filer: option to encrypt data on volume server
This commit is contained in:
Chris Lu
@@ -189,7 +189,7 @@ func (fi FilePart) Upload(maxMB int, master string, jwt security.EncodedJwt, grp
|
||||
cm.DeleteChunks(master, grpcDialOption)
|
||||
}
|
||||
} else {
|
||||
ret, e := Upload(fileUrl, baseName, fi.Reader, false, fi.MimeType, nil, jwt)
|
||||
ret, e := Upload(fileUrl, baseName, false, fi.Reader, false, fi.MimeType, nil, jwt)
|
||||
if e != nil {
|
||||
return 0, e
|
||||
}
|
||||
@@ -202,8 +202,7 @@ func upload_one_chunk(filename string, reader io.Reader, master,
|
||||
fileUrl string, jwt security.EncodedJwt,
|
||||
) (size uint32, e error) {
|
||||
glog.V(4).Info("Uploading part ", filename, " to ", fileUrl, "...")
|
||||
uploadResult, uploadError := Upload(fileUrl, filename, reader, false,
|
||||
"", nil, jwt)
|
||||
uploadResult, uploadError := Upload(fileUrl, filename, false, reader, false, "", nil, jwt)
|
||||
if uploadError != nil {
|
||||
return 0, uploadError
|
||||
}
|
||||
@@ -221,6 +220,6 @@ func upload_chunked_file_manifest(fileUrl string, manifest *ChunkManifest, jwt s
|
||||
q := u.Query()
|
||||
q.Set("cm", "true")
|
||||
u.RawQuery = q.Encode()
|
||||
_, e = Upload(u.String(), manifest.Name, bufReader, false, "application/json", nil, jwt)
|
||||
_, e = Upload(u.String(), manifest.Name, false, bufReader, false, "application/json", nil, jwt)
|
||||
return e
|
||||
}
|
||||
|
||||
@@ -22,10 +22,11 @@ import (
|
||||
)
|
||||
|
||||
type UploadResult struct {
|
||||
Name string `json:"name,omitempty"`
|
||||
Size uint32 `json:"size,omitempty"`
|
||||
Error string `json:"error,omitempty"`
|
||||
ETag string `json:"eTag,omitempty"`
|
||||
Name string `json:"name,omitempty"`
|
||||
Size uint32 `json:"size,omitempty"`
|
||||
Error string `json:"error,omitempty"`
|
||||
ETag string `json:"eTag,omitempty"`
|
||||
CipherKey []byte `json:"cipherKey,omitempty"`
|
||||
}
|
||||
|
||||
var (
|
||||
@@ -41,22 +42,22 @@ func init() {
|
||||
var fileNameEscaper = strings.NewReplacer("\\", "\\\\", "\"", "\\\"")
|
||||
|
||||
// Upload sends a POST request to a volume server to upload the content with adjustable compression level
|
||||
func UploadWithLocalCompressionLevel(uploadUrl string, filename string, reader io.Reader, isGzipped bool, mtype string, pairMap map[string]string, jwt security.EncodedJwt, compressionLevel int) (*UploadResult, error) {
|
||||
func UploadWithLocalCompressionLevel(uploadUrl string, filename string, cipher bool, reader io.Reader, isGzipped bool, mtype string, pairMap map[string]string, jwt security.EncodedJwt, compressionLevel int) (*UploadResult, error) {
|
||||
if compressionLevel < 1 {
|
||||
compressionLevel = 1
|
||||
}
|
||||
if compressionLevel > 9 {
|
||||
compressionLevel = 9
|
||||
}
|
||||
return doUpload(uploadUrl, filename, reader, isGzipped, mtype, pairMap, compressionLevel, jwt)
|
||||
return doUpload(uploadUrl, filename, cipher, reader, isGzipped, mtype, pairMap, compressionLevel, jwt)
|
||||
}
|
||||
|
||||
// Upload sends a POST request to a volume server to upload the content with fast compression
|
||||
func Upload(uploadUrl string, filename string, reader io.Reader, isGzipped bool, mtype string, pairMap map[string]string, jwt security.EncodedJwt) (*UploadResult, error) {
|
||||
return doUpload(uploadUrl, filename, reader, isGzipped, mtype, pairMap, flate.BestSpeed, jwt)
|
||||
func Upload(uploadUrl string, filename string, cipher bool, reader io.Reader, isGzipped bool, mtype string, pairMap map[string]string, jwt security.EncodedJwt) (*UploadResult, error) {
|
||||
return doUpload(uploadUrl, filename, cipher, reader, isGzipped, mtype, pairMap, flate.BestSpeed, jwt)
|
||||
}
|
||||
|
||||
func doUpload(uploadUrl string, filename string, reader io.Reader, isGzipped bool, mtype string, pairMap map[string]string, compression int, jwt security.EncodedJwt) (*UploadResult, error) {
|
||||
func doUpload(uploadUrl string, filename string, cipher bool, reader io.Reader, isGzipped bool, mtype string, pairMap map[string]string, compression int, jwt security.EncodedJwt) (*UploadResult, error) {
|
||||
contentIsGzipped := isGzipped
|
||||
shouldGzipNow := false
|
||||
if !isGzipped {
|
||||
@@ -65,7 +66,25 @@ func doUpload(uploadUrl string, filename string, reader io.Reader, isGzipped boo
|
||||
contentIsGzipped = true
|
||||
}
|
||||
}
|
||||
return upload_content(uploadUrl, func(w io.Writer) (err error) {
|
||||
// encrypt data
|
||||
var cipherKey util.CipherKey
|
||||
var clearDataLen int
|
||||
if cipher {
|
||||
clearData, err := ioutil.ReadAll(reader)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("read raw input: %v", err)
|
||||
}
|
||||
clearDataLen = len(clearData)
|
||||
cipherKey = util.GenCipherKey()
|
||||
encryptedData, err := util.Encrypt(clearData, cipherKey)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("encrypt input: %v", err)
|
||||
}
|
||||
reader = bytes.NewReader(encryptedData)
|
||||
}
|
||||
|
||||
// upload data
|
||||
uploadResult, err := upload_content(uploadUrl, func(w io.Writer) (err error) {
|
||||
if shouldGzipNow {
|
||||
gzWriter, _ := gzip.NewWriterLevel(w, compression)
|
||||
_, err = io.Copy(gzWriter, reader)
|
||||
@@ -75,6 +94,14 @@ func doUpload(uploadUrl string, filename string, reader io.Reader, isGzipped boo
|
||||
}
|
||||
return
|
||||
}, filename, contentIsGzipped, mtype, pairMap, jwt)
|
||||
|
||||
// remember cipher key
|
||||
if uploadResult != nil && cipherKey != nil {
|
||||
uploadResult.CipherKey = cipherKey
|
||||
uploadResult.Size = uint32(clearDataLen)
|
||||
}
|
||||
|
||||
return uploadResult, err
|
||||
}
|
||||
|
||||
func upload_content(uploadUrl string, fillBufferFunction func(w io.Writer) error, filename string, isGzipped bool, mtype string, pairMap map[string]string, jwt security.EncodedJwt) (*UploadResult, error) {
|
||||
|
||||
Reference in New Issue
Block a user