Merge pull request #9290 from aayushchouhan09/sec-key

aayushchouhan09 · web-flow · commit 0f4ce2a0a0a6 · 2025-11-26T20:18:01.000+05:30
Added support for second access key s3 access
diff --git a/src/server/common_services/auth_server.js b/src/server/common_services/auth_server.js
@@ -178,27 +178,25 @@ function unauthorized_error(reason) {
  *
  */
 function create_access_key_auth(req) {
-    const access_key = req.rpc_params.access_key.unwrap();
+    const access_key = req.rpc_params.access_key;
     const string_to_sign = req.rpc_params.string_to_sign;
     const signature = req.rpc_params.signature;
 
     if (_.isUndefined(string_to_sign) || _.isUndefined(signature)) {
         throw new RpcError('UNAUTHORIZED', 'signature error');
     }
 
-    const account = _.find(system_store.data.accounts, function(acc) {
-        if (acc.access_keys) {
-            return acc.access_keys[0].access_key.unwrap().toString() === access_key.toString();
-        } else {
-            return false;
-        }
-    });
+    const account = system_store.get_account_by_access_key(access_key);
 
     if (!account || account.deleted) {
         throw new RpcError('UNAUTHORIZED', 'account not found');
     }
 
-    const secret = account.access_keys[0].secret_key.unwrap().toString();
+    const key_pair = account.access_keys.find(key =>
+        key.access_key.unwrap() === access_key.unwrap()
+    );
+
+    const secret = key_pair.secret_key.unwrap();
     const signature_test = signature_utils.get_signature_from_auth_token({ string_to_sign: string_to_sign }, secret);
     if (signature_test !== signature) {
         throw new RpcError('UNAUTHORIZED', 'signature error');
@@ -315,15 +313,16 @@ function _authorize_jwt_token(req) {
 function _authorize_signature_token(req) {
     const auth_token_obj = req.auth_token;
 
-    const account = _.find(system_store.data.accounts, function(acc) {
-        return acc.access_keys && acc.access_keys.length > 0 &&
-            acc.access_keys[0].access_key.unwrap() ===
-            auth_token_obj.access_key;
-    });
+    const account = system_store.get_account_by_access_key(new SensitiveString(auth_token_obj.access_key));
     if (!account || account.deleted) {
         throw new RpcError('UNAUTHORIZED', 'account not found');
     }
-    const secret_key = account.access_keys[0].secret_key;
+
+    const key_pair = account.access_keys.find(key =>
+        key.access_key.unwrap() === auth_token_obj.access_key
+    );
+
+    const secret_key = key_pair.secret_key;
 
     const role = _.find(system_store.data.roles, function(r) {
         return r.account._id.toString() === account._id.toString();
diff --git a/src/server/system_services/account_server.js b/src/server/system_services/account_server.js
@@ -132,9 +132,8 @@ function read_account(req) {
 
 function read_account_by_access_key(req) {
     const { access_key } = req.rpc_params;
-    const account = _.find(system_store.data.accounts, acc =>
-        acc.access_keys && acc.access_keys.length > 0 && acc.access_keys[0].access_key.unwrap() === access_key.unwrap()
-    );
+
+    const account = system_store.get_account_by_access_key(access_key);
 
     if (!account) throw new RpcError('NO_SUCH_ACCOUNT', 'No such account with credentials: ' + access_key);
 
