JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0796653b07
storj/cmd/uplink/cmd_share.go
Erik van Velzen 0796653b07 cmd/uplinkng: registeraccess via libuplink 
Change the implementation of register and share so that it uses the
uplink method to contact the Auth Service. The network protocol switches
from HTTP to DRPC.

Closes https://github.com/storj/storj/issues/4324

Change-Id: Ib8fdb1665c6385bb39a546ba46a8df43a136df9c
2022-02-11 11:36:45 +00:00

292 lines
9.1 KiB
Go
Raw Blame History

// Copyright (C) 2021 Storj Labs, Inc.
// See LICENSE for copying information.
package main
import (
"context"
"fmt"
"io/ioutil"
"net/url"
"os"
"path/filepath"
"strconv"
"strings"
"time"
"github.com/zeebo/clingy"
"github.com/zeebo/errs"
"storj.io/storj/cmd/uplink/ulext"
"storj.io/storj/cmd/uplink/ulloc"
"storj.io/uplink"
"storj.io/uplink/edge"
)
type cmdShare struct {
ex ulext.External
ap accessPermissions
access string
exportTo string
baseURL string
register bool
url bool
dns string
authService string
caCert string
public bool
}
func newCmdShare(ex ulext.External) *cmdShare {
return &cmdShare{ex: ex}
}
func (c *cmdShare) Setup(params clingy.Parameters) {
c.access = params.Flag("access", "Access name or value to share", "").(string)
params.Break()
c.exportTo = params.Flag("export-to", "Path to export the shared access to", "").(string)
c.baseURL = params.Flag("base-url", "The base url for link sharing", "https://link.us1.storjshare.io").(string)
c.register = params.Flag("register", "If true, creates and registers access grant", false,
clingy.Transform(strconv.ParseBool), clingy.Boolean,
).(bool)
c.url = params.Flag("url", "If true, returns a url for the shared path. implies --register and --public", false,
clingy.Transform(strconv.ParseBool), clingy.Boolean,
).(bool)
c.dns = params.Flag("dns", "Specify your custom hostname. if set, returns dns settings for web hosting. implies --register and --public", "").(string)
c.authService = params.Flag("auth-service", "URL for shared auth service", "https://auth.us1.storjshare.io").(string)
c.public = params.Flag("public", "If true, the access will be public. --dns and --url override this", false,
clingy.Transform(strconv.ParseBool), clingy.Boolean,
).(bool)
params.Break()
c.ap.Setup(params, false)
}
func (c *cmdShare) Execute(ctx clingy.Context) error {
if len(c.ap.prefixes) == 0 {
return errs.New("You must specify at least one prefix to share. Use the access restrict command to restrict with no prefixes.")
}
access, err := c.ex.OpenAccess(c.access)
if err != nil {
return err
}
access, err = c.ap.Apply(access)
if err != nil {
return err
}
isPublic := c.public || c.url || c.dns != ""
if isPublic {
if c.ap.notAfter.String() == "" {
fmt.Fprintf(ctx, "It's not recommended to create a shared Access without an expiration date.")
fmt.Fprintf(ctx, "If you wish to do so anyway, please run this command with --not-after=none.")
return nil
}
if c.ap.notAfter.String() == "none" {
c.ap.notAfter = time.Time{}
}
}
newAccessData, err := access.Serialize()
if err != nil {
return err
}
fmt.Fprintf(ctx, "Sharing access to satellite %s\n", access.SatelliteAddress())
fmt.Fprintf(ctx, "=========== ACCESS RESTRICTIONS ==========================================================\n")
fmt.Fprintf(ctx, "Download : %s\n", formatPermission(c.ap.AllowDownload()))
fmt.Fprintf(ctx, "Upload : %s\n", formatPermission(c.ap.AllowUpload()))
fmt.Fprintf(ctx, "Lists : %s\n", formatPermission(c.ap.AllowList()))
fmt.Fprintf(ctx, "Deletes : %s\n", formatPermission(c.ap.AllowDelete()))
fmt.Fprintf(ctx, "NotBefore : %s\n", formatTimeRestriction(c.ap.notBefore))
fmt.Fprintf(ctx, "NotAfter : %s\n", formatTimeRestriction(c.ap.notAfter))
fmt.Fprintf(ctx, "Paths : %s\n", formatPaths(c.ap.prefixes))
fmt.Fprintf(ctx, "=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========\n")
fmt.Fprintf(ctx, "Access : %s\n", newAccessData)
if c.register || c.url || c.dns != "" {
credentials, err := RegisterAccess(ctx, access, c.authService, isPublic, c.caCert)
if err != nil {
return err
}
err = DisplayGatewayCredentials(ctx, *credentials, "", "")
if err != nil {
return err
}
_, err = fmt.Fprintln(ctx, "Public Access: ", isPublic)
if err != nil {
return err
}
if len(c.ap.prefixes) == 1 && !c.ap.AllowUpload() && !c.ap.disallowDeletes {
if c.url {
if err = createURL(ctx, credentials.AccessKeyID, c.ap.prefixes[0], c.baseURL, c.ap.prefixes); err != nil {
return err
}
}
if c.dns != "" {
if err = createDNS(ctx, credentials.AccessKeyID, c.ap.prefixes[0], c.baseURL, c.dns); err != nil {
return err
}
}
}
}
if c.exportTo != "" {
// convert to an absolute path, mostly for output purposes.
exportTo, err := filepath.Abs(c.exportTo)
if err != nil {
return err
}
if err := ioutil.WriteFile(exportTo, []byte(newAccessData+"\n"), 0600); err != nil {
return err
}
fmt.Fprintln(ctx, "Exported to:", exportTo)
}
return nil
}
func formatPermission(allowed bool) string {
if allowed {
return "Allowed"
}
return "Disallowed"
}
func formatTimeRestriction(t time.Time) string {
if t.IsZero() {
return "No restriction"
}
return formatTime(true, t)
}
func formatPaths(sharePrefixes []uplink.SharePrefix) string {
if len(sharePrefixes) == 0 {
return "WARNING! The entire project is shared!"
}
var paths []string
for _, prefix := range sharePrefixes {
path := "sj://" + prefix.Bucket
if len(prefix.Prefix) == 0 {
path += "/ (entire bucket)"
} else {
path += "/" + prefix.Prefix
}
paths = append(paths, path)
}
return strings.Join(paths, "\n ")
}
// RegisterAccess registers an access grant with a Gateway Authorization Service.
func RegisterAccess(ctx context.Context, access *uplink.Access, authService string, public bool, certificateFile string) (credentials *edge.Credentials, err error) {
if authService == "" {
return nil, errs.New("no auth service address provided")
}
// preserve compatibility with previous https service
authService = strings.TrimPrefix(authService, "https://")
authService = strings.TrimSuffix(authService, "/")
if !strings.Contains(authService, ":") {
authService += ":7777"
}
var certificatePEM []byte
if certificateFile != "" {
certificatePEM, err = os.ReadFile(certificateFile)
if err != nil {
return nil, errs.New("can't read certificate file: %w", err)
}
}
edgeConfig := edge.Config{
AuthServiceAddress: authService,
CertificatePEM: certificatePEM,
}
return edgeConfig.RegisterAccess(ctx, access, &edge.RegisterAccessOptions{Public: public})
}
// Creates linksharing url for allowed path prefixes.
func createURL(ctx clingy.Context, newAccessData string, prefix uplink.SharePrefix, baseURL string, sharePrefixes []uplink.SharePrefix) (err error) {
loc := ulloc.NewRemote(prefix.Bucket, prefix.Prefix)
bucket, key, _ := loc.RemoteParts()
fmt.Fprintf(ctx, "=========== BROWSER URL ==================================================================\n")
fmt.Fprintf(ctx, "REMINDER : Object key must end in '/' when trying to share recursively\n")
fmt.Fprintf(ctx, "URL : %s/s/%s/%s/%s\n", baseURL, url.PathEscape(newAccessData), bucket, key)
return nil
}
// Creates dns record info for allowed path prefixes.
func createDNS(ctx clingy.Context, accessKey string, prefix uplink.SharePrefix, baseURL, dns string) (err error) {
CNAME, err := url.Parse(baseURL)
if err != nil {
return err
}
rootString := ulloc.NewRemote(prefix.Bucket, prefix.Prefix).String()[5:]
printStorjRoot := fmt.Sprintf("txt-%s\tIN\tTXT \tstorj-root:%s", dns, rootString)
fmt.Fprintf(ctx, "=========== DNS INFO =====================================================================\n")
fmt.Fprintf(ctx, "Remember to update the $ORIGIN with your domain name. You may also change the $TTL.\n")
fmt.Fprintf(ctx, "$ORIGIN example.com.\n")
fmt.Fprintf(ctx, "$TTL 3600\n")
fmt.Fprintf(ctx, "%s \tIN\tCNAME\t%s.\n", dns, CNAME.Host)
fmt.Fprintln(ctx, printStorjRoot)
fmt.Fprintf(ctx, "txt-%s\tIN\tTXT \tstorj-access:%s\n", dns, accessKey)
return nil
}
// DisplayGatewayCredentials formats and writes credentials to stdout.
func DisplayGatewayCredentials(ctx clingy.Context, credentials edge.Credentials, format string, awsProfile string) (err error) {
switch format {
case "env": // export / set compatible format
// note that AWS_ENDPOINT configuration is not natively utilized by the AWS CLI
_, err = fmt.Fprintf(ctx, "AWS_ACCESS_KEY_ID=%s\n"+
"AWS_SECRET_ACCESS_KEY=%s\n"+
"AWS_ENDPOINT=%s\n",
credentials.AccessKeyID, credentials.SecretKey, credentials.Endpoint)
if err != nil {
return err
}
case "aws": // aws configuration commands
profile := ""
if awsProfile != "" {
profile = " --profile " + awsProfile
_, err = fmt.Fprintf(ctx, "aws configure %s\n", profile)
if err != nil {
return err
}
}
// note that the endpoint_url configuration is not natively utilized by the AWS CLI
_, err = fmt.Fprintf(ctx, "aws configure %s set aws_access_key_id %s\n"+
"aws configure %s set aws_secret_access_key %s\n"+
"aws configure %s set s3.endpoint_url %s\n",
profile, credentials.AccessKeyID, profile, credentials.SecretKey, profile, credentials.Endpoint)
if err != nil {
return err
}
default: // plain text
_, err = fmt.Fprintf(ctx, "========== CREDENTIALS ===================================================================\n"+
"Access Key ID: %s\n"+
"Secret Key : %s\n"+
"Endpoint : %s\n",
credentials.AccessKeyID, credentials.SecretKey, credentials.Endpoint)
if err != nil {
return err
}
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink