node: Return status responses only

CHANGELOG.md

@@ -8,6 +8,7 @@ Changelog for NeoFS Node
 ### Fixed
 
 ### Changed
+- SN API server responds with status message even to old clients from now (#2846)
 
 ### Removed
 - IR contracts deployment code. Moved to the contracts repo (#2812)

pkg/services/util/sign.go

@@ -50,8 +50,6 @@
 
 	respCons ResponseConstructor
 
-	statusSupported bool
-
 	sendErr error
 }
 
@@ -62,9 +60,6 @@
 }
 
 func (s *RequestMessageStreamer) Send(req any) error {
-	// req argument should be strengthen with type RequestMessage
-	s.statusSupported = isStatusSupported(req.(RequestMessage)) // panic is OK here for now
-
 	var err error
 
 	// verify request signatures
@@ -75,10 +70,6 @@
 	}
 
 	if err != nil {
-		if !s.statusSupported {
-			return err
-		}
-
 		s.sendErr = err
 
 		return ErrAbortStream
@@ -103,17 +94,15 @@
 	}
 
 	if err != nil {
-		if !s.statusSupported {
-			return nil, err
-		}
-
 		resp = s.respCons()
 
 		setStatusV2(resp, err)
 	}
 
-	if err = signResponse(s.key, resp, s.statusSupported); err != nil {
-		return nil, err
+	if err = signature.SignServiceMessage(s.key, resp); err != nil {
+		// We can't pass this error as status code since response will be unsigned.
+		// Isn't expected in practice, so panic is ok here.
+		panic(err)
 	}
 
 	return resp, nil
@@ -135,36 +124,29 @@
 	blankResp ResponseConstructor,
 	respWriterCaller func(ResponseMessageWriter) error,
 ) error {
-	// handle protocol versions <=2.10 (API statuses was introduced in 2.11 only)
-
-	// req argument should be strengthen with type RequestMessage
-	statusSupported := isStatusSupported(req.(RequestMessage)) // panic is OK here for now
-
 	var err error
 
 	// verify request signatures
 	if err = signature.VerifyServiceMessage(req); err != nil {
 		err = fmt.Errorf("could not verify request: %w", err)
 	} else {
 		err = respWriterCaller(func(resp ResponseMessage) error {
-			if err := signResponse(s.key, resp, statusSupported); err != nil {
-				return err
+			if err := signature.SignServiceMessage(s.key, resp); err != nil {
+				// We can't pass this error as status code since response will be unsigned.
+				// Isn't expected in practice, so panic is ok here.
+				panic(err)
 			}
 
 			return respWriter(resp)
 		})
 	}
 
 	if err != nil {
-		if !statusSupported {
-			return err
-		}
-
 		resp := blankResp()
 
 		setStatusV2(resp, err)
 
-		_ = signResponse(s.key, resp, false) // panics or returns nil with false arg
+		_ = signature.SignServiceMessage(s.key, resp)
 
 		return respWriter(resp)
 	}
@@ -173,11 +155,6 @@
 }
 
 func (s *SignService) HandleUnaryRequest(ctx context.Context, req any, handler UnaryHandler, blankResp ResponseConstructor) (ResponseMessage, error) {
-	// handle protocol versions <=2.10 (API statuses was introduced in 2.11 only)
-
-	// req argument should be strengthen with type RequestMessage
-	statusSupported := isStatusSupported(req.(RequestMessage)) // panic is OK here for now
-
 	var (
 		resp ResponseMessage
 		err  error
@@ -195,31 +172,21 @@
 	}
 
 	if err != nil {
-		if !statusSupported {
-			return nil, err
-		}
-
 		resp = blankResp()
 
 		setStatusV2(resp, err)
 	}
 
 	// sign the response
-	if err = signResponse(s.key, resp, statusSupported); err != nil {
-		return nil, err
+	if err = signature.SignServiceMessage(s.key, resp); err != nil {
+		// We can't pass this error as status code since response will be unsigned.
+		// Isn't expected in practice, so panic is ok here.
+		panic(err)
 	}
 
 	return resp, nil
 }
 
-func isStatusSupported(req RequestMessage) bool {
-	version := req.GetMetaHeader().GetVersion()
-
-	mjr := version.GetMajor()
-
-	return mjr > 2 || mjr == 2 && version.GetMinor() >= 11
-}
-
 func setStatusV2(resp ResponseMessage, err error) {
 	// unwrap error
 	for e := errors.Unwrap(err); e != nil; e = errors.Unwrap(err) {
@@ -228,22 +195,3 @@
 
 	session.SetStatus(resp, apistatus.ErrorToV2(err))
 }
-
-// signs response with private key via signature.SignServiceMessage.
-// The signature error affects the result depending on the protocol version:
-//   - if status return is supported, panics since we cannot return the failed status, because it will not be signed;
-//   - otherwise, returns error in order to transport it directly.
-func signResponse(key *ecdsa.PrivateKey, resp any, statusSupported bool) error {
-	err := signature.SignServiceMessage(key, resp)
-	if err != nil {
-		err = fmt.Errorf("could not sign response: %w", err)
-
-		if statusSupported {
-			// We can't pass this error as status code since response will be unsigned.
-			// Isn't expected in practice, so panic is ok here.
-			panic(err)
-		}
-	}
-
-	return err
-}