Browse Source

cleanup security.Secret

pull/855/head
Chris Lu 6 years ago
parent
commit
4ff4a147b2
  1. 9
      weed/command/benchmark.go
  2. 3
      weed/command/filer.go
  3. 6
      weed/command/filer_copy.go
  4. 3
      weed/command/master.go
  5. 4
      weed/command/server.go
  6. 8
      weed/command/upload.go
  7. 1
      weed/operation/data_struts.go
  8. 9
      weed/operation/submit.go
  9. 1
      weed/pb/master.proto
  10. 142
      weed/pb/master_pb/master.pb.go
  11. 4
      weed/security/guard.go
  12. 18
      weed/security/jwt.go
  13. 3
      weed/server/filer_server.go
  14. 1
      weed/server/master_grpc_server.go
  15. 3
      weed/server/master_server.go
  16. 4
      weed/server/volume_grpc_client_to_master.go

9
weed/command/benchmark.go

@ -17,7 +17,6 @@ import (
"github.com/chrislusf/seaweedfs/weed/glog"
"github.com/chrislusf/seaweedfs/weed/operation"
"github.com/chrislusf/seaweedfs/weed/security"
"github.com/chrislusf/seaweedfs/weed/util"
"github.com/chrislusf/seaweedfs/weed/wdclient"
)
@ -35,7 +34,6 @@ type BenchmarkOptions struct {
collection *string
cpuprofile *string
maxCpu *int
secretKey *string
}
var (
@ -59,7 +57,6 @@ func init() {
b.collection = cmdBenchmark.Flag.String("collection", "benchmark", "write data to this collection")
b.cpuprofile = cmdBenchmark.Flag.String("cpuprofile", "", "cpu profile output file")
b.maxCpu = cmdBenchmark.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs")
b.secretKey = cmdBenchmark.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
sharedBytes = make([]byte, 1024)
}
@ -188,7 +185,6 @@ func writeFiles(idChan chan int, fileIdLineChan chan string, s *stat) {
defer wait.Done()
delayedDeleteChan := make(chan *delayedFile, 100)
var waitForDeletions sync.WaitGroup
secret := security.Secret(*b.secretKey)
for i := 0; i < 7; i++ {
waitForDeletions.Add(1)
@ -198,8 +194,7 @@ func writeFiles(idChan chan int, fileIdLineChan chan string, s *stat) {
if df.enterTime.After(time.Now()) {
time.Sleep(df.enterTime.Sub(time.Now()))
}
if e := util.Delete("http://"+df.fp.Server+"/"+df.fp.Fid,
security.GenJwt(secret, df.fp.Fid)); e == nil {
if e := util.Delete("http://"+df.fp.Server+"/"+df.fp.Fid, ""); e == nil {
s.completed++
} else {
s.failed++
@ -224,7 +219,7 @@ func writeFiles(idChan chan int, fileIdLineChan chan string, s *stat) {
}
if assignResult, err := operation.Assign(masterClient.GetMaster(), ar); err == nil {
fp.Server, fp.Fid, fp.Collection = assignResult.Url, assignResult.Fid, *b.collection
if _, err := fp.Upload(0, masterClient.GetMaster(), secret); err == nil {
if _, err := fp.Upload(0, masterClient.GetMaster(), ""); err == nil {
if random.Intn(100) < *b.deletePercentage {
s.total++
delayedDeleteChan <- &delayedFile{time.Now().Add(time.Second), fp}

3
weed/command/filer.go

@ -28,7 +28,6 @@ type FilerOptions struct {
redirectOnRead *bool
disableDirListing *bool
maxMB *int
secretKey *string
dirListingLimit *int
dataCenter *string
enableNotification *bool
@ -49,7 +48,6 @@ func init() {
f.redirectOnRead = cmdFiler.Flag.Bool("redirectOnRead", false, "whether proxy or redirect to volume server during file GET request")
f.disableDirListing = cmdFiler.Flag.Bool("disableDirListing", false, "turn off directory listing")
f.maxMB = cmdFiler.Flag.Int("maxMB", 32, "split files larger than the limit")
f.secretKey = cmdFiler.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
f.dirListingLimit = cmdFiler.Flag.Int("dirListLimit", 100000, "limit sub dir listing size")
f.dataCenter = cmdFiler.Flag.String("dataCenter", "", "prefer to write to volumes in this data center")
}
@ -103,7 +101,6 @@ func (fo *FilerOptions) startFiler() {
RedirectOnRead: *fo.redirectOnRead,
DisableDirListing: *fo.disableDirListing,
MaxMB: *fo.maxMB,
SecretKey: *fo.secretKey,
DirListingLimit: *fo.dirListingLimit,
DataCenter: *fo.dataCenter,
DefaultLevelDbDir: defaultLevelDbDirectory,

6
weed/command/filer_copy.go

@ -11,7 +11,6 @@ import (
"context"
"github.com/chrislusf/seaweedfs/weed/operation"
"github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
"github.com/chrislusf/seaweedfs/weed/security"
"github.com/chrislusf/seaweedfs/weed/util"
"io"
"net/http"
@ -31,9 +30,6 @@ type CopyOptions struct {
collection *string
ttl *string
maxMB *int
secretKey *string
secret security.Secret
}
func init() {
@ -46,7 +42,6 @@ func init() {
copy.ttl = cmdCopy.Flag.String("ttl", "", "time to live, e.g.: 1m, 1h, 1d, 1M, 1y")
copy.maxMB = cmdCopy.Flag.Int("maxMB", 0, "split files larger than the limit")
copy.filerGrpcPort = cmdCopy.Flag.Int("filer.port.grpc", 0, "filer grpc server listen port, default to filer port + 10000")
copy.secretKey = cmdCopy.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
}
var cmdCopy = &Command{
@ -66,7 +61,6 @@ var cmdCopy = &Command{
}
func runCopy(cmd *Command, args []string) bool {
copy.secret = security.Secret(*copy.secretKey)
if len(args) <= 1 {
return false
}

