You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

81 lines
1.8 KiB

5 years ago
  1. package weed_server
  2. import (
  3. "strings"
  4. "github.com/valyala/fasthttp"
  5. "github.com/chrislusf/seaweedfs/weed/glog"
  6. "github.com/chrislusf/seaweedfs/weed/security"
  7. "github.com/chrislusf/seaweedfs/weed/stats"
  8. )
  9. func (vs *VolumeServer) HandleFastHTTP(ctx *fasthttp.RequestCtx) {
  10. switch string(ctx.Method()) {
  11. case "GET", "HEAD":
  12. vs.fastGetOrHeadHandler(ctx)
  13. case "DELETE":
  14. stats.DeleteRequest()
  15. vs.guard.WhiteList(vs.DeleteHandler)(ctx)
  16. case "PUT", "POST":
  17. stats.WriteRequest()
  18. vs.guard.WhiteList(vs.fastPostHandler)(ctx)
  19. }
  20. }
  21. func (vs *VolumeServer) publicReadOnlyHandler(ctx *fasthttp.RequestCtx) {
  22. switch string(ctx.Method()) {
  23. case "GET":
  24. stats.ReadRequest()
  25. vs.fastGetOrHeadHandler(ctx)
  26. case "HEAD":
  27. stats.ReadRequest()
  28. vs.fastGetOrHeadHandler(ctx)
  29. }
  30. }
  31. func (vs *VolumeServer) maybeCheckJwtAuthorization(ctx *fasthttp.RequestCtx, vid, fid string, isWrite bool) bool {
  32. var signingKey security.SigningKey
  33. if isWrite {
  34. if len(vs.guard.SigningKey) == 0 {
  35. return true
  36. } else {
  37. signingKey = vs.guard.SigningKey
  38. }
  39. } else {
  40. if len(vs.guard.ReadSigningKey) == 0 {
  41. return true
  42. } else {
  43. signingKey = vs.guard.ReadSigningKey
  44. }
  45. }
  46. tokenStr := security.GetJwt(ctx)
  47. if tokenStr == "" {
  48. glog.V(1).Infof("missing jwt from %s", ctx.RemoteAddr())
  49. return false
  50. }
  51. token, err := security.DecodeJwt(signingKey, tokenStr)
  52. if err != nil {
  53. glog.V(1).Infof("jwt verification error from %s: %v", ctx.RemoteAddr(), err)
  54. return false
  55. }
  56. if !token.Valid {
  57. glog.V(1).Infof("jwt invalid from %s: %v", ctx.RemoteAddr(), tokenStr)
  58. return false
  59. }
  60. if sc, ok := token.Claims.(*security.SeaweedFileIdClaims); ok {
  61. if sepIndex := strings.LastIndex(fid, "_"); sepIndex > 0 {
  62. fid = fid[:sepIndex]
  63. }
  64. return sc.Fid == vid+","+fid
  65. }
  66. glog.V(1).Infof("unexpected jwt from %s: %v", ctx.RemoteAddr(), tokenStr)
  67. return false
  68. }