Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

cleanup security.Secret

pull/855/head
Chris Lu 6 years ago
parent
501bd72b1c
commit
4ff4a147b2
16 changed files with 90 additions and 131 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      weed/command/benchmark.go
  2. 3
      weed/command/filer.go
  3. 6
      weed/command/filer_copy.go
  4. 3
      weed/command/master.go
  5. 4
      weed/command/server.go
  6. 8
      weed/command/upload.go
  7. 1
      weed/operation/data_struts.go
  8. 11
      weed/operation/submit.go
  9. 1
      weed/pb/master.proto
  10. 142
      weed/pb/master_pb/master.pb.go
  11. 4
      weed/security/guard.go
  12. 18
      weed/security/jwt.go
  13. 3
      weed/server/filer_server.go
  14. 1
      weed/server/master_grpc_server.go
  15. 3
      weed/server/master_server.go
  16. 4
      weed/server/volume_grpc_client_to_master.go

9
weed/command/benchmark.go
View File

@ -17,7 +17,6 @@ import (
"github.com/chrislusf/seaweedfs/weed/glog" "github.com/chrislusf/seaweedfs/weed/glog"
"github.com/chrislusf/seaweedfs/weed/operation" "github.com/chrislusf/seaweedfs/weed/operation"
"github.com/chrislusf/seaweedfs/weed/security"
"github.com/chrislusf/seaweedfs/weed/util" "github.com/chrislusf/seaweedfs/weed/util"
"github.com/chrislusf/seaweedfs/weed/wdclient" "github.com/chrislusf/seaweedfs/weed/wdclient"
) )
@ -35,7 +34,6 @@ type BenchmarkOptions struct {
collection *string collection *string
cpuprofile *string cpuprofile *string
maxCpu *int maxCpu *int
secretKey *string
} }
var ( var (
@ -59,7 +57,6 @@ func init() {
b.collection = cmdBenchmark.Flag.String("collection", "benchmark", "write data to this collection") b.collection = cmdBenchmark.Flag.String("collection", "benchmark", "write data to this collection")
b.cpuprofile = cmdBenchmark.Flag.String("cpuprofile", "", "cpu profile output file") b.cpuprofile = cmdBenchmark.Flag.String("cpuprofile", "", "cpu profile output file")
b.maxCpu = cmdBenchmark.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs") b.maxCpu = cmdBenchmark.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs")
b.secretKey = cmdBenchmark.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
sharedBytes = make([]byte, 1024) sharedBytes = make([]byte, 1024)
} }
@ -188,7 +185,6 @@ func writeFiles(idChan chan int, fileIdLineChan chan string, s *stat) {
defer wait.Done() defer wait.Done()
delayedDeleteChan := make(chan *delayedFile, 100) delayedDeleteChan := make(chan *delayedFile, 100)
var waitForDeletions sync.WaitGroup var waitForDeletions sync.WaitGroup
secret := security.Secret(*b.secretKey)
for i := 0; i < 7; i++ { for i := 0; i < 7; i++ {
waitForDeletions.Add(1) waitForDeletions.Add(1)
@ -198,8 +194,7 @@ func writeFiles(idChan chan int, fileIdLineChan chan string, s *stat) {
if df.enterTime.After(time.Now()) { if df.enterTime.After(time.Now()) {
time.Sleep(df.enterTime.Sub(time.Now())) time.Sleep(df.enterTime.Sub(time.Now()))
} }
if e := util.Delete("http://"+df.fp.Server+"/"+df.fp.Fid,
security.GenJwt(secret, df.fp.Fid)); e == nil {
if e := util.Delete("http://"+df.fp.Server+"/"+df.fp.Fid, ""); e == nil {
s.completed++ s.completed++
} else { } else {
s.failed++ s.failed++
@ -224,7 +219,7 @@ func writeFiles(idChan chan int, fileIdLineChan chan string, s *stat) {
} }
if assignResult, err := operation.Assign(masterClient.GetMaster(), ar); err == nil { if assignResult, err := operation.Assign(masterClient.GetMaster(), ar); err == nil {
fp.Server, fp.Fid, fp.Collection = assignResult.Url, assignResult.Fid, *b.collection fp.Server, fp.Fid, fp.Collection = assignResult.Url, assignResult.Fid, *b.collection
if _, err := fp.Upload(0, masterClient.GetMaster(), secret); err == nil {
if _, err := fp.Upload(0, masterClient.GetMaster(), ""); err == nil {
if random.Intn(100) < *b.deletePercentage { if random.Intn(100) < *b.deletePercentage {
s.total++ s.total++
delayedDeleteChan <- &delayedFile{time.Now().Add(time.Second), fp} delayedDeleteChan <- &delayedFile{time.Now().Add(time.Second), fp}

3
weed/command/filer.go
View File

@ -28,7 +28,6 @@ type FilerOptions struct {
redirectOnRead *bool redirectOnRead *bool
disableDirListing *bool disableDirListing *bool
maxMB *int maxMB *int
secretKey *string
dirListingLimit *int dirListingLimit *int
dataCenter *string dataCenter *string
enableNotification *bool enableNotification *bool
@ -49,7 +48,6 @@ func init() {
f.redirectOnRead = cmdFiler.Flag.Bool("redirectOnRead", false, "whether proxy or redirect to volume server during file GET request") f.redirectOnRead = cmdFiler.Flag.Bool("redirectOnRead", false, "whether proxy or redirect to volume server during file GET request")
f.disableDirListing = cmdFiler.Flag.Bool("disableDirListing", false, "turn off directory listing") f.disableDirListing = cmdFiler.Flag.Bool("disableDirListing", false, "turn off directory listing")
f.maxMB = cmdFiler.Flag.Int("maxMB", 32, "split files larger than the limit") f.maxMB = cmdFiler.Flag.Int("maxMB", 32, "split files larger than the limit")
f.secretKey = cmdFiler.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
f.dirListingLimit = cmdFiler.Flag.Int("dirListLimit", 100000, "limit sub dir listing size") f.dirListingLimit = cmdFiler.Flag.Int("dirListLimit", 100000, "limit sub dir listing size")
f.dataCenter = cmdFiler.Flag.String("dataCenter", "", "prefer to write to volumes in this data center") f.dataCenter = cmdFiler.Flag.String("dataCenter", "", "prefer to write to volumes in this data center")
} }
@ -103,7 +101,6 @@ func (fo *FilerOptions) startFiler() {
RedirectOnRead: *fo.redirectOnRead, RedirectOnRead: *fo.redirectOnRead,
DisableDirListing: *fo.disableDirListing, DisableDirListing: *fo.disableDirListing,
MaxMB: *fo.maxMB, MaxMB: *fo.maxMB,
SecretKey: *fo.secretKey,
DirListingLimit: *fo.dirListingLimit, DirListingLimit: *fo.dirListingLimit,
DataCenter: *fo.dataCenter, DataCenter: *fo.dataCenter,
DefaultLevelDbDir: defaultLevelDbDirectory, DefaultLevelDbDir: defaultLevelDbDirectory,

