diff options
| author | Maxim Kostyukov <maximkostyukov@yandex.ru> | 2025-08-01 01:06:29 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-07-31 15:06:29 -0700 |
| commit | 9fadd9def8e34c3b2300f0b4ffee5317b532c4af (patch) | |
| tree | a3afb8221aa54e236d33f179dd689f3c98e501b8 /weed/util | |
| parent | f5c53b1bd8e086d01394125c84e5ea868a650849 (diff) | |
| download | seaweedfs-9fadd9def8e34c3b2300f0b4ffee5317b532c4af.tar.xz seaweedfs-9fadd9def8e34c3b2300f0b4ffee5317b532c4af.zip | |
Fixed weed mount reads with jwt.signing.read.key (#7061)
Diffstat (limited to 'weed/util')
| -rw-r--r-- | weed/util/http/http_global_client_util.go | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/weed/util/http/http_global_client_util.go b/weed/util/http/http_global_client_util.go index af153bc74..27398f3ec 100644 --- a/weed/util/http/http_global_client_util.go +++ b/weed/util/http/http_global_client_util.go @@ -6,6 +6,7 @@ import ( "encoding/json" "errors" "fmt" + "sync" "github.com/seaweedfs/seaweedfs/weed/util" "github.com/seaweedfs/seaweedfs/weed/util/mem" @@ -18,10 +19,24 @@ import ( "time" "github.com/seaweedfs/seaweedfs/weed/glog" + + "github.com/seaweedfs/seaweedfs/weed/security" ) var ErrNotFound = fmt.Errorf("not found") +var ( + jwtSigningReadKey security.SigningKey + jwtSigningReadKeyExpires int + loadJwtConfigOnce sync.Once +) + +func loadJwtConfig() { + v := util.GetViper() + jwtSigningReadKey = security.SigningKey(v.GetString("jwt.signing.read.key")) + jwtSigningReadKeyExpires = v.GetInt("jwt.signing.read.expires_after_seconds") +} + func Post(url string, values url.Values) ([]byte, error) { r, err := GetGlobalHttpClient().PostForm(url, values) if err != nil { @@ -452,7 +467,17 @@ func (r *CountingReader) Read(p []byte) (n int, err error) { return n, err } -func RetriedFetchChunkData(ctx context.Context, buffer []byte, urlStrings []string, cipherKey []byte, isGzipped bool, isFullChunk bool, offset int64) (n int, err error) { +func RetriedFetchChunkData(ctx context.Context, buffer []byte, urlStrings []string, cipherKey []byte, isGzipped bool, isFullChunk bool, offset int64, fileId string) (n int, err error) { + + loadJwtConfigOnce.Do(loadJwtConfig) + var jwt security.EncodedJwt + if len(jwtSigningReadKey) > 0 { + jwt = security.GenJwtForVolumeServer( + jwtSigningReadKey, + jwtSigningReadKeyExpires, + fileId, + ) + } var shouldRetry bool @@ -462,7 +487,7 @@ func RetriedFetchChunkData(ctx context.Context, buffer []byte, urlStrings []stri if strings.Contains(urlString, "%") { urlString = url.PathEscape(urlString) } - shouldRetry, err = ReadUrlAsStream(ctx, urlString+"?readDeleted=true", cipherKey, isGzipped, isFullChunk, offset, len(buffer), func(data []byte) { + shouldRetry, err = ReadUrlAsStreamAuthenticated(ctx, urlString+"?readDeleted=true", string(jwt), cipherKey, isGzipped, isFullChunk, offset, len(buffer), func(data []byte) { if n < len(buffer) { x := copy(buffer[n:], data) n += x |