Base bwlist (#117)

* add access and account to cfg

* add access control

* add bwlist

configs/configs.go

@@ -27,14 +27,14 @@ const (
 	TokenDated        = 60 * 60 * 24 * 30
 )
 
-const (
-	//
-	FileCacheExpirationTime = 720
-)
+const FileCacheExpirationTime = 720
+
+// Time out waiting for transaction completion
+const TimeOut_WaitBlock = time.Duration(time.Second * 15)
+
+const DefaultConfig = "conf.yaml"
 
 const (
-	// Time out waiting for transaction completion
-	TimeOut_WaitBlock = time.Duration(time.Second * 15)
-	//
-	DefaultConfig = "conf.yaml"
+	Access_Public  = "public"
+	Access_Private = "private"
 )

configs/system.go

@@ -14,7 +14,7 @@ const (
 	// Name space
 	NameSpace = Name
 	// version
-	Version = Name + " " + "v0.3.2"
+	Version = Name + " " + "v0.3.3 dev"
 	// description
 	Description = "Object storage service based on CESS network"
 )

go.mod

@@ -3,7 +3,7 @@ module github.com/CESSProject/DeOSS
 go 1.20
 
 require (
-	github.com/CESSProject/cess-go-sdk v0.3.19
+	github.com/CESSProject/cess-go-sdk v0.3.21-0.20231107093552-741d1c28e744
 	github.com/CESSProject/go-keyring v0.0.0-20220614131247-ee3a8da30fde
 	github.com/CESSProject/p2p-go v0.2.4
 	github.com/btcsuite/btcutil v1.0.3-0.20201208143702-a53e38424cce

go.sum

@@ -46,8 +46,8 @@ git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGy
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/CESSProject/cess-go-sdk v0.3.19 h1:13nO9Ox4okPRqQgv9us2L6/04RAKDo4eP2IwuLzjrvI=
-github.com/CESSProject/cess-go-sdk v0.3.19/go.mod h1:x37J5WrzBYwFK3c2BkU9oLvhTmN0hrGwFV6NczTHrkM=
+github.com/CESSProject/cess-go-sdk v0.3.21-0.20231107093552-741d1c28e744 h1:y/ZqscljT2jbl05rsq+v6hzuGWzEhlPYLxAQhtRUqmc=
+github.com/CESSProject/cess-go-sdk v0.3.21-0.20231107093552-741d1c28e744/go.mod h1:x37J5WrzBYwFK3c2BkU9oLvhTmN0hrGwFV6NczTHrkM=
 github.com/CESSProject/go-keyring v0.0.0-20220614131247-ee3a8da30fde h1:5MDRjjtg6PEhqyVjupwaapN96cOZiddOGAYwKQeaTu0=
 github.com/CESSProject/go-keyring v0.0.0-20220614131247-ee3a8da30fde/go.mod h1:RUXBd3ROP98MYepEEa0Y0l/T0vQlIKqFJxI/ocdnRLM=
 github.com/CESSProject/p2p-go v0.2.4 h1:E/tJfeBGeLZ07jBec5dVUobT33pyA1aRDpEDgLqxvoM=

node/authHandle.go

@@ -9,6 +9,7 @@ package node
 
 import (
 	"errors"
+	"fmt"
 	"net/http"
 	"time"
 
@@ -42,6 +43,12 @@ func (n *Node) authHandle(c *gin.Context) {
 		return
 	}
 
+	if !n.AccessControl(req.Account) {
+		n.Log("info", fmt.Sprintf("[%v] %v", c.ClientIP(), ERR_Forbidden))
+		c.JSON(http.StatusForbidden, ERR_Forbidden)
+		return
+	}
+
 	// Check publickey
 	pubkey, err := sutils.ParsingPublickey(req.Account)
 	if err != nil {

node/common.go

@@ -11,6 +11,7 @@ import (
 	"net/http"
 	"strings"
 
+	"github.com/CESSProject/DeOSS/configs"
 	sutils "github.com/CESSProject/cess-go-sdk/core/utils"
 	"github.com/CESSProject/go-keyring"
 	jwt "github.com/dgrijalva/jwt-go"
@@ -106,3 +107,34 @@ func (n *Node) verifySignature(account, message, signature string) ([]byte, erro
 	}
 	return nil, errors.New("signature verification failed")
 }
+
+func (n *Node) AccessControl(account string) bool {
+	if account == "" {
+		return false
+	}
+	err := sutils.VerityAddress(account, sutils.CessPrefix)
+	if err != nil {
+		return false
+	}
+
+	bwlist := n.GetAccounts()
+
+	if n.GetAccess() == configs.Access_Public {
+		for _, v := range bwlist {
+			if v == account {
+				return false
+			}
+		}
+		return true
+	}
+
+	if n.GetAccess() == configs.Access_Private {
+		for _, v := range bwlist {
+			if v == account {
+				return true
+			}
+		}
+	}
+
+	return false
+}