6
weed/command/filer_copy.go
View File

@ -11,7 +11,6 @@ import (
"context" "context"
"github.com/chrislusf/seaweedfs/weed/operation" "github.com/chrislusf/seaweedfs/weed/operation"
"github.com/chrislusf/seaweedfs/weed/pb/filer_pb" "github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
"github.com/chrislusf/seaweedfs/weed/security"
"github.com/chrislusf/seaweedfs/weed/util" "github.com/chrislusf/seaweedfs/weed/util"
"io" "io"
"net/http" "net/http"
@ -31,9 +30,6 @@ type CopyOptions struct {
collection *string collection *string
ttl *string ttl *string
maxMB *int maxMB *int
secretKey *string
secret security.Secret
} }
func init() { func init() {
@ -46,7 +42,6 @@ func init() {
copy.ttl = cmdCopy.Flag.String("ttl", "", "time to live, e.g.: 1m, 1h, 1d, 1M, 1y") copy.ttl = cmdCopy.Flag.String("ttl", "", "time to live, e.g.: 1m, 1h, 1d, 1M, 1y")
copy.maxMB = cmdCopy.Flag.Int("maxMB", 0, "split files larger than the limit") copy.maxMB = cmdCopy.Flag.Int("maxMB", 0, "split files larger than the limit")
copy.filerGrpcPort = cmdCopy.Flag.Int("filer.port.grpc", 0, "filer grpc server listen port, default to filer port + 10000") copy.filerGrpcPort = cmdCopy.Flag.Int("filer.port.grpc", 0, "filer grpc server listen port, default to filer port + 10000")
copy.secretKey = cmdCopy.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
} }
var cmdCopy = &Command{ var cmdCopy = &Command{
@ -66,7 +61,6 @@ var cmdCopy = &Command{
} }
func runCopy(cmd *Command, args []string) bool { func runCopy(cmd *Command, args []string) bool {
copy.secret = security.Secret(*copy.secretKey)
if len(args) <= 1 { if len(args) <= 1 {
return false return false
} }

3
weed/command/master.go
View File

@ -47,7 +47,6 @@ var (
mMaxCpu = cmdMaster.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs") mMaxCpu = cmdMaster.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs")
garbageThreshold = cmdMaster.Flag.Float64("garbageThreshold", 0.3, "threshold to vacuum and reclaim spaces") garbageThreshold = cmdMaster.Flag.Float64("garbageThreshold", 0.3, "threshold to vacuum and reclaim spaces")
masterWhiteListOption = cmdMaster.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.") masterWhiteListOption = cmdMaster.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.")
masterSecureKey = cmdMaster.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
masterCpuProfile = cmdMaster.Flag.String("cpuprofile", "", "cpu profile output file") masterCpuProfile = cmdMaster.Flag.String("cpuprofile", "", "cpu profile output file")
masterMemProfile = cmdMaster.Flag.String("memprofile", "", "memory profile output file") masterMemProfile = cmdMaster.Flag.String("memprofile", "", "memory profile output file")
@ -75,7 +74,7 @@ func runMaster(cmd *Command, args []string) bool {
ms := weed_server.NewMasterServer(r, *mport, *metaFolder, ms := weed_server.NewMasterServer(r, *mport, *metaFolder,
*volumeSizeLimitMB, *volumePreallocate, *volumeSizeLimitMB, *volumePreallocate,
*mpulse, *defaultReplicaPlacement, *garbageThreshold, *mpulse, *defaultReplicaPlacement, *garbageThreshold,
masterWhiteList, *masterSecureKey,
masterWhiteList,
) )
listeningAddress := *masterBindIp + ":" + strconv.Itoa(*mport) listeningAddress := *masterBindIp + ":" + strconv.Itoa(*mport)

4
weed/command/server.go
View File

@ -58,7 +58,6 @@ var (
serverRack = cmdServer.Flag.String("rack", "", "current volume server's rack name") serverRack = cmdServer.Flag.String("rack", "", "current volume server's rack name")
serverWhiteListOption = cmdServer.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.") serverWhiteListOption = cmdServer.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.")
serverPeers = cmdServer.Flag.String("master.peers", "", "all master nodes in comma separated ip:masterPort list") serverPeers = cmdServer.Flag.String("master.peers", "", "all master nodes in comma separated ip:masterPort list")
serverSecureKey = cmdServer.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
serverGarbageThreshold = cmdServer.Flag.Float64("garbageThreshold", 0.3, "threshold to vacuum and reclaim spaces") serverGarbageThreshold = cmdServer.Flag.Float64("garbageThreshold", 0.3, "threshold to vacuum and reclaim spaces")
masterPort = cmdServer.Flag.Int("master.port", 9333, "master server http listen port") masterPort = cmdServer.Flag.Int("master.port", 9333, "master server http listen port")
masterGrpcPort = cmdServer.Flag.Int("master.port.grpc", 0, "master grpc server listen port, default to http port + 10000") masterGrpcPort = cmdServer.Flag.Int("master.port.grpc", 0, "master grpc server listen port, default to http port + 10000")
@ -96,7 +95,6 @@ func init() {
} }
func runServer(cmd *Command, args []string) bool { func runServer(cmd *Command, args []string) bool {
filerOptions.secretKey = serverSecureKey
if *serverOptions.cpuprofile != "" { if *serverOptions.cpuprofile != "" {
f, err := os.Create(*serverOptions.cpuprofile) f, err := os.Create(*serverOptions.cpuprofile)
if err != nil { if err != nil {
@ -170,7 +168,7 @@ func runServer(cmd *Command, args []string) bool {
ms := weed_server.NewMasterServer(r, *masterPort, *masterMetaFolder, ms := weed_server.NewMasterServer(r, *masterPort, *masterMetaFolder,
*masterVolumeSizeLimitMB, *masterVolumePreallocate, *masterVolumeSizeLimitMB, *masterVolumePreallocate,
*pulseSeconds, *masterDefaultReplicaPlacement, *serverGarbageThreshold, *pulseSeconds, *masterDefaultReplicaPlacement, *serverGarbageThreshold,
serverWhiteList, *serverSecureKey,
serverWhiteList,
) )
glog.V(0).Infof("Start Seaweed Master %s at %s:%d", util.VERSION, *serverIp, *masterPort) glog.V(0).Infof("Start Seaweed Master %s at %s:%d", util.VERSION, *serverIp, *masterPort)

