Browse Source

cleanup security.Secret

pull/855/head
Chris Lu 6 years ago
parent
commit
4ff4a147b2
  1. 9
      weed/command/benchmark.go
  2. 3
      weed/command/filer.go
  3. 6
      weed/command/filer_copy.go
  4. 3
      weed/command/master.go
  5. 4
      weed/command/server.go
  6. 8
      weed/command/upload.go
  7. 1
      weed/operation/data_struts.go
  8. 9
      weed/operation/submit.go
  9. 1
      weed/pb/master.proto
  10. 142
      weed/pb/master_pb/master.pb.go
  11. 4
      weed/security/guard.go
  12. 18
      weed/security/jwt.go
  13. 3
      weed/server/filer_server.go
  14. 1
      weed/server/master_grpc_server.go
  15. 3
      weed/server/master_server.go
  16. 4
      weed/server/volume_grpc_client_to_master.go

9
weed/command/benchmark.go

@ -17,7 +17,6 @@ import (
"github.com/chrislusf/seaweedfs/weed/glog" "github.com/chrislusf/seaweedfs/weed/glog"
"github.com/chrislusf/seaweedfs/weed/operation" "github.com/chrislusf/seaweedfs/weed/operation"
"github.com/chrislusf/seaweedfs/weed/security"
"github.com/chrislusf/seaweedfs/weed/util" "github.com/chrislusf/seaweedfs/weed/util"
"github.com/chrislusf/seaweedfs/weed/wdclient" "github.com/chrislusf/seaweedfs/weed/wdclient"
) )
@ -35,7 +34,6 @@ type BenchmarkOptions struct {
collection *string collection *string
cpuprofile *string cpuprofile *string
maxCpu *int maxCpu *int
secretKey *string
} }
var ( var (
@ -59,7 +57,6 @@ func init() {
b.collection = cmdBenchmark.Flag.String("collection", "benchmark", "write data to this collection") b.collection = cmdBenchmark.Flag.String("collection", "benchmark", "write data to this collection")
b.cpuprofile = cmdBenchmark.Flag.String("cpuprofile", "", "cpu profile output file") b.cpuprofile = cmdBenchmark.Flag.String("cpuprofile", "", "cpu profile output file")
b.maxCpu = cmdBenchmark.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs") b.maxCpu = cmdBenchmark.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs")
b.secretKey = cmdBenchmark.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
sharedBytes = make([]byte, 1024) sharedBytes = make([]byte, 1024)
} }
@ -188,7 +185,6 @@ func writeFiles(idChan chan int, fileIdLineChan chan string, s *stat) {
defer wait.Done() defer wait.Done()
delayedDeleteChan := make(chan *delayedFile, 100) delayedDeleteChan := make(chan *delayedFile, 100)
var waitForDeletions sync.WaitGroup var waitForDeletions sync.WaitGroup
secret := security.Secret(*b.secretKey)
for i := 0; i < 7; i++ { for i := 0; i < 7; i++ {
waitForDeletions.Add(1) waitForDeletions.Add(1)
@ -198,8 +194,7 @@ func writeFiles(idChan chan int, fileIdLineChan chan string, s *stat) {
if df.enterTime.After(time.Now()) { if df.enterTime.After(time.Now()) {
time.Sleep(df.enterTime.Sub(time.Now())) time.Sleep(df.enterTime.Sub(time.Now()))
} }
if e := util.Delete("http://"+df.fp.Server+"/"+df.fp.Fid,
security.GenJwt(secret, df.fp.Fid)); e == nil {
if e := util.Delete("http://"+df.fp.Server+"/"+df.fp.Fid, ""); e == nil {
s.completed++ s.completed++
} else { } else {
s.failed++ s.failed++
@ -224,7 +219,7 @@ func writeFiles(idChan chan int, fileIdLineChan chan string, s *stat) {
} }
if assignResult, err := operation.Assign(masterClient.GetMaster(), ar); err == nil { if assignResult, err := operation.Assign(masterClient.GetMaster(), ar); err == nil {
fp.Server, fp.Fid, fp.Collection = assignResult.Url, assignResult.Fid, *b.collection fp.Server, fp.Fid, fp.Collection = assignResult.Url, assignResult.Fid, *b.collection
if _, err := fp.Upload(0, masterClient.GetMaster(), secret); err == nil {
if _, err := fp.Upload(0, masterClient.GetMaster(), ""); err == nil {
if random.Intn(100) < *b.deletePercentage { if random.Intn(100) < *b.deletePercentage {
s.total++ s.total++
delayedDeleteChan <- &delayedFile{time.Now().Add(time.Second), fp} delayedDeleteChan <- &delayedFile{time.Now().Add(time.Second), fp}

3
weed/command/filer.go

@ -28,7 +28,6 @@ type FilerOptions struct {
redirectOnRead *bool redirectOnRead *bool
disableDirListing *bool disableDirListing *bool
maxMB *int maxMB *int
secretKey *string
dirListingLimit *int dirListingLimit *int
dataCenter *string dataCenter *string
enableNotification *bool enableNotification *bool
@ -49,7 +48,6 @@ func init() {
f.redirectOnRead = cmdFiler.Flag.Bool("redirectOnRead", false, "whether proxy or redirect to volume server during file GET request") f.redirectOnRead = cmdFiler.Flag.Bool("redirectOnRead", false, "whether proxy or redirect to volume server during file GET request")
f.disableDirListing = cmdFiler.Flag.Bool("disableDirListing", false, "turn off directory listing") f.disableDirListing = cmdFiler.Flag.Bool("disableDirListing", false, "turn off directory listing")
f.maxMB = cmdFiler.Flag.Int("maxMB", 32, "split files larger than the limit") f.maxMB = cmdFiler.Flag.Int("maxMB", 32, "split files larger than the limit")
f.secretKey = cmdFiler.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
f.dirListingLimit = cmdFiler.Flag.Int("dirListLimit", 100000, "limit sub dir listing size") f.dirListingLimit = cmdFiler.Flag.Int("dirListLimit", 100000, "limit sub dir listing size")
f.dataCenter = cmdFiler.Flag.String("dataCenter", "", "prefer to write to volumes in this data center") f.dataCenter = cmdFiler.Flag.String("dataCenter", "", "prefer to write to volumes in this data center")
} }
@ -103,7 +101,6 @@ func (fo *FilerOptions) startFiler() {
RedirectOnRead: *fo.redirectOnRead, RedirectOnRead: *fo.redirectOnRead,
DisableDirListing: *fo.disableDirListing, DisableDirListing: *fo.disableDirListing,
MaxMB: *fo.maxMB, MaxMB: *fo.maxMB,
SecretKey: *fo.secretKey,
DirListingLimit: *fo.dirListingLimit, DirListingLimit: *fo.dirListingLimit,
DataCenter: *fo.dataCenter, DataCenter: *fo.dataCenter,
DefaultLevelDbDir: defaultLevelDbDirectory, DefaultLevelDbDir: defaultLevelDbDirectory,