3
weed/command/master.go

@ -47,7 +47,6 @@ var (
mMaxCpu = cmdMaster.Flag.Int("maxCpu", 0, "maximum number of CPUs. 0 means all available CPUs")
garbageThreshold = cmdMaster.Flag.Float64("garbageThreshold", 0.3, "threshold to vacuum and reclaim spaces")
masterWhiteListOption = cmdMaster.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.")
masterSecureKey = cmdMaster.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
masterCpuProfile = cmdMaster.Flag.String("cpuprofile", "", "cpu profile output file")
masterMemProfile = cmdMaster.Flag.String("memprofile", "", "memory profile output file")
@ -75,7 +74,7 @@ func runMaster(cmd *Command, args []string) bool {
ms := weed_server.NewMasterServer(r, *mport, *metaFolder,
*volumeSizeLimitMB, *volumePreallocate,
*mpulse, *defaultReplicaPlacement, *garbageThreshold,
masterWhiteList, *masterSecureKey,
masterWhiteList,
)
listeningAddress := *masterBindIp + ":" + strconv.Itoa(*mport)

4
weed/command/server.go

@ -58,7 +58,6 @@ var (
serverRack = cmdServer.Flag.String("rack", "", "current volume server's rack name")
serverWhiteListOption = cmdServer.Flag.String("whiteList", "", "comma separated Ip addresses having write permission. No limit if empty.")
serverPeers = cmdServer.Flag.String("master.peers", "", "all master nodes in comma separated ip:masterPort list")
serverSecureKey = cmdServer.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
serverGarbageThreshold = cmdServer.Flag.Float64("garbageThreshold", 0.3, "threshold to vacuum and reclaim spaces")
masterPort = cmdServer.Flag.Int("master.port", 9333, "master server http listen port")
masterGrpcPort = cmdServer.Flag.Int("master.port.grpc", 0, "master grpc server listen port, default to http port + 10000")
@ -96,7 +95,6 @@ func init() {
}
func runServer(cmd *Command, args []string) bool {
filerOptions.secretKey = serverSecureKey
if *serverOptions.cpuprofile != "" {
f, err := os.Create(*serverOptions.cpuprofile)
if err != nil {
@ -170,7 +168,7 @@ func runServer(cmd *Command, args []string) bool {
ms := weed_server.NewMasterServer(r, *masterPort, *masterMetaFolder,
*masterVolumeSizeLimitMB, *masterVolumePreallocate,
*pulseSeconds, *masterDefaultReplicaPlacement, *serverGarbageThreshold,
serverWhiteList, *serverSecureKey,
serverWhiteList,
)
glog.V(0).Infof("Start Seaweed Master %s at %s:%d", util.VERSION, *serverIp, *masterPort)

8
weed/command/upload.go

@ -7,7 +7,6 @@ import (
"path/filepath"
"github.com/chrislusf/seaweedfs/weed/operation"
"github.com/chrislusf/seaweedfs/weed/security"
)
var (
@ -23,7 +22,6 @@ type UploadOptions struct {
dataCenter *string
ttl *string
maxMB *int
secretKey *string
}
func init() {
@ -37,7 +35,6 @@ func init() {
upload.dataCenter = cmdUpload.Flag.String("dataCenter", "", "optional data center name")
upload.ttl = cmdUpload.Flag.String("ttl", "", "time to live, e.g.: 1m, 1h, 1d, 1M, 1y")
upload.maxMB = cmdUpload.Flag.Int("maxMB", 0, "split files larger than the limit")
upload.secretKey = cmdUpload.Flag.String("secure.secret", "", "secret to encrypt Json Web Token(JWT)")
}
var cmdUpload = &Command{
@ -60,7 +57,6 @@ var cmdUpload = &Command{
}
func runUpload(cmd *Command, args []string) bool {
secret := security.Secret(*upload.secretKey)
if len(args) == 0 {
if *upload.dir == "" {
return false
@ -79,7 +75,7 @@ func runUpload(cmd *Command, args []string) bool {
}
results, e := operation.SubmitFiles(*upload.master, parts,
*upload.replication, *upload.collection, *upload.dataCenter,
*upload.ttl, *upload.maxMB, secret)
*upload.ttl, *upload.maxMB)
bytes, _ := json.Marshal(results)
fmt.Println(string(bytes))
if e != nil {
@ -98,7 +94,7 @@ func runUpload(cmd *Command, args []string) bool {
}
results, _ := operation.SubmitFiles(*upload.master, parts,
*upload.replication, *upload.collection, *upload.dataCenter,
*upload.ttl, *upload.maxMB, secret)
*upload.ttl, *upload.maxMB)
bytes, _ := json.Marshal(results)
fmt.Println(string(bytes))
}

1
weed/operation/data_struts.go

@ -2,6 +2,5 @@ package operation
type JoinResult struct {
VolumeSizeLimit uint64 `json:"VolumeSizeLimit,omitempty"`
SecretKey string `json:"secretKey,omitempty"`
Error string `json:"error,omitempty"`
}

9
weed/operation/submit.go

@ -37,9 +37,7 @@ type SubmitResult struct {
}
func SubmitFiles(master string, files []FilePart,
replication string, collection string, dataCenter string, ttl string, maxMB int,
secret security.Secret,
) ([]SubmitResult, error) {
replication string, collection string, dataCenter string, ttl string, maxMB int) ([]SubmitResult, error) {
results := make([]SubmitResult, len(files))
for index, file := range files {
results[index].FileName = file.FileName
@ -67,7 +65,7 @@ func SubmitFiles(master string, files []FilePart,
file.Replication = replication
file.Collection = collection
file.DataCenter = dataCenter
results[index].Size, err = file.Upload(maxMB, master, secret)
results[index].Size, err = file.Upload(maxMB, master, "")
if err != nil {
results[index].Error = err.Error()
}
@ -110,8 +108,7 @@ func newFilePart(fullPathFilename string) (ret FilePart, err error) {
return ret, nil
}
func (fi FilePart) Upload(maxMB int, master string, secret security.Secret) (retSize uint32, err error) {
jwt := security.GenJwt(secret, fi.Fid)
func (fi FilePart) Upload(maxMB int, master string, jwt security.EncodedJwt) (retSize uint32, err error) {
fileUrl := "http://" + fi.Server + "/" + fi.Fid
if fi.ModTime != 0 {
fileUrl += "?ts=" + strconv.Itoa(int(fi.ModTime))

