lsm/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2025-09-23 03:53:34 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

jwt for read access control

Browse Source
This commit is contained in:
Chris Lu
2019-06-06 00:29:02 -07:00
parent d344e0a035
commit 50aa769554
8 changed files with 69 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
weed/server/volume_server_handlers.go
View File

@@ -49,10 +49,22 @@ func (vs *VolumeServer) publicReadOnlyHandler(w http.ResponseWriter, r *http.Req
}
}
func (vs *VolumeServer) maybeCheckJwtAuthorization(r *http.Request, vid, fid string) bool {
func (vs *VolumeServer) maybeCheckJwtAuthorization(r *http.Request, vid, fid string, isWrite bool) bool {
if len(vs.guard.SigningKey) == 0 {
return true
var signingKey security.SigningKey
if isWrite {
if len(vs.guard.SigningKey) == 0 {
return true
} else {
signingKey = vs.guard.SigningKey
}
}else {
if len(vs.guard.ReadSigningKey) == 0 {
return true
} else {
signingKey = vs.guard.ReadSigningKey
}
}
tokenStr := security.GetJwt(r)
@@ -61,7 +73,7 @@ func (vs *VolumeServer) maybeCheckJwtAuthorization(r *http.Request, vid, fid str
return false
}
token, err := security.DecodeJwt(vs.guard.SigningKey, tokenStr)
token, err := security.DecodeJwt(signingKey, tokenStr)
if err != nil {
glog.V(1).Infof("jwt verification error from %s: %v", r.RemoteAddr, err)
return false