From 0710e07d3060fedf1507049af08e45a6a59df8d5 Mon Sep 17 00:00:00 2001
From: Leonard Lyubich <leonard@morphbits.io>
Date: Mon, 4 Mar 2024 15:43:19 +0400
Subject: [PATCH] bearer: Add new issuer-related methods

Dedicated field for the bearer token issuer was recently added to the
protocol https://github.com/nspcc-dev/neofs-api/issues/266. SDK should
provide functionality to work with it.

Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
---
 bearer/bearer.go      | 39 ++++++++++++++++++++++++++++++-
 bearer/bearer_test.go | 53 +++++++++++++++++++++++++++++++++++++++++++
 go.mod                |  2 ++
 go.sum                |  2 --
 4 files changed, 93 insertions(+), 3 deletions(-)

diff --git a/bearer/bearer.go b/bearer/bearer.go
index e6b18bcf..eb037433 100644
--- a/bearer/bearer.go
+++ b/bearer/bearer.go
@@ -23,6 +23,9 @@ type Token struct {
 	targetUserSet bool
 	targetUser    user.ID
 
+	issuerSet bool
+	issuer    user.ID
+
 	eaclTableSet bool
 	eaclTable    eacl.Table
 
@@ -58,6 +61,14 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error {
 		}
 	}
 
+	issuer := body.GetIssuer()
+	if b.issuerSet = issuer != nil; b.issuerSet {
+		err = b.issuer.ReadFromV2(*issuer)
+		if err != nil {
+			return fmt.Errorf("invalid issuer: %w", err)
+		}
+	}
+
 	lifetime := body.GetLifetime()
 	if b.lifetimeSet = lifetime != nil; b.lifetimeSet {
 		b.iat = lifetime.GetIat()
@@ -85,7 +96,7 @@ func (b *Token) ReadFromV2(m acl.BearerToken) error {
 }
 
 func (b Token) fillBody() *acl.BearerTokenBody {
-	if !b.eaclTableSet && !b.targetUserSet && !b.lifetimeSet {
+	if !b.eaclTableSet && !b.targetUserSet && !b.lifetimeSet && !b.issuerSet {
 		return nil
 	}
 
@@ -102,6 +113,13 @@ func (b Token) fillBody() *acl.BearerTokenBody {
 		body.SetOwnerID(&targetUser)
 	}
 
+	if b.issuerSet {
+		var issuer refs.OwnerID
+		b.issuer.WriteToV2(&issuer)
+
+		body.SetIssuer(&issuer)
+	}
+
 	if b.lifetimeSet {
 		var lifetime acl.TokenLifetime
 		lifetime.SetIat(b.iat)
@@ -364,6 +382,25 @@ func (b Token) SigningKeyBytes() []byte {
 	return nil
 }
 
+// SetIssuer sets NeoFS user ID of the [Token] issuer.
+//
+// See also [Token.Issuer].
+func (b *Token) SetIssuer(usr user.ID) {
+	b.issuerSet = true
+	b.issuer = usr
+}
+
+// Issuer returns NeoFS user ID of the Token issuer. Zero value means unset
+// issuer.
+//
+// See also [Token.SetIssuer].
+func (b Token) Issuer() user.ID {
+	if b.issuerSet {
+		return b.issuer
+	}
+	return user.ID{}
+}
+
 // ResolveIssuer resolves issuer's [user.ID] from the key used for [Token] signing.
 // Returns zero [user.ID] if Token is unsigned or key has incorrect format.
 //
diff --git a/bearer/bearer_test.go b/bearer/bearer_test.go
index 23866fe7..66e94bf3 100644
--- a/bearer/bearer_test.go
+++ b/bearer/bearer_test.go
@@ -391,3 +391,56 @@ func TestResolveIssuer(t *testing.T) {
 
 	require.Equal(t, usr, val.ResolveIssuer())
 }
+
+func TestToken_Issuer(t *testing.T) {
+	var token bearer.Token
+	var msg acl.BearerToken
+	filled := bearertest.Token(t)
+
+	token.WriteToV2(&msg)
+	require.Zero(t, msg.GetBody())
+
+	val2 := filled
+	require.NoError(t, val2.Unmarshal(token.Marshal()))
+
+	val2.WriteToV2(&msg)
+	require.Zero(t, msg.GetBody())
+
+	val2 = filled
+
+	jd, err := token.MarshalJSON()
+	require.NoError(t, err)
+
+	require.NoError(t, val2.UnmarshalJSON(jd))
+
+	val2.WriteToV2(&msg)
+	require.Zero(t, msg.GetBody())
+
+	// set value
+	usr := usertest.ID(t)
+
+	var usrV2 refs.OwnerID
+	usr.WriteToV2(&usrV2)
+
+	token.SetIssuer(usr)
+
+	token.WriteToV2(&msg)
+	require.Equal(t, usrV2, *msg.GetBody().GetIssuer())
+
+	val2 = filled
+
+	require.NoError(t, val2.Unmarshal(token.Marshal()))
+
+	val2.WriteToV2(&msg)
+	require.Equal(t, usrV2, *msg.GetBody().GetIssuer())
+
+	val2 = filled
+
+	jd, err = token.MarshalJSON()
+	require.NoError(t, err)
+
+	require.NoError(t, val2.UnmarshalJSON(jd))
+
+	val2.WriteToV2(&msg)
+	require.Equal(t, usrV2, *msg.GetBody().GetIssuer())
+}
diff --git a/go.mod b/go.mod
index 93fe75dc..cd71dc68 100644
--- a/go.mod
+++ b/go.mod
@@ -70,3 +70,5 @@ require (
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
+
+replace github.com/nspcc-dev/neofs-api-go/v2 => ../apigo
diff --git a/go.sum b/go.sum
index 4bafa082..c31d53f9 100644
--- a/go.sum
+++ b/go.sum
@@ -75,8 +75,6 @@ github.com/nspcc-dev/hrw/v2 v2.0.1 h1:CxYUkBeJvNfMEn2lHhrV6FjY8pZPceSxXUtMVq0BUO
 github.com/nspcc-dev/hrw/v2 v2.0.1/go.mod h1:iZAs5hT2q47EGq6AZ0FjaUI6ggntOi7vrY4utfzk5VA=
 github.com/nspcc-dev/neo-go v0.105.1 h1:r0b2yIwLBi+ARBKU94gHL9oTFEB/XMJ0YlS2HN9Qw34=
 github.com/nspcc-dev/neo-go v0.105.1/go.mod h1:GNh0cRALV/cuj+/xg2ZHDsrFbqcInqG7jjhqsLEnlNc=
-github.com/nspcc-dev/neofs-api-go/v2 v2.14.1-0.20240228163253-cb87bbd5e4eb h1:vvMxf818Ea2Ql+j9QX7zOlEXDrVlbAzR0DhGvrULilQ=
-github.com/nspcc-dev/neofs-api-go/v2 v2.14.1-0.20240228163253-cb87bbd5e4eb/go.mod h1:7Tm1NKEoUVVIUlkVwFrPh7GG5+Lmta2m7EGr4oVpBd8=
 github.com/nspcc-dev/rfc6979 v0.2.1 h1:8wWxkamHWFmO790GsewSoKUSJjVnL1fmdRpokU/RgRM=
 github.com/nspcc-dev/rfc6979 v0.2.1/go.mod h1:Tk7h5kyUWkhjyO3zUgFFhy1v2vQv3BvQEntakdtqrWc=
 github.com/nspcc-dev/tzhash v1.7.2 h1:iRXoa9TJqH/DQO7FFcqpq9BdruF9E7/xnFGlIghl5J4=