1
weed/pb/master.proto

@ -36,7 +36,6 @@ message Heartbeat {
message HeartbeatResponse {
uint64 volumeSizeLimit = 1;
string secretKey = 2;
string leader = 3;
}

142
weed/pb/master_pb/master.pb.go

@ -145,7 +145,6 @@ func (m *Heartbeat) GetDeletedVids() []uint32 {
type HeartbeatResponse struct {
VolumeSizeLimit uint64 `protobuf:"varint,1,opt,name=volumeSizeLimit" json:"volumeSizeLimit,omitempty"`
SecretKey string `protobuf:"bytes,2,opt,name=secretKey" json:"secretKey,omitempty"`
Leader string `protobuf:"bytes,3,opt,name=leader" json:"leader,omitempty"`
}
@ -161,13 +160,6 @@ func (m *HeartbeatResponse) GetVolumeSizeLimit() uint64 {
return 0
}
func (m *HeartbeatResponse) GetSecretKey() string {
if m != nil {
return m.SecretKey
}
return ""
}
func (m *HeartbeatResponse) GetLeader() string {
if m != nil {
return m.Leader
@ -966,71 +958,71 @@ var _Seaweed_serviceDesc = grpc.ServiceDesc{
func init() { proto.RegisterFile("master.proto", fileDescriptor0) }
var fileDescriptor0 = []byte{
// 1055 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xb4, 0x56, 0x4b, 0x6f, 0xe4, 0x44,
0x10, 0x5e, 0x7b, 0x9e, 0xae, 0xd9, 0xc9, 0x4e, 0x3a, 0x11, 0xf2, 0xce, 0xbe, 0x06, 0x73, 0x19,
0x04, 0x8a, 0x96, 0x70, 0x44, 0x08, 0xb1, 0xd1, 0x22, 0xa2, 0x04, 0x36, 0x38, 0xb0, 0x07, 0x2e,
0xa6, 0x63, 0x57, 0xa2, 0x56, 0xfc, 0xa2, 0xbb, 0x27, 0x99, 0xd9, 0x0b, 0x47, 0xfe, 0x15, 0x17,
0xb8, 0xf1, 0x53, 0xb8, 0xf1, 0x0b, 0x50, 0x3f, 0xec, 0xf1, 0x38, 0x09, 0x91, 0x90, 0xb8, 0xb5,
0xbf, 0xae, 0xee, 0xaa, 0xfe, 0xbe, 0x7a, 0x18, 0x1e, 0x66, 0x54, 0x48, 0xe4, 0x7b, 0x25, 0x2f,
0x64, 0x41, 0x3c, 0xf3, 0x15, 0x95, 0x67, 0xc1, 0x5f, 0x2e, 0x78, 0x5f, 0x23, 0xe5, 0xf2, 0x0c,
0xa9, 0x24, 0x5b, 0xe0, 0xb2, 0xd2, 0x77, 0x66, 0xce, 0xdc, 0x0b, 0x5d, 0x56, 0x12, 0x02, 0xdd,
0xb2, 0xe0, 0xd2, 0x77, 0x67, 0xce, 0x7c, 0x1c, 0xea, 0x35, 0x79, 0x06, 0x50, 0x2e, 0xce, 0x52,
0x16, 0x47, 0x0b, 0x9e, 0xfa, 0x1d, 0x6d, 0xeb, 0x19, 0xe4, 0x07, 0x9e, 0x92, 0x39, 0x4c, 0x32,
0xba, 0x8c, 0xae, 0x8a, 0x74, 0x91, 0x61, 0x14, 0x17, 0x8b, 0x5c, 0xfa, 0x5d, 0x7d, 0x7c, 0x2b,
0xa3, 0xcb, 0xb7, 0x1a, 0x3e, 0x50, 0x28, 0x99, 0xa9, 0xa8, 0x96, 0xd1, 0x39, 0x4b, 0x31, 0xba,
0xc4, 0x95, 0xdf, 0x9b, 0x39, 0xf3, 0x6e, 0x08, 0x19, 0x5d, 0x7e, 0xc5, 0x52, 0x3c, 0xc2, 0x15,
0x79, 0x01, 0xa3, 0x84, 0x4a, 0x1a, 0xc5, 0x98, 0x4b, 0xe4, 0x7e, 0x5f, 0xfb, 0x02, 0x05, 0x1d,
0x68, 0x44, 0xc5, 0xc7, 0x69, 0x7c, 0xe9, 0x0f, 0xf4, 0x8e, 0x5e, 0xab, 0xf8, 0x68, 0x92, 0xb1,
0x3c, 0xd2, 0x91, 0x0f, 0xb5, 0x6b, 0x4f, 0x23, 0x27, 0x2a, 0xfc, 0xcf, 0x61, 0x60, 0x62, 0x13,
0xbe, 0x37, 0xeb, 0xcc, 0x47, 0xfb, 0x1f, 0xec, 0xd5, 0x6c, 0xec, 0x99, 0xf0, 0x0e, 0xf3, 0xf3,
0x82, 0x67, 0x54, 0xb2, 0x22, 0xff, 0x06, 0x85, 0xa0, 0x17, 0x18, 0x56, 0x67, 0xc8, 0x63, 0x18,
