diff options
| author | Henco Appel <hencoappel+github@gmail.com> | 2024-04-08 15:27:00 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-08 07:27:00 -0700 |
| commit | 5c8e6014baabe84cde25eea00ea75d0be5f0aa8f (patch) | |
| tree | 3904ad9e4d4cf2dd5b172d355a87f12d077cc087 /weed/server/filer_server_handlers_proxy.go | |
| parent | 9e07a87fcba5e6b0986cd2dad1fa3d644ff4edc7 (diff) | |
| download | seaweedfs-5c8e6014baabe84cde25eea00ea75d0be5f0aa8f.tar.xz seaweedfs-5c8e6014baabe84cde25eea00ea75d0be5f0aa8f.zip | |
fix: filer authenticate with with volume server (#5480)
Diffstat (limited to 'weed/server/filer_server_handlers_proxy.go')
| -rw-r--r-- | weed/server/filer_server_handlers_proxy.go | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/weed/server/filer_server_handlers_proxy.go b/weed/server/filer_server_handlers_proxy.go index db46f00b3..e04994569 100644 --- a/weed/server/filer_server_handlers_proxy.go +++ b/weed/server/filer_server_handlers_proxy.go @@ -2,6 +2,7 @@ package weed_server import ( "github.com/seaweedfs/seaweedfs/weed/glog" + "github.com/seaweedfs/seaweedfs/weed/security" "github.com/seaweedfs/seaweedfs/weed/util" "github.com/seaweedfs/seaweedfs/weed/util/mem" "io" @@ -20,6 +21,26 @@ func init() { }} } +func (fs *FilerServer) maybeAddVolumeJwtAuthorization(r *http.Request, fileId string, isWrite bool) { + encodedJwt := fs.maybeGetVolumeJwtAuthorizationToken(fileId, isWrite) + + if encodedJwt == "" { + return + } + + r.Header.Set("Authorization", "BEARER "+string(encodedJwt)) +} + +func (fs *FilerServer) maybeGetVolumeJwtAuthorizationToken(fileId string, isWrite bool) string { + var encodedJwt security.EncodedJwt + if isWrite { + encodedJwt = security.GenJwtForVolumeServer(fs.volumeGuard.SigningKey, fs.volumeGuard.ExpiresAfterSec, fileId) + } else { + encodedJwt = security.GenJwtForVolumeServer(fs.volumeGuard.ReadSigningKey, fs.volumeGuard.ReadExpiresAfterSec, fileId) + } + return string(encodedJwt) +} + func (fs *FilerServer) proxyToVolumeServer(w http.ResponseWriter, r *http.Request, fileId string) { urlStrings, err := fs.filer.MasterClient.GetLookupFileIdFunction()(fileId) |