sftpd: use global TLS-aware HTTP client for filer uploads (#8795)

* sftpd: use global TLS-aware HTTP client for filer uploads (#8794) putFile() hardcoded http:// and used http.DefaultClient, which broke file uploads when the filer has HTTPS/TLS enabled. Switch to the global HTTP client which reads [https.client] from security.toml and automatically normalizes the URL scheme. * sftpd: propagate NormalizeUrl error instead of swallowing it
5 days ago · e52a94a3a7
1 changed files with 8 additions and 1 deletions
--- a/weed/sftpd/sftp_filer.go
+++ b/weed/sftpd/sftp_filer.go
@ -21,6 +21,7 @@ import (
 	weed_server "github.com/seaweedfs/seaweedfs/weed/server"
 	"github.com/seaweedfs/seaweedfs/weed/sftpd/user"
 	"github.com/seaweedfs/seaweedfs/weed/util"
+	util_http "github.com/seaweedfs/seaweedfs/weed/util/http"
 	"google.golang.org/grpc"
 )

@ -322,6 +323,12 @@ func (fs *SftpServer) removeDir(absPath string) error {
 func (fs *SftpServer) putFile(filepath string, reader io.Reader, user *user.User) error {
 	dir, filename := util.FullPath(filepath).DirAndName()
 	uploadUrl := fmt.Sprintf("http://%s%s", fs.filerAddr, filepath)
+	// Let the global HTTP client normalize the scheme to https:// when TLS is configured
+	normalizedUrl, err := util_http.NormalizeUrl(uploadUrl)
+	if err != nil {
+		return fmt.Errorf("normalize upload url %q: %w", uploadUrl, err)
+	}
+	uploadUrl = normalizedUrl

 	// Compute MD5 while uploading
 	hash := md5.New()
@ -342,7 +349,7 @@ func (fs *SftpServer) putFile(filepath string, reader io.Reader, user *user.User
 		}
 	}

-	resp, err := http.DefaultClient.Do(req)
+	resp, err := util_http.Do(req)
 	if err != nil {
 		return fmt.Errorf("upload to filer: %w", err)
 	}