diff --git a/weed/server/filer_jwt_test.go b/weed/server/filer_jwt_test.go index d581691ea..81539a124 100644 --- a/weed/server/filer_jwt_test.go +++ b/weed/server/filer_jwt_test.go @@ -28,7 +28,7 @@ func TestFilerServer_maybeCheckJwtAuthorization_Scoped(t *testing.T) { token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) str, err := token.SignedString([]byte(signingKey)) if err != nil { - panic(err) + t.Fatalf("failed to sign token: %v", err) } return str } @@ -105,6 +105,30 @@ func TestFilerServer_maybeCheckJwtAuthorization_Scoped(t *testing.T) { isWrite: false, expectAuthorized: true, }, + { + name: "write operation with method restriction", + token: genToken(nil, []string{"POST", "PUT"}), + method: "POST", + path: "/data/upload", + isWrite: true, + expectAuthorized: true, + }, + { + name: "root path with prefix restriction", + token: genToken([]string{"/data"}, nil), + method: "GET", + path: "/", + isWrite: false, + expectAuthorized: false, + }, + { + name: "exact prefix match", + token: genToken([]string{"/data"}, nil), + method: "GET", + path: "/data", + isWrite: false, + expectAuthorized: true, + }, } for _, tt := range tests { diff --git a/weed/server/filer_server_handlers.go b/weed/server/filer_server_handlers.go index 3813537d1..d5758ebc2 100644 --- a/weed/server/filer_server_handlers.go +++ b/weed/server/filer_server_handlers.go @@ -4,7 +4,6 @@ import ( "context" "errors" "net/http" - "os" "strconv" "strings" "sync/atomic" @@ -148,7 +147,7 @@ func (fs *FilerServer) readonlyFilerHandler(w http.ResponseWriter, r *http.Reque statusRecorder := stats.NewStatusResponseWriter(w) w = statusRecorder - os.Stdout.WriteString("Request: " + r.Method + " " + r.URL.String() + "\n") + glog.V(4).Infof("Request: %s %s", r.Method, r.URL.String()) origin := r.Header.Get("Origin") if origin != "" {