lsm/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2025-09-21 06:57:57 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

rename security.GenJwt to security.GenJwtForVolumeServer

Browse Source
This commit is contained in:
Sebastian Kurfuerst
2021-12-29 12:39:41 +01:00
parent eda4c43a08
commit d156d410ef
3 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
weed/security/jwt.go
View File

@@ -13,12 +13,14 @@ import (
type EncodedJwt string type EncodedJwt string
type SigningKey []byte type SigningKey []byte
// SeaweedFileIdClaims is created by Master server(s) and consumed by Volume server(s),
// restricting the access this JWT allows to only a single file.
type SeaweedFileIdClaims struct { type SeaweedFileIdClaims struct {
Fid string `json:"fid"` Fid string `json:"fid"`
jwt.StandardClaims jwt.StandardClaims
} }
func GenJwt(signingKey SigningKey, expiresAfterSec int, fileId string) EncodedJwt { func GenJwtForVolumeServer(signingKey SigningKey, expiresAfterSec int, fileId string) EncodedJwt {
if len(signingKey) == 0 { if len(signingKey) == 0 {
return "" return ""
} }

4
weed/server/master_grpc_server_volume.go
View File

@@ -86,7 +86,7 @@ func (ms *MasterServer) LookupVolume(ctx context.Context, req *master_pb.LookupV
} }
var auth string var auth string
if strings.Contains(result.VolumeOrFileId, ",") { // this is a file id if strings.Contains(result.VolumeOrFileId, ",") { // this is a file id
auth = string(security.GenJwt(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, result.VolumeOrFileId)) auth = string(security.GenJwtForVolumeServer(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, result.VolumeOrFileId))
} }
resp.VolumeIdLocations = append(resp.VolumeIdLocations, &master_pb.LookupVolumeResponse_VolumeIdLocation{ resp.VolumeIdLocations = append(resp.VolumeIdLocations, &master_pb.LookupVolumeResponse_VolumeIdLocation{
VolumeOrFileId: result.VolumeOrFileId, VolumeOrFileId: result.VolumeOrFileId,
@@ -173,7 +173,7 @@ func (ms *MasterServer) Assign(ctx context.Context, req *master_pb.AssignRequest
GrpcPort: uint32(dn.GrpcPort), GrpcPort: uint32(dn.GrpcPort),
}, },
Count: count, Count: count,
Auth: string(security.GenJwt(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, fid)), Auth: string(security.GenJwtForVolumeServer(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, fid)),
Replicas: replicas, Replicas: replicas,
}, nil }, nil
} }

4
weed/server/master_server_handlers.go
View File

@@ -149,9 +149,9 @@ func (ms *MasterServer) maybeAddJwtAuthorization(w http.ResponseWriter, fileId s
} }
var encodedJwt security.EncodedJwt var encodedJwt security.EncodedJwt
if isWrite { if isWrite {
encodedJwt = security.GenJwt(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, fileId) encodedJwt = security.GenJwtForVolumeServer(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, fileId)
} else { } else {
encodedJwt = security.GenJwt(ms.guard.ReadSigningKey, ms.guard.ReadExpiresAfterSec, fileId) encodedJwt = security.GenJwtForVolumeServer(ms.guard.ReadSigningKey, ms.guard.ReadExpiresAfterSec, fileId)
} }
if encodedJwt == "" { if encodedJwt == "" {
return return