From 44b2a72a57d6dd9df9639848a29e1706a501864a Mon Sep 17 00:00:00 2001 From: Laxmi Prasad Oli Date: Sun, 6 Feb 2022 13:45:12 +0545 Subject: [PATCH 1/3] Allow collaborators to provide share to other clients --- code/go/0chain.net/blobbercore/handler/handler.go | 13 +++++++++++-- .../0chain.net/blobbercore/handler/handler_test.go | 2 ++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/code/go/0chain.net/blobbercore/handler/handler.go b/code/go/0chain.net/blobbercore/handler/handler.go index 07c3d2907..4ea04602a 100644 --- a/code/go/0chain.net/blobbercore/handler/handler.go +++ b/code/go/0chain.net/blobbercore/handler/handler.go @@ -450,7 +450,12 @@ func RevokeShare(ctx context.Context, r *http.Request) (interface{}, error) { func InsertShare(ctx context.Context, r *http.Request) (interface{}, error) { ctx = setupHandlerContext(ctx, r) - allocationID := ctx.Value(constants.ContextKeyAllocation).(string) + var ( + allocationID = ctx.Value(constants.ContextKeyAllocation).(string) + publicKey = ctx.Value(constants.ContextKeyClientKey).(string) + clientID = ctx.Value(constants.ContextKeyClient).(string) + ) + allocationObj, err := storageHandler.verifyAllocation(ctx, allocationID, true) if err != nil { return nil, common.NewError("invalid_parameters", "Invalid allocation id passed."+err.Error()) @@ -458,7 +463,7 @@ func InsertShare(ctx context.Context, r *http.Request) (interface{}, error) { sign := r.Header.Get(common.ClientSignatureHeader) - valid, err := verifySignatureFromRequest(allocationID, sign, allocationObj.OwnerPublicKey) + valid, err := verifySignatureFromRequest(allocationID, sign, publicKey) if !valid || err != nil { return nil, common.NewError("invalid_signature", "Invalid signature") } @@ -477,6 +482,10 @@ func InsertShare(ctx context.Context, r *http.Request) (interface{}, error) { return nil, common.NewError("invalid_parameters", "Invalid file path. "+err.Error()) } + if !(clientID == allocationObj.OwnerID || reference.IsACollaborator(ctx, fileref.ID, clientID)) { + return nil, common.NewError("invalid_client", "Client should be either owner or collaborator") + } + authToken, err := storageHandler.verifyAuthTicket(ctx, authTicketString, allocationObj, fileref, authTicket.ClientID) if authToken == nil { return nil, common.NewError("auth_ticket_verification_failed", "Could not verify the auth ticket. "+err.Error()) diff --git a/code/go/0chain.net/blobbercore/handler/handler_test.go b/code/go/0chain.net/blobbercore/handler/handler_test.go index 498216b47..4eb32e4cf 100644 --- a/code/go/0chain.net/blobbercore/handler/handler_test.go +++ b/code/go/0chain.net/blobbercore/handler/handler_test.go @@ -1148,6 +1148,7 @@ func TestHandlers_Requiring_Signature(t *testing.T) { r.Header.Set("Content-Type", formWriter.FormDataContentType()) r.Header.Set(common.ClientSignatureHeader, sign) r.Header.Set(common.ClientHeader, alloc.OwnerID) + r.Header.Set(common.ClientKeyHeader, alloc.OwnerPublicKey) return r }(), @@ -1236,6 +1237,7 @@ func TestHandlers_Requiring_Signature(t *testing.T) { r.Header.Set("Content-Type", formWriter.FormDataContentType()) r.Header.Set(common.ClientSignatureHeader, sign) r.Header.Set(common.ClientHeader, alloc.OwnerID) + r.Header.Set(common.ClientKeyHeader, alloc.OwnerPublicKey) return r }(), From 82783ce0698001a84d815822b24f93d13bd5fb72 Mon Sep 17 00:00:00 2001 From: Laxmi Prasad Oli Date: Tue, 8 Feb 2022 10:40:13 +0545 Subject: [PATCH 2/3] Allow only owners to share file check if client is same as allocation owner --- code/go/0chain.net/blobbercore/handler/handler.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/code/go/0chain.net/blobbercore/handler/handler.go b/code/go/0chain.net/blobbercore/handler/handler.go index 4ea04602a..deb268f24 100644 --- a/code/go/0chain.net/blobbercore/handler/handler.go +++ b/code/go/0chain.net/blobbercore/handler/handler.go @@ -452,7 +452,6 @@ func InsertShare(ctx context.Context, r *http.Request) (interface{}, error) { var ( allocationID = ctx.Value(constants.ContextKeyAllocation).(string) - publicKey = ctx.Value(constants.ContextKeyClientKey).(string) clientID = ctx.Value(constants.ContextKeyClient).(string) ) @@ -463,11 +462,15 @@ func InsertShare(ctx context.Context, r *http.Request) (interface{}, error) { sign := r.Header.Get(common.ClientSignatureHeader) - valid, err := verifySignatureFromRequest(allocationID, sign, publicKey) + valid, err := verifySignatureFromRequest(allocationID, sign, allocationObj.OwnerPublicKey) if !valid || err != nil { return nil, common.NewError("invalid_signature", "Invalid signature") } + if clientID != allocationObj.OwnerID { + return nil, common.NewError("invalid_client", "Client has no access to share file") + } + encryptionPublicKey := r.FormValue("encryption_public_key") authTicketString := r.FormValue("auth_ticket") authTicket := &readmarker.AuthTicket{} From e216d551bb6faf025ab5be63e6e8df242a6022b3 Mon Sep 17 00:00:00 2001 From: Laxmi Prasad Oli Date: Tue, 8 Feb 2022 12:02:34 +0545 Subject: [PATCH 3/3] Remove double checking clientid --- code/go/0chain.net/blobbercore/handler/handler.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/code/go/0chain.net/blobbercore/handler/handler.go b/code/go/0chain.net/blobbercore/handler/handler.go index deb268f24..fa76a2fa1 100644 --- a/code/go/0chain.net/blobbercore/handler/handler.go +++ b/code/go/0chain.net/blobbercore/handler/handler.go @@ -485,10 +485,6 @@ func InsertShare(ctx context.Context, r *http.Request) (interface{}, error) { return nil, common.NewError("invalid_parameters", "Invalid file path. "+err.Error()) } - if !(clientID == allocationObj.OwnerID || reference.IsACollaborator(ctx, fileref.ID, clientID)) { - return nil, common.NewError("invalid_client", "Client should be either owner or collaborator") - } - authToken, err := storageHandler.verifyAuthTicket(ctx, authTicketString, allocationObj, fileref, authTicket.ClientID) if authToken == nil { return nil, common.NewError("auth_ticket_verification_failed", "Could not verify the auth ticket. "+err.Error())