lotus/api/permissioned.go

97 lines
2.1 KiB
Go
Raw Normal View History

2019-07-18 16:51:21 +00:00
package api
import (
"context"
"reflect"
2019-07-18 17:48:24 +00:00
"golang.org/x/xerrors"
2019-07-18 16:51:21 +00:00
)
type permKey int
var permCtxKey permKey
const (
2019-07-23 20:15:29 +00:00
// When changing these, update docs/API.md too
2019-07-18 16:51:21 +00:00
PermRead = "read" // default
PermWrite = "write"
2019-07-23 18:53:13 +00:00
PermSign = "sign" // Use wallet keys for signing
PermAdmin = "admin" // Manage permissions
2019-07-18 16:51:21 +00:00
)
2019-07-23 18:53:13 +00:00
var AllPermissions = []string{PermRead, PermWrite, PermSign, PermAdmin}
2019-07-18 16:51:21 +00:00
var defaultPerms = []string{PermRead}
func WithPerm(ctx context.Context, perms []string) context.Context {
return context.WithValue(ctx, permCtxKey, perms)
}
2019-07-24 01:10:26 +00:00
func PermissionedStorMinerAPI(a StorageMiner) StorageMiner {
var out StorageMinerStruct
permissionedAny(a, &out.Internal)
permissionedAny(a, &out.CommonStruct.Internal)
return &out
}
func PermissionedFullAPI(a FullNode) FullNode {
2019-07-24 00:09:34 +00:00
var out FullNodeStruct
2019-07-24 01:10:26 +00:00
permissionedAny(a, &out.Internal)
permissionedAny(a, &out.CommonStruct.Internal)
return &out
}
2019-07-18 16:51:21 +00:00
2019-07-24 01:10:26 +00:00
func permissionedAny(in interface{}, out interface{}) {
rint := reflect.ValueOf(out).Elem()
ra := reflect.ValueOf(in)
2019-07-18 16:51:21 +00:00
for f := 0; f < rint.NumField(); f++ {
field := rint.Type().Field(f)
requiredPerm := field.Tag.Get("perm")
if requiredPerm == "" {
2019-07-23 20:05:44 +00:00
panic("missing 'perm' tag on " + field.Name)
}
// Validate perm tag
ok := false
for _, perm := range AllPermissions {
if requiredPerm == perm {
ok = true
break
}
}
if !ok {
panic("unknown 'perm' tag on " + field.Name)
2019-07-18 16:51:21 +00:00
}
fn := ra.MethodByName(field.Name)
rint.Field(f).Set(reflect.MakeFunc(field.Type, func(args []reflect.Value) (results []reflect.Value) {
ctx := args[0].Interface().(context.Context)
callerPerms, ok := ctx.Value(permCtxKey).([]string)
if !ok {
callerPerms = defaultPerms
}
for _, callerPerm := range callerPerms {
if callerPerm == requiredPerm {
return fn.Call(args)
}
}
2019-07-18 17:48:24 +00:00
err := xerrors.Errorf("missing permission to invoke '%s' (need '%s')", field.Name, requiredPerm)
rerr := reflect.ValueOf(&err).Elem()
if field.Type.NumOut() == 2 {
return []reflect.Value{
reflect.Zero(field.Type.Out(0)),
rerr,
}
} else {
return []reflect.Value{rerr}
}
2019-07-18 16:51:21 +00:00
}))
}
}