6
weed/command/filer_copy.go

@ -11,7 +11,6 @@ import (
"context" "context"
"github.com/chrislusf/seaweedfs/weed/operation" "github.com/chrislusf/seaweedfs/weed/operation"
"github.com/chrislusf/seaweedfs/weed/pb/filer_pb" "github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
"github.com/chrislusf/seaweedfs/weed/security"
"github.com/chrislusf/seaweedfs/weed/util" "github.com/chrislusf/seaweedfs/weed/util"
"io" "io"
"net/http" "net/http"
@ -31,9 +30,6 @@ type CopyOptions struct {
collection *string collection *string
ttl *string ttl *string
maxMB *int maxMB *int
secretKey *string
secret security.Secret
} }
func init() { func init() {
@ -46,7 +42,6 @@ func init() {
copy.ttl = cmdCopy.Flag.String("ttl", "", "time to live, e.g.: 1m, 1h, 1d, 1M, 1y") copy.ttl = cmdCopy.Flag.String("ttl", "", "time to live, e.g.: 1m, 1h, 1d, 1M, 1y")
copy.maxMB = cmdCopy.Flag.Int("maxMB", 0, "split files larger than the limit") copy.maxMB = cmdCopy.Flag.Int("maxMB", 0, "split files larger than the limit")
copy.filerGrpcPort = cmdCopy.Flag.Int("filer.port.grpc", 0, "filer grpc server listen port, default to filer port + 10000") copy.filerGrpcPort = cmdCopy.Flag.Int("filer.port.grpc", 0, "filer grpc server listen port, default to filer port + 10000")
copy.secretKey = cmdCopy.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
} }
var cmdCopy = &Command{ var cmdCopy = &Command{
@ -66,7 +61,6 @@ var cmdCopy = &Command{
} }
func runCopy(cmd *Command, args []string) bool { func runCopy(cmd *Command, args []string) bool {
copy.secret = security.Secret(*copy.secretKey)
if len(args) <= 1 { if len(args) <= 1 {
return false return false
} }

3
weed/command/master.go

@ -47,7 +47,6 @@ var (
mMaxCpu = cmdMaster.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs") mMaxCpu = cmdMaster.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs")
garbageThreshold = cmdMaster.Flag.Float64("garbageThreshold", 0.3, "threshold to vacuum and reclaim spaces") garbageThreshold = cmdMaster.Flag.Float64("garbageThreshold", 0.3, "threshold to vacuum and reclaim spaces")
masterWhiteListOption = cmdMaster.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.") masterWhiteListOption = cmdMaster.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.")
masterSecureKey = cmdMaster.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
masterCpuProfile = cmdMaster.Flag.String("cpuprofile", "", "cpu profile output file") masterCpuProfile = cmdMaster.Flag.String("cpuprofile", "", "cpu profile output file")
masterMemProfile = cmdMaster.Flag.String("memprofile", "", "memory profile output file") masterMemProfile = cmdMaster.Flag.String("memprofile", "", "memory profile output file")
@ -75,7 +74,7 @@ func runMaster(cmd *Command, args []string) bool {
ms := weed_server.NewMasterServer(r, *mport, *metaFolder, ms := weed_server.NewMasterServer(r, *mport, *metaFolder,
*volumeSizeLimitMB, *volumePreallocate, *volumeSizeLimitMB, *volumePreallocate,
*mpulse, *defaultReplicaPlacement, *garbageThreshold, *mpulse, *defaultReplicaPlacement, *garbageThreshold,
masterWhiteList, *masterSecureKey,
masterWhiteList,
) )
listeningAddress := *masterBindIp + ":" + strconv.Itoa(*mport) listeningAddress := *masterBindIp + ":" + strconv.Itoa(*mport)

4
weed/command/server.go

@ -58,7 +58,6 @@ var (
serverRack = cmdServer.Flag.String("rack", "", "current volume server's rack name") serverRack = cmdServer.Flag.String("rack", "", "current volume server's rack name")
serverWhiteListOption = cmdServer.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.") serverWhiteListOption = cmdServer.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.")
serverPeers = cmdServer.Flag.String("master.peers", "", "all master nodes in comma separated ip:masterPort list") serverPeers = cmdServer.Flag.String("master.peers", "", "all master nodes in comma separated ip:masterPort list")
serverSecureKey = cmdServer.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
serverGarbageThreshold = cmdServer.Flag.Float64("garbageThreshold", 0.3, "threshold to vacuum and reclaim spaces") serverGarbageThreshold = cmdServer.Flag.Float64("garbageThreshold", 0.3, "threshold to vacuum and reclaim spaces")
masterPort = cmdServer.Flag.Int("master.port", 9333, "master server http listen port") masterPort = cmdServer.Flag.Int("master.port", 9333, "master server http listen port")
masterGrpcPort = cmdServer.Flag.Int("master.port.grpc", 0, "master grpc server listen port, default to http port + 10000") masterGrpcPort = cmdServer.Flag.Int("master.port.grpc", 0, "master grpc server listen port, default to http port + 10000")
@ -96,7 +95,6 @@ func init() {
} }
func runServer(cmd *Command, args []string) bool { func runServer(cmd *Command, args []string) bool {
filerOptions.secretKey = serverSecureKey
if *serverOptions.cpuprofile != "" { if *serverOptions.cpuprofile != "" {
f, err := os.Create(*serverOptions.cpuprofile) f, err := os.Create(*serverOptions.cpuprofile)
if err != nil { if err != nil {
@ -170,7 +168,7 @@ func runServer(cmd *Command, args []string) bool {
ms := weed_server.NewMasterServer(r, *masterPort, *masterMetaFolder, ms := weed_server.NewMasterServer(r, *masterPort, *masterMetaFolder,
*masterVolumeSizeLimitMB, *masterVolumePreallocate, *masterVolumeSizeLimitMB, *masterVolumePreallocate,
*pulseSeconds, *masterDefaultReplicaPlacement, *serverGarbageThreshold, *pulseSeconds, *masterDefaultReplicaPlacement, *serverGarbageThreshold,
serverWhiteList, *serverSecureKey,
serverWhiteList,
) )
glog.V(0).Infof("Start Seaweed Master %s at %s:%d", util.VERSION, *serverIp, *masterPort) glog.V(0).Infof("Start Seaweed Master %s at %s:%d", util.VERSION, *serverIp, *masterPort)

