Address PR feedback: replace debug logging and improve tests

weed/server/filer_jwt_test.go

@@ -28,7 +28,7 @@ func TestFilerServer_maybeCheckJwtAuthorization_Scoped(t *testing.T) {
 		token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 		str, err := token.SignedString([]byte(signingKey))
 		if err != nil {
-			panic(err)
+			t.Fatalf("failed to sign token: %v", err)
 		}
 		return str
 	}
@@ -105,6 +105,30 @@ func TestFilerServer_maybeCheckJwtAuthorization_Scoped(t *testing.T) {
 			isWrite:          false,
 			expectAuthorized: true,
 		},
+		{
+			name:             "write operation with method restriction",
+			token:            genToken(nil, []string{"POST", "PUT"}),
+			method:           "POST",
+			path:             "/data/upload",
+			isWrite:          true,
+			expectAuthorized: true,
+		},
+		{
+			name:             "root path with prefix restriction",
+			token:            genToken([]string{"/data"}, nil),
+			method:           "GET",
+			path:             "/",
+			isWrite:          false,
+			expectAuthorized: false,
+		},
+		{
+			name:             "exact prefix match",
+			token:            genToken([]string{"/data"}, nil),
+			method:           "GET",
+			path:             "/data",
+			isWrite:          false,
+			expectAuthorized: true,
+		},
 	}
 
 	for _, tt := range tests {

weed/server/filer_server_handlers.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"net/http"
-	"os"
 	"strconv"
 	"strings"
 	"sync/atomic"
@@ -148,7 +147,7 @@ func (fs *FilerServer) readonlyFilerHandler(w http.ResponseWriter, r *http.Reque
 	statusRecorder := stats.NewStatusResponseWriter(w)
 	w = statusRecorder
 
-	os.Stdout.WriteString("Request: " + r.Method + " " + r.URL.String() + "\n")
+	glog.V(4).Infof("Request: %s %s", r.Method, r.URL.String())
 
 	origin := r.Header.Get("Origin")
 	if origin != "" {