aboutsummaryrefslogtreecommitdiff
path: root/weed/server/filer_server.go
AgeCommit message (Collapse)AuthorFilesLines
2025-07-10[Notifications] Support webhook notifications (#6962)Ibrahim Konsowa1-0/+1
Add webhook notification support
2025-06-17adding cassandra2chrislu1-0/+1
fix https://github.com/seaweedfs/seaweedfs/issues/6888
2025-05-21Added middleware for processing request_id grpc and http requests (#6805)Aleksey Kosov1-4/+4
2025-05-07load configuration before get max_file_name_length (#6766)Bruce Zou1-13/+15
2025-03-29Tarantool filer store (#6669)MaratKarimov1-0/+1
Co-authored-by: Marat Karimov <m.karimov@digitalms.ru>
2024-12-02[security] reload whiteList on http seerver (#6302)Konstantin Lebedev1-4/+12
* reload whiteList * white_list add to scaffold
2024-06-30using fixed bootstrap from peer filer3.69chrislu1-4/+0
2024-06-28bootstrap filer from one peerchrislu1-1/+1
2024-06-14Added context for the MasterClient's methods to avoid endless loops (#5628)vadimartynov1-2/+2
* Added context for the MasterClient's methods to avoid endless loops * Returned WithClient function. Added WithClientCustomGetMaster function * Hid unused ctx arguments * Using a common context for the KeepConnectedToMaster and WaitUntilConnected functions * Changed the context termination check in the tryConnectToMaster function * Added a child context to the tryConnectToMaster function * Added a common context for KeepConnectedToMaster and WaitUntilConnected functions in benchmark
2024-06-10Fix Filer Sync Issue: 5455 (#5663)MeenakshiSachdeva1-0/+4
2024-04-14chore: fix some typos in comments (#5497)yudrywet1-1/+1
2024-04-08fix: filer authenticate with with volume server (#5480)Henco Appel1-0/+10
2024-03-16only broad cast when there are waiting threadschrislu1-6/+11
2024-02-27Disable filer UI in configuration (#5297)jerebear121-0/+5
* Add filer.ui.enabled configuration property * Add filer.expose_directory_metadata to config * Ammend commit * Remove ShowUI reference * Update all routes that allow directory metadata * Add cmd flag to server.go
2024-01-17chore: filer healthz handler check filer store (#5208)Konstantin Lebedev1-0/+1
2024-01-08Removed problematic if statement (#5180)jerebear121-5/+3
This if statement was causing the value of option.AllowedOrigins to be always equal to "*". Now the values in the config file will be used when present. This allows for people who don't need this feature to not update their security.toml files.
2023-12-20Set allowed origins in config (#5109)jerebear121-0/+10
* Add a way to use a JWT in an HTTP only cookie If a JWT is not included in the Authorization header or a query string, attempt to get a JWT from an HTTP only cookie. * Added a way to specify allowed origins header from config * Removed unecessary log * Check list of domains from config or command flag * Handle default wildcard and change name of config value to cors
2023-12-07add missing error in the logchrislu1-1/+1
related to https://github.com/seaweedfs/seaweedfs/issues/5084
2023-10-12 fix: disallow file name too long when writing a file (#4881)Konstantin Lebedev1-2/+3
* fix: disallow file name too long when writing a file * bool LongerName to MaxFilenameLength --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co>
2023-10-08added healthz endpoint to filer (#4899)Yuval Yacoby1-0/+1
2023-09-18Revert "Revert "Merge branch 'master' into sub""chrislu1-6/+1
This reverts commit 0bb97709d41b1be4c74f01dcc65aac6d5f88bd16.
2023-09-18Revert "Merge branch 'master' into sub"chrislu1-1/+6
This reverts commit 4d414f54a224142f3f4d934f4af3b5dceb6fec6b, reversing changes made to 482742514656e9b5a652acf7406740fbc55db13d.