8
weed/command/upload.go
View File

@ -7,7 +7,6 @@ import (
"path/filepath" "path/filepath"
"github.com/chrislusf/seaweedfs/weed/operation" "github.com/chrislusf/seaweedfs/weed/operation"
"github.com/chrislusf/seaweedfs/weed/security"
) )
var ( var (
@ -23,7 +22,6 @@ type UploadOptions struct {
dataCenter *string dataCenter *string
ttl *string ttl *string
maxMB *int maxMB *int
secretKey *string
} }
func init() { func init() {
@ -37,7 +35,6 @@ func init() {
upload.dataCenter = cmdUpload.Flag.String("dataCenter", "", "optional data center name") upload.dataCenter = cmdUpload.Flag.String("dataCenter", "", "optional data center name")
upload.ttl = cmdUpload.Flag.String("ttl", "", "time to live, e.g.: 1m, 1h, 1d, 1M, 1y") upload.ttl = cmdUpload.Flag.String("ttl", "", "time to live, e.g.: 1m, 1h, 1d, 1M, 1y")
upload.maxMB = cmdUpload.Flag.Int("maxMB", 0, "split files larger than the limit") upload.maxMB = cmdUpload.Flag.Int("maxMB", 0, "split files larger than the limit")
upload.secretKey = cmdUpload.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
} }
var cmdUpload = &Command{ var cmdUpload = &Command{
@ -60,7 +57,6 @@ var cmdUpload = &Command{
} }
func runUpload(cmd *Command, args []string) bool { func runUpload(cmd *Command, args []string) bool {
secret := security.Secret(*upload.secretKey)
if len(args) == 0 { if len(args) == 0 {
if *upload.dir == "" { if *upload.dir == "" {
return false return false
@ -79,7 +75,7 @@ func runUpload(cmd *Command, args []string) bool {
} }
results, e := operation.SubmitFiles(*upload.master, parts, results, e := operation.SubmitFiles(*upload.master, parts,
*upload.replication, *upload.collection, *upload.dataCenter, *upload.replication, *upload.collection, *upload.dataCenter,
*upload.ttl, *upload.maxMB, secret)
*upload.ttl, *upload.maxMB)
bytes, _ := json.Marshal(results) bytes, _ := json.Marshal(results)
fmt.Println(string(bytes)) fmt.Println(string(bytes))
if e != nil { if e != nil {
@ -98,7 +94,7 @@ func runUpload(cmd *Command, args []string) bool {
} }
results, _ := operation.SubmitFiles(*upload.master, parts, results, _ := operation.SubmitFiles(*upload.master, parts,
*upload.replication, *upload.collection, *upload.dataCenter, *upload.replication, *upload.collection, *upload.dataCenter,
*upload.ttl, *upload.maxMB, secret)
*upload.ttl, *upload.maxMB)
bytes, _ := json.Marshal(results) bytes, _ := json.Marshal(results)
fmt.Println(string(bytes)) fmt.Println(string(bytes))
} }

1
weed/operation/data_struts.go
View File

@ -2,6 +2,5 @@ package operation
type JoinResult struct { type JoinResult struct {
VolumeSizeLimit uint64 `json:"VolumeSizeLimit,omitempty"` VolumeSizeLimit uint64 `json:"VolumeSizeLimit,omitempty"`
SecretKey string `json:"secretKey,omitempty"`
Error string `json:"error,omitempty"` Error string `json:"error,omitempty"`
} }

11
weed/operation/submit.go
View File

@ -37,9 +37,7 @@ type SubmitResult struct {
} }
func SubmitFiles(master string, files []FilePart, func SubmitFiles(master string, files []FilePart,
replication string, collection string, dataCenter string, ttl string, maxMB int,
secret security.Secret,
) ([]SubmitResult, error) {
replication string, collection string, dataCenter string, ttl string, maxMB int) ([]SubmitResult, error) {
results := make([]SubmitResult, len(files)) results := make([]SubmitResult, len(files))
for index, file := range files { for index, file := range files {
results[index].FileName = file.FileName results[index].FileName = file.FileName
@ -67,7 +65,7 @@ func SubmitFiles(master string, files []FilePart,
file.Replication = replication file.Replication = replication
file.Collection = collection file.Collection = collection
file.DataCenter = dataCenter file.DataCenter = dataCenter
results[index].Size, err = file.Upload(maxMB, master, secret)
results[index].Size, err = file.Upload(maxMB, master, "")
if err != nil { if err != nil {
results[index].Error = err.Error() results[index].Error = err.Error()
} }
@ -110,8 +108,7 @@ func newFilePart(fullPathFilename string) (ret FilePart, err error) {
return ret, nil return ret, nil
} }
func (fi FilePart) Upload(maxMB int, master string, secret security.Secret) (retSize uint32, err error) {
jwt := security.GenJwt(secret, fi.Fid)
func (fi FilePart) Upload(maxMB int, master string, jwt security.EncodedJwt) (retSize uint32, err error) {
fileUrl := "http://" + fi.Server + "/" + fi.Fid fileUrl := "http://" + fi.Server + "/" + fi.Fid
if fi.ModTime != 0 { if fi.ModTime != 0 {
fileUrl += "?ts=" + strconv.Itoa(int(fi.ModTime)) fileUrl += "?ts=" + strconv.Itoa(int(fi.ModTime))
@ -201,7 +198,7 @@ func (fi FilePart) Upload(maxMB int, master string, secret security.Secret) (ret
} }
func upload_one_chunk(filename string, reader io.Reader, master, func upload_one_chunk(filename string, reader io.Reader, master,
fileUrl string, jwt security.EncodedJwt,
fileUrl string, jwt security.EncodedJwt,
) (size uint32, e error) { ) (size uint32, e error) {
glog.V(4).Info("Uploading part ", filename, " to ", fileUrl, "...") glog.V(4).Info("Uploading part ", filename, " to ", fileUrl, "...")
uploadResult, uploadError := Upload(fileUrl, filename, reader, false, uploadResult, uploadError := Upload(fileUrl, filename, reader, false,

1
weed/pb/master.proto
View File

@ -36,7 +36,6 @@ message Heartbeat {
message HeartbeatResponse { message HeartbeatResponse {
uint64 volumeSizeLimit = 1; uint64 volumeSizeLimit = 1;
string secretKey = 2;
string leader = 3; string leader = 3;
} }

