Add not present condition for content-type (#55)

nspcc-dev · Sep 3, 2024 · 1ae9708 · 1ae9708
2 parents fba06f5 + df7c41b
commit 1ae9708
Showing 1 changed file with 46 additions and 21 deletions.
diff --git a/bearer/bearer.go b/bearer/bearer.go
@@ -20,6 +20,8 @@ type Generator struct {
 	config *Config
 }
 
+type newRecordFun func() *eacl.Record
+
 // NewGenerator creates new bearer token generator using config.
 func NewGenerator(config *Config) *Generator {
 	return &Generator{config: config}
@@ -36,32 +38,55 @@ type Config struct {
 	ObjectMaxLifetime time.Duration
 }
 
+func (b *Generator) createRecords(hashedEmail string, currentEpoch uint64, msPerEpoch int64) []newRecordFun {
+	records := []newRecordFun{
+		func() *eacl.Record {
+			rec := eacl.CreateRecord(eacl.ActionDeny, eacl.OperationPut)
+			rec.AddFilter(eacl.HeaderFromObject, eacl.MatchNotPresent, object.AttributeContentType, "")
+
+			return rec
+		},
+		func() *eacl.Record {
+			epochs := uint64(b.config.ObjectMaxLifetime.Milliseconds() / msPerEpoch)
+			maxExpirationEpoch := strconv.FormatUint(currentEpoch+b.config.LifeTime+epochs, 10)
+
+			// order of rec is important
+			rec := eacl.CreateRecord(eacl.ActionAllow, eacl.OperationPut)
+			rec.AddObjectAttributeFilter(eacl.MatchStringEqual, b.config.EmailAttr, hashedEmail)
+			rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "application/javascript")
+			rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "text/javascript")
+			rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "application/xhtml+xml")
+			rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "text/html")
+			rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "text/htmlh")
+			rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "")
+			rec.AddObjectPayloadLengthFilter(eacl.MatchNumLE, b.config.MaxObjectSize)
+			rec.AddFilter(eacl.HeaderFromObject, eacl.MatchNumLE, object.AttributeExpirationEpoch, maxExpirationEpoch)
+
+			return rec
+		},
+		func() *eacl.Record {
+			rec := eacl.CreateRecord(eacl.ActionDeny, eacl.OperationPut)
+			eacl.AddFormedTarget(rec, eacl.RoleOthers)
+
+			return rec
+		},
+	}
+
+	return records
+}
+
 // NewBearer generates new token for supplied email.
 func (b *Generator) NewBearer(email string, currentEpoch uint64, msPerEpoch int64) (string, string, error) {
 	hashedEmail := fmt.Sprintf("%x", sha256.Sum256([]byte(email)))
 
-	epochs := uint64(b.config.ObjectMaxLifetime.Milliseconds() / msPerEpoch)
-
+	records := b.createRecords(hashedEmail, currentEpoch, msPerEpoch)
 	t := eacl.CreateTable(b.config.ContainerID)
-	// order of rec is important
-	rec := eacl.CreateRecord(eacl.ActionAllow, eacl.OperationPut)
-	rec.AddObjectAttributeFilter(eacl.MatchStringEqual, b.config.EmailAttr, hashedEmail)
-	rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "application/javascript")
-	rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "text/javascript")
-	rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "application/xhtml+xml")
-	rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "text/html")
-	rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "text/htmlh")
-	rec.AddFilter(eacl.HeaderFromObject, eacl.MatchStringNotEqual, object.AttributeContentType, "")
-	rec.AddObjectPayloadLengthFilter(eacl.MatchNumLE, b.config.MaxObjectSize)
-
-	maxExpirationEpoch := strconv.FormatUint(currentEpoch+b.config.LifeTime+epochs, 10)
-	rec.AddFilter(eacl.HeaderFromObject, eacl.MatchNumLE, object.AttributeExpirationEpoch, maxExpirationEpoch)
-
-	eacl.AddFormedTarget(rec, eacl.RoleOthers)
-	t.AddRecord(rec)
-	rec2 := eacl.CreateRecord(eacl.ActionDeny, eacl.OperationPut)
-	eacl.AddFormedTarget(rec2, eacl.RoleOthers)
-	t.AddRecord(rec2)
+
+	for _, record := range records {
+		rec := record()
+		eacl.AddFormedTarget(rec, eacl.RoleOthers)
+		t.AddRecord(rec)
+	}
 
 	var bt bearer.Token
 	bt.SetEACLTable(*t)