Fix jwt error in admin UI (#8140)

* add jwt token in weed admin headers requests * add jwt token to header for download * :s/upload/download * filer_signing.read despite of filer_signing key * finalize filer_browser_handlers.go * admin: add JWT authorization to file browser handlers * security: fix typos in JWT read validation descriptions * Move security.toml to example and secure keys * security: address PR feedback on JWT enforcement and example keys * security: refactor JWT logic and improve example keys readability * Update docker/Dockerfile.local Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Chris Lu <chris.lu@gmail.com> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-01-28 02:27:02 +01:00
parent c9c91ba568
commit 20952aa514
6 changed files with 92 additions and 9 deletions
--- a/k8s/charts/seaweedfs/templates/shared/security-configmap.yaml
+++ b/k8s/charts/seaweedfs/templates/shared/security-configmap.yaml
@@ -48,7 +48,7 @@ data:
    {{- if .Values.global.securityConfig.jwtSigning.filerRead }}
    # If this JWT key is configured, Filer only accepts reads over HTTP if they are signed with this JWT:
    # - f.e. the S3 API Shim generates the JWT
-    # - the Filer server validates the JWT on writing
+    # - the Filer server validates the JWT on reading
    # the jwt defaults to expire after 10 seconds.
    [jwt.filer_signing.read]
    key = "{{ dig "jwt" "filer_signing" "read" "key" (randAlphaNum 10 | b64enc) $securityConfig }}"