffChain   = "OffChainAuth" // sign type - off-chain-auth
	SignTypePersonal   = "PersonalSign" // sign type -  PersonalSign
	SignAlgorithmEddsa = "EDDSA"

	// GetApprovalPath defines get-approval path style suffix
	GetApprovalPath = "/greenfield/admin/v1/get-approval"
	// ActionQuery defines get-approval's type, currently include create bucket and create object
	ActionQuery = "action"
	// UploadProgressQuery defines upload progress query, which is used to route request
	UploadProgressQuery = "upload-progress"
	// GetBucketReadQuotaQuery defines bucket read quota query, which is used to route request
	GetBucketReadQuotaQuery = "read-quota"
	// GetBucketReadQuotaMonthQuery defines bucket read quota query month
	GetBucketReadQuotaMonthQuery = "year-month"
	// ListBucketReadRecordQuery defines list bucket read record query, which is used to route request
	ListBucketReadRecordQuery = "list-read-record"
	// ListBucketReadRecordMaxRecordsQuery defines list read record max num
	ListBucketReadRecordMaxRecordsQuery = "max-records"
	// ListObjectsMaxKeysQuery defines the maximum number of keys returned to the response
	ListObjectsMaxKeysQuery = "max-keys"
	// ListObjectsStartAfterQuery defines where you want to start listing from
	ListObjectsStartAfterQuery = "start-after"
	// ListObjectsContinuationTokenQuery indicates that the list is being continued on this bucket with a token
	ListObjectsContinuationTokenQuery = "continuation-token"
	// ListObjectsDelimiterQuery defines a character you use to group keys
	ListObjectsDelimiterQuery = "delimiter"
	// ListObjectsPrefixQuery defines limits the response to keys that begin with the specified prefix
	ListObjectsPrefixQuery = "prefix"
	// GetBucketMetaQuery defines get bucket metadata query, which is used to route request
	GetBucketMetaQuery = "bucket-meta"
	// GetObjectMetaQuery defines get object metadata query, which is used to route request
	GetObjectMetaQuery = "object-meta"
	// GetGroupListSourceTypeQuery defines get group list source type query, which is used to route request
	GetGroupListSourceTypeQuery = "source-type"
	// GetGroupListLimitQuery defines get group list limit query, which is used to route request
	GetGroupListLimitQuery = "limit"
	// GetGroupListOffsetQuery defines get group list offset query, which is used to route request
	GetGroupListOffsetQuery = "offset"
	// GetGroupListGroupQuery defines get group list group query, which is used to route request
	GetGroupListGroupQuery = "group-query"
	// GetGroupListNameQuery defines get group list name query, which is used to route request
	GetGroupListNameQuery = "name"
	// GetGroupListPrefixQuery defines get group list prefix query, which is used to route request
	GetGroupListPrefixQuery = "prefix"
	// StartTimestampUs defines start timestamp in microsecond, which is used by list read record, [start_ts,end_ts)
	StartTimestampUs = "start-timestamp"
	// EndTimestampUs defines end timestamp in microsecond, which is used by list read record, [start_ts,end_ts)
	EndTimestampUs = "end-timestamp"
	// VerifyPermissionObjectQuery defines verify permission object name
	VerifyPermissionObjectQuery = "object"
	// VerifyPermissionOperator defines verify permission operator address
	VerifyPermissionOperator = "operator"
	// VerifyPermissionActionType defines verify permission action type
	VerifyPermissionActionType = "action-type"
	// GetChallengeInfoPath defines get challenge info path style suffix
	GetChallengeInfoPath = "/greenfield/admin/v1/challenge"
	// ReplicateObjectPiecePath defines replicate-object path style
	ReplicateObjectPiecePath = "/greenfield/receiver/v1/replicate-piece"
	// AuthRequestNoncePath defines path to request auth nonce
	AuthRequestNoncePath = "/auth/request_nonce"
	// AuthUpdateKeyPath defines path to update user public key
	AuthUpdateKeyPath = "/auth/update_key"
	// GnfdRequestIDHeader defines trace-id, trace request in sp
	GnfdRequestIDHeader = "X-Gnfd-Request-ID"
	// GnfdAuthorizationHeader defines authorization, verify signature and check authorization
	GnfdAuthorizationHeader = "Authorization"
	// GnfdReceiveMsgHeader defines receive piece data meta
	GnfdReceiveMsgHeader = "X-Gnfd-Receive-Msg"
	// GnfdReplicatePieceApprovalHeader defines secondary approved msg for replicating piece
	GnfdReplicatePieceApprovalHeader = "X-Gnfd-Replicate-Piece-Approval-Msg"
	// GnfdObjectIDHeader defines object id
	GnfdObjectIDHeader = "X-Gnfd-Object-ID"
	// GnfdPieceIndexHeader defines piece idx, which is used by challenge
	GnfdPieceIndexHeader = "X-Gnfd-Piece-Index"
	// GnfdRedundancyIndexHeader defines redundancy idx, which is used by challenge and receiver
	GnfdRedundancyIndexHeader = "X-Gnfd-Redundancy-Index"
	// GnfdIntegrityHashHeader defines integrity hash, which is used by challenge and receiver
	GnfdIntegrityHashHeader = "X-Gnfd-Integrity-Hash"
	// GnfdPieceHashHeader defines piece hash list, which is used by challenge
	GnfdPieceHashHeader = "X-Gnfd-Piece-Hash"
	// GnfdUnsignedApprovalMsgHeader defines unsigned msg, which is used by get-approval
	GnfdUnsignedApprovalMsgHeader = "X-Gnfd-Unsigned-Msg"
	// GnfdSignedApprovalMsgHeader defines signed msg, which is used by get-approval
	GnfdSignedApprovalMsgHeader = "X-Gnfd-Signed-Msg"
	// GnfdPieceSizeHeader defines piece size, which is used to split by receiver
	GnfdPieceSizeHeader = "X-Gnfd-Piece-Size"
	// GnfdReplicateApproval defines SP approval that allow to replicate piece data, which is used by receiver
	GnfdReplicateApproval = "X-Gnfd-Replicate-Approval"
	// GnfdIntegrityHashSignatureHeader defines integrity hash signature, which is used by receiver
	GnfdIntegrityHashSignatureHeader = "X-Gnfd-Integrity-Hash-Signature"
	// GnfdUserAddressHeader defines the user address
	GnfdUserAddressHeader = "X-Gnfd-User-Address"
	// GnfdResponseXMLVersion defines the response xml version
	GnfdResponseXMLVersion = "1.0"