0xe6, 0x78, 0x1d, 0x5d, 0xb1, 0x44, 0xf8, 0x30, 0xeb, 0xcc, 0xc7, 0xe1, 0x20, 0xc7, 0xeb, 0xb7,
0x2c, 0x11, 0xe4, 0x7d, 0x78, 0x98, 0x60, 0x8a, 0x12, 0x13, 0xb3, 0x3d, 0xd2, 0xdb, 0x23, 0x8b,
0x29, 0x93, 0x40, 0xc0, 0x76, 0x4d, 0x76, 0x88, 0xa2, 0x2c, 0x72, 0x81, 0x64, 0x0e, 0x8f, 0xcc,
0xed, 0xa7, 0xec, 0x1d, 0x1e, 0xb3, 0x8c, 0x49, 0xad, 0x40, 0x37, 0x6c, 0xc3, 0xe4, 0x29, 0x78,
0x02, 0x63, 0x8e, 0xf2, 0x08, 0x57, 0x5a, 0x13, 0x2f, 0x5c, 0x03, 0xe4, 0x3d, 0xe8, 0xa7, 0x48,
0x13, 0xe4, 0x56, 0x14, 0xfb, 0x15, 0xfc, 0xe1, 0x82, 0x7f, 0xd7, 0xc3, 0xb4, 0xe2, 0x89, 0xf6,
0x37, 0x0e, 0x5d, 0x96, 0x28, 0x46, 0x05, 0x7b, 0x87, 0xfa, 0xf6, 0x6e, 0xa8, 0xd7, 0xe4, 0x39,
0x40, 0x5c, 0xa4, 0x29, 0xc6, 0xea, 0xa0, 0xbd, 0xbc, 0x81, 0x28, 0xc6, 0xb5, 0x88, 0x6b, 0xb1,
0xbb, 0xa1, 0xa7, 0x10, 0xa3, 0x73, 0xcd, 0x8b, 0x35, 0x30, 0x3a, 0x5b, 0x5e, 0x8c, 0xc9, 0xc7,
0x40, 0x2a, 0xea, 0xce, 0x56, 0xb5, 0x61, 0x5f, 0x1b, 0x4e, 0xec, 0xce, 0xab, 0x55, 0x65, 0xfd,
0x04, 0x3c, 0x8e, 0x34, 0x89, 0x8a, 0x3c, 0x5d, 0x69, 0xe9, 0x87, 0xe1, 0x50, 0x01, 0x6f, 0xf2,
0x74, 0x45, 0x3e, 0x82, 0x6d, 0x8e, 0x65, 0xca, 0x62, 0x1a, 0x95, 0x29, 0x8d, 0x31, 0xc3, 0xbc,
0xca, 0x82, 0x89, 0xdd, 0x38, 0xa9, 0x70, 0xe2, 0xc3, 0xe0, 0x0a, 0xb9, 0x50, 0xcf, 0xf2, 0xb4,
0x49, 0xf5, 0x49, 0x26, 0xd0, 0x91, 0x32, 0xf5, 0x41, 0xa3, 0x6a, 0x19, 0x0c, 0xa0, 0xf7, 0x3a,
0x2b, 0xe5, 0x2a, 0xf8, 0xcd, 0x81, 0x47, 0xa7, 0x8b, 0x12, 0xf9, 0xab, 0xb4, 0x88, 0x2f, 0x5f,
0x2f, 0x25, 0xa7, 0xe4, 0x0d, 0x6c, 0x21, 0xa7, 0x62, 0xc1, 0x55, 0xec, 0x09, 0xcb, 0x2f, 0x34,
0xa5, 0xa3, 0xfd, 0x79, 0x23, 0xb9, 0x5a, 0x67, 0xf6, 0x5e, 0x9b, 0x03, 0x07, 0xda, 0x3e, 0x1c,
0x63, 0xf3, 0x73, 0xfa, 0x23, 0x8c, 0x37, 0xf6, 0x95, 0x30, 0x2a, 0xf1, 0xad, 0x54, 0x7a, 0xad,
0x14, 0x2f, 0x29, 0x67, 0x72, 0x65, 0x0b, 0xd4, 0x7e, 0x29, 0x41, 0x6c, 0xfd, 0xa9, 0x3c, 0xec,
0xe8, 0x3c, 0xf4, 0x0c, 0x72, 0x98, 0x88, 0xe0, 0x43, 0xd8, 0x39, 0x48, 0x19, 0xe6, 0xf2, 0x98,
0x09, 0x89, 0x79, 0x88, 0x3f, 0x2f, 0x50, 0x48, 0xe5, 0x21, 0xa7, 0x19, 0xda, 0xf2, 0xd7, 0xeb,
0xe0, 0x17, 0xd8, 0x32, 0xa9, 0x73, 0x5c, 0xc4, 0x3a, 0x6f, 0x14, 0x31, 0xaa, 0xee, 0x8d, 0x91,
0x5a, 0xb6, 0x1a, 0x82, 0xdb, 0x6e, 0x08, 0xcd, 0x8a, 0xe9, 0xfc, 0x7b, 0xc5, 0x74, 0x6f, 0x56,
0xcc, 0xf7, 0xb0, 0x73, 0x5c, 0x14, 0x97, 0x8b, 0xd2, 0x84, 0x51, 0xc5, 0xba, 0xf9, 0x42, 0x67,
0xd6, 0x51, 0x3e, 0xeb, 0x17, 0xb6, 0x32, 0xd6, 0x6d, 0x67, 0x6c, 0xf0, 0xb7, 0x03, 0xbb, 0x9b,
0xd7, 0xda, 0x5a, 0xfc, 0x09, 0x76, 0xea, 0x7b, 0xa3, 0xd4, 0xbe, 0xd9, 0x38, 0x18, 0xed, 0xbf,
0x6c, 0x88, 0x79, 0xdb, 0xe9, 0xaa, 0x7d, 0x24, 0x15, 0x59, 0xe1, 0xf6, 0x55, 0x0b, 0x11, 0xd3,
0x25, 0x4c, 0xda, 0x66, 0x2a, 0xa1, 0x6b, 0xaf, 0x96, 0xd9, 0x61, 0x75, 0x92, 0x7c, 0x02, 0xde,