8
weed/command/upload.go

@ -7,7 +7,6 @@ import (
"path/filepath" "path/filepath"
"github.com/chrislusf/seaweedfs/weed/operation" "github.com/chrislusf/seaweedfs/weed/operation"
"github.com/chrislusf/seaweedfs/weed/security"
) )
var ( var (
@ -23,7 +22,6 @@ type UploadOptions struct {
dataCenter *string dataCenter *string
ttl *string ttl *string
maxMB *int maxMB *int
secretKey *string
} }
func init() { func init() {
@ -37,7 +35,6 @@ func init() {
upload.dataCenter = cmdUpload.Flag.String("dataCenter", "", "optional data center name") upload.dataCenter = cmdUpload.Flag.String("dataCenter", "", "optional data center name")
upload.ttl = cmdUpload.Flag.String("ttl", "", "time to live, e.g.: 1m, 1h, 1d, 1M, 1y") upload.ttl = cmdUpload.Flag.String("ttl", "", "time to live, e.g.: 1m, 1h, 1d, 1M, 1y")
upload.maxMB = cmdUpload.Flag.Int("maxMB", 0, "split files larger than the limit") upload.maxMB = cmdUpload.Flag.Int("maxMB", 0, "split files larger than the limit")
upload.secretKey = cmdUpload.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
} }
var cmdUpload = &Command{ var cmdUpload = &Command{
@ -60,7 +57,6 @@ var cmdUpload = &Command{
} }
func runUpload(cmd *Command, args []string) bool { func runUpload(cmd *Command, args []string) bool {
secret := security.Secret(*upload.secretKey)
if len(args) == 0 { if len(args) == 0 {
if *upload.dir == "" { if *upload.dir == "" {
return false return false
@ -79,7 +75,7 @@ func runUpload(cmd *Command, args []string) bool {
} }
results, e := operation.SubmitFiles(*upload.master, parts, results, e := operation.SubmitFiles(*upload.master, parts,
*upload.replication, *upload.collection, *upload.dataCenter, *upload.replication, *upload.collection, *upload.dataCenter,
*upload.ttl, *upload.maxMB, secret)
*upload.ttl, *upload.maxMB)
bytes, _ := json.Marshal(results) bytes, _ := json.Marshal(results)
fmt.Println(string(bytes)) fmt.Println(string(bytes))
if e != nil { if e != nil {
@ -98,7 +94,7 @@ func runUpload(cmd *Command, args []string) bool {
} }
results, _ := operation.SubmitFiles(*upload.master, parts, results, _ := operation.SubmitFiles(*upload.master, parts,
*upload.replication, *upload.collection, *upload.dataCenter, *upload.replication, *upload.collection, *upload.dataCenter,
*upload.ttl, *upload.maxMB, secret)
*upload.ttl, *upload.maxMB)
bytes, _ := json.Marshal(results) bytes, _ := json.Marshal(results)
fmt.Println(string(bytes)) fmt.Println(string(bytes))
} }

1
weed/operation/data_struts.go

@ -2,6 +2,5 @@ package operation
type JoinResult struct { type JoinResult struct {
VolumeSizeLimit uint64 `json:"VolumeSizeLimit,omitempty"` VolumeSizeLimit uint64 `json:"VolumeSizeLimit,omitempty"`
SecretKey string `json:"secretKey,omitempty"`
Error string `json:"error,omitempty"` Error string `json:"error,omitempty"`
} }

9
weed/operation/submit.go

@ -37,9 +37,7 @@ type SubmitResult struct {
} }
func SubmitFiles(master string, files []FilePart, func SubmitFiles(master string, files []FilePart,
replication string, collection string, dataCenter string, ttl string, maxMB int,
secret security.Secret,
) ([]SubmitResult, error) {
replication string, collection string, dataCenter string, ttl string, maxMB int) ([]SubmitResult, error) {
results := make([]SubmitResult, len(files)) results := make([]SubmitResult, len(files))
for index, file := range files { for index, file := range files {
results[index].FileName = file.FileName results[index].FileName = file.FileName
@ -67,7 +65,7 @@ func SubmitFiles(master string, files []FilePart,
file.Replication = replication file.Replication = replication
file.Collection = collection file.Collection = collection
file.DataCenter = dataCenter file.DataCenter = dataCenter
results[index].Size, err = file.Upload(maxMB, master, secret)
results[index].Size, err = file.Upload(maxMB, master, "")
if err != nil { if err != nil {
results[index].Error = err.Error() results[index].Error = err.Error()
} }
@ -110,8 +108,7 @@ func newFilePart(fullPathFilename string) (ret FilePart, err error) {
return ret, nil return ret, nil
} }
func (fi FilePart) Upload(maxMB int, master string, secret security.Secret) (retSize uint32, err error) {
jwt := security.GenJwt(secret, fi.Fid)
func (fi FilePart) Upload(maxMB int, master string, jwt security.EncodedJwt) (retSize uint32, err error) {
fileUrl := "http://" + fi.Server + "/" + fi.Fid fileUrl := "http://" + fi.Server + "/" + fi.Fid
if fi.ModTime != 0 { if fi.ModTime != 0 {
fileUrl += "?ts=" + strconv.Itoa(int(fi.ModTime)) fileUrl += "?ts=" + strconv.Itoa(int(fi.ModTime))

1
weed/pb/master.proto

@ -36,7 +36,6 @@ message Heartbeat {
message HeartbeatResponse { message HeartbeatResponse {
uint64 volumeSizeLimit = 1; uint64 volumeSizeLimit = 1;
string secretKey = 2;
string leader = 3; string leader = 3;
} }