142
weed/pb/master_pb/master.pb.go
View File

@ -145,7 +145,6 @@ func (m *Heartbeat) GetDeletedVids() []uint32 {
type HeartbeatResponse struct { type HeartbeatResponse struct {
VolumeSizeLimit uint64 `protobuf:"varint,1,opt,name=volumeSizeLimit" json:"volumeSizeLimit,omitempty"` VolumeSizeLimit uint64 `protobuf:"varint,1,opt,name=volumeSizeLimit" json:"volumeSizeLimit,omitempty"`
SecretKey string `protobuf:"bytes,2,opt,name=secretKey" json:"secretKey,omitempty"`
Leader string `protobuf:"bytes,3,opt,name=leader" json:"leader,omitempty"` Leader string `protobuf:"bytes,3,opt,name=leader" json:"leader,omitempty"`
} }
@ -161,13 +160,6 @@ func (m *HeartbeatResponse) GetVolumeSizeLimit() uint64 {
return 0 return 0
} }
func (m *HeartbeatResponse) GetSecretKey() string {
if m != nil {
return m.SecretKey
}
return ""
}
func (m *HeartbeatResponse) GetLeader() string { func (m *HeartbeatResponse) GetLeader() string {
if m != nil { if m != nil {
return m.Leader return m.Leader
@ -966,71 +958,71 @@ var _Seaweed_serviceDesc = grpc.ServiceDesc{
func init() { proto.RegisterFile("master.proto", fileDescriptor0) } func init() { proto.RegisterFile("master.proto", fileDescriptor0) }
var fileDescriptor0 = []byte{ var fileDescriptor0 = []byte{
// 1055 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xb4, 0x56, 0x4b, 0x6f, 0xe4, 0x44,
0x10, 0x5e, 0x7b, 0x9e, 0xae, 0xd9, 0xc9, 0x4e, 0x3a, 0x11, 0xf2, 0xce, 0xbe, 0x06, 0x73, 0x19,
0x04, 0x8a, 0x96, 0x70, 0x44, 0x08, 0xb1, 0xd1, 0x22, 0xa2, 0x04, 0x36, 0x38, 0xb0, 0x07, 0x2e,
0xa6, 0x63, 0x57, 0xa2, 0x56, 0xfc, 0xa2, 0xbb, 0x27, 0x99, 0xd9, 0x0b, 0x47, 0xfe, 0x15, 0x17,
0xb8, 0xf1, 0x53, 0xb8, 0xf1, 0x0b, 0x50, 0x3f, 0xec, 0xf1, 0x38, 0x09, 0x91, 0x90, 0xb8, 0xb5,
0xbf, 0xae, 0xee, 0xaa, 0xfe, 0xbe, 0x7a, 0x18, 0x1e, 0x66, 0x54, 0x48, 0xe4, 0x7b, 0x25, 0x2f,
0x64, 0x41, 0x3c, 0xf3, 0x15, 0x95, 0x67, 0xc1, 0x5f, 0x2e, 0x78, 0x5f, 0x23, 0xe5, 0xf2, 0x0c,
0xa9, 0x24, 0x5b, 0xe0, 0xb2, 0xd2, 0x77, 0x66, 0xce, 0xdc, 0x0b, 0x5d, 0x56, 0x12, 0x02, 0xdd,
0xb2, 0xe0, 0xd2, 0x77, 0x67, 0xce, 0x7c, 0x1c, 0xea, 0x35, 0x79, 0x06, 0x50, 0x2e, 0xce, 0x52,
0x16, 0x47, 0x0b, 0x9e, 0xfa, 0x1d, 0x6d, 0xeb, 0x19, 0xe4, 0x07, 0x9e, 0x92, 0x39, 0x4c, 0x32,
0xba, 0x8c, 0xae, 0x8a, 0x74, 0x91, 0x61, 0x14, 0x17, 0x8b, 0x5c, 0xfa, 0x5d, 0x7d, 0x7c, 0x2b,
0xa3, 0xcb, 0xb7, 0x1a, 0x3e, 0x50, 0x28, 0x99, 0xa9, 0xa8, 0x96, 0xd1, 0x39, 0x4b, 0x31, 0xba,
0xc4, 0x95, 0xdf, 0x9b, 0x39, 0xf3, 0x6e, 0x08, 0x19, 0x5d, 0x7e, 0xc5, 0x52, 0x3c, 0xc2, 0x15,
0x79, 0x01, 0xa3, 0x84, 0x4a, 0x1a, 0xc5, 0x98, 0x4b, 0xe4, 0x7e, 0x5f, 0xfb, 0x02, 0x05, 0x1d,
0x68, 0x44, 0xc5, 0xc7, 0x69, 0x7c, 0xe9, 0x0f, 0xf4, 0x8e, 0x5e, 0xab, 0xf8, 0x68, 0x92, 0xb1,
0x3c, 0xd2, 0x91, 0x0f, 0xb5, 0x6b, 0x4f, 0x23, 0x27, 0x2a, 0xfc, 0xcf, 0x61, 0x60, 0x62, 0x13,
0xbe, 0x37, 0xeb, 0xcc, 0x47, 0xfb, 0x1f, 0xec, 0xd5, 0x6c, 0xec, 0x99, 0xf0, 0x0e, 0xf3, 0xf3,
0x82, 0x67, 0x54, 0xb2, 0x22, 0xff, 0x06, 0x85, 0xa0, 0x17, 0x18, 0x56, 0x67, 0xc8, 0x63, 0x18,
0xe6, 0x78, 0x1d, 0x5d, 0xb1, 0x44, 0xf8, 0x30, 0xeb, 0xcc, 0xc7, 0xe1, 0x20, 0xc7, 0xeb, 0xb7,
0x2c, 0x11, 0xe4, 0x7d, 0x78, 0x98, 0x60, 0x8a, 0x12, 0x13, 0xb3, 0x3d, 0xd2, 0xdb, 0x23, 0x8b,
0x29, 0x93, 0x40, 0xc0, 0x76, 0x4d, 0x76, 0x88, 0xa2, 0x2c, 0x72, 0x81, 0x64, 0x0e, 0x8f, 0xcc,
0xed, 0xa7, 0xec, 0x1d, 0x1e, 0xb3, 0x8c, 0x49, 0xad, 0x40, 0x37, 0x6c, 0xc3, 0xe4, 0x29, 0x78,
0x02, 0x63, 0x8e, 0xf2, 0x08, 0x57, 0x5a, 0x13, 0x2f, 0x5c, 0x03, 0xe4, 0x3d, 0xe8, 0xa7, 0x48,
