diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2025-10-24 17:09:58 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-10-24 17:09:58 -0700 |
| commit | 263e891da0d9aae1618e48b4da5df6bfd9802f80 (patch) | |
| tree | 0057104d55568822043a833fcc557cca29a9f669 /weed/s3api/s3api_key_rotation.go | |
| parent | 9f4075441ca3adff84fd8a4d88b03330c35db951 (diff) | |
| download | seaweedfs-263e891da0d9aae1618e48b4da5df6bfd9802f80.tar.xz seaweedfs-263e891da0d9aae1618e48b4da5df6bfd9802f80.zip | |
Clients to volume server requires JWT tokens for all read operations (#7376)
* [Admin UI] Login not possible due to securecookie error
* avoid 404 favicon
* Update weed/admin/dash/auth_middleware.go
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
* address comments
* avoid variable over shadowing
* log session save error
* When jwt.signing.read.key is enabled in security.toml, the volume server requires JWT tokens for all read operations.
* reuse fileId
* refactor
---------
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Diffstat (limited to 'weed/s3api/s3api_key_rotation.go')
| -rw-r--r-- | weed/s3api/s3api_key_rotation.go | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/weed/s3api/s3api_key_rotation.go b/weed/s3api/s3api_key_rotation.go index 499505678..050a2826c 100644 --- a/weed/s3api/s3api_key_rotation.go +++ b/weed/s3api/s3api_key_rotation.go @@ -175,13 +175,14 @@ func (s3a *S3ApiServer) rotateSSECChunk(chunk *filer_pb.FileChunk, sourceKey, de } // Get source chunk data - srcUrl, err := s3a.lookupVolumeUrl(chunk.GetFileIdString()) + fileId := chunk.GetFileIdString() + srcUrl, err := s3a.lookupVolumeUrl(fileId) if err != nil { return nil, fmt.Errorf("lookup source volume: %w", err) } // Download encrypted data - encryptedData, err := s3a.downloadChunkData(srcUrl, 0, int64(chunk.Size)) + encryptedData, err := s3a.downloadChunkData(srcUrl, fileId, 0, int64(chunk.Size)) if err != nil { return nil, fmt.Errorf("download chunk data: %w", err) } @@ -243,13 +244,14 @@ func (s3a *S3ApiServer) rotateSSEKMSChunk(chunk *filer_pb.FileChunk, srcKeyID, d } // Get source chunk data - srcUrl, err := s3a.lookupVolumeUrl(chunk.GetFileIdString()) + fileId := chunk.GetFileIdString() + srcUrl, err := s3a.lookupVolumeUrl(fileId) if err != nil { return nil, fmt.Errorf("lookup source volume: %w", err) } // Download data (this would be encrypted with the old KMS key) - chunkData, err := s3a.downloadChunkData(srcUrl, 0, int64(chunk.Size)) + chunkData, err := s3a.downloadChunkData(srcUrl, fileId, 0, int64(chunk.Size)) if err != nil { return nil, fmt.Errorf("download chunk data: %w", err) } |