	// GnfdBuiltInUniversalEndpointDappHtml  a html code which works as a dapp, help users sign with their wallet.
	GnfdBuiltInUniversalEndpointDappHtml = "" /* 49652-byte string literal not displayed */
	// GnfdBuiltInDappSignedContentTemplate defines the template which users will sign against with their wallet.
	GnfdBuiltInDappSignedContentTemplate = "Sign this message to access the file:\n%s\nThis signature will not cost you any fees.\nExpiration Time: %s"

	// GnfdOffChainAuthAppDomainHeader defines the app domain from where user is trying to do the EDDSA auth interactions
	GnfdOffChainAuthAppDomainHeader = "X-Gnfd-App-Domain"
	// GnfdOffChainAuthAppRegNonceHeader defines nonce for which user is trying to register his/her EDDSA public key
	GnfdOffChainAuthAppRegNonceHeader = "X-Gnfd-App-Reg-Nonce"
	// GnfdOffChainAuthAppRegPublicKeyHeader defines the EDDSA public key for which user is trying to register
	GnfdOffChainAuthAppRegPublicKeyHeader = "X-Gnfd-App-Reg-Public-Key"
	// GnfdOffChainAuthAppRegExpiryDateHeader defines the Expiry-Date is the ISO 8601 datetime string (e.g. 2021-09-30T16:25:24Z), used to register the EDDSA public key
	GnfdOffChainAuthAppRegExpiryDateHeader = "X-Gnfd-App-Reg-Expiry-Date"
)

define all kinds of http constants

View Source
const (
	DefaultGatewayDomain    = "localhost:9133"
	DefaultMaxListReadQuota = 100
	DefaultMaxPayloadSize   = 2 * 1024 * 1024 * 1024
)
View Source
const (
	MaximumGetGroupListLimit  = 1000
	MaximumGetGroupListOffset = 100000
	DefaultGetGroupListLimit  = 50
	DefaultGetGroupListOffset = 0
)

Variables

View Source
var (
	ErrUnsupportedSignType       = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50001, "unsupported sign type")
	ErrAuthorizationFormat       = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50002, "authorization format error")
	ErrRequestConsistent         = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50003, "request is tampered")
	ErrNoPermission              = gfsperrors.Register(module.GateModularName, http.StatusUnauthorized, 50004, "no permission")
	ErrDecodeMsg                 = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50005, "gnfd msg encoding error")
	ErrValidateMsg               = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50006, "gnfd msg validate error")
	ErrRefuseApproval            = gfsperrors.Register(module.GateModularName, http.StatusOK, 50007, "approval request is refuse")
	ErrUnsupportedRequestType    = gfsperrors.Register(module.GateModularName, http.StatusNotFound, 50008, "unsupported request type")
	ErrInvalidHeader             = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50009, "invalid request header")
	ErrInvalidQuery              = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50010, "invalid request params for query")
	ErrEncodeResponse            = gfsperrors.Register(module.GateModularName, http.StatusInternalServerError, 50011, "server slipped away, try again later")
	ErrInvalidRange              = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50012, "invalid range params")
	ErrExceptionStream           = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50013, "stream exception")
	ErrMismatchSp                = gfsperrors.Register(module.GateModularName, http.StatusNotAcceptable, 50014, "mismatch sp")
	ErrSignature                 = gfsperrors.Register(module.GateModularName, http.StatusNotAcceptable, 50015, "signature verification failed")
	ErrInvalidPayloadSize        = gfsperrors.Register(module.GateModularName, http.StatusForbidden, 50016, "invalid payload")
	ErrInvalidDomainHeader       = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50017, "The "+GnfdOffChainAuthAppRegNonceHeader+" header is incorrect.")
	ErrInvalidPublicKeyHeader    = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50018, "The "+GnfdOffChainAuthAppRegNonceHeader+" header is incorrect.")
	ErrInvalidRegNonceHeader     = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50019, "The "+GnfdOffChainAuthAppRegNonceHeader+" header is incorrect.")
	ErrSignedMsgNotMatchHeaders  = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50020, "The signed message in "+GnfdAuthorizationHeader+" does not match the content in headers.")
	ErrSignedMsgNotMatchSPAddr   = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50021, "The signed message in "+GnfdAuthorizationHeader+" is not for the this SP.")
	ErrSignedMsgNotMatchTemplate = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50022, "The signed message in "+GnfdAuthorizationHeader+" does not match the template.")
	ErrInvalidExpiryDateHeader   = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50023, "The "+GnfdOffChainAuthAppRegExpiryDateHeader+" header is incorrect. "+
		"The expiry date is expected to be within "+strconv.Itoa(int(MaxExpiryAgeInSec))+" seconds and formatted in YYYY-DD-MM HH:MM:SS 'GMT'Z, e.g. 2023-04-20 16:34:12 GMT+08:00 . ")
	ErrInvalidExpiryDate = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 50024, "The expiry parameter is incorrect. "+
		"The expiry date is expected to be within "+strconv.Itoa(int(MaxExpiryAgeInSec))+" seconds and formatted in YYYY-DD-MM HH:MM:SS 'GMT'Z, e.g. 2023-04-20 16:34:12 GMT+08:00 . ")
	ErrNoSuchObject = gfsperrors.Register(module.AuthorizationModularName, http.StatusNotFound, 50025, "no such object")

	ErrConsensus = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 55001, "server slipped away, try again later")

	ErrApprovalExpired = gfsperrors.Register(module.GateModularName, http.StatusBadRequest, 550015, "approval expired")
)

Functions

func DefaultGaterOptions

func DefaultGaterOptions(gater *GateModular, cfg *gfspconfig.GfSpConfig) error

func MakeErrorResponse

func MakeErrorResponse(w http.ResponseWriter, err error)

func RecoverAddr

func RecoverAddr(msg []byte, sig []byte) (sdk.AccAddress, ethsecp256k1.PubKey, error)

RecoverAddr recovers the sender address from msg and signature TODO: move it to greenfield-common

func VerifyPersonalSignature

func VerifyPersonalSignature(signedMsg string, sigString string) (sdk.AccAddress, error)

Types

type GateModular

type GateModular struct {
	// contains filtered or unexported fields
}

func (*GateModular) Name

func (g *GateModular) Name() string

func (*GateModular) RegisterHandler

func (g *GateModular) RegisterHandler(router *mux.Router)

RegisterHandler registers the handlers to the gateway router.

func (*GateModular) ReleaseResource

func (g *GateModular) ReleaseResource(
	ctx context.Context,
	span rcmgr.ResourceScopeSpan)

func (*GateModular) ReserveResource

func (g *GateModular) ReserveResource(
	ctx context.Context,
	state *rcmgr.ScopeStat) (
	rcmgr.ResourceScopeSpan, error)

func (*GateModular) Start

func (g *GateModular) Start(ctx context.Context) error

func (*GateModular) Stop

func (g *GateModular) Stop(ctx context.Context) error

type RequestContext

type RequestContext struct {
	// contains filtered or unexported fields
}

RequestContext generates from http request, it records the common info for handler to use.

func NewRequestContext

func NewRequestContext(r *http.Request, g *GateModular) (*RequestContext, error)

NewRequestContext returns an instance of RequestContext, and verify the request signature, returns the instance regardless of the success or failure of the verification.

func (*RequestContext) Account

func (r *RequestContext) Account() string

Account returns the account who send the request.

func (*RequestContext) Cancel

func (r *RequestContext) Cancel()

Cancel releases the runtime context.

func (*RequestContext) Context

func (r *RequestContext) Context() context.Context

Context returns the RequestContext runtime context.

func (*RequestContext) NeedVerifyAuthorizer

func (r *RequestContext) NeedVerifyAuthorizer() bool

NeedVerifyAuthorizer is temporary to Compatible SignatureV2

func (*RequestContext) SetError

func (r *RequestContext) SetError(err error)

SetError sets the request err to RequestContext for logging and debugging.

func (*RequestContext) SetHttpCode

func (r *RequestContext) SetHttpCode(code int)

SetHttpCode sets the http status code for logging and debugging.

func (*RequestContext) String

func (r *RequestContext) String() string

String shows the detail result of the request for logging and debugging.

func (*RequestContext) VerifySignature

func (r *RequestContext) VerifySignature() (string, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL