Unify implicit deny handlign in normal and backbeat routes

- Also split backbeat routers - Better use the callback functions - Do not return twice to the client in case of error and quota evaluation (finalizer hooks) - Remove account quota from backbeat proxy route: as not used in this case. Issue: CLDSRV-591
scality · Dec 10, 2024 · 22668de · 22668de
1 parent c0bb428
commit 22668de
Show file tree

Hide file tree

Showing 2 changed files with 160 additions and 172 deletions.
diff --git a/lib/api/api.js b/lib/api/api.js
@@ -119,6 +119,26 @@ function checkAuthResults(authResults, apiMethod, log) {
 }
 
 /* eslint-disable no-param-reassign */
+function handleAuthorizationResults(request, authorizationResults, apiMethod, returnTagCount, log, callback) {
+    if (authorizationResults) {
+        const checkedResults = checkAuthResults(authorizationResults, apiMethod, log);
+        if (checkedResults instanceof Error) {
+            return callback(checkedResults);
+        }
+        returnTagCount = checkedResults.returnTagCount;
+        request.actionImplicitDenies = checkedResults.isImplicitDeny;
+    } else {
+        // create an object of keys apiMethods with all values to false:
+        // for backward compatibility, all apiMethods are allowed by default
+        // thus it is explicitly allowed, so implicit deny is false
+        request.actionImplicitDenies = request.apiMethods.reduce((acc, curr) => {
+            acc[curr] = false;
+            return acc;
+        }, {});
+    }
+    return callback();
+}
+
 const api = {
     callApiMethod(apiMethod, request, response, log, callback) {
         // Attach the apiMethod method to the request, so it can used by monitoring in the server
@@ -148,7 +168,7 @@ const api = {
                 objectKey: request.objectKey,
             });
         }
-        let returnTagCount = true;
+        const returnTagCount = true;
 
         const validationRes = validateQueryAndHeaders(request, log);
         if (validationRes.error) {
@@ -263,27 +283,18 @@ const api = {
                     return next(null, userInfo, authResultsWithTags, streamingV4Params, infos);
                 },
             ),
+            (userInfo, authorizationResults, streamingV4Params, infos, next) =>
+                handleAuthorizationResults(request, authorizationResults, apiMethod, returnTagCount, log, err => {
+                    if (err) {
+                        return next(err);
+                    }
+                    return next(null, userInfo, authorizationResults, streamingV4Params, infos);
+                }),
         ], (err, userInfo, authorizationResults, streamingV4Params, infos) => {
             if (err) {
                 return callback(err);
             }
             request.accountQuotas = infos?.accountQuota;
-            if (authorizationResults) {
-                const checkedResults = checkAuthResults(authorizationResults, apiMethod, log);
-                if (checkedResults instanceof Error) {
-                    return callback(checkedResults);
-                }
-                returnTagCount = checkedResults.returnTagCount;
-                request.actionImplicitDenies = checkedResults.isImplicitDeny;
-            } else {
-                // create an object of keys apiMethods with all values to false:
-                // for backward compatibility, all apiMethods are allowed by default
-                // thus it is explicitly allowed, so implicit deny is false
-                request.actionImplicitDenies = apiMethods.reduce((acc, curr) => {
-                    acc[curr] = false;
-                    return acc;
-                }, {});
-            }
             const methodCallback = (err, ...results) => async.forEachLimit(request.finalizerHooks, 5,
                     (hook, done) => hook(err, done),
                     () => callback(err, ...results));
@@ -369,6 +380,7 @@ const api = {
     websiteGet: website,
     websiteHead: website,
     checkAuthResults,
+    handleAuthorizationResults,
 };
 
 module.exports = api;