0x3a, 0x10, 0x57, 0x07, 0xb2, 0xb3, 0x11, 0x88, 0xf5, 0xb5, 0xb6, 0x22, 0xbb, 0xd0, 0x43, 0xce,
0x8b, 0xaa, 0x11, 0x98, 0x8f, 0xe0, 0x33, 0x18, 0xfe, 0x67, 0x15, 0x83, 0x3f, 0x1d, 0x18, 0x7f,
0x29, 0x04, 0xbb, 0xa8, 0xd3, 0x65, 0x17, 0x7a, 0xa6, 0x4c, 0x4d, 0xb3, 0x32, 0x1f, 0x64, 0x06,
0x23, 0x5b, 0x65, 0x0d, 0xea, 0x9b, 0xd0, 0xbd, 0xdd, 0xc4, 0x56, 0x5e, 0xd7, 0x84, 0x26, 0x65,
0xda, 0x1e, 0x03, 0xbd, 0x3b, 0xc7, 0x40, 0xbf, 0x31, 0x06, 0x9e, 0x80, 0xa7, 0x0f, 0xe5, 0x45,
0x82, 0x76, 0x3e, 0x0c, 0x15, 0xf0, 0x6d, 0x91, 0xe8, 0xb4, 0xae, 0x1e, 0x63, 0x85, 0x9f, 0x40,
0xe7, 0xbc, 0x26, 0x5f, 0x2d, 0x2b, 0x8a, 0xdc, 0xbb, 0x28, 0xba, 0x31, 0xf9, 0x6a, 0x42, 0xba,
0x4d, 0x42, 0x6a, 0x2d, 0x7a, 0x4d, 0x2d, 0x2e, 0x60, 0xfb, 0x54, 0x52, 0xc9, 0x84, 0x64, 0xb1,
0xa8, 0x18, 0x6d, 0x71, 0xe7, 0xdc, 0xc7, 0x9d, 0x7b, 0x17, 0x77, 0x9d, 0x9a, 0xbb, 0xe0, 0x77,
0x07, 0x48, 0xd3, 0x93, 0x7d, 0xee, 0xff, 0xe0, 0x4a, 0xd1, 0x23, 0x0b, 0x49, 0xd3, 0x48, 0x0f,
0x10, 0x3b, 0x06, 0x34, 0xa2, 0x26, 0x98, 0x12, 0x64, 0x21, 0x30, 0x31, 0xbb, 0x66, 0x06, 0x0c,
0x15, 0xa0, 0x37, 0x37, 0x47, 0x48, 0xbf, 0x35, 0x42, 0xf6, 0x7f, 0xed, 0xc0, 0xe0, 0x14, 0xe9,
0x35, 0x62, 0x42, 0x0e, 0x61, 0x7c, 0x8a, 0x79, 0xb2, 0xfe, 0x69, 0xd9, 0x6d, 0x54, 0x43, 0x8d,
0x4e, 0x9f, 0xde, 0x86, 0x56, 0xef, 0x0f, 0x1e, 0xcc, 0x9d, 0x97, 0x0e, 0x39, 0x81, 0xf1, 0x11,
0x62, 0x79, 0x50, 0xe4, 0x39, 0xc6, 0x12, 0x13, 0xf2, 0xbc, 0x71, 0xe8, 0x96, 0x16, 0x39, 0x7d,
0x7c, 0xe3, 0x5f, 0xa1, 0xaa, 0x28, 0x7b, 0xe3, 0x77, 0xf0, 0xb0, 0xd9, 0x19, 0x36, 0x2e, 0xbc,
0xa5, 0x8f, 0x4d, 0x5f, 0xdc, 0xd3, 0x52, 0x82, 0x07, 0xe4, 0x0b, 0xe8, 0x9b, 0x5c, 0x25, 0x7e,
0xc3, 0x78, 0xa3, 0x16, 0x37, 0xe2, 0xda, 0x4c, 0xec, 0xe0, 0x01, 0x39, 0x02, 0x58, 0x67, 0x00,
0x69, 0xf2, 0x72, 0x23, 0x05, 0xa7, 0xcf, 0xee, 0xd8, 0xad, 0x2e, 0x3b, 0xeb, 0xeb, 0x3f, 0xc8,
0x4f, 0xff, 0x09, 0x00, 0x00, 0xff, 0xff, 0xc7, 0x9f, 0x0a, 0x25, 0x51, 0x0a, 0x00, 0x00,
// 1043 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xb4, 0x56, 0xcd, 0x6e, 0x24, 0x35,
0x10, 0xde, 0xee, 0xf9, 0xed, 0x9a, 0x4c, 0x76, 0xe2, 0x44, 0xa8, 0x77, 0x96, 0xdd, 0x1d, 0x9a,
0xcb, 0x20, 0x50, 0xb4, 0x84, 0x23, 0x42, 0x88, 0x8d, 0x82, 0x88, 0x12, 0xd8, 0xd0, 0x61, 0xf7,
0xc0, 0xa5, 0x71, 0xba, 0x2b, 0x91, 0x95, 0xfe, 0xc3, 0xf6, 0x24, 0x33, 0x7b, 0xe1, 0xc8, 0x5b,
0x71, 0x81, 0x1b, 0x8f, 0xc2, 0x8d, 0x27, 0x40, 0xfe, 0xe9, 0x4e, 0x4f, 0x27, 0x21, 0x12, 0x12,
0x37, 0xfb, 0x73, 0xd9, 0xae, 0xfa, 0xbe, 0xaa, 0xb2, 0x61, 0x23, 0xa3, 0x42, 0x22, 0xdf, 0x2d,
0x79, 0x21, 0x0b, 0xe2, 0x99, 0x59, 0x54, 0x9e, 0x05, 0x7f, 0xb9, 0xe0, 0x7d, 0x83, 0x94, 0xcb,
0x33, 0xa4, 0x92, 0x6c, 0x82, 0xcb, 0x4a, 0xdf, 0x99, 0x39, 0x73, 0x2f, 0x74, 0x59, 0x49, 0x08,
0x74, 0xcb, 0x82, 0x4b, 0xdf, 0x9d, 0x39, 0xf3, 0x71, 0xa8, 0xc7, 0xe4, 0x19, 0x40, 0xb9, 0x38,
0x4b, 0x59, 0x1c, 0x2d, 0x78, 0xea, 0x77, 0xb4, 0xad, 0x67, 0x90, 0x37, 0x3c, 0x25, 0x73, 0x98,
0x64, 0x74, 0x19, 0x5d, 0x15, 0xe9, 0x22, 0xc3, 0x28, 0x2e, 0x16, 0xb9, 0xf4, 0xbb, 0x7a, 0xfb,
0x66, 0x46, 0x97, 0x6f, 0x35, 0xbc, 0xaf, 0x50, 0x32, 0x53, 0x5e, 0x2d, 0xa3, 0x73, 0x96, 0x62,
0x74, 0x89, 0x2b, 0xbf, 0x37, 0x73, 0xe6, 0xdd, 0x10, 0x32, 0xba, 0xfc, 0x9a, 0xa5, 0x78, 0x84,
0x2b, 0xf2, 0x02, 0x46, 0x09, 0x95, 0x34, 0x8a, 0x31, 0x97, 0xc8, 0xfd, 0xbe, 0xbe, 0x0b, 0x14,
0xb4, 0xaf, 0x11, 0xe5, 0x1f, 0xa7, 0xf1, 0xa5, 0x3f, 0xd0, 0x2b, 0x7a, 0xac, 0xfc, 0xa3, 0x49,
0xc6, 0xf2, 0x48, 0x7b, 0x3e, 0xd4, 0x57, 0x7b, 0x1a, 0x39, 0x51, 0xee, 0x7f, 0x01, 0x03, 0xe3,
0x9b, 0xf0, 0xbd, 0x59, 0x67, 0x3e, 0xda, 0xfb, 0x70, 0xb7, 0x66, 0x63, 0xd7, 0xb8, 0x77, 0x98,
0x9f, 0x17, 0x3c, 0xa3, 0x92, 0x15, 0xf9, 0xb7, 0x28, 0x04, 0xbd, 0xc0, 0xb0, 0xda, 0x43, 0x9e,
0xc0, 0x30, 0xc7, 0xeb, 0xe8, 0x8a, 0x25, 0xc2, 0x87, 0x59, 0x67, 0x3e, 0x0e, 0x07, 0x39, 0x5e,
0xbf, 0x65, 0x89, 0x20, 0x1f, 0xc0, 0x46, 0x82, 0x29, 0x4a, 0x4c, 0xcc, 0xf2, 0x48, 0x2f, 0x8f,
0x2c, 0xa6, 0x4c, 0x82, 0x37, 0xb0, 0x55, 0x93, 0x1d, 0xa2, 0x28, 0x8b, 0x5c, 0x20, 0x99, 0xc3,
0x63, 0x73, 0xfa, 0x29, 0x7b, 0x87, 0xc7, 0x2c, 0x63, 0x52, 0x2b, 0xd0, 0x0d, 0xdb, 0x30, 0x79,
0x0f, 0xfa, 0x29, 0xd2, 0x04, 0xb9, 0xa5, 0xdd, 0xce, 0x82, 0x3f, 0x5c, 0xf0, 0xef, 0x73, 0x5d,
0x6b, 0x9a, 0xe8, 0x13, 0xc7, 0xa1, 0xcb, 0x12, 0xc5, 0x99, 0x60, 0xef, 0x50, 0x6b, 0xda, 0x0d,
0xf5, 0x98, 0x3c, 0x07, 0x88, 0x8b, 0x34, 0xc5, 0x58, 0x6d, 0xb4, 0x87, 0x37, 0x10, 0xc5, 0xa9,
0x96, 0xe9, 0x46, 0xce, 0x6e, 0xe8, 0x29, 0xc4, 0x28, 0x59, 0x47, 0x6e, 0x0d, 0x8c, 0x92, 0x36,
0x72, 0x63, 0xf2, 0x09, 0x90, 0x8a, 0x9c, 0xb3, 0x55, 0x6d, 0xd8, 0xd7, 0x86, 0x13, 0xbb, 0xf2,
0x6a, 0x55, 0x59, 0x3f, 0x05, 0x8f, 0x23, 0x4d, 0xa2, 0x22, 0x4f, 0x57, 0x5a, 0xdc, 0x61, 0x38,
0x54, 0xc0, 0xeb, 0x3c, 0x5d, 0x91, 0x8f, 0x61, 0x8b, 0x63, 0x99, 0xb2, 0x98, 0x46, 0x65, 0x4a,
0x63, 0xcc, 0x30, 0xaf, 0x74, 0x9e, 0xd8, 0x85, 0x93, 0x0a, 0x27, 0x3e, 0x0c, 0xae, 0x90, 0x0b,
0x15, 0x96, 0xa7, 0x4d, 0xaa, 0x29, 0x99, 0x40, 0x47, 0xca, 0xd4, 0x07, 0x8d, 0xaa, 0x61, 0x30,
0x80, 0xde, 0x41, 0x56, 0xca, 0x55, 0xf0, 0x9b, 0x03, 0x8f, 0x4f, 0x17, 0x25, 0xf2, 0x57, 0x69,
0x11, 0x5f, 0x1e, 0x2c, 0x25, 0xa7, 0xe4, 0x35, 0x6c, 0x22, 0xa7, 0x62, 0xc1, 0x95, 0xef, 0x09,
0xcb, 0x2f, 0x34, 0xa5, 0xa3, 0xbd, 0x79, 0x23, 0x7d, 0x5a, 0x7b, 0x76, 0x0f, 0xcc, 0x86, 0x7d,
0x6d, 0x1f, 0x8e, 0xb1, 0x39, 0x9d, 0xfe, 0x08, 0xe3, 0xb5, 0x75, 0x25, 0x8c, 0x4a, 0x6d, 0x2b,
0x95, 0x1e, 0x2b, 0xc5, 0x4b, 0xca, 0x99, 0x5c, 0xd9, 0x12, 0xb4, 0x33, 0x25, 0x88, 0xad, 0x30,
0x95, 0x69, 0x1d, 0x9d, 0x69, 0x9e, 0x41, 0x0e, 0x13, 0x11, 0x7c, 0x04, 0xdb, 0xfb, 0x29, 0xc3,
0x5c, 0x1e, 0x33, 0x21, 0x31, 0x0f, 0xf1, 0xe7, 0x05, 0x0a, 0xa9, 0x6e, 0xc8, 0x69, 0x86, 0xb6,
0xc0, 0xf5, 0x38, 0xf8, 0x05, 0x36, 0x4d, 0xea, 0x1c, 0x17, 0xb1, 0xce, 0x1b, 0x45, 0x8c, 0xaa,
0x6c, 0x63, 0xa4, 0x86, 0xad, 0x92, 0x77, 0xdb, 0x25, 0xdf, 0xac, 0x89, 0xce, 0xbf, 0xd7, 0x44,
0xf7, 0x76, 0x4d, 0xfc, 0x00, 0xdb, 0xc7, 0x45, 0x71, 0xb9, 0x28, 0x8d, 0x1b, 0x95, 0xaf, 0xeb,
0x11, 0x3a, 0xb3, 0x8e, 0xba, 0xb3, 0x8e, 0xb0, 0x95, 0xb1, 0x6e, 0x3b, 0x63, 0x83, 0xbf, 0x1d,
0xd8, 0x59, 0x3f, 0xd6, 0x56, 0xdb, 0x4f, 0xb0, 0x5d, 0x9f, 0x1b, 0xa5, 0x36, 0x66, 0x73, 0xc1,
0x68, 0xef, 0x65, 0x43, 0xcc, 0xbb, 0x76, 0x57, 0x0d, 0x22, 0xa9, 0xc8, 0x0a, 0xb7, 0xae, 0x5a,
0x88, 0x98, 0x2e, 0x61, 0xd2, 0x36, 0x53, 0x09, 0x5d, 0xdf, 0x6a, 0x99, 0x1d, 0x56, 0x3b, 0xc9,
0xa7, 0xe0, 0xdd, 0x38, 0xe2, 0x6a, 0x47, 0xb6, 0xd7, 0x1c, 0xb1, 0x77, 0xdd, 0x58, 0x91, 0x1d,
0xe8, 0x21, 0xe7, 0x45, 0xd5, 0x08, 0xcc, 0x24, 0xf8, 0x1c, 0x86, 0xff, 0x59, 0xc5, 0xe0, 0x4f,
0x07, 0xc6, 0x5f, 0x09, 0xc1, 0x2e, 0xea, 0x74, 0xd9, 0x81, 0x9e, 0x29, 0x53, 0xd3, 0x8e, 0xcc,
0x84, 0xcc, 0x60, 0x64, 0xab, 0xac, 0x41, 0x7d, 0x13, 0x7a, 0xb0, 0x9b, 0xd8, 0xca, 0xeb, 0x1a,
0xd7, 0xa4, 0x4c, 0xdb, 0x8d, 0xbe, 0x77, 0x6f, 0xa3, 0xef, 0x37, 0x1a, 0xfd, 0x53, 0xf0, 0xf4,
0xa6, 0xbc, 0x48, 0xd0, 0xbe, 0x00, 0x43, 0x05, 0x7c, 0x57, 0x24, 0x3a, 0xad, 0xab, 0x60, 0xac,
0xf0, 0x13, 0xe8, 0x9c, 0xd7, 0xe4, 0xab, 0x61, 0x45, 0x91, 0x7b, 0x1f, 0x45, 0xb7, 0xde, 0xb6,
0x9a, 0x90, 0x6e, 0x93, 0x90, 0x5a, 0x8b, 0x5e, 0x53, 0x8b, 0x0b, 0xd8, 0x3a, 0x95, 0x54, 0x32,
0x21, 0x59, 0x2c, 0x2a, 0x46, 0x5b, 0xdc, 0x39, 0x0f, 0x71, 0xe7, 0xde, 0xc7, 0x5d, 0xa7, 0xe6,
0x2e, 0xf8, 0xdd, 0x01, 0xd2, 0xbc, 0xc9, 0x86, 0xfb, 0x3f, 0x5c, 0xa5, 0xe8, 0x91, 0x85, 0xa4,
0x69, 0xa4, 0x1f, 0x10, 0xfb, 0x0c, 0x68, 0x44, 0xbd, 0x51, 0x4a, 0x90, 0x85, 0xc0, 0xc4, 0xac,
0x9a, 0x37, 0x60, 0xa8, 0x00, 0xbd, 0xb8, 0xfe, 0x84, 0xf4, 0x5b, 0x4f, 0xc8, 0xde, 0xaf, 0x1d,
0x18, 0x9c, 0x22, 0xbd, 0x46, 0x4c, 0xc8, 0x21, 0x8c, 0x4f, 0x31, 0x4f, 0x6e, 0xbe, 0x25, 0x3b,
0x8d, 0x6a, 0xa8, 0xd1, 0xe9, 0xfb, 0x77, 0xa1, 0x55, 0xfc, 0xc1, 0xa3, 0xb9, 0xf3, 0xd2, 0x21,
0x27, 0x30, 0x3e, 0x42, 0x2c, 0xf7, 0x8b, 0x3c, 0xc7, 0x58, 0x62, 0x42, 0x9e, 0x37, 0x36, 0xdd,
0xd1, 0x22, 0xa7, 0x4f, 0x6e, 0xfd, 0x06, 0xaa, 0x8a, 0xb2, 0x27, 0x7e, 0x0f, 0x1b, 0xcd, 0xce,
0xb0, 0x76, 0xe0, 0x1d, 0x7d, 0x6c, 0xfa, 0xe2, 0x81, 0x96, 0x12, 0x3c, 0x22, 0x5f, 0x42, 0xdf,
0xe4, 0x2a, 0xf1, 0x1b, 0xc6, 0x6b, 0xb5, 0xb8, 0xe6, 0xd7, 0x7a, 0x62, 0x07, 0x8f, 0xc8, 0x11,
0xc0, 0x4d, 0x06, 0x90, 0x26, 0x2f, 0xb7, 0x52, 0x70, 0xfa, 0xec, 0x9e, 0xd5, 0xea, 0xb0, 0xb3,
0xbe, 0xfe, 0x23, 0x7e, 0xf6, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x77, 0xb3, 0x32, 0xc7, 0x33,
0x0a, 0x00, 0x00,
}