0x13, 0xe4, 0x56, 0x14, 0xfb, 0x15, 0xfc, 0xe1, 0x82, 0x7f, 0xd7, 0xc3, 0xb4, 0xe2, 0x89, 0xf6,
0x37, 0x0e, 0x5d, 0x96, 0x28, 0x46, 0x05, 0x7b, 0x87, 0xfa, 0xf6, 0x6e, 0xa8, 0xd7, 0xe4, 0x39,
0x40, 0x5c, 0xa4, 0x29, 0xc6, 0xea, 0xa0, 0xbd, 0xbc, 0x81, 0x28, 0xc6, 0xb5, 0x88, 0x6b, 0xb1,
0xbb, 0xa1, 0xa7, 0x10, 0xa3, 0x73, 0xcd, 0x8b, 0x35, 0x30, 0x3a, 0x5b, 0x5e, 0x8c, 0xc9, 0xc7,
0x40, 0x2a, 0xea, 0xce, 0x56, 0xb5, 0x61, 0x5f, 0x1b, 0x4e, 0xec, 0xce, 0xab, 0x55, 0x65, 0xfd,
0x04, 0x3c, 0x8e, 0x34, 0x89, 0x8a, 0x3c, 0x5d, 0x69, 0xe9, 0x87, 0xe1, 0x50, 0x01, 0x6f, 0xf2,
0x74, 0x45, 0x3e, 0x82, 0x6d, 0x8e, 0x65, 0xca, 0x62, 0x1a, 0x95, 0x29, 0x8d, 0x31, 0xc3, 0xbc,
0xca, 0x82, 0x89, 0xdd, 0x38, 0xa9, 0x70, 0xe2, 0xc3, 0xe0, 0x0a, 0xb9, 0x50, 0xcf, 0xf2, 0xb4,
0x49, 0xf5, 0x49, 0x26, 0xd0, 0x91, 0x32, 0xf5, 0x41, 0xa3, 0x6a, 0x19, 0x0c, 0xa0, 0xf7, 0x3a,
0x2b, 0xe5, 0x2a, 0xf8, 0xcd, 0x81, 0x47, 0xa7, 0x8b, 0x12, 0xf9, 0xab, 0xb4, 0x88, 0x2f, 0x5f,
0x2f, 0x25, 0xa7, 0xe4, 0x0d, 0x6c, 0x21, 0xa7, 0x62, 0xc1, 0x55, 0xec, 0x09, 0xcb, 0x2f, 0x34,
0xa5, 0xa3, 0xfd, 0x79, 0x23, 0xb9, 0x5a, 0x67, 0xf6, 0x5e, 0x9b, 0x03, 0x07, 0xda, 0x3e, 0x1c,
0x63, 0xf3, 0x73, 0xfa, 0x23, 0x8c, 0x37, 0xf6, 0x95, 0x30, 0x2a, 0xf1, 0xad, 0x54, 0x7a, 0xad,
0x14, 0x2f, 0x29, 0x67, 0x72, 0x65, 0x0b, 0xd4, 0x7e, 0x29, 0x41, 0x6c, 0xfd, 0xa9, 0x3c, 0xec,
0xe8, 0x3c, 0xf4, 0x0c, 0x72, 0x98, 0x88, 0xe0, 0x43, 0xd8, 0x39, 0x48, 0x19, 0xe6, 0xf2, 0x98,
0x09, 0x89, 0x79, 0x88, 0x3f, 0x2f, 0x50, 0x48, 0xe5, 0x21, 0xa7, 0x19, 0xda, 0xf2, 0xd7, 0xeb,
0xe0, 0x17, 0xd8, 0x32, 0xa9, 0x73, 0x5c, 0xc4, 0x3a, 0x6f, 0x14, 0x31, 0xaa, 0xee, 0x8d, 0x91,
0x5a, 0xb6, 0x1a, 0x82, 0xdb, 0x6e, 0x08, 0xcd, 0x8a, 0xe9, 0xfc, 0x7b, 0xc5, 0x74, 0x6f, 0x56,
0xcc, 0xf7, 0xb0, 0x73, 0x5c, 0x14, 0x97, 0x8b, 0xd2, 0x84, 0x51, 0xc5, 0xba, 0xf9, 0x42, 0x67,
0xd6, 0x51, 0x3e, 0xeb, 0x17, 0xb6, 0x32, 0xd6, 0x6d, 0x67, 0x6c, 0xf0, 0xb7, 0x03, 0xbb, 0x9b,
0xd7, 0xda, 0x5a, 0xfc, 0x09, 0x76, 0xea, 0x7b, 0xa3, 0xd4, 0xbe, 0xd9, 0x38, 0x18, 0xed, 0xbf,
0x6c, 0x88, 0x79, 0xdb, 0xe9, 0xaa, 0x7d, 0x24, 0x15, 0x59, 0xe1, 0xf6, 0x55, 0x0b, 0x11, 0xd3,
0x25, 0x4c, 0xda, 0x66, 0x2a, 0xa1, 0x6b, 0xaf, 0x96, 0xd9, 0x61, 0x75, 0x92, 0x7c, 0x02, 0xde,
0x3a, 0x10, 0x57, 0x07, 0xb2, 0xb3, 0x11, 0x88, 0xf5, 0xb5, 0xb6, 0x22, 0xbb, 0xd0, 0x43, 0xce,
0x8b, 0xaa, 0x11, 0x98, 0x8f, 0xe0, 0x33, 0x18, 0xfe, 0x67, 0x15, 0x83, 0x3f, 0x1d, 0x18, 0x7f,
0x29, 0x04, 0xbb, 0xa8, 0xd3, 0x65, 0x17, 0x7a, 0xa6, 0x4c, 0x4d, 0xb3, 0x32, 0x1f, 0x64, 0x06,
0x23, 0x5b, 0x65, 0x0d, 0xea, 0x9b, 0xd0, 0xbd, 0xdd, 0xc4, 0x56, 0x5e, 0xd7, 0x84, 0x26, 0x65,
0xda, 0x1e, 0x03, 0xbd, 0x3b, 0xc7, 0x40, 0xbf, 0x31, 0x06, 0x9e, 0x80, 0xa7, 0x0f, 0xe5, 0x45,
0x82, 0x76, 0x3e, 0x0c, 0x15, 0xf0, 0x6d, 0x91, 0xe8, 0xb4, 0xae, 0x1e, 0x63, 0x85, 0x9f, 0x40,
0xe7, 0xbc, 0x26, 0x5f, 0x2d, 0x2b, 0x8a, 0xdc, 0xbb, 0x28, 0xba, 0x31, 0xf9, 0x6a, 0x42, 0xba,
0x4d, 0x42, 0x6a, 0x2d, 0x7a, 0x4d, 0x2d, 0x2e, 0x60, 0xfb, 0x54, 0x52, 0xc9, 0x84, 0x64, 0xb1,
0xa8, 0x18, 0x6d, 0x71, 0xe7, 0xdc, 0xc7, 0x9d, 0x7b, 0x17, 0x77, 0x9d, 0x9a, 0xbb, 0xe0, 0x77,
0x07, 0x48, 0xd3, 0x93, 0x7d, 0xee, 0xff, 0xe0, 0x4a, 0xd1, 0x23, 0x0b, 0x49, 0xd3, 0x48, 0x0f,
0x10, 0x3b, 0x06, 0x34, 0xa2, 0x26, 0x98, 0x12, 0x64, 0x21, 0x30, 0x31, 0xbb, 0x66, 0x06, 0x0c,
0x15, 0xa0, 0x37, 0x37, 0x47, 0x48, 0xbf, 0x35, 0x42, 0xf6, 0x7f, 0xed, 0xc0, 0xe0, 0x14, 0xe9,
0x35, 0x62, 0x42, 0x0e, 0x61, 0x7c, 0x8a, 0x79, 0xb2, 0xfe, 0x69, 0xd9, 0x6d, 0x54, 0x43, 0x8d,