142
weed/pb/master_pb/master.pb.go

@ -145,7 +145,6 @@ func (m *Heartbeat) GetDeletedVids() []uint32 {
type HeartbeatResponse struct { type HeartbeatResponse struct {
VolumeSizeLimit uint64 `protobuf:"varint,1,opt,name=volumeSizeLimit" json:"volumeSizeLimit,omitempty"` VolumeSizeLimit uint64 `protobuf:"varint,1,opt,name=volumeSizeLimit" json:"volumeSizeLimit,omitempty"`
SecretKey string `protobuf:"bytes,2,opt,name=secretKey" json:"secretKey,omitempty"`
Leader string `protobuf:"bytes,3,opt,name=leader" json:"leader,omitempty"` Leader string `protobuf:"bytes,3,opt,name=leader" json:"leader,omitempty"`
} }
@ -161,13 +160,6 @@ func (m *HeartbeatResponse) GetVolumeSizeLimit() uint64 {
return 0 return 0
} }
func (m *HeartbeatResponse) GetSecretKey() string {
if m != nil {
return m.SecretKey
}
return ""
}
func (m *HeartbeatResponse) GetLeader() string { func (m *HeartbeatResponse) GetLeader() string {
if m != nil { if m != nil {
return m.Leader return m.Leader
@ -966,71 +958,71 @@ var _Seaweed_serviceDesc = grpc.ServiceDesc{
func init() { proto.RegisterFile("master.proto", fileDescriptor0) } func init() { proto.RegisterFile("master.proto", fileDescriptor0) }
var fileDescriptor0 = []byte{ var fileDescriptor0 = []byte{
// 1055 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xb4, 0x56, 0x4b, 0x6f, 0xe4, 0x44,
0x10, 0x5e, 0x7b, 0x9e, 0xae, 0xd9, 0xc9, 0x4e, 0x3a, 0x11, 0xf2, 0xce, 0xbe, 0x06, 0x73, 0x19,
0x04, 0x8a, 0x96, 0x70, 0x44, 0x08, 0xb1, 0xd1, 0x22, 0xa2, 0x04, 0x36, 0x38, 0xb0, 0x07, 0x2e,
0xa6, 0x63, 0x57, 0xa2, 0x56, 0xfc, 0xa2, 0xbb, 0x27, 0x99, 0xd9, 0x0b, 0x47, 0xfe, 0x15, 0x17,
0xb8, 0xf1, 0x53, 0xb8, 0xf1, 0x0b, 0x50, 0x3f, 0xec, 0xf1, 0x38, 0x09, 0x91, 0x90, 0xb8, 0xb5,
0xbf, 0xae, 0xee, 0xaa, 0xfe, 0xbe, 0x7a, 0x18, 0x1e, 0x66, 0x54, 0x48, 0xe4, 0x7b, 0x25, 0x2f,
0x64, 0x41, 0x3c, 0xf3, 0x15, 0x95, 0x67, 0xc1, 0x5f, 0x2e, 0x78, 0x5f, 0x23, 0xe5, 0xf2, 0x0c,
0xa9, 0x24, 0x5b, 0xe0, 0xb2, 0xd2, 0x77, 0x66, 0xce, 0xdc, 0x0b, 0x5d, 0x56, 0x12, 0x02, 0xdd,
0xb2, 0xe0, 0xd2, 0x77, 0x67, 0xce, 0x7c, 0x1c, 0xea, 0x35, 0x79, 0x06, 0x50, 0x2e, 0xce, 0x52,
0x16, 0x47, 0x0b, 0x9e, 0xfa, 0x1d, 0x6d, 0xeb, 0x19, 0xe4, 0x07, 0x9e, 0x92, 0x39, 0x4c, 0x32,
0xba, 0x8c, 0xae, 0x8a, 0x74, 0x91, 0x61, 0x14, 0x17, 0x8b, 0x5c, 0xfa, 0x5d, 0x7d, 0x7c, 0x2b,
0xa3, 0xcb, 0xb7, 0x1a, 0x3e, 0x50, 0x28, 0x99, 0xa9, 0xa8, 0x96, 0xd1, 0x39, 0x4b, 0x31, 0xba,
0xc4, 0x95, 0xdf, 0x9b, 0x39, 0xf3, 0x6e, 0x08, 0x19, 0x5d, 0x7e, 0xc5, 0x52, 0x3c, 0xc2, 0x15,
0x79, 0x01, 0xa3, 0x84, 0x4a, 0x1a, 0xc5, 0x98, 0x4b, 0xe4, 0x7e, 0x5f, 0xfb, 0x02, 0x05, 0x1d,
0x68, 0x44, 0xc5, 0xc7, 0x69, 0x7c, 0xe9, 0x0f, 0xf4, 0x8e, 0x5e, 0xab, 0xf8, 0x68, 0x92, 0xb1,
0x3c, 0xd2, 0x91, 0x0f, 0xb5, 0x6b, 0x4f, 0x23, 0x27, 0x2a, 0xfc, 0xcf, 0x61, 0x60, 0x62, 0x13,
0xbe, 0x37, 0xeb, 0xcc, 0x47, 0xfb, 0x1f, 0xec, 0xd5, 0x6c, 0xec, 0x99, 0xf0, 0x0e, 0xf3, 0xf3,
0x82, 0x67, 0x54, 0xb2, 0x22, 0xff, 0x06, 0x85, 0xa0, 0x17, 0x18, 0x56, 0x67, 0xc8, 0x63, 0x18,
0xe6, 0x78, 0x1d, 0x5d, 0xb1, 0x44, 0xf8, 0x30, 0xeb, 0xcc, 0xc7, 0xe1, 0x20, 0xc7, 0xeb, 0xb7,
0x2c, 0x11, 0xe4, 0x7d, 0x78, 0x98, 0x60, 0x8a, 0x12, 0x13, 0xb3, 0x3d, 0xd2, 0xdb, 0x23, 0x8b,
0x29, 0x93, 0x40, 0xc0, 0x76, 0x4d, 0x76, 0x88, 0xa2, 0x2c, 0x72, 0x81, 0x64, 0x0e, 0x8f, 0xcc,
0xed, 0xa7, 0xec, 0x1d, 0x1e, 0xb3, 0x8c, 0x49, 0xad, 0x40, 0x37, 0x6c, 0xc3, 0xe4, 0x29, 0x78,
0x02, 0x63, 0x8e, 0xf2, 0x08, 0x57, 0x5a, 0x13, 0x2f, 0x5c, 0x03, 0xe4, 0x3d, 0xe8, 0xa7, 0x48,