node/delHandle.go

@@ -103,6 +103,13 @@ func (n *Node) delFilesHandle(c *gin.Context) {
 		c.JSON(respMsg.Code, err.Error())
 		return
 	}
+
+	if !n.AccessControl(account) {
+		n.Del("info", fmt.Sprintf("[%v] %v", c.ClientIP(), ERR_Forbidden))
+		c.JSON(http.StatusForbidden, ERR_Forbidden)
+		return
+	}
+
 	n.Del("info", fmt.Sprintf("[%v] %v", clientIp, account))
 
 	var delList DelList

node/getHandle.go

@@ -73,6 +73,13 @@ func (n *Node) getHandle(c *gin.Context) {
 	n.Query("info", fmt.Sprintf("[%s] %s", clientIp, INFO_GetRequest))
 
 	cipher := c.Request.Header.Get(HTTPHeader_Cipher)
+	account := c.Request.Header.Get(HTTPHeader_Account)
+
+	if !n.AccessControl(account) {
+		n.Query("info", fmt.Sprintf("[%v] %v", c.ClientIP(), ERR_Forbidden))
+		c.JSON(http.StatusForbidden, ERR_Forbidden)
+		return
+	}
 
 	queryName := c.Param(HTTP_ParameterName)
 	if queryName == "version" {
@@ -111,7 +118,6 @@ func (n *Node) getHandle(c *gin.Context) {
 	}
 
 	if len(queryName) != len(pattern.FileHash{}) {
-		account := c.Request.Header.Get(HTTPHeader_Account)
 		if account == "" {
 			n.Query("err", fmt.Sprintf("[%s] %s", clientIp, ERR_MissAccount))
 			c.JSON(http.StatusBadRequest, ERR_MissAccount)

node/getRestore.go

@@ -44,6 +44,12 @@ func (n *Node) getRestoreHandle(c *gin.Context) {
 		account = userAccount
 	}
 
+	if !n.AccessControl(account) {
+		n.Upfile("info", fmt.Sprintf("[%v] %v", c.ClientIP(), ERR_Forbidden))
+		c.JSON(http.StatusForbidden, ERR_Forbidden)
+		return
+	}
+
 	var userfils_cache userFiles
 	data, err := n.Get([]byte(Cache_UserFiles + account))
 	if err == nil {

node/node.go

@@ -246,7 +246,7 @@ func (n *Node) WriteTrackFile(filehash string, data []byte) error {
 	return err
 }
 
-func (n *Node) ParseTrackFromFile(filehash string) (RecordInfo, error) {
+func (n *Node) ParseTrackFile(filehash string) (RecordInfo, error) {
 	var result RecordInfo
 	n.trackLock.RLock()
 	defer n.trackLock.RUnlock()

node/postRestore.go

@@ -37,19 +37,25 @@ func (n *Node) postRestoreHandle(c *gin.Context) {
 		if account != "" && signature != "" {
 			pkey, err = n.verifySignature(account, message, signature)
 			if err != nil {
-				n.Upfile("info", fmt.Sprintf("[%v] %v", clientIp, err))
+				n.Log("info", fmt.Sprintf("[%v] %v", clientIp, err))
 				c.JSON(respMsg.Code, err.Error())
 				return
 			}
 		} else {
-			n.Upfile("info", fmt.Sprintf("[%v] %v", clientIp, err))
+			n.Log("info", fmt.Sprintf("[%v] %v", clientIp, err))
 			c.JSON(respMsg.Code, err.Error())
 			return
 		}
 	} else {
 		account = userAccount
 	}
 
