Browse Source

rename security.GenJwt to security.GenJwtForVolumeServer

pull/2543/head
Sebastian Kurfuerst 3 years ago
parent
commit
d156d410ef
  1. 4
      weed/security/jwt.go
  2. 4
      weed/server/master_grpc_server_volume.go
  3. 4
      weed/server/master_server_handlers.go

4
weed/security/jwt.go

@ -13,12 +13,14 @@ import (
type EncodedJwt string type EncodedJwt string
type SigningKey []byte type SigningKey []byte
// SeaweedFileIdClaims is created by Master server(s) and consumed by Volume server(s),
// restricting the access this JWT allows to only a single file.
type SeaweedFileIdClaims struct { type SeaweedFileIdClaims struct {
Fid string `json:"fid"` Fid string `json:"fid"`
jwt.StandardClaims jwt.StandardClaims
} }
func GenJwt(signingKey SigningKey, expiresAfterSec int, fileId string) EncodedJwt {
func GenJwtForVolumeServer(signingKey SigningKey, expiresAfterSec int, fileId string) EncodedJwt {
if len(signingKey) == 0 { if len(signingKey) == 0 {
return "" return ""
} }

4
weed/server/master_grpc_server_volume.go

@ -86,7 +86,7 @@ func (ms *MasterServer) LookupVolume(ctx context.Context, req *master_pb.LookupV
} }
var auth string var auth string
if strings.Contains(result.VolumeOrFileId, ",") { // this is a file id if strings.Contains(result.VolumeOrFileId, ",") { // this is a file id
auth = string(security.GenJwt(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, result.VolumeOrFileId))
auth = string(security.GenJwtForVolumeServer(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, result.VolumeOrFileId))
} }
resp.VolumeIdLocations = append(resp.VolumeIdLocations, &master_pb.LookupVolumeResponse_VolumeIdLocation{ resp.VolumeIdLocations = append(resp.VolumeIdLocations, &master_pb.LookupVolumeResponse_VolumeIdLocation{
VolumeOrFileId: result.VolumeOrFileId, VolumeOrFileId: result.VolumeOrFileId,
@ -173,7 +173,7 @@ func (ms *MasterServer) Assign(ctx context.Context, req *master_pb.AssignRequest
GrpcPort: uint32(dn.GrpcPort), GrpcPort: uint32(dn.GrpcPort),
}, },
Count: count, Count: count,
Auth: string(security.GenJwt(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, fid)),
Auth: string(security.GenJwtForVolumeServer(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, fid)),
Replicas: replicas, Replicas: replicas,
}, nil }, nil
} }

4
weed/server/master_server_handlers.go

@ -149,9 +149,9 @@ func (ms *MasterServer) maybeAddJwtAuthorization(w http.ResponseWriter, fileId s
} }
var encodedJwt security.EncodedJwt var encodedJwt security.EncodedJwt
if isWrite { if isWrite {
encodedJwt = security.GenJwt(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, fileId)
encodedJwt = security.GenJwtForVolumeServer(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, fileId)
} else { } else {
encodedJwt = security.GenJwt(ms.guard.ReadSigningKey, ms.guard.ReadExpiresAfterSec, fileId)
encodedJwt = security.GenJwtForVolumeServer(ms.guard.ReadSigningKey, ms.guard.ReadExpiresAfterSec, fileId)
} }
if encodedJwt == "" { if encodedJwt == "" {
return return

Loading…
Cancel
Save