0x13, 0xe4, 0x56, 0x14, 0xfb, 0x15, 0xfc, 0xe1, 0x82, 0x7f, 0xd7, 0xc3, 0xb4, 0xe2, 0x89, 0xf6,
0x37, 0x0e, 0x5d, 0x96, 0x28, 0x46, 0x05, 0x7b, 0x87, 0xfa, 0xf6, 0x6e, 0xa8, 0xd7, 0xe4, 0x39,
0x40, 0x5c, 0xa4, 0x29, 0xc6, 0xea, 0xa0, 0xbd, 0xbc, 0x81, 0x28, 0xc6, 0xb5, 0x88, 0x6b, 0xb1,
0xbb, 0xa1, 0xa7, 0x10, 0xa3, 0x73, 0xcd, 0x8b, 0x35, 0x30, 0x3a, 0x5b, 0x5e, 0x8c, 0xc9, 0xc7,
0x40, 0x2a, 0xea, 0xce, 0x56, 0xb5, 0x61, 0x5f, 0x1b, 0x4e, 0xec, 0xce, 0xab, 0x55, 0x65, 0xfd,
0x04, 0x3c, 0x8e, 0x34, 0x89, 0x8a, 0x3c, 0x5d, 0x69, 0xe9, 0x87, 0xe1, 0x50, 0x01, 0x6f, 0xf2,
0x74, 0x45, 0x3e, 0x82, 0x6d, 0x8e, 0x65, 0xca, 0x62, 0x1a, 0x95, 0x29, 0x8d, 0x31, 0xc3, 0xbc,
0xca, 0x82, 0x89, 0xdd, 0x38, 0xa9, 0x70, 0xe2, 0xc3, 0xe0, 0x0a, 0xb9, 0x50, 0xcf, 0xf2, 0xb4,
0x49, 0xf5, 0x49, 0x26, 0xd0, 0x91, 0x32, 0xf5, 0x41, 0xa3, 0x6a, 0x19, 0x0c, 0xa0, 0xf7, 0x3a,
0x2b, 0xe5, 0x2a, 0xf8, 0xcd, 0x81, 0x47, 0xa7, 0x8b, 0x12, 0xf9, 0xab, 0xb4, 0x88, 0x2f, 0x5f,
0x2f, 0x25, 0xa7, 0xe4, 0x0d, 0x6c, 0x21, 0xa7, 0x62, 0xc1, 0x55, 0xec, 0x09, 0xcb, 0x2f, 0x34,
0xa5, 0xa3, 0xfd, 0x79, 0x23, 0xb9, 0x5a, 0x67, 0xf6, 0x5e, 0x9b, 0x03, 0x07, 0xda, 0x3e, 0x1c,
0x63, 0xf3, 0x73, 0xfa, 0x23, 0x8c, 0x37, 0xf6, 0x95, 0x30, 0x2a, 0xf1, 0xad, 0x54, 0x7a, 0xad,
0x14, 0x2f, 0x29, 0x67, 0x72, 0x65, 0x0b, 0xd4, 0x7e, 0x29, 0x41, 0x6c, 0xfd, 0xa9, 0x3c, 0xec,
0xe8, 0x3c, 0xf4, 0x0c, 0x72, 0x98, 0x88, 0xe0, 0x43, 0xd8, 0x39, 0x48, 0x19, 0xe6, 0xf2, 0x98,
0x09, 0x89, 0x79, 0x88, 0x3f, 0x2f, 0x50, 0x48, 0xe5, 0x21, 0xa7, 0x19, 0xda, 0xf2, 0xd7, 0xeb,
0xe0, 0x17, 0xd8, 0x32, 0xa9, 0x73, 0x5c, 0xc4, 0x3a, 0x6f, 0x14, 0x31, 0xaa, 0xee, 0x8d, 0x91,
0x5a, 0xb6, 0x1a, 0x82, 0xdb, 0x6e, 0x08, 0xcd, 0x8a, 0xe9, 0xfc, 0x7b, 0xc5, 0x74, 0x6f, 0x56,
0xcc, 0xf7, 0xb0, 0x73, 0x5c, 0x14, 0x97, 0x8b, 0xd2, 0x84, 0x51, 0xc5, 0xba, 0xf9, 0x42, 0x67,
0xd6, 0x51, 0x3e, 0xeb, 0x17, 0xb6, 0x32, 0xd6, 0x6d, 0x67, 0x6c, 0xf0, 0xb7, 0x03, 0xbb, 0x9b,
0xd7, 0xda, 0x5a, 0xfc, 0x09, 0x76, 0xea, 0x7b, 0xa3, 0xd4, 0xbe, 0xd9, 0x38, 0x18, 0xed, 0xbf,
0x6c, 0x88, 0x79, 0xdb, 0xe9, 0xaa, 0x7d, 0x24, 0x15, 0x59, 0xe1, 0xf6, 0x55, 0x0b, 0x11, 0xd3,
0x25, 0x4c, 0xda, 0x66, 0x2a, 0xa1, 0x6b, 0xaf, 0x96, 0xd9, 0x61, 0x75, 0x92, 0x7c, 0x02, 0xde,
0x3a, 0x10, 0x57, 0x07, 0xb2, 0xb3, 0x11, 0x88, 0xf5, 0xb5, 0xb6, 0x22, 0xbb, 0xd0, 0x43, 0xce,
0x8b, 0xaa, 0x11, 0x98, 0x8f, 0xe0, 0x33, 0x18, 0xfe, 0x67, 0x15, 0x83, 0x3f, 0x1d, 0x18, 0x7f,
0x29, 0x04, 0xbb, 0xa8, 0xd3, 0x65, 0x17, 0x7a, 0xa6, 0x4c, 0x4d, 0xb3, 0x32, 0x1f, 0x64, 0x06,
0x23, 0x5b, 0x65, 0x0d, 0xea, 0x9b, 0xd0, 0xbd, 0xdd, 0xc4, 0x56, 0x5e, 0xd7, 0x84, 0x26, 0x65,
0xda, 0x1e, 0x03, 0xbd, 0x3b, 0xc7, 0x40, 0xbf, 0x31, 0x06, 0x9e, 0x80, 0xa7, 0x0f, 0xe5, 0x45,
0x82, 0x76, 0x3e, 0x0c, 0x15, 0xf0, 0x6d, 0x91, 0xe8, 0xb4, 0xae, 0x1e, 0x63, 0x85, 0x9f, 0x40,
0xe7, 0xbc, 0x26, 0x5f, 0x2d, 0x2b, 0x8a, 0xdc, 0xbb, 0x28, 0xba, 0x31, 0xf9, 0x6a, 0x42, 0xba,
0x4d, 0x42, 0x6a, 0x2d, 0x7a, 0x4d, 0x2d, 0x2e, 0x60, 0xfb, 0x54, 0x52, 0xc9, 0x84, 0x64, 0xb1,
0xa8, 0x18, 0x6d, 0x71, 0xe7, 0xdc, 0xc7, 0x9d, 0x7b, 0x17, 0x77, 0x9d, 0x9a, 0xbb, 0xe0, 0x77,
0x07, 0x48, 0xd3, 0x93, 0x7d, 0xee, 0xff, 0xe0, 0x4a, 0xd1, 0x23, 0x0b, 0x49, 0xd3, 0x48, 0x0f,
0x10, 0x3b, 0x06, 0x34, 0xa2, 0x26, 0x98, 0x12, 0x64, 0x21, 0x30, 0x31, 0xbb, 0x66, 0x06, 0x0c,
0x15, 0xa0, 0x37, 0x37, 0x47, 0x48, 0xbf, 0x35, 0x42, 0xf6, 0x7f, 0xed, 0xc0, 0xe0, 0x14, 0xe9,
0x35, 0x62, 0x42, 0x0e, 0x61, 0x7c, 0x8a, 0x79, 0xb2, 0xfe, 0x69, 0xd9, 0x6d, 0x54, 0x43, 0x8d,