0x4e, 0x9f, 0xde, 0x86, 0x56, 0xef, 0x0f, 0x1e, 0xcc, 0x9d, 0x97, 0x0e, 0x39, 0x81, 0xf1, 0x11,
0x62, 0x79, 0x50, 0xe4, 0x39, 0xc6, 0x12, 0x13, 0xf2, 0xbc, 0x71, 0xe8, 0x96, 0x16, 0x39, 0x7d,
0x7c, 0xe3, 0x5f, 0xa1, 0xaa, 0x28, 0x7b, 0xe3, 0x77, 0xf0, 0xb0, 0xd9, 0x19, 0x36, 0x2e, 0xbc,
0xa5, 0x8f, 0x4d, 0x5f, 0xdc, 0xd3, 0x52, 0x82, 0x07, 0xe4, 0x0b, 0xe8, 0x9b, 0x5c, 0x25, 0x7e,
0xc3, 0x78, 0xa3, 0x16, 0x37, 0xe2, 0xda, 0x4c, 0xec, 0xe0, 0x01, 0x39, 0x02, 0x58, 0x67, 0x00,
0x69, 0xf2, 0x72, 0x23, 0x05, 0xa7, 0xcf, 0xee, 0xd8, 0xad, 0x2e, 0x3b, 0xeb, 0xeb, 0x3f, 0xc8,
0x4f, 0xff, 0x09, 0x00, 0x00, 0xff, 0xff, 0xc7, 0x9f, 0x0a, 0x25, 0x51, 0x0a, 0x00, 0x00,
// 1043 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xb4, 0x56, 0xcd, 0x6e, 0x24, 0x35,
0x10, 0xde, 0xee, 0xf9, 0xed, 0x9a, 0x4c, 0x76, 0xe2, 0x44, 0xa8, 0x77, 0x96, 0xdd, 0x1d, 0x9a,
0xcb, 0x20, 0x50, 0xb4, 0x84, 0x23, 0x42, 0x88, 0x8d, 0x82, 0x88, 0x12, 0xd8, 0xd0, 0x61, 0xf7,
0xc0, 0xa5, 0x71, 0xba, 0x2b, 0x91, 0x95, 0xfe, 0xc3, 0xf6, 0x24, 0x33, 0x7b, 0xe1, 0xc8, 0x5b,
0x71, 0x81, 0x1b, 0x8f, 0xc2, 0x8d, 0x27, 0x40, 0xfe, 0xe9, 0x4e, 0x4f, 0x27, 0x21, 0x12, 0x12,
0x37, 0xfb, 0x73, 0xd9, 0xae, 0xfa, 0xbe, 0xaa, 0xb2, 0x61, 0x23, 0xa3, 0x42, 0x22, 0xdf, 0x2d,
0x79, 0x21, 0x0b, 0xe2, 0x99, 0x59, 0x54, 0x9e, 0x05, 0x7f, 0xb9, 0xe0, 0x7d, 0x83, 0x94, 0xcb,
0x33, 0xa4, 0x92, 0x6c, 0x82, 0xcb, 0x4a, 0xdf, 0x99, 0x39, 0x73, 0x2f, 0x74, 0x59, 0x49, 0x08,
0x74, 0xcb, 0x82, 0x4b, 0xdf, 0x9d, 0x39, 0xf3, 0x71, 0xa8, 0xc7, 0xe4, 0x19, 0x40, 0xb9, 0x38,
0x4b, 0x59, 0x1c, 0x2d, 0x78, 0xea, 0x77, 0xb4, 0xad, 0x67, 0x90, 0x37, 0x3c, 0x25, 0x73, 0x98,
0x64, 0x74, 0x19, 0x5d, 0x15, 0xe9, 0x22, 0xc3, 0x28, 0x2e, 0x16, 0xb9, 0xf4, 0xbb, 0x7a, 0xfb,
0x66, 0x46, 0x97, 0x6f, 0x35, 0xbc, 0xaf, 0x50, 0x32, 0x53, 0x5e, 0x2d, 0xa3, 0x73, 0x96, 0x62,
0x74, 0x89, 0x2b, 0xbf, 0x37, 0x73, 0xe6, 0xdd, 0x10, 0x32, 0xba, 0xfc, 0x9a, 0xa5, 0x78, 0x84,
0x2b, 0xf2, 0x02, 0x46, 0x09, 0x95, 0x34, 0x8a, 0x31, 0x97, 0xc8, 0xfd, 0xbe, 0xbe, 0x0b, 0x14,
0xb4, 0xaf, 0x11, 0xe5, 0x1f, 0xa7, 0xf1, 0xa5, 0x3f, 0xd0, 0x2b, 0x7a, 0xac, 0xfc, 0xa3, 0x49,
0xc6, 0xf2, 0x48, 0x7b, 0x3e, 0xd4, 0x57, 0x7b, 0x1a, 0x39, 0x51, 0xee, 0x7f, 0x01, 0x03, 0xe3,
0x9b, 0xf0, 0xbd, 0x59, 0x67, 0x3e, 0xda, 0xfb, 0x70, 0xb7, 0x66, 0x63, 0xd7, 0xb8, 0x77, 0x98,
0x9f, 0x17, 0x3c, 0xa3, 0x92, 0x15, 0xf9, 0xb7, 0x28, 0x04, 0xbd, 0xc0, 0xb0, 0xda, 0x43, 0x9e,
0xc0, 0x30, 0xc7, 0xeb, 0xe8, 0x8a, 0x25, 0xc2, 0x87, 0x59, 0x67, 0x3e, 0x0e, 0x07, 0x39, 0x5e,
0xbf, 0x65, 0x89, 0x20, 0x1f, 0xc0, 0x46, 0x82, 0x29, 0x4a, 0x4c, 0xcc, 0xf2, 0x48, 0x2f, 0x8f,
0x2c, 0xa6, 0x4c, 0x82, 0x37, 0xb0, 0x55, 0x93, 0x1d, 0xa2, 0x28, 0x8b, 0x5c, 0x20, 0x99, 0xc3,
0x63, 0x73, 0xfa, 0x29, 0x7b, 0x87, 0xc7, 0x2c, 0x63, 0x52, 0x2b, 0xd0, 0x0d, 0xdb, 0x30, 0x79,
0x0f, 0xfa, 0x29, 0xd2, 0x04, 0xb9, 0xa5, 0xdd, 0xce, 0x82, 0x3f, 0x5c, 0xf0, 0xef, 0x73, 0x5d,
0x6b, 0x9a, 0xe8, 0x13, 0xc7, 0xa1, 0xcb, 0x12, 0xc5, 0x99, 0x60, 0xef, 0x50, 0x6b, 0xda, 0x0d,
0xf5, 0x98, 0x3c, 0x07, 0x88, 0x8b, 0x34, 0xc5, 0x58, 0x6d, 0xb4, 0x87, 0x37, 0x10, 0xc5, 0xa9,
0x96, 0xe9, 0x46, 0xce, 0x6e, 0xe8, 0x29, 0xc4, 0x28, 0x59, 0x47, 0x6e, 0x0d, 0x8c, 0x92, 0x36,
0x72, 0x63, 0xf2, 0x09, 0x90, 0x8a, 0x9c, 0xb3, 0x55, 0x6d, 0xd8, 0xd7, 0x86, 0x13, 0xbb, 0xf2,
0x6a, 0x55, 0x59, 0x3f, 0x05, 0x8f, 0x23, 0x4d, 0xa2, 0x22, 0x4f, 0x57, 0x5a, 0xdc, 0x61, 0x38,
0x54, 0xc0, 0xeb, 0x3c, 0x5d, 0x91, 0x8f, 0x61, 0x8b, 0x63, 0x99, 0xb2, 0x98, 0x46, 0x65, 0x4a,
