lotus/api/permissioned.go

106 lines
2.3 KiB
Go
Raw Normal View History

2019-07-18 16:51:21 +00:00
package api
import (
"context"
"reflect"
2019-07-18 17:48:24 +00:00
"golang.org/x/xerrors"
2019-07-18 16:51:21 +00:00
)
type permKey int
var permCtxKey permKey
2019-10-23 09:18:22 +00:00
type Permission = string
2019-07-18 16:51:21 +00:00
const (
2019-07-23 20:15:29 +00:00
// When changing these, update docs/API.md too
2019-10-23 09:18:22 +00:00
PermRead Permission = "read" // default
PermWrite Permission = "write"
PermSign Permission = "sign" // Use wallet keys for signing
PermAdmin Permission = "admin" // Manage permissions
2019-07-18 16:51:21 +00:00
)
2019-10-23 09:18:22 +00:00
var AllPermissions = []Permission{PermRead, PermWrite, PermSign, PermAdmin}
var defaultPerms = []Permission{PermRead}
2019-07-18 16:51:21 +00:00
2019-10-23 09:18:22 +00:00
func WithPerm(ctx context.Context, perms []Permission) context.Context {
2019-07-18 16:51:21 +00:00
return context.WithValue(ctx, permCtxKey, perms)
}
2019-07-24 01:10:26 +00:00
func PermissionedStorMinerAPI(a StorageMiner) StorageMiner {
var out StorageMinerStruct
permissionedAny(a, &out.Internal)
permissionedAny(a, &out.CommonStruct.Internal)
return &out
}
func PermissionedFullAPI(a FullNode) FullNode {
2019-07-24 00:09:34 +00:00
var out FullNodeStruct
2019-07-24 01:10:26 +00:00
permissionedAny(a, &out.Internal)
permissionedAny(a, &out.CommonStruct.Internal)
return &out
}
2019-07-18 16:51:21 +00:00
2019-10-23 09:18:22 +00:00
func HasPerm(ctx context.Context, perm Permission) bool {
callerPerms, ok := ctx.Value(permCtxKey).([]Permission)
if !ok {
callerPerms = defaultPerms
}
for _, callerPerm := range callerPerms {
if callerPerm == perm {
return true
}
}
return false
}
2019-07-24 01:10:26 +00:00
func permissionedAny(in interface{}, out interface{}) {
rint := reflect.ValueOf(out).Elem()
ra := reflect.ValueOf(in)
2019-07-18 16:51:21 +00:00
for f := 0; f < rint.NumField(); f++ {
field := rint.Type().Field(f)
2019-10-23 09:18:22 +00:00
requiredPerm := Permission(field.Tag.Get("perm"))
2019-07-18 16:51:21 +00:00
if requiredPerm == "" {
2019-11-17 17:00:45 +00:00
panic("missing 'perm' tag on " + field.Name) // ok
2019-07-23 20:05:44 +00:00
}
// Validate perm tag
ok := false
for _, perm := range AllPermissions {
if requiredPerm == perm {
ok = true
break
}
}
if !ok {
2019-11-17 17:00:45 +00:00
panic("unknown 'perm' tag on " + field.Name) // ok
2019-07-18 16:51:21 +00:00
}
fn := ra.MethodByName(field.Name)
rint.Field(f).Set(reflect.MakeFunc(field.Type, func(args []reflect.Value) (results []reflect.Value) {
ctx := args[0].Interface().(context.Context)
2019-10-23 09:18:22 +00:00
if HasPerm(ctx, requiredPerm) {
return fn.Call(args)
2019-07-18 16:51:21 +00:00
}
2019-07-18 17:48:24 +00:00
err := xerrors.Errorf("missing permission to invoke '%s' (need '%s')", field.Name, requiredPerm)
rerr := reflect.ValueOf(&err).Elem()
if field.Type.NumOut() == 2 {
return []reflect.Value{
reflect.Zero(field.Type.Out(0)),
rerr,
}
} else {
return []reflect.Value{rerr}
}
2019-07-18 16:51:21 +00:00
}))
}
}