2022-01-21 14:52:12 +00:00
|
|
|
// Copyright (C) 2019 Storj Labs, Inc.
|
|
|
|
// See LICENSE for copying information.
|
|
|
|
|
|
|
|
package metainfo
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2023-04-18 23:15:00 +01:00
|
|
|
"fmt"
|
2023-05-02 10:47:56 +01:00
|
|
|
"strings"
|
2022-01-21 14:52:12 +00:00
|
|
|
"time"
|
|
|
|
|
2023-04-18 23:15:00 +01:00
|
|
|
"github.com/jtolio/eventkit"
|
2022-01-21 14:52:12 +00:00
|
|
|
"github.com/spacemonkeygo/monkit/v3"
|
|
|
|
"github.com/zeebo/errs"
|
|
|
|
"go.uber.org/zap"
|
2023-04-20 14:08:26 +01:00
|
|
|
"golang.org/x/time/rate"
|
2022-01-21 14:52:12 +00:00
|
|
|
|
|
|
|
"storj.io/common/encryption"
|
|
|
|
"storj.io/common/lrucache"
|
|
|
|
"storj.io/common/macaroon"
|
|
|
|
"storj.io/common/pb"
|
|
|
|
"storj.io/common/rpc/rpcstatus"
|
|
|
|
"storj.io/common/signing"
|
|
|
|
"storj.io/common/storj"
|
|
|
|
"storj.io/storj/satellite/accounting"
|
|
|
|
"storj.io/storj/satellite/attribution"
|
|
|
|
"storj.io/storj/satellite/buckets"
|
|
|
|
"storj.io/storj/satellite/console"
|
2022-01-24 15:17:12 +00:00
|
|
|
"storj.io/storj/satellite/internalpb"
|
2022-01-21 14:52:12 +00:00
|
|
|
"storj.io/storj/satellite/metabase"
|
|
|
|
"storj.io/storj/satellite/metainfo/piecedeletion"
|
|
|
|
"storj.io/storj/satellite/metainfo/pointerverification"
|
|
|
|
"storj.io/storj/satellite/orders"
|
|
|
|
"storj.io/storj/satellite/overlay"
|
|
|
|
"storj.io/storj/satellite/revocation"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
satIDExpiration = 48 * time.Hour
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
mon = monkit.Package()
|
2023-04-18 23:15:00 +01:00
|
|
|
evs = eventkit.Package()
|
|
|
|
|
2022-01-21 14:52:12 +00:00
|
|
|
// Error general metainfo error.
|
|
|
|
Error = errs.Class("metainfo")
|
|
|
|
// ErrNodeAlreadyExists pointer already has a piece for a node err.
|
|
|
|
ErrNodeAlreadyExists = errs.Class("metainfo: node already exists")
|
|
|
|
// ErrBucketNotEmpty is returned when bucket is required to be empty for an operation.
|
|
|
|
ErrBucketNotEmpty = errs.Class("bucket not empty")
|
|
|
|
)
|
|
|
|
|
|
|
|
// APIKeys is api keys store methods used by endpoint.
|
|
|
|
//
|
|
|
|
// architecture: Database
|
|
|
|
type APIKeys interface {
|
|
|
|
GetByHead(ctx context.Context, head []byte) (*console.APIKeyInfo, error)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Endpoint metainfo endpoint.
|
|
|
|
//
|
|
|
|
// architecture: Endpoint
|
|
|
|
type Endpoint struct {
|
|
|
|
pb.DRPCMetainfoUnimplementedServer
|
|
|
|
|
2023-03-29 16:12:16 +01:00
|
|
|
log *zap.Logger
|
|
|
|
buckets *buckets.Service
|
|
|
|
metabase *metabase.DB
|
|
|
|
deletePieces *piecedeletion.Service
|
|
|
|
orders *orders.Service
|
|
|
|
overlay *overlay.Service
|
|
|
|
attributions attribution.DB
|
|
|
|
pointerVerification *pointerverification.Service
|
|
|
|
projectUsage *accounting.Service
|
|
|
|
projectLimits *accounting.ProjectLimitCache
|
|
|
|
projects console.Projects
|
|
|
|
apiKeys APIKeys
|
|
|
|
satellite signing.Signer
|
2023-04-20 14:08:26 +01:00
|
|
|
limiterCache *lrucache.ExpiringLRUOf[*rate.Limiter]
|
|
|
|
singleObjectLimitCache *lrucache.ExpiringLRUOf[struct{}]
|
2023-03-29 16:12:16 +01:00
|
|
|
encInlineSegmentSize int64 // max inline segment size + encryption overhead
|
|
|
|
revocations revocation.DB
|
|
|
|
defaultRS *pb.RedundancyScheme
|
|
|
|
config Config
|
|
|
|
versionCollector *versionCollector
|
2022-01-21 14:52:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// NewEndpoint creates new metainfo endpoint instance.
|
|
|
|
func NewEndpoint(log *zap.Logger, buckets *buckets.Service, metabaseDB *metabase.DB,
|
|
|
|
deletePieces *piecedeletion.Service, orders *orders.Service, cache *overlay.Service,
|
2023-01-27 21:07:32 +00:00
|
|
|
attributions attribution.DB, peerIdentities overlay.PeerIdentities,
|
2023-03-13 16:55:30 +00:00
|
|
|
apiKeys APIKeys, projectUsage *accounting.Service, projectLimits *accounting.ProjectLimitCache, projects console.Projects,
|
2022-01-21 14:52:12 +00:00
|
|
|
satellite signing.Signer, revocations revocation.DB, config Config) (*Endpoint, error) {
|
|
|
|
// TODO do something with too many params
|
|
|
|
|
|
|
|
encInlineSegmentSize, err := encryption.CalcEncryptedSize(config.MaxInlineSegmentSize.Int64(), storj.EncryptionParameters{
|
|
|
|
CipherSuite: storj.EncAESGCM,
|
|
|
|
BlockSize: 128, // intentionally low block size to allow maximum possible encryption overhead
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
defaultRSScheme := &pb.RedundancyScheme{
|
|
|
|
Type: pb.RedundancyScheme_RS,
|
|
|
|
MinReq: int32(config.RS.Min),
|
|
|
|
RepairThreshold: int32(config.RS.Repair),
|
|
|
|
SuccessThreshold: int32(config.RS.Success),
|
|
|
|
Total: int32(config.RS.Total),
|
|
|
|
ErasureShareSize: config.RS.ErasureShareSize.Int32(),
|
|
|
|
}
|
|
|
|
|
|
|
|
return &Endpoint{
|
|
|
|
log: log,
|
|
|
|
buckets: buckets,
|
|
|
|
metabase: metabaseDB,
|
|
|
|
deletePieces: deletePieces,
|
|
|
|
orders: orders,
|
|
|
|
overlay: cache,
|
|
|
|
attributions: attributions,
|
|
|
|
pointerVerification: pointerverification.NewService(peerIdentities),
|
|
|
|
apiKeys: apiKeys,
|
|
|
|
projectUsage: projectUsage,
|
2023-03-13 16:55:30 +00:00
|
|
|
projectLimits: projectLimits,
|
2022-01-21 14:52:12 +00:00
|
|
|
projects: projects,
|
|
|
|
satellite: satellite,
|
2023-04-20 14:08:26 +01:00
|
|
|
limiterCache: lrucache.NewOf[*rate.Limiter](lrucache.Options{
|
2022-01-21 14:52:12 +00:00
|
|
|
Capacity: config.RateLimiter.CacheCapacity,
|
|
|
|
Expiration: config.RateLimiter.CacheExpiration,
|
2023-04-04 10:11:06 +01:00
|
|
|
Name: "metainfo-ratelimit",
|
2022-01-21 14:52:12 +00:00
|
|
|
}),
|
2023-04-20 14:08:26 +01:00
|
|
|
singleObjectLimitCache: lrucache.NewOf[struct{}](lrucache.Options{
|
2023-03-29 16:12:16 +01:00
|
|
|
Expiration: config.UploadLimiter.SingleObjectLimit,
|
|
|
|
Capacity: config.UploadLimiter.CacheCapacity,
|
|
|
|
}),
|
2022-01-21 14:52:12 +00:00
|
|
|
encInlineSegmentSize: encInlineSegmentSize,
|
|
|
|
revocations: revocations,
|
|
|
|
defaultRS: defaultRSScheme,
|
|
|
|
config: config,
|
|
|
|
versionCollector: newVersionCollector(log),
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Close closes resources.
|
|
|
|
func (endpoint *Endpoint) Close() error { return nil }
|
|
|
|
|
|
|
|
// ProjectInfo returns allowed ProjectInfo for the provided API key.
|
|
|
|
func (endpoint *Endpoint) ProjectInfo(ctx context.Context, req *pb.ProjectInfoRequest) (_ *pb.ProjectInfoResponse, err error) {
|
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
|
2022-04-21 15:48:13 +01:00
|
|
|
endpoint.versionCollector.collect(req.Header.UserAgent, mon.Func().ShortName())
|
2022-01-21 14:52:12 +00:00
|
|
|
|
|
|
|
keyInfo, err := endpoint.validateAuth(ctx, req.Header, macaroon.Action{
|
|
|
|
Op: macaroon.ActionProjectInfo,
|
|
|
|
Time: time.Now(),
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2023-04-18 23:15:00 +01:00
|
|
|
endpoint.usageTracking(keyInfo, req.Header, fmt.Sprintf("%T", req))
|
2022-01-21 14:52:12 +00:00
|
|
|
|
2022-09-13 13:45:18 +01:00
|
|
|
salt, err := endpoint.projects.GetSalt(ctx, keyInfo.ProjectID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-01-21 14:52:12 +00:00
|
|
|
|
|
|
|
return &pb.ProjectInfoResponse{
|
2023-04-18 23:15:00 +01:00
|
|
|
ProjectPublicId: keyInfo.ProjectPublicID.Bytes(),
|
|
|
|
ProjectSalt: salt,
|
2022-01-21 14:52:12 +00:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// RevokeAPIKey handles requests to revoke an api key.
|
|
|
|
func (endpoint *Endpoint) RevokeAPIKey(ctx context.Context, req *pb.RevokeAPIKeyRequest) (resp *pb.RevokeAPIKeyResponse, err error) {
|
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
|
2022-04-21 15:48:13 +01:00
|
|
|
endpoint.versionCollector.collect(req.Header.UserAgent, mon.Func().ShortName())
|
2022-01-21 14:52:12 +00:00
|
|
|
|
|
|
|
macToRevoke, err := macaroon.ParseMacaroon(req.GetApiKey())
|
|
|
|
if err != nil {
|
|
|
|
return nil, rpcstatus.Error(rpcstatus.InvalidArgument, "API key to revoke is not a macaroon")
|
|
|
|
}
|
|
|
|
keyInfo, err := endpoint.validateRevoke(ctx, req.Header, macToRevoke)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2023-04-18 23:15:00 +01:00
|
|
|
endpoint.usageTracking(keyInfo, req.Header, fmt.Sprintf("%T", req))
|
2022-01-21 14:52:12 +00:00
|
|
|
|
|
|
|
err = endpoint.revocations.Revoke(ctx, macToRevoke.Tail(), keyInfo.ID[:])
|
|
|
|
if err != nil {
|
|
|
|
endpoint.log.Error("Failed to revoke API key", zap.Error(err))
|
|
|
|
return nil, rpcstatus.Error(rpcstatus.Internal, "Failed to revoke API key")
|
|
|
|
}
|
|
|
|
|
|
|
|
return &pb.RevokeAPIKeyResponse{}, nil
|
|
|
|
}
|
2022-01-24 15:17:12 +00:00
|
|
|
|
|
|
|
func (endpoint *Endpoint) packStreamID(ctx context.Context, satStreamID *internalpb.StreamID) (streamID storj.StreamID, err error) {
|
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
|
2023-02-07 10:24:23 +00:00
|
|
|
if satStreamID == nil {
|
|
|
|
return nil, rpcstatus.Error(rpcstatus.Internal, "unable to create stream id")
|
|
|
|
}
|
|
|
|
|
|
|
|
if !satStreamID.ExpirationDate.IsZero() {
|
|
|
|
// DB can only preserve microseconds precision and nano seconds will be cut.
|
|
|
|
// To have stable StreamID/UploadID we need to always truncate it.
|
|
|
|
satStreamID.ExpirationDate = satStreamID.ExpirationDate.Truncate(time.Microsecond)
|
|
|
|
}
|
|
|
|
|
2022-01-24 15:17:12 +00:00
|
|
|
signedStreamID, err := SignStreamID(ctx, endpoint.satellite, satStreamID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, rpcstatus.Error(rpcstatus.Internal, err.Error())
|
|
|
|
}
|
|
|
|
|
|
|
|
encodedStreamID, err := pb.Marshal(signedStreamID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, rpcstatus.Error(rpcstatus.Internal, err.Error())
|
|
|
|
}
|
|
|
|
|
|
|
|
streamID, err = storj.StreamIDFromBytes(encodedStreamID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, rpcstatus.Error(rpcstatus.Internal, err.Error())
|
|
|
|
}
|
|
|
|
return streamID, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (endpoint *Endpoint) packSegmentID(ctx context.Context, satSegmentID *internalpb.SegmentID) (segmentID storj.SegmentID, err error) {
|
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
|
2023-02-07 10:24:23 +00:00
|
|
|
if satSegmentID == nil {
|
|
|
|
return nil, rpcstatus.Error(rpcstatus.Internal, "unable to create segment id")
|
|
|
|
}
|
|
|
|
|
2022-01-24 15:17:12 +00:00
|
|
|
signedSegmentID, err := SignSegmentID(ctx, endpoint.satellite, satSegmentID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
encodedSegmentID, err := pb.Marshal(signedSegmentID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
segmentID, err = storj.SegmentIDFromBytes(encodedSegmentID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return segmentID, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (endpoint *Endpoint) unmarshalSatStreamID(ctx context.Context, streamID storj.StreamID) (_ *internalpb.StreamID, err error) {
|
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
|
|
|
|
satStreamID := &internalpb.StreamID{}
|
|
|
|
err = pb.Unmarshal(streamID, satStreamID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
err = VerifyStreamID(ctx, endpoint.satellite, satStreamID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return satStreamID, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (endpoint *Endpoint) unmarshalSatSegmentID(ctx context.Context, segmentID storj.SegmentID) (_ *internalpb.SegmentID, err error) {
|
|
|
|
defer mon.Task()(&ctx)(&err)
|
|
|
|
|
2023-01-11 15:40:17 +00:00
|
|
|
if len(segmentID) == 0 {
|
|
|
|
return nil, errs.New("segment ID missing")
|
|
|
|
}
|
|
|
|
|
2022-01-24 15:17:12 +00:00
|
|
|
satSegmentID := &internalpb.SegmentID{}
|
|
|
|
err = pb.Unmarshal(segmentID, satSegmentID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if satSegmentID.StreamId == nil {
|
|
|
|
return nil, errs.New("stream ID missing")
|
|
|
|
}
|
|
|
|
|
|
|
|
err = VerifySegmentID(ctx, endpoint.satellite, satSegmentID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if satSegmentID.CreationDate.Before(time.Now().Add(-satIDExpiration)) {
|
|
|
|
return nil, errs.New("segment ID expired")
|
|
|
|
}
|
|
|
|
|
|
|
|
return satSegmentID, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// convertMetabaseErr converts domain errors from metabase to appropriate rpc statuses errors.
|
|
|
|
func (endpoint *Endpoint) convertMetabaseErr(err error) error {
|
2022-06-22 12:33:03 +01:00
|
|
|
if rpcstatus.Code(err) != rpcstatus.Unknown {
|
|
|
|
// it's already RPC error
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2022-01-24 15:17:12 +00:00
|
|
|
switch {
|
2023-04-19 10:54:16 +01:00
|
|
|
case metabase.ErrObjectNotFound.Has(err):
|
2023-05-02 10:47:56 +01:00
|
|
|
message := strings.TrimPrefix(err.Error(), string(metabase.ErrObjectNotFound))
|
|
|
|
message = strings.TrimPrefix(message, ": ")
|
|
|
|
// uplink expects a message that starts with the specified prefix
|
|
|
|
return rpcstatus.Error(rpcstatus.NotFound, "object not found: "+message)
|
2022-01-24 15:17:12 +00:00
|
|
|
case metabase.ErrSegmentNotFound.Has(err):
|
2023-05-02 10:47:56 +01:00
|
|
|
message := strings.TrimPrefix(err.Error(), string(metabase.ErrSegmentNotFound))
|
|
|
|
message = strings.TrimPrefix(message, ": ")
|
|
|
|
// uplink expects a message that starts with the specified prefix
|
|
|
|
return rpcstatus.Error(rpcstatus.NotFound, "segment not found: "+message)
|
2022-01-24 15:17:12 +00:00
|
|
|
case metabase.ErrInvalidRequest.Has(err):
|
|
|
|
return rpcstatus.Error(rpcstatus.InvalidArgument, err.Error())
|
2022-01-27 10:30:45 +00:00
|
|
|
case metabase.ErrObjectAlreadyExists.Has(err):
|
|
|
|
return rpcstatus.Error(rpcstatus.AlreadyExists, err.Error())
|
2022-05-09 16:11:36 +01:00
|
|
|
case metabase.ErrPendingObjectMissing.Has(err):
|
|
|
|
return rpcstatus.Error(rpcstatus.NotFound, err.Error())
|
2022-09-21 09:10:06 +01:00
|
|
|
case metabase.ErrPermissionDenied.Has(err):
|
|
|
|
return rpcstatus.Error(rpcstatus.PermissionDenied, err.Error())
|
2022-01-24 15:17:12 +00:00
|
|
|
default:
|
|
|
|
endpoint.log.Error("internal", zap.Error(err))
|
|
|
|
return rpcstatus.Error(rpcstatus.Internal, err.Error())
|
|
|
|
}
|
|
|
|
}
|
2023-04-18 23:15:00 +01:00
|
|
|
|
|
|
|
func (endpoint *Endpoint) usageTracking(keyInfo *console.APIKeyInfo, header *pb.RequestHeader, name string, tags ...eventkit.Tag) {
|
|
|
|
evs.Event("usage", append([]eventkit.Tag{
|
|
|
|
eventkit.Bytes("project-public-id", keyInfo.ProjectPublicID[:]),
|
|
|
|
eventkit.String("user-agent", string(header.UserAgent)),
|
|
|
|
eventkit.String("request", name),
|
|
|
|
}, tags...)...)
|
|
|
|
}
|