0x63, 0xcc, 0x30, 0xaf, 0x74, 0x9e, 0xd8, 0x85, 0x93, 0x0a, 0x27, 0x3e, 0x0c, 0xae, 0x90, 0x0b,
0x15, 0x96, 0xa7, 0x4d, 0xaa, 0x29, 0x99, 0x40, 0x47, 0xca, 0xd4, 0x07, 0x8d, 0xaa, 0x61, 0x30,
0x80, 0xde, 0x41, 0x56, 0xca, 0x55, 0xf0, 0x9b, 0x03, 0x8f, 0x4f, 0x17, 0x25, 0xf2, 0x57, 0x69,
0x11, 0x5f, 0x1e, 0x2c, 0x25, 0xa7, 0xe4, 0x35, 0x6c, 0x22, 0xa7, 0x62, 0xc1, 0x95, 0xef, 0x09,
0xcb, 0x2f, 0x34, 0xa5, 0xa3, 0xbd, 0x79, 0x23, 0x7d, 0x5a, 0x7b, 0x76, 0x0f, 0xcc, 0x86, 0x7d,
0x6d, 0x1f, 0x8e, 0xb1, 0x39, 0x9d, 0xfe, 0x08, 0xe3, 0xb5, 0x75, 0x25, 0x8c, 0x4a, 0x6d, 0x2b,
0x95, 0x1e, 0x2b, 0xc5, 0x4b, 0xca, 0x99, 0x5c, 0xd9, 0x12, 0xb4, 0x33, 0x25, 0x88, 0xad, 0x30,
0x95, 0x69, 0x1d, 0x9d, 0x69, 0x9e, 0x41, 0x0e, 0x13, 0x11, 0x7c, 0x04, 0xdb, 0xfb, 0x29, 0xc3,
0x5c, 0x1e, 0x33, 0x21, 0x31, 0x0f, 0xf1, 0xe7, 0x05, 0x0a, 0xa9, 0x6e, 0xc8, 0x69, 0x86, 0xb6,
0xc0, 0xf5, 0x38, 0xf8, 0x05, 0x36, 0x4d, 0xea, 0x1c, 0x17, 0xb1, 0xce, 0x1b, 0x45, 0x8c, 0xaa,
0x6c, 0x63, 0xa4, 0x86, 0xad, 0x92, 0x77, 0xdb, 0x25, 0xdf, 0xac, 0x89, 0xce, 0xbf, 0xd7, 0x44,
0xf7, 0x76, 0x4d, 0xfc, 0x00, 0xdb, 0xc7, 0x45, 0x71, 0xb9, 0x28, 0x8d, 0x1b, 0x95, 0xaf, 0xeb,
0x11, 0x3a, 0xb3, 0x8e, 0xba, 0xb3, 0x8e, 0xb0, 0x95, 0xb1, 0x6e, 0x3b, 0x63, 0x83, 0xbf, 0x1d,
0xd8, 0x59, 0x3f, 0xd6, 0x56, 0xdb, 0x4f, 0xb0, 0x5d, 0x9f, 0x1b, 0xa5, 0x36, 0x66, 0x73, 0xc1,
0x68, 0xef, 0x65, 0x43, 0xcc, 0xbb, 0x76, 0x57, 0x0d, 0x22, 0xa9, 0xc8, 0x0a, 0xb7, 0xae, 0x5a,
0x88, 0x98, 0x2e, 0x61, 0xd2, 0x36, 0x53, 0x09, 0x5d, 0xdf, 0x6a, 0x99, 0x1d, 0x56, 0x3b, 0xc9,
0xa7, 0xe0, 0xdd, 0x38, 0xe2, 0x6a, 0x47, 0xb6, 0xd7, 0x1c, 0xb1, 0x77, 0xdd, 0x58, 0x91, 0x1d,
0xe8, 0x21, 0xe7, 0x45, 0xd5, 0x08, 0xcc, 0x24, 0xf8, 0x1c, 0x86, 0xff, 0x59, 0xc5, 0xe0, 0x4f,
0x07, 0xc6, 0x5f, 0x09, 0xc1, 0x2e, 0xea, 0x74, 0xd9, 0x81, 0x9e, 0x29, 0x53, 0xd3, 0x8e, 0xcc,
0x84, 0xcc, 0x60, 0x64, 0xab, 0xac, 0x41, 0x7d, 0x13, 0x7a, 0xb0, 0x9b, 0xd8, 0xca, 0xeb, 0x1a,
0xd7, 0xa4, 0x4c, 0xdb, 0x8d, 0xbe, 0x77, 0x6f, 0xa3, 0xef, 0x37, 0x1a, 0xfd, 0x53, 0xf0, 0xf4,
0xa6, 0xbc, 0x48, 0xd0, 0xbe, 0x00, 0x43, 0x05, 0x7c, 0x57, 0x24, 0x3a, 0xad, 0xab, 0x60, 0xac,
0xf0, 0x13, 0xe8, 0x9c, 0xd7, 0xe4, 0xab, 0x61, 0x45, 0x91, 0x7b, 0x1f, 0x45, 0xb7, 0xde, 0xb6,
0x9a, 0x90, 0x6e, 0x93, 0x90, 0x5a, 0x8b, 0x5e, 0x53, 0x8b, 0x0b, 0xd8, 0x3a, 0x95, 0x54, 0x32,
0x21, 0x59, 0x2c, 0x2a, 0x46, 0x5b, 0xdc, 0x39, 0x0f, 0x71, 0xe7, 0xde, 0xc7, 0x5d, 0xa7, 0xe6,
0x2e, 0xf8, 0xdd, 0x01, 0xd2, 0xbc, 0xc9, 0x86, 0xfb, 0x3f, 0x5c, 0xa5, 0xe8, 0x91, 0x85, 0xa4,
0x69, 0xa4, 0x1f, 0x10, 0xfb, 0x0c, 0x68, 0x44, 0xbd, 0x51, 0x4a, 0x90, 0x85, 0xc0, 0xc4, 0xac,
0x9a, 0x37, 0x60, 0xa8, 0x00, 0xbd, 0xb8, 0xfe, 0x84, 0xf4, 0x5b, 0x4f, 0xc8, 0xde, 0xaf, 0x1d,
0x18, 0x9c, 0x22, 0xbd, 0x46, 0x4c, 0xc8, 0x21, 0x8c, 0x4f, 0x31, 0x4f, 0x6e, 0xbe, 0x25, 0x3b,
0x8d, 0x6a, 0xa8, 0xd1, 0xe9, 0xfb, 0x77, 0xa1, 0x55, 0xfc, 0xc1, 0xa3, 0xb9, 0xf3, 0xd2, 0x21,
0x27, 0x30, 0x3e, 0x42, 0x2c, 0xf7, 0x8b, 0x3c, 0xc7, 0x58, 0x62, 0x42, 0x9e, 0x37, 0x36, 0xdd,
0xd1, 0x22, 0xa7, 0x4f, 0x6e, 0xfd, 0x06, 0xaa, 0x8a, 0xb2, 0x27, 0x7e, 0x0f, 0x1b, 0xcd, 0xce,
0xb0, 0x76, 0xe0, 0x1d, 0x7d, 0x6c, 0xfa, 0xe2, 0x81, 0x96, 0x12, 0x3c, 0x22, 0x5f, 0x42, 0xdf,
0xe4, 0x2a, 0xf1, 0x1b, 0xc6, 0x6b, 0xb5, 0xb8, 0xe6, 0xd7, 0x7a, 0x62, 0x07, 0x8f, 0xc8, 0x11,
0xc0, 0x4d, 0x06, 0x90, 0x26, 0x2f, 0xb7, 0x52, 0x70, 0xfa, 0xec, 0x9e, 0xd5, 0xea, 0xb0, 0xb3,
0xbe, 0xfe, 0x23, 0x7e, 0xf6, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x77, 0xb3, 0x32, 0xc7, 0x33,
0x0a, 0x00, 0x00,
} }

