|
|
@ -2535,14 +2535,6 @@ func (s3a *S3ApiServer) createEncryptedChunkReader(chunk *filer_pb.FileChunk) (i |
|
|
return nil, fmt.Errorf("lookup volume URL for chunk %s: %v", chunk.GetFileIdString(), err) |
|
|
return nil, fmt.Errorf("lookup volume URL for chunk %s: %v", chunk.GetFileIdString(), err) |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
// Attach volume server JWT for authentication
|
|
|
|
|
|
jwt := security.GenJwtForVolumeServer(s3a.filerGuard.ReadSigningKey, s3a.filerGuard.ReadExpiresAfterSec, chunk.GetFileIdString()) |
|
|
|
|
|
if strings.Contains(srcUrl, "?") { |
|
|
|
|
|
srcUrl = srcUrl + "&jwt=" + url.QueryEscape(string(jwt)) |
|
|
|
|
|
} else { |
|
|
|
|
|
srcUrl = srcUrl + "?jwt=" + url.QueryEscape(string(jwt)) |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Create HTTP request with context for timeout control
|
|
|
// Create HTTP request with context for timeout control
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) |
|
|
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) |
|
|
defer cancel() |
|
|
defer cancel() |
|
|
@ -2552,6 +2544,12 @@ func (s3a *S3ApiServer) createEncryptedChunkReader(chunk *filer_pb.FileChunk) (i |
|
|
return nil, fmt.Errorf("create HTTP request for chunk: %v", err) |
|
|
return nil, fmt.Errorf("create HTTP request for chunk: %v", err) |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Attach volume server JWT for authentication (matches filer behavior)
|
|
|
|
|
|
jwt := security.GenJwtForVolumeServer(s3a.filerGuard.ReadSigningKey, s3a.filerGuard.ReadExpiresAfterSec, chunk.GetFileIdString()) |
|
|
|
|
|
if jwt != "" { |
|
|
|
|
|
req.Header.Set("Authorization", "BEARER "+string(jwt)) |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
// Use HTTP client with reasonable timeouts
|
|
|
// Use HTTP client with reasonable timeouts
|
|
|
httpClient := &http.Client{ |
|
|
httpClient := &http.Client{ |
|
|
Timeout: 5 * time.Minute, |
|
|
Timeout: 5 * time.Minute, |
|
|
|
chrislu
1 month ago