2023-09-16revert to non-streaming mode to assign file idchrislu1-6/+1
fix https://github.com/seaweedfs/seaweedfs/issues/4838#issuecomment-1722290685
2023-08-24Implement SRV lookups for filer (#4767)Nico D'Cotta1-4/+6
2023-08-23streaming assign file idschrislu1-1/+6
2023-06-25refactorchrislu1-6/+1
2023-06-25add distributed lock managerchrislu1-2/+2
2023-06-25add distributed lock managerchrislu1-0/+7
2023-03-15The filer does not set defaultReplication to the defaultReplication o… (#4315)LHHDZ1-3/+0
The filer does not set defaultReplication to the defaultReplication of the master (it is not necessary, because if the filer is not set, the configuration of the master will be used when calling Assign), otherwise, when the defaultReplication of the master is modified and all master nodes are restarted, the defaultReplication will not take effect (because the filer Keep the previous defaultReplication setting from the master) Signed-off-by: changlin.shi <changlin.shi@ly.com>
2023-02-25add -disk to filer command (#4247)lfhy1-0/+1
* add -disk to filer command * add diskType to filer.grpc * use filer.disk when filerWebDavOptions.disk is empty * add filer.disk to weed server command. --------- Co-authored-by: 三千院羽 <3000y@MacBook-Pro.lan>
2022-08-10ensure memory is alignedchrislu1-3/+3
fix https://github.com/seaweedfs/seaweedfs/issues/3427
2022-08-05Add download speed limit support (#3408)LHHDZ1-0/+1
2022-07-29move to https://github.com/seaweedfs/seaweedfschrislu1-37/+37
2022-07-28remove old codechrislu1-4/+0
2022-07-23metadata subscription uses client epochchrislu1-2/+2
2022-06-15Add filer command line parameter to let Filer UI show/hide directory delete ↵yulai.li1-1/+2
button
2022-06-06filer: remove replication, collection, disk_type info from entry metadatachrislu1-2/+0
these metadata can change and are not used
2022-05-31fix wrong logicchrislu1-1/+1
2022-05-30fresh filer store bootstrap from the oldest peerchrislu1-3/+9
2022-05-30refactorchrislu1-1/+3
2022-05-03Merge branch 'new_master' into ydbKonstantin Lebedev1-1/+2
# Conflicts: # go.mod # go.sum
2022-05-01filer: add filer groupchrislu1-1/+2
2022-05-02ydb-go-sdk move to v3Konstantin Lebedev1-0/+1
2022-03-28diffa1-1/+1
2022-03-26refactor: change masters from a slice to a mapchrislu1-1/+1
2022-03-17arangodb adapterelee1-0/+1
2022-03-06Set default leveldb2 enabledKonstantin Lebedev1-2/+2
avoid Filer store is enabled for both leveldb2 and mysql
2022-01-02Merge branch 'master' into metadata_follow_with_client_idChris Lu1-1/+12
2022-01-01Merge pull request #2543 from skurfuerst/seaweedfs-158Chris Lu1-1/+12
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Client
2021-12-30FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 ClientSebastian Kurfuerst1-1/+12
- one JWT for reading and one for writing, analogous to how the JWT between Master and Volume Server works - I did not implement IP `whiteList` parameter on the filer Additionally, because http_util.DownloadFile now sets the JWT, the `download` command should now work when `jwt.signing.read` is configured. By looking at the code, I think this case did not work before. ## Docs to be adjusted after a release Page `Amazon-S3-API`: ``` # Authentication with Filer You can use mTLS for the gRPC connection between S3-API-Proxy and the filer, as explained in [Security-Configuration](Security-Configuration) - controlled by the `grpc.*` configuration in `security.toml`. Starting with version XX, it is also possible to authenticate the HTTP operations between the S3-API-Proxy and the Filer (especially uploading new files). This is configured by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. With both configurations (gRPC and JWT), it is possible to have Filer and S3 communicate in fully authenticated fashion; so Filer will reject any unauthenticated communication. ``` Page `Security Overview`: ``` The following items are not covered, yet: - master server http REST services Starting with version XX, the Filer HTTP REST services can be secured with a JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. ... Before version XX: "weed filer -disableHttp", disable http operations, only gRPC operations are allowed. This works with "weed mount" by FUSE. It does **not work** with the [S3 Gateway](Amazon S3 API), as this does HTTP calls to the Filer. Starting with version XX: secured by JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. **This now works with the [S3 Gateway](Amazon S3 API).** ... # Securing Filer HTTP with JWT To enable JWT-based access control for the Filer, 1. generate `security.toml` file by `weed scaffold -config=security` 2. set `filer_jwt.signing.key` to a secret string - and optionally filer_jwt.signing.read.key` as well to a secret string 3. copy the same `security.toml` file to the filers and all S3 proxies. If `filer_jwt.signing.key` is configured: When sending upload/update/delete HTTP operations to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.key`. If `filer_jwt.signing.read.key` is configured: When sending GET or HEAD requests to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.read.key`. The S3 API Gateway reads the above JWT keys and sends authenticated HTTP requests to the filer. ``` Page `Security Configuration`: ``` (update scaffold file) ... [filer_jwt.signing] key = "blahblahblahblah" [filer_jwt.signing.read] key = "blahblahblahblah" ``` Resolves: #158
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-25 16:49:42 +0000