4
weed/security/guard.go
View File

@ -42,13 +42,13 @@ https://github.com/pkieltyka/jwtauth/blob/master/jwtauth.go
*/ */
type Guard struct { type Guard struct {
whiteList []string whiteList []string
SecretKey Secret
SecretKey SigningKey
isActive bool isActive bool
} }
func NewGuard(whiteList []string, secretKey string) *Guard { func NewGuard(whiteList []string, secretKey string) *Guard {
g := &Guard{whiteList: whiteList, SecretKey: Secret(secretKey)}
g := &Guard{whiteList: whiteList, SecretKey: SigningKey(secretKey)}
g.isActive = len(g.whiteList) != 0 || len(g.SecretKey) != 0 g.isActive = len(g.whiteList) != 0 || len(g.SecretKey) != 0
return g return g
} }

18
weed/security/jwt.go
View File

@ -11,10 +11,10 @@ import (
) )
type EncodedJwt string type EncodedJwt string
type Secret string
type SigningKey string
func GenJwt(secret Secret, fileId string) EncodedJwt {
if secret == "" {
func GenJwt(signingKey SigningKey, fileId string) EncodedJwt {
if signingKey == "" {
return "" return ""
} }
@ -23,7 +23,7 @@ func GenJwt(secret Secret, fileId string) EncodedJwt {
ExpiresAt: time.Now().Add(time.Second * 10).Unix(), ExpiresAt: time.Now().Add(time.Second * 10).Unix(),
Subject: fileId, Subject: fileId,
} }
encoded, e := t.SignedString(secret)
encoded, e := t.SignedString(signingKey)
if e != nil { if e != nil {
glog.V(0).Infof("Failed to sign claims: %v", t.Claims) glog.V(0).Infof("Failed to sign claims: %v", t.Claims)
return "" return ""
@ -55,20 +55,20 @@ func GetJwt(r *http.Request) EncodedJwt {
return EncodedJwt(tokenStr) return EncodedJwt(tokenStr)
} }
func EncodeJwt(secret Secret, claims *jwt.StandardClaims) (EncodedJwt, error) {
if secret == "" {
func EncodeJwt(signingKey SigningKey, claims *jwt.StandardClaims) (EncodedJwt, error) {
if signingKey == "" {
return "", nil return "", nil
} }
t := jwt.New(jwt.GetSigningMethod("HS256")) t := jwt.New(jwt.GetSigningMethod("HS256"))
t.Claims = claims t.Claims = claims
encoded, e := t.SignedString(secret)
encoded, e := t.SignedString(signingKey)
return EncodedJwt(encoded), e return EncodedJwt(encoded), e
} }
func DecodeJwt(secret Secret, tokenString EncodedJwt) (token *jwt.Token, err error) {
func DecodeJwt(signingKey SigningKey, tokenString EncodedJwt) (token *jwt.Token, err error) {
// check exp, nbf // check exp, nbf
return jwt.Parse(string(tokenString), func(token *jwt.Token) (interface{}, error) { return jwt.Parse(string(tokenString), func(token *jwt.Token) (interface{}, error) {
return secret, nil
return signingKey, nil
}) })
} }

3
weed/server/filer_server.go
View File

@ -28,7 +28,6 @@ type FilerOption struct {
RedirectOnRead bool RedirectOnRead bool
DisableDirListing bool DisableDirListing bool
MaxMB int MaxMB int
SecretKey string
DirListingLimit int DirListingLimit int
DataCenter string DataCenter string
DefaultLevelDbDir string DefaultLevelDbDir string
@ -36,7 +35,7 @@ type FilerOption struct {
type FilerServer struct { type FilerServer struct {
option *FilerOption option *FilerOption
secret security.Secret
secret security.SigningKey
filer *filer2.Filer filer *filer2.Filer
} }

1
weed/server/master_grpc_server.go
View File

@ -67,7 +67,6 @@ func (ms *MasterServer) SendHeartbeat(stream master_pb.Seaweed_SendHeartbeatServ
glog.V(0).Infof("added volume server %v:%d", heartbeat.GetIp(), heartbeat.GetPort()) glog.V(0).Infof("added volume server %v:%d", heartbeat.GetIp(), heartbeat.GetPort())
if err := stream.Send(&master_pb.HeartbeatResponse{ if err := stream.Send(&master_pb.HeartbeatResponse{
VolumeSizeLimit: uint64(ms.volumeSizeLimitMB) * 1024 * 1024, VolumeSizeLimit: uint64(ms.volumeSizeLimitMB) * 1024 * 1024,
SecretKey: string(ms.guard.SecretKey),
}); err != nil { }); err != nil {
return err return err
} }

3
weed/server/master_server.go
View File

@ -45,7 +45,6 @@ func NewMasterServer(r *mux.Router, port int, metaFolder string,
defaultReplicaPlacement string, defaultReplicaPlacement string,
garbageThreshold float64, garbageThreshold float64,
whiteList []string, whiteList []string,
secureKey string,
) *MasterServer { ) *MasterServer {
var preallocateSize int64 var preallocateSize int64
@ -67,7 +66,7 @@ func NewMasterServer(r *mux.Router, port int, metaFolder string,
ms.vg = topology.NewDefaultVolumeGrowth() ms.vg = topology.NewDefaultVolumeGrowth()
glog.V(0).Infoln("Volume Size Limit is", volumeSizeLimitMB, "MB") glog.V(0).Infoln("Volume Size Limit is", volumeSizeLimitMB, "MB")
ms.guard = security.NewGuard(whiteList, secureKey)
ms.guard = security.NewGuard(whiteList, signingKey)
handleStaticResources2(r) handleStaticResources2(r)
r.HandleFunc("/", ms.uiStatusHandler) r.HandleFunc("/", ms.uiStatusHandler)

4
weed/server/volume_grpc_client_to_master.go
View File

@ -6,7 +6,6 @@ import (
"github.com/chrislusf/seaweedfs/weed/glog" "github.com/chrislusf/seaweedfs/weed/glog"
"github.com/chrislusf/seaweedfs/weed/pb/master_pb" "github.com/chrislusf/seaweedfs/weed/pb/master_pb"
"github.com/chrislusf/seaweedfs/weed/security"
"github.com/chrislusf/seaweedfs/weed/util" "github.com/chrislusf/seaweedfs/weed/util"
"golang.org/x/net/context" "golang.org/x/net/context"
) )
@ -73,9 +72,6 @@ func (vs *VolumeServer) doHeartbeat(masterNode, masterGrpcAddress string, sleepI
if in.GetVolumeSizeLimit() != 0 { if in.GetVolumeSizeLimit() != 0 {
vs.store.VolumeSizeLimit = in.GetVolumeSizeLimit() vs.store.VolumeSizeLimit = in.GetVolumeSizeLimit()
} }
if in.GetSecretKey() != "" {
vs.guard.SecretKey = security.Secret(in.GetSecretKey())
}
if in.GetLeader() != "" && masterNode != in.GetLeader() { if in.GetLeader() != "" && masterNode != in.GetLeader() {
glog.V(0).Infof("Volume Server found a new master newLeader: %v instead of %v", in.GetLeader(), masterNode) glog.V(0).Infof("Volume Server found a new master newLeader: %v instead of %v", in.GetLeader(), masterNode)
newLeader = in.GetLeader() newLeader = in.GetLeader()

Write Preview
Loading…
Cancel
Save