0x4e, 0x9f, 0xde, 0x86, 0x56, 0xef, 0x0f, 0x1e, 0xcc, 0x9d, 0x97, 0x0e, 0x39, 0x81, 0xf1, 0x11,
0x62, 0x79, 0x50, 0xe4, 0x39, 0xc6, 0x12, 0x13, 0xf2, 0xbc, 0x71, 0xe8, 0x96, 0x16, 0x39, 0x7d,
0x7c, 0xe3, 0x5f, 0xa1, 0xaa, 0x28, 0x7b, 0xe3, 0x77, 0xf0, 0xb0, 0xd9, 0x19, 0x36, 0x2e, 0xbc,
0xa5, 0x8f, 0x4d, 0x5f, 0xdc, 0xd3, 0x52, 0x82, 0x07, 0xe4, 0x0b, 0xe8, 0x9b, 0x5c, 0x25, 0x7e,
0xc3, 0x78, 0xa3, 0x16, 0x37, 0xe2, 0xda, 0x4c, 0xec, 0xe0, 0x01, 0x39, 0x02, 0x58, 0x67, 0x00,
0x69, 0xf2, 0x72, 0x23, 0x05, 0xa7, 0xcf, 0xee, 0xd8, 0xad, 0x2e, 0x3b, 0xeb, 0xeb, 0x3f, 0xc8,
0x4f, 0xff, 0x09, 0x00, 0x00, 0xff, 0xff, 0xc7, 0x9f, 0x0a, 0x25, 0x51, 0x0a, 0x00, 0x00,
// 1043 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xb4, 0x56, 0xcd, 0x6e, 0x24, 0x35,
0x10, 0xde, 0xee, 0xf9, 0xed, 0x9a, 0x4c, 0x76, 0xe2, 0x44, 0xa8, 0x77, 0x96, 0xdd, 0x1d, 0x9a,
0xcb, 0x20, 0x50, 0xb4, 0x84, 0x23, 0x42, 0x88, 0x8d, 0x82, 0x88, 0x12, 0xd8, 0xd0, 0x61, 0xf7,
0xc0, 0xa5, 0x71, 0xba, 0x2b, 0x91, 0x95, 0xfe, 0xc3, 0xf6, 0x24, 0x33, 0x7b, 0xe1, 0xc8, 0x5b,
0x71, 0x81, 0x1b, 0x8f, 0xc2, 0x8d, 0x27, 0x40, 0xfe, 0xe9, 0x4e, 0x4f, 0x27, 0x21, 0x12, 0x12,
0x37, 0xfb, 0x73, 0xd9, 0xae, 0xfa, 0xbe, 0xaa, 0xb2, 0x61, 0x23, 0xa3, 0x42, 0x22, 0xdf, 0x2d,
0x79, 0x21, 0x0b, 0xe2, 0x99, 0x59, 0x54, 0x9e, 0x05, 0x7f, 0xb9, 0xe0, 0x7d, 0x83, 0x94, 0xcb,
0x33, 0xa4, 0x92, 0x6c, 0x82, 0xcb, 0x4a, 0xdf, 0x99, 0x39, 0x73, 0x2f, 0x74, 0x59, 0x49, 0x08,
0x74, 0xcb, 0x82, 0x4b, 0xdf, 0x9d, 0x39, 0xf3, 0x71, 0xa8, 0xc7, 0xe4, 0x19, 0x40, 0xb9, 0x38,
0x4b, 0x59, 0x1c, 0x2d, 0x78, 0xea, 0x77, 0xb4, 0xad, 0x67, 0x90, 0x37, 0x3c, 0x25, 0x73, 0x98,
0x64, 0x74, 0x19, 0x5d, 0x15, 0xe9, 0x22, 0xc3, 0x28, 0x2e, 0x16, 0xb9, 0xf4, 0xbb, 0x7a, 0xfb,
0x66, 0x46, 0x97, 0x6f, 0x35, 0xbc, 0xaf, 0x50, 0x32, 0x53, 0x5e, 0x2d, 0xa3, 0x73, 0x96, 0x62,
0x74, 0x89, 0x2b, 0xbf, 0x37, 0x73, 0xe6, 0xdd, 0x10, 0x32, 0xba, 0xfc, 0x9a, 0xa5, 0x78, 0x84,
0x2b, 0xf2, 0x02, 0x46, 0x09, 0x95, 0x34, 0x8a, 0x31, 0x97, 0xc8, 0xfd, 0xbe, 0xbe, 0x0b, 0x14,
0xb4, 0xaf, 0x11, 0xe5, 0x1f, 0xa7, 0xf1, 0xa5, 0x3f, 0xd0, 0x2b, 0x7a, 0xac, 0xfc, 0xa3, 0x49,
0xc6, 0xf2, 0x48, 0x7b, 0x3e, 0xd4, 0x57, 0x7b, 0x1a, 0x39, 0x51, 0xee, 0x7f, 0x01, 0x03, 0xe3,
0x9b, 0xf0, 0xbd, 0x59, 0x67, 0x3e, 0xda, 0xfb, 0x70, 0xb7, 0x66, 0x63, 0xd7, 0xb8, 0x77, 0x98,
0x9f, 0x17, 0x3c, 0xa3, 0x92, 0x15, 0xf9, 0xb7, 0x28, 0x04, 0xbd, 0xc0, 0xb0, 0xda, 0x43, 0x9e,
0xc0, 0x30, 0xc7, 0xeb, 0xe8, 0x8a, 0x25, 0xc2, 0x87, 0x59, 0x67, 0x3e, 0x0e, 0x07, 0x39, 0x5e,
0xbf, 0x65, 0x89, 0x20, 0x1f, 0xc0, 0x46, 0x82, 0x29, 0x4a, 0x4c, 0xcc, 0xf2, 0x48, 0x2f, 0x8f,
0x2c, 0xa6, 0x4c, 0x82, 0x37, 0xb0, 0x55, 0x93, 0x1d, 0xa2, 0x28, 0x8b, 0x5c, 0x20, 0x99, 0xc3,
0x63, 0x73, 0xfa, 0x29, 0x7b, 0x87, 0xc7, 0x2c, 0x63, 0x52, 0x2b, 0xd0, 0x0d, 0xdb, 0x30, 0x79,
0x0f, 0xfa, 0x29, 0xd2, 0x04, 0xb9, 0xa5, 0xdd, 0xce, 0x82, 0x3f, 0x5c, 0xf0, 0xef, 0x73, 0x5d,
0x6b, 0x9a, 0xe8, 0x13, 0xc7, 0xa1, 0xcb, 0x12, 0xc5, 0x99, 0x60, 0xef, 0x50, 0x6b, 0xda, 0x0d,
0xf5, 0x98, 0x3c, 0x07, 0x88, 0x8b, 0x34, 0xc5, 0x58, 0x6d, 0xb4, 0x87, 0x37, 0x10, 0xc5, 0xa9,
0x96, 0xe9, 0x46, 0xce, 0x6e, 0xe8, 0x29, 0xc4, 0x28, 0x59, 0x47, 0x6e, 0x0d, 0x8c, 0x92, 0x36,
0x72, 0x63, 0xf2, 0x09, 0x90, 0x8a, 0x9c, 0xb3, 0x55, 0x6d, 0xd8, 0xd7, 0x86, 0x13, 0xbb, 0xf2,
0x6a, 0x55, 0x59, 0x3f, 0x05, 0x8f, 0x23, 0x4d, 0xa2, 0x22, 0x4f, 0x57, 0x5a, 0xdc, 0x61, 0x38,
0x54, 0xc0, 0xeb, 0x3c, 0x5d, 0x91, 0x8f, 0x61, 0x8b, 0x63, 0x99, 0xb2, 0x98, 0x46, 0x65, 0x4a,
