gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

master: add jwt expires_after_seconds

Browse Source
This commit is contained in:
Chris Lu
2019-05-04 08:42:25 -07:00
parent bd8af92b54
commit 25941e0500
7 changed files with 21 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
weed/server/master_grpc_server_volume.go
View File

@@ -94,7 +94,7 @@ func (ms *MasterServer) Assign(ctx context.Context, req *master_pb.AssignRequest
Url: dn.Url(),
PublicUrl: dn.PublicUrl,
Count: count,
Auth: string(security.GenJwt(ms.guard.SigningKey, fid)),
Auth: string(security.GenJwt(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, fid)),
}, nil
}

4
weed/server/master_server.go
View File

@@ -54,6 +54,8 @@ func NewMasterServer(r *mux.Router, port int, metaFolder string,
v := viper.GetViper()
signingKey := v.GetString("jwt.signing.key")
v.SetDefault("jwt.signing.expires_after_seconds", 10)
expiresAfterSec := v.GetInt("jwt.signing.expires_after_seconds")
var preallocateSize int64
if preallocate {
@@ -75,7 +77,7 @@ func NewMasterServer(r *mux.Router, port int, metaFolder string,
ms.vg = topology.NewDefaultVolumeGrowth()
glog.V(0).Infoln("Volume Size Limit is", volumeSizeLimitMB, "MB")
ms.guard = security.NewGuard(whiteList, signingKey)
ms.guard = security.NewGuard(whiteList, signingKey, expiresAfterSec)
if !disableHttp {
handleStaticResources2(r)

2
weed/server/master_server_handlers.go
View File

@@ -110,7 +110,7 @@ func (ms *MasterServer) dirAssignHandler(w http.ResponseWriter, r *http.Request)
}
func (ms *MasterServer) maybeAddJwtAuthorization(w http.ResponseWriter, fileId string) {
encodedJwt := security.GenJwt(ms.guard.SigningKey, fileId)
encodedJwt := security.GenJwt(ms.guard.SigningKey, ms.guard.ExpiresAfterSec, fileId)
if encodedJwt == "" {
return
}

4
weed/server/volume_server.go
View File

@@ -40,6 +40,8 @@ func NewVolumeServer(adminMux, publicMux *http.ServeMux, ip string,
v := viper.GetViper()
signingKey := v.GetString("jwt.signing.key")
v.SetDefault("jwt.signing.expires_after_seconds", 10)
expiresAfterSec := v.GetInt("jwt.signing.expires_after_seconds")
enableUiAccess := v.GetBool("access.ui")
vs := &VolumeServer{
@@ -55,7 +57,7 @@ func NewVolumeServer(adminMux, publicMux *http.ServeMux, ip string,
vs.MasterNodes = masterNodes
vs.store = storage.NewStore(port, ip, publicUrl, folders, maxCounts, vs.needleMapKind)
vs.guard = security.NewGuard(whiteList, signingKey)
vs.guard = security.NewGuard(whiteList, signingKey, expiresAfterSec)
handleStaticResources(adminMux)
if signingKey == "" || enableUiAccess {