+	if !n.AccessControl(account) {
+		n.Log("info", fmt.Sprintf("[%v] %v", clientIp, ERR_Forbidden))
+		c.JSON(http.StatusForbidden, ERR_Forbidden)
+		return
+	}
+
 	var restoreList RestoreList
 	err = c.ShouldBind(&restoreList)
 	if err != nil {
@@ -69,7 +75,7 @@ func (n *Node) postRestoreHandle(c *gin.Context) {
 	// verify the bucket name
 	bucketName := c.Request.Header.Get(HTTPHeader_BucketName)
 	if !sutils.CheckBucketName(bucketName) {
-		n.Upfile("info", fmt.Sprintf("[%v] %v", clientIp, ERR_HeaderFieldBucketName))
+		n.Log("info", fmt.Sprintf("[%v] %v", clientIp, ERR_HeaderFieldBucketName))
 		c.JSON(http.StatusBadRequest, ERR_HeaderFieldBucketName)
 		return
 	}
@@ -84,7 +90,7 @@ func (n *Node) postRestoreHandle(c *gin.Context) {
 		}
 	}
 	if !flag {
-		n.Upfile("info", fmt.Sprintf("[%v] %v", clientIp, ERR_SpaceNotAuth))
+		n.Log("info", fmt.Sprintf("[%v] %v", clientIp, ERR_SpaceNotAuth))
 		c.JSON(http.StatusForbidden, ERR_SpaceNotAuth)
 		return
 	}
@@ -93,24 +99,24 @@ func (n *Node) postRestoreHandle(c *gin.Context) {
 	userInfo, err := n.QueryUserSpaceSt(pkey)
 	if err != nil {
 		if err.Error() == pattern.ERR_Empty {
-			n.Upfile("info", fmt.Sprintf("[%v] %v", clientIp, ERR_AccountNotExist))
+			n.Log("info", fmt.Sprintf("[%v] %v", clientIp, ERR_AccountNotExist))
 			c.JSON(http.StatusForbidden, ERR_AccountNotExist)
 			return
 		}
-		n.Upfile("err", fmt.Sprintf("[%v] %v", clientIp, err))
+		n.Log("err", fmt.Sprintf("[%v] %v", clientIp, err))
 		c.JSON(http.StatusForbidden, ERR_RpcFailed)
 		return
 	}
 
 	blockheight, err := n.QueryBlockHeight("")
 	if err != nil {
-		n.Upfile("info", fmt.Sprintf("[%v] %v", clientIp, err))
+		n.Log("info", fmt.Sprintf("[%v] %v", clientIp, err))
 		c.JSON(http.StatusForbidden, ERR_RpcFailed)
 		return
 	}
 
 	if userInfo.Deadline < (blockheight + 100) {
-		n.Upfile("info", fmt.Sprintf("[%v] %v [%d] [%d]", clientIp, ERR_SpaceExpiresSoon, userInfo.Deadline, blockheight))
+		n.Log("info", fmt.Sprintf("[%v] %v [%d] [%d]", clientIp, ERR_SpaceExpiresSoon, userInfo.Deadline, blockheight))
 		c.JSON(http.StatusForbidden, ERR_SpaceExpiresSoon)
 		return
 	}
@@ -133,13 +139,13 @@ func (n *Node) postRestoreHandle(c *gin.Context) {
 	usedSpace := allUsedSpace * 15 / 10
 	remainingSpace, err := strconv.ParseUint(userInfo.RemainingSpace, 10, 64)
 	if err != nil {
-		n.Upfile("err", fmt.Sprintf("[%v] %v", clientIp, err))
+		n.Log("err", fmt.Sprintf("[%v] %v", clientIp, err))
 		c.JSON(http.StatusInternalServerError, ERR_InternalServer)
 		return
 	}
 
 	if usedSpace > int64(remainingSpace) {
-		n.Upfile("info", fmt.Sprintf("[%v] %v", clientIp, ERR_NotEnoughSpace))
+		n.Log("info", fmt.Sprintf("[%v] %v", clientIp, ERR_NotEnoughSpace))
 		c.JSON(http.StatusForbidden, ERR_NotEnoughSpace)
 		return
 	}
@@ -163,14 +169,14 @@ func (n *Node) postRestoreHandle(c *gin.Context) {
 
 		b, err := json.Marshal(recordInfo)
 		if err != nil {
-			n.Upfile("err", fmt.Sprintf("[%v] %v", clientIp, err))
+			n.Log("err", fmt.Sprintf("[%v] %v", clientIp, err))
 			c.JSON(http.StatusInternalServerError, ERR_InternalServer)
 			continue
 		}
 
 		err = n.WriteTrackFile(restoreList.Files[i], b)
 		if err != nil {
-			n.Upfile("err", fmt.Sprintf("[%v] %v", clientIp, err))
+			n.Log("err", fmt.Sprintf("[%v] %v", clientIp, err))
 			c.JSON(http.StatusInternalServerError, ERR_InternalServer)
 			continue
 		}

node/putHandle.go

@@ -74,6 +74,12 @@ func (n *Node) putHandle(c *gin.Context) {
 		account = userAccount
 	}
 
+	if !n.AccessControl(account) {
+		n.Upfile("info", fmt.Sprintf("[%v] %v", c.ClientIP(), ERR_Forbidden))
+		c.JSON(http.StatusForbidden, ERR_Forbidden)
+		return
+	}
+
 	// verify the bucket name
 	bucketName := c.Request.Header.Get(HTTPHeader_BucketName)
 	if !sutils.CheckBucketName(bucketName) {