fix GET and HEAD

Fix filename and Content-type for GET and HEAD APIs. Fix cookie prefix for bearer token. Signed-off-by: Tatiana Nesterenko <tatiana@nspcc.io>
nspcc-dev · Jan 15, 2024 · b8f60d3 · b8f60d3
1 parent 3f4121d
commit b8f60d3
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 23 deletions.
diff --git a/handlers/api.go b/handlers/api.go
@@ -64,7 +64,8 @@ type ContextKey string
 
 const (
 	// BearerPrefix is the prefix for authorization token.
-	BearerPrefix = "Bearer "
+	BearerPrefix       = "Bearer "
+	BearerCookiePrefix = "Bearer="
 
 	// ContextKeyRequestID is the ContextKey for RequestID.
 	ContextKeyRequestID ContextKey = "requestID"
@@ -138,18 +139,16 @@ func (a *API) Configure(api *operations.NeofsRestGwAPI) http.Handler {
 		if s = strings.TrimPrefix(s, BearerPrefix); len(s) == 0 {
 			return nil, fmt.Errorf("bearer token is empty")
 		}
-
 		return (*models.Principal)(&s), nil
 	}
 
 	api.CookieAuthAuth = func(s string) (*models.Principal, error) {
-		if !strings.HasPrefix(s, BearerPrefix) {
+		if !strings.HasPrefix(s, BearerCookiePrefix) {
 			return nil, fmt.Errorf("has not bearer token")
 		}
-		if s = strings.TrimPrefix(s, BearerPrefix); len(s) == 0 {
+		if s = strings.TrimPrefix(s, BearerCookiePrefix); len(s) == 0 {
 			return nil, fmt.Errorf("bearer token is empty")
 		}
-
 		return (*models.Principal)(&s), nil
 	}
 

diff --git a/handlers/objects.go b/handlers/objects.go
@@ -358,7 +358,8 @@ func (a *API) GetContainerObject(params operations.GetContainerObjectParams, pri
 	payloadSize := header.PayloadSize()
 	res := operations.NewGetContainerObjectOK()
 
-	responder, contentType := a.setAttributes(res, payloadSize, params.ContainerID, params.ObjectID, header, params.HTTPRequest.URL.Query().Get("download"))
+	responder := a.setAttributes(res, payloadSize, params.ContainerID, params.ObjectID, header, params.HTTPRequest.URL.Query().Get("download"))
+	contentType := res.ContentType
 	var payload io.ReadCloser = payloadReader
 	if len(contentType) == 0 {
 		if payloadSize > 0 {
@@ -431,7 +432,8 @@ func (a *API) HeadContainerObject(params operations.HeadContainerObjectParams, p
 	payloadSize := header.PayloadSize()
 	res := operations.NewHeadContainerObjectOK()
 
-	responder, contentType := a.setAttributes(res, payloadSize, params.ContainerID, params.ObjectID, *header, params.HTTPRequest.URL.Query().Get("download"))
+	responder := a.setAttributes(res, payloadSize, params.ContainerID, params.ObjectID, *header, params.HTTPRequest.URL.Query().Get("download"))
+	contentType := res.ContentType
 	if len(contentType) == 0 {
 		if payloadSize > 0 {
 			contentType, _, err = readContentType(payloadSize, func(sz uint64) (io.Reader, error) {
@@ -469,6 +471,7 @@ func isNotFoundError(err error) bool {
 
 type attributeSetter interface {
 	SetContentLength(contentLength string)
+	SetContentType(contentType string)
 	SetXContainerID(xContainerID string)
 	SetXObjectID(xObjectID string)
 	SetXOwnerID(xOwnerID string)
@@ -479,16 +482,14 @@ type attributeSetter interface {
 	WriteResponse(rw http.ResponseWriter, producer runtime.Producer)
 }
 
-func (a *API) setAttributes(res attributeSetter, payloadSize uint64, cid string, oid string, header object.Object, download string) (middleware.Responder, string) {
+func (a *API) setAttributes(res attributeSetter, payloadSize uint64, cid string, oid string, header object.Object, download string) middleware.Responder {
 	res.SetContentLength(strconv.FormatUint(payloadSize, 10))
 	res.SetXContainerID(cid)
 	res.SetXObjectID(oid)
 	res.SetXOwnerID(header.OwnerID().EncodeToString())
 
-	var (
-		contentType, filename string
-		responder             middleware.Responder
-	)
+	var responder middleware.Responder
+	dis := "inline"
 	attributes := header.Attributes()
 	if len(attributes) > 0 {
 		responder = middleware.ResponderFunc(func(rw http.ResponseWriter, pr runtime.Producer) {
@@ -500,7 +501,11 @@ func (a *API) setAttributes(res attributeSetter, payloadSize uint64, cid string,
 				}
 				switch key {
 				case object.AttributeFileName:
-					filename = val
+					switch download {
+					case "1", "t", "T", "true", "TRUE", "True", "y", "yes", "Y", "YES", "Yes":
+						dis = "attachment"
+					}
+					res.SetContentDisposition(dis + "; filename=" + path.Base(val))
 					res.SetXAttributeFileName(val)
 				case object.AttributeTimestamp:
 					attrTimestamp, err := strconv.ParseInt(val, 10, 64)
@@ -514,7 +519,7 @@ func (a *API) setAttributes(res attributeSetter, payloadSize uint64, cid string,
 					res.SetXAttributeTimestamp(attrTimestamp)
 					res.SetLastModified(time.Unix(attrTimestamp, 0).UTC().Format(http.TimeFormat))
 				case object.AttributeContentType:
-					contentType = val
+					res.SetContentType(val)
 				default:
 					if strings.HasPrefix(key, container.SysAttributePrefix) {
 						key = systemBackwardTranslator(key)
@@ -525,15 +530,7 @@ func (a *API) setAttributes(res attributeSetter, payloadSize uint64, cid string,
 			res.WriteResponse(rw, pr)
 		})
 	}
-
-	var dis = "inline"
-	switch download {
-	case "1", "t", "T", "true", "TRUE", "True", "y", "yes", "Y", "YES", "Yes":
-		dis = "attachment"
-	}
-	res.SetContentDisposition(dis + "; filename=" + path.Base(filename))
-
-	return responder, contentType
+	return responder
 }
 
 // initializes io.Reader with the limited size and detects Content-Type from it.