Should a node validate objects it won't store? #1200

New issue

Open

opened 2025-12-28 17:22:09 +00:00 by sami · 1 comment

sami commented

2025-12-28 17:22:09 +00:00

Owner

Originally created by @carpawell on GitHub (Mar 29, 2024).

Now any SN tries to validate and check eACL rules on every request (even if it does not store/will not store an object). Should it do it? Sometimes it cannot even validate smth it does not have access to: https://github.com/nspcc-dev/neofs-node/pull/2792.

Possible Solution

If a node is just a middleware in the chain b/w a client and a server, just do what this node should do (split objects, forward requests, etc) and do not try to act like a target node.

Context

Object content validation is here, while placement creation logic (that can say where to put (mb this node is not part of a container at all)) is in the iteratePlacement function.

Your Environment

5c10c503ce7a9be8f25d53972ace416541c80f75

Originally created by @carpawell on GitHub (Mar 29, 2024).  Now any SN tries to validate and check eACL rules on every request (even if it does not store/will not store an object). Should it do it? Sometimes it cannot even validate smth it does not have access to: https://github.com/nspcc-dev/neofs-node/pull/2792. ## Possible Solution If a node is just a middleware in the chain b/w a client and a server, just do what this node should do (split objects, forward requests, etc) and do not try to act like a target node. ## Context Object content validation is [here](https://github.com/nspcc-dev/neofs-node/blob/5c10c503ce7a9be8f25d53972ace416541c80f75/pkg/services/object/put/distributed.go#L139-L141), while placement creation logic (that can say where to put (mb this node is not part of a container at all)) is in the `iteratePlacement` [function](https://github.com/nspcc-dev/neofs-node/blob/5c10c503ce7a9be8f25d53972ace416541c80f75/pkg/services/object/put/distributed.go#L148). ## Your Environment `5c10c503ce7a9be8f25d53972ace416541c80f75`