4
weed/security/guard.go

@ -42,13 +42,13 @@ https://github.com/pkieltyka/jwtauth/blob/master/jwtauth.go
*/
type Guard struct {
whiteList []string
SecretKey Secret
SecretKey SigningKey
isActive bool
}
func NewGuard(whiteList []string, secretKey string) *Guard {
g := &Guard{whiteList: whiteList, SecretKey: Secret(secretKey)}
g := &Guard{whiteList: whiteList, SecretKey: SigningKey(secretKey)}
g.isActive = len(g.whiteList) != 0 || len(g.SecretKey) != 0
return g
}

18
weed/security/jwt.go

@ -11,10 +11,10 @@ import (
)
type EncodedJwt string
type Secret string
type SigningKey string
func GenJwt(secret Secret, fileId string) EncodedJwt {
if secret == "" {
func GenJwt(signingKey SigningKey, fileId string) EncodedJwt {
if signingKey == "" {
return ""
}
@ -23,7 +23,7 @@ func GenJwt(secret Secret, fileId string) EncodedJwt {
ExpiresAt: time.Now().Add(time.Second * 10).Unix(),
Subject: fileId,
}
encoded, e := t.SignedString(secret)
encoded, e := t.SignedString(signingKey)
if e != nil {
glog.V(0).Infof("Failed to sign claims: %v", t.Claims)
return ""
@ -55,20 +55,20 @@ func GetJwt(r *http.Request) EncodedJwt {
return EncodedJwt(tokenStr)
}
func EncodeJwt(secret Secret, claims *jwt.StandardClaims) (EncodedJwt, error) {
if secret == "" {
func EncodeJwt(signingKey SigningKey, claims *jwt.StandardClaims) (EncodedJwt, error) {
if signingKey == "" {
return "", nil
}
t := jwt.New(jwt.GetSigningMethod("HS256"))
t.Claims = claims
encoded, e := t.SignedString(secret)
encoded, e := t.SignedString(signingKey)
return EncodedJwt(encoded), e
}
func DecodeJwt(secret Secret, tokenString EncodedJwt) (token *jwt.Token, err error) {
func DecodeJwt(signingKey SigningKey, tokenString EncodedJwt) (token *jwt.Token, err error) {
// check exp, nbf
return jwt.Parse(string(tokenString), func(token *jwt.Token) (interface{}, error) {
return secret, nil
return signingKey, nil
})
}

3
weed/server/filer_server.go

@ -28,7 +28,6 @@ type FilerOption struct {
RedirectOnRead bool
DisableDirListing bool
MaxMB int
SecretKey string
DirListingLimit int
DataCenter string
DefaultLevelDbDir string
@ -36,7 +35,7 @@ type FilerOption struct {
type FilerServer struct {
option *FilerOption
secret security.Secret
secret security.SigningKey
filer *filer2.Filer
}

1
weed/server/master_grpc_server.go

@ -67,7 +67,6 @@ func (ms *MasterServer) SendHeartbeat(stream master_pb.Seaweed_SendHeartbeatServ
glog.V(0).Infof("added volume server %v:%d", heartbeat.GetIp(), heartbeat.GetPort())
if err := stream.Send(&master_pb.HeartbeatResponse{
VolumeSizeLimit: uint64(ms.volumeSizeLimitMB) * 1024 * 1024,
SecretKey: string(ms.guard.SecretKey),
}); err != nil {
return err
}

3
weed/server/master_server.go

@ -45,7 +45,6 @@ func NewMasterServer(r *mux.Router, port int, metaFolder string,
defaultReplicaPlacement string,
garbageThreshold float64,
whiteList []string,
secureKey string,
) *MasterServer {
var preallocateSize int64
@ -67,7 +66,7 @@ func NewMasterServer(r *mux.Router, port int, metaFolder string,
ms.vg = topology.NewDefaultVolumeGrowth()
glog.V(0).Infoln("Volume Size Limit is", volumeSizeLimitMB, "MB")
ms.guard = security.NewGuard(whiteList, secureKey)
ms.guard = security.NewGuard(whiteList, signingKey)
handleStaticResources2(r)
r.HandleFunc("/", ms.uiStatusHandler)

4
weed/server/volume_grpc_client_to_master.go

@ -6,7 +6,6 @@ import (
"github.com/chrislusf/seaweedfs/weed/glog"
"github.com/chrislusf/seaweedfs/weed/pb/master_pb"
"github.com/chrislusf/seaweedfs/weed/security"
"github.com/chrislusf/seaweedfs/weed/util"
"golang.org/x/net/context"
)
@ -73,9 +72,6 @@ func (vs *VolumeServer) doHeartbeat(masterNode, masterGrpcAddress string, sleepI
if in.GetVolumeSizeLimit() != 0 {
vs.store.VolumeSizeLimit = in.GetVolumeSizeLimit()
}
if in.GetSecretKey() != "" {
vs.guard.SecretKey = security.Secret(in.GetSecretKey())
}
if in.GetLeader() != "" && masterNode != in.GetLeader() {
glog.V(0).Infof("Volume Server found a new master newLeader: %v instead of %v", in.GetLeader(), masterNode)
newLeader = in.GetLeader()

Loading…
Cancel
Save