diff options
| author | Maxim Kostyukov <maximkostyukov@yandex.ru> | 2025-08-01 01:06:29 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-07-31 15:06:29 -0700 |
| commit | 9fadd9def8e34c3b2300f0b4ffee5317b532c4af (patch) | |
| tree | a3afb8221aa54e236d33f179dd689f3c98e501b8 | |
| parent | f5c53b1bd8e086d01394125c84e5ea868a650849 (diff) | |
| download | seaweedfs-9fadd9def8e34c3b2300f0b4ffee5317b532c4af.tar.xz seaweedfs-9fadd9def8e34c3b2300f0b4ffee5317b532c4af.zip | |
Fixed weed mount reads with jwt.signing.read.key (#7061)
| -rw-r--r-- | weed/filer/filechunk_manifest.go | 2 | ||||
| -rw-r--r-- | weed/filer/reader_cache.go | 2 | ||||
| -rw-r--r-- | weed/filer/stream.go | 2 | ||||
| -rw-r--r-- | weed/util/http/http_global_client_util.go | 29 |
4 files changed, 30 insertions, 5 deletions
diff --git a/weed/filer/filechunk_manifest.go b/weed/filer/filechunk_manifest.go index e8de430f0..2abbc6729 100644 --- a/weed/filer/filechunk_manifest.go +++ b/weed/filer/filechunk_manifest.go @@ -122,7 +122,7 @@ func fetchChunkRange(buffer []byte, lookupFileIdFn wdclient.LookupFileIdFunction glog.Errorf("operation LookupFileId %s failed, err: %v", fileId, err) return 0, err } - return util_http.RetriedFetchChunkData(context.Background(), buffer, urlStrings, cipherKey, isGzipped, false, offset) + return util_http.RetriedFetchChunkData(context.Background(), buffer, urlStrings, cipherKey, isGzipped, false, offset, fileId) } func retriedStreamFetchChunkData(ctx context.Context, writer io.Writer, urlStrings []string, jwt string, cipherKey []byte, isGzipped bool, isFullChunk bool, offset int64, size int) (err error) { diff --git a/weed/filer/reader_cache.go b/weed/filer/reader_cache.go index 08c59a34d..11382bed3 100644 --- a/weed/filer/reader_cache.go +++ b/weed/filer/reader_cache.go @@ -178,7 +178,7 @@ func (s *SingleChunkCacher) startCaching() { s.data = mem.Allocate(s.chunkSize) - _, s.err = util_http.RetriedFetchChunkData(context.Background(), s.data, urlStrings, s.cipherKey, s.isGzipped, true, 0) + _, s.err = util_http.RetriedFetchChunkData(context.Background(), s.data, urlStrings, s.cipherKey, s.isGzipped, true, 0, s.chunkFileId) if s.err != nil { mem.Free(s.data) s.data = nil diff --git a/weed/filer/stream.go b/weed/filer/stream.go index 579b5ed50..87280d6b0 100644 --- a/weed/filer/stream.go +++ b/weed/filer/stream.go @@ -196,7 +196,7 @@ func ReadAll(ctx context.Context, buffer []byte, masterClient *wdclient.MasterCl return err } - n, err := util_http.RetriedFetchChunkData(ctx, buffer[idx:idx+int(chunkView.ViewSize)], urlStrings, chunkView.CipherKey, chunkView.IsGzipped, chunkView.IsFullChunk(), chunkView.OffsetInChunk) + n, err := util_http.RetriedFetchChunkData(ctx, buffer[idx:idx+int(chunkView.ViewSize)], urlStrings, chunkView.CipherKey, chunkView.IsGzipped, chunkView.IsFullChunk(), chunkView.OffsetInChunk, chunkView.FileId) if err != nil { return err } diff --git a/weed/util/http/http_global_client_util.go b/weed/util/http/http_global_client_util.go index af153bc74..27398f3ec 100644 --- a/weed/util/http/http_global_client_util.go +++ b/weed/util/http/http_global_client_util.go @@ -6,6 +6,7 @@ import ( "encoding/json" "errors" "fmt" + "sync" "github.com/seaweedfs/seaweedfs/weed/util" "github.com/seaweedfs/seaweedfs/weed/util/mem" @@ -18,10 +19,24 @@ import ( "time" "github.com/seaweedfs/seaweedfs/weed/glog" + + "github.com/seaweedfs/seaweedfs/weed/security" ) var ErrNotFound = fmt.Errorf("not found") +var ( + jwtSigningReadKey security.SigningKey + jwtSigningReadKeyExpires int + loadJwtConfigOnce sync.Once +) + +func loadJwtConfig() { + v := util.GetViper() + jwtSigningReadKey = security.SigningKey(v.GetString("jwt.signing.read.key")) + jwtSigningReadKeyExpires = v.GetInt("jwt.signing.read.expires_after_seconds") +} + func Post(url string, values url.Values) ([]byte, error) { r, err := GetGlobalHttpClient().PostForm(url, values) if err != nil { @@ -452,7 +467,17 @@ func (r *CountingReader) Read(p []byte) (n int, err error) { return n, err } -func RetriedFetchChunkData(ctx context.Context, buffer []byte, urlStrings []string, cipherKey []byte, isGzipped bool, isFullChunk bool, offset int64) (n int, err error) { +func RetriedFetchChunkData(ctx context.Context, buffer []byte, urlStrings []string, cipherKey []byte, isGzipped bool, isFullChunk bool, offset int64, fileId string) (n int, err error) { + + loadJwtConfigOnce.Do(loadJwtConfig) + var jwt security.EncodedJwt + if len(jwtSigningReadKey) > 0 { + jwt = security.GenJwtForVolumeServer( + jwtSigningReadKey, + jwtSigningReadKeyExpires, + fileId, + ) + } var shouldRetry bool @@ -462,7 +487,7 @@ func RetriedFetchChunkData(ctx context.Context, buffer []byte, urlStrings []stri if strings.Contains(urlString, "%") { urlString = url.PathEscape(urlString) } - shouldRetry, err = ReadUrlAsStream(ctx, urlString+"?readDeleted=true", cipherKey, isGzipped, isFullChunk, offset, len(buffer), func(data []byte) { + shouldRetry, err = ReadUrlAsStreamAuthenticated(ctx, urlString+"?readDeleted=true", string(jwt), cipherKey, isGzipped, isFullChunk, offset, len(buffer), func(data []byte) { if n < len(buffer) { x := copy(buffer[n:], data) n += x |