0x63, 0xcc, 0x30, 0xaf, 0x74, 0x9e, 0xd8, 0x85, 0x93, 0x0a, 0x27, 0x3e, 0x0c, 0xae, 0x90, 0x0b,
0x15, 0x96, 0xa7, 0x4d, 0xaa, 0x29, 0x99, 0x40, 0x47, 0xca, 0xd4, 0x07, 0x8d, 0xaa, 0x61, 0x30,
0x80, 0xde, 0x41, 0x56, 0xca, 0x55, 0xf0, 0x9b, 0x03, 0x8f, 0x4f, 0x17, 0x25, 0xf2, 0x57, 0x69,
0x11, 0x5f, 0x1e, 0x2c, 0x25, 0xa7, 0xe4, 0x35, 0x6c, 0x22, 0xa7, 0x62, 0xc1, 0x95, 0xef, 0x09,
0xcb, 0x2f, 0x34, 0xa5, 0xa3, 0xbd, 0x79, 0x23, 0x7d, 0x5a, 0x7b, 0x76, 0x0f, 0xcc, 0x86, 0x7d,
0x6d, 0x1f, 0x8e, 0xb1, 0x39, 0x9d, 0xfe, 0x08, 0xe3, 0xb5, 0x75, 0x25, 0x8c, 0x4a, 0x6d, 0x2b,
0x95, 0x1e, 0x2b, 0xc5, 0x4b, 0xca, 0x99, 0x5c, 0xd9, 0x12, 0xb4, 0x33, 0x25, 0x88, 0xad, 0x30,
0x95, 0x69, 0x1d, 0x9d, 0x69, 0x9e, 0x41, 0x0e, 0x13, 0x11, 0x7c, 0x04, 0xdb, 0xfb, 0x29, 0xc3,
0x5c, 0x1e, 0x33, 0x21, 0x31, 0x0f, 0xf1, 0xe7, 0x05, 0x0a, 0xa9, 0x6e, 0xc8, 0x69, 0x86, 0xb6,
0xc0, 0xf5, 0x38, 0xf8, 0x05, 0x36, 0x4d, 0xea, 0x1c, 0x17, 0xb1, 0xce, 0x1b, 0x45, 0x8c, 0xaa,
0x6c, 0x63, 0xa4, 0x86, 0xad, 0x92, 0x77, 0xdb, 0x25, 0xdf, 0xac, 0x89, 0xce, 0xbf, 0xd7, 0x44,
0xf7, 0x76, 0x4d, 0xfc, 0x00, 0xdb, 0xc7, 0x45, 0x71, 0xb9, 0x28, 0x8d, 0x1b, 0x95, 0xaf, 0xeb,
0x11, 0x3a, 0xb3, 0x8e, 0xba, 0xb3, 0x8e, 0xb0, 0x95, 0xb1, 0x6e, 0x3b, 0x63, 0x83, 0xbf, 0x1d,
0xd8, 0x59, 0x3f, 0xd6, 0x56, 0xdb, 0x4f, 0xb0, 0x5d, 0x9f, 0x1b, 0xa5, 0x36, 0x66, 0x73, 0xc1,
0x68, 0xef, 0x65, 0x43, 0xcc, 0xbb, 0x76, 0x57, 0x0d, 0x22, 0xa9, 0xc8, 0x0a, 0xb7, 0xae, 0x5a,
0x88, 0x98, 0x2e, 0x61, 0xd2, 0x36, 0x53, 0x09, 0x5d, 0xdf, 0x6a, 0x99, 0x1d, 0x56, 0x3b, 0xc9,
0xa7, 0xe0, 0xdd, 0x38, 0xe2, 0x6a, 0x47, 0xb6, 0xd7, 0x1c, 0xb1, 0x77, 0xdd, 0x58, 0x91, 0x1d,
0xe8, 0x21, 0xe7, 0x45, 0xd5, 0x08, 0xcc, 0x24, 0xf8, 0x1c, 0x86, 0xff, 0x59, 0xc5, 0xe0, 0x4f,
0x07, 0xc6, 0x5f, 0x09, 0xc1, 0x2e, 0xea, 0x74, 0xd9, 0x81, 0x9e, 0x29, 0x53, 0xd3, 0x8e, 0xcc,
0x84, 0xcc, 0x60, 0x64, 0xab, 0xac, 0x41, 0x7d, 0x13, 0x7a, 0xb0, 0x9b, 0xd8, 0xca, 0xeb, 0x1a,
0xd7, 0xa4, 0x4c, 0xdb, 0x8d, 0xbe, 0x77, 0x6f, 0xa3, 0xef, 0x37, 0x1a, 0xfd, 0x53, 0xf0, 0xf4,
0xa6, 0xbc, 0x48, 0xd0, 0xbe, 0x00, 0x43, 0x05, 0x7c, 0x57, 0x24, 0x3a, 0xad, 0xab, 0x60, 0xac,
0xf0, 0x13, 0xe8, 0x9c, 0xd7, 0xe4, 0xab, 0x61, 0x45, 0x91, 0x7b, 0x1f, 0x45, 0xb7, 0xde, 0xb6,
0x9a, 0x90, 0x6e, 0x93, 0x90, 0x5a, 0x8b, 0x5e, 0x53, 0x8b, 0x0b, 0xd8, 0x3a, 0x95, 0x54, 0x32,
0x21, 0x59, 0x2c, 0x2a, 0x46, 0x5b, 0xdc, 0x39, 0x0f, 0x71, 0xe7, 0xde, 0xc7, 0x5d, 0xa7, 0xe6,
0x2e, 0xf8, 0xdd, 0x01, 0xd2, 0xbc, 0xc9, 0x86, 0xfb, 0x3f, 0x5c, 0xa5, 0xe8, 0x91, 0x85, 0xa4,
0x69, 0xa4, 0x1f, 0x10, 0xfb, 0x0c, 0x68, 0x44, 0xbd, 0x51, 0x4a, 0x90, 0x85, 0xc0, 0xc4, 0xac,
0x9a, 0x37, 0x60, 0xa8, 0x00, 0xbd, 0xb8, 0xfe, 0x84, 0xf4, 0x5b, 0x4f, 0xc8, 0xde, 0xaf, 0x1d,
0x18, 0x9c, 0x22, 0xbd, 0x46, 0x4c, 0xc8, 0x21, 0x8c, 0x4f, 0x31, 0x4f, 0x6e, 0xbe, 0x25, 0x3b,
0x8d, 0x6a, 0xa8, 0xd1, 0xe9, 0xfb, 0x77, 0xa1, 0x55, 0xfc, 0xc1, 0xa3, 0xb9, 0xf3, 0xd2, 0x21,
0x27, 0x30, 0x3e, 0x42, 0x2c, 0xf7, 0x8b, 0x3c, 0xc7, 0x58, 0x62, 0x42, 0x9e, 0x37, 0x36, 0xdd,
0xd1, 0x22, 0xa7, 0x4f, 0x6e, 0xfd, 0x06, 0xaa, 0x8a, 0xb2, 0x27, 0x7e, 0x0f, 0x1b, 0xcd, 0xce,
0xb0, 0x76, 0xe0, 0x1d, 0x7d, 0x6c, 0xfa, 0xe2, 0x81, 0x96, 0x12, 0x3c, 0x22, 0x5f, 0x42, 0xdf,
0xe4, 0x2a, 0xf1, 0x1b, 0xc6, 0x6b, 0xb5, 0xb8, 0xe6, 0xd7, 0x7a, 0x62, 0x07, 0x8f, 0xc8, 0x11,
0xc0, 0x4d, 0x06, 0x90, 0x26, 0x2f, 0xb7, 0x52, 0x70, 0xfa, 0xec, 0x9e, 0xd5, 0xea, 0xb0, 0xb3,
0xbe, 0xfe, 0x23, 0x7e, 0xf6, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x77, 0xb3, 0x32, 0xc7, 0x33,
0x0a, 0x00, 0x00,
} }

4
weed/security/guard.go

@ -42,13 +42,13 @@ https://github.com/pkieltyka/jwtauth/blob/master/jwtauth.go
*/ */
type Guard struct { type Guard struct {
whiteList []string whiteList []string
SecretKey Secret
SecretKey SigningKey
isActive bool isActive bool
} }
func NewGuard(whiteList []string, secretKey string) *Guard { func NewGuard(whiteList []string, secretKey string) *Guard {
g := &Guard{whiteList: whiteList, SecretKey: Secret(secretKey)}
g := &Guard{whiteList: whiteList, SecretKey: SigningKey(secretKey)}
g.isActive = len(g.whiteList) != 0 || len(g.SecretKey) != 0 g.isActive = len(g.whiteList) != 0 || len(g.SecretKey) != 0
return g return g
} }

18
weed/security/jwt.go

@ -11,10 +11,10 @@ import (
) )
type EncodedJwt string type EncodedJwt string
type Secret string
type SigningKey string
func GenJwt(secret Secret, fileId string) EncodedJwt {
if secret == "" {
func GenJwt(signingKey SigningKey, fileId string) EncodedJwt {
if signingKey == "" {
return "" return ""
} }
@ -23,7 +23,7 @@ func GenJwt(secret Secret, fileId string) EncodedJwt {
ExpiresAt: time.Now().Add(time.Second * 10).Unix(), ExpiresAt: time.Now().Add(time.Second * 10).Unix(),
Subject: fileId, Subject: fileId,
} }
encoded, e := t.SignedString(secret)
encoded, e := t.SignedString(signingKey)
if e != nil { if e != nil {
glog.V(0).Infof("Failed to sign claims: %v", t.Claims) glog.V(0).Infof("Failed to sign claims: %v", t.Claims)
return "" return ""
@ -55,20 +55,20 @@ func GetJwt(r *http.Request) EncodedJwt {
return EncodedJwt(tokenStr) return EncodedJwt(tokenStr)
} }
func EncodeJwt(secret Secret, claims *jwt.StandardClaims) (EncodedJwt, error) {
if secret == "" {
func EncodeJwt(signingKey SigningKey, claims *jwt.StandardClaims) (EncodedJwt, error) {
if signingKey == "" {
return "", nil return "", nil
} }
t := jwt.New(jwt.GetSigningMethod("HS256")) t := jwt.New(jwt.GetSigningMethod("HS256"))
t.Claims = claims t.Claims = claims
encoded, e := t.SignedString(secret)
encoded, e := t.SignedString(signingKey)
return EncodedJwt(encoded), e return EncodedJwt(encoded), e
} }
func DecodeJwt(secret Secret, tokenString EncodedJwt) (token *jwt.Token, err error) {
func DecodeJwt(signingKey SigningKey, tokenString EncodedJwt) (token *jwt.Token, err error) {
// check exp, nbf // check exp, nbf
return jwt.Parse(string(tokenString), func(token *jwt.Token) (interface{}, error) { return jwt.Parse(string(tokenString), func(token *jwt.Token) (interface{}, error) {
return secret, nil
return signingKey, nil
}) })
} }

3
weed/server/filer_server.go

@ -28,7 +28,6 @@ type FilerOption struct {
RedirectOnRead bool RedirectOnRead bool
DisableDirListing bool DisableDirListing bool
MaxMB int MaxMB int
SecretKey string
DirListingLimit int DirListingLimit int
DataCenter string DataCenter string
DefaultLevelDbDir string DefaultLevelDbDir string
@ -36,7 +35,7 @@ type FilerOption struct {
type FilerServer struct { type FilerServer struct {
option *FilerOption option *FilerOption
secret security.Secret
secret security.SigningKey
filer *filer2.Filer filer *filer2.Filer
} }

1
weed/server/master_grpc_server.go

@ -67,7 +67,6 @@ func (ms *MasterServer) SendHeartbeat(stream master_pb.Seaweed_SendHeartbeatServ
glog.V(0).Infof("added volume server %v:%d", heartbeat.GetIp(), heartbeat.GetPort()) glog.V(0).Infof("added volume server %v:%d", heartbeat.GetIp(), heartbeat.GetPort())
if err := stream.Send(&master_pb.HeartbeatResponse{ if err := stream.Send(&master_pb.HeartbeatResponse{
VolumeSizeLimit: uint64(ms.volumeSizeLimitMB) * 1024 * 1024, VolumeSizeLimit: uint64(ms.volumeSizeLimitMB) * 1024 * 1024,
SecretKey: string(ms.guard.SecretKey),
}); err != nil { }); err != nil {
return err return err
} }

3
weed/server/master_server.go

@ -45,7 +45,6 @@ func NewMasterServer(r *mux.Router, port int, metaFolder string,
defaultReplicaPlacement string, defaultReplicaPlacement string,
garbageThreshold float64, garbageThreshold float64,
whiteList []string, whiteList []string,
secureKey string,
) *MasterServer { ) *MasterServer {
var preallocateSize int64 var preallocateSize int64
@ -67,7 +66,7 @@ func NewMasterServer(r *mux.Router, port int, metaFolder string,
ms.vg = topology.NewDefaultVolumeGrowth() ms.vg = topology.NewDefaultVolumeGrowth()
glog.V(0).Infoln("Volume Size Limit is", volumeSizeLimitMB, "MB") glog.V(0).Infoln("Volume Size Limit is", volumeSizeLimitMB, "MB")
ms.guard = security.NewGuard(whiteList, secureKey)
ms.guard = security.NewGuard(whiteList, signingKey)
handleStaticResources2(r) handleStaticResources2(r)
r.HandleFunc("/", ms.uiStatusHandler) r.HandleFunc("/", ms.uiStatusHandler)

4
weed/server/volume_grpc_client_to_master.go

@ -6,7 +6,6 @@ import (
"github.com/chrislusf/seaweedfs/weed/glog" "github.com/chrislusf/seaweedfs/weed/glog"
"github.com/chrislusf/seaweedfs/weed/pb/master_pb" "github.com/chrislusf/seaweedfs/weed/pb/master_pb"
"github.com/chrislusf/seaweedfs/weed/security"
"github.com/chrislusf/seaweedfs/weed/util" "github.com/chrislusf/seaweedfs/weed/util"
"golang.org/x/net/context" "golang.org/x/net/context"
) )
@ -73,9 +72,6 @@ func (vs *VolumeServer) doHeartbeat(masterNode, masterGrpcAddress string, sleepI
if in.GetVolumeSizeLimit() != 0 { if in.GetVolumeSizeLimit() != 0 {
vs.store.VolumeSizeLimit = in.GetVolumeSizeLimit() vs.store.VolumeSizeLimit = in.GetVolumeSizeLimit()
} }
if in.GetSecretKey() != "" {
vs.guard.SecretKey = security.Secret(in.GetSecretKey())
}
if in.GetLeader() != "" && masterNode != in.GetLeader() { if in.GetLeader() != "" && masterNode != in.GetLeader() {
glog.V(0).Infof("Volume Server found a new master newLeader: %v instead of %v", in.GetLeader(), masterNode) glog.V(0).Infof("Volume Server found a new master newLeader: %v instead of %v", in.GetLeader(), masterNode)
newLeader = in.GetLeader() newLeader = in.GetLeader()

